The Department of Homeland Security has started a program called the “I E-Verify” campaign for businesses that use the federal background check system on its employees. If you see businesses with “I E-Verify” decorations or insignia, they at least indirectly support a national ID system in the United States. This can help you decide whether or not you want to spend your dollars with them.

The one ray of hope I can offer is that the shooting itself makes such things more foreseeable, putting the military community and investigators on notice prospectively that this kind of thing can happen. No formal policy change can do more than the Fort Hood shooting itself to ferret out inchoate incidents like it in the future. Belief that the Fort Hood shooting was easily preventable, though, is 20/20 hindsight.

I first read How We Know What Just Isn’t So: The Fallibility of Human Reason in Everyday Life to get a handle on how it became so plausible after the September 11, 2001 attacks that terrorists might next use chemical, biological, and nuclear weapons. Recall that their weapons of choice for the World Trade Center and Pentagon attacks were box cutters. How did we proceed to the assumption that nuclear terrorism was next?

One explanation is the “representativeness heuristic,” a mental shortcut people use to organize the world around them. “According to this overarching belief, effects should resemble their causes, instances should resemble the categories of which they are members, and, more generally, like belongs with like.” (page 133)

Big causes have big effects, so big effects come from big causes. … Right?

The 9/11 terrorists knocked down the World Trade Center and killed 3,000 people. Driven to match the huge effects of the those attacks to a sufficient cause, our common sense imported skills, knowledge, weapons, and organizational capability that terrorists do not in fact have. (Ongoing pressure worldwide will ensure that remains true.)

As to the 9/11 attacks, the representativeness heuristic lead us astray. I believe a similar mental error is at play in many people’s interpretation of the Fort Hood incident.

Though it’s not true, many maternity room nurses believe that more babies are born during a full moon than at other times. This is because of confirmation bias: They notice babies born during full moons and accumulate proof of the full-moon theory—but they fail to notice babies born at other times.

How We Know What Just Isn’t So has a chapter called “Too Much from Too Little: The Misrepresentation of Incomplete and Unrepresentative Data” that discusses not only the excessive impact of confirmatory information, but also the problem of hidden or absent data. We make many judgments in life without considering all the relevant data.

An extreme instance of this is Fort Hood, about which political leaders and millions of Americans are taking a few data points—one or two things occurring—and concluding from them that all instances of these things result in a shooting or other violence like we saw at Fort Hood. But, as I said with regard to Nidal Hasan’s contacts with a jihadi in Yemen, the relevant data includes thousands of times when such things happen. Because they were offshore communications with a jihadi, investigators appropriately examined the messages and found them lacking signs of intended violence.

The other major indictment is that Hasan’s Islamist rantings should have been a dead giveaway of violence to come. Political correctness drove colleagues to turn a blind eye to Hasan, ”permitting” the Fort Hood shooting to happen, this argument maintains.

There probably was some “political correctness” involved. I can think of no community more likely to withhold judgment of others than psychologists and psychiatrists, who are privy to the strange and dangerous thoughts of their patients day after day after day.

Note again the full range of relevant evidence, though: Thousands of times daily across the country, mental health professionals and social workers hear people’s violent thoughts—not just political rantings—which only rarely materialize into violence. In the military, it’s harder to guess at a number, but certainly thousands of times per year, service members discuss violence against other service members and political opinions that are odd or controversial, including Islamist political views. Very rarely—tragically when it does—this results in actual harm to men and women in uniform.

Nidal Hasan may have been fit for expulsion from the military. He may have been kept in by some form of political correctness or opportunistic bureaucratic burden-shifting once it was clear he was leaving Walter Reed for Fort Hood.

But only operation of the post hoc ergo propter hoc fallacy allows the conclusion that his expulsion from the military would have averted the tragedy. Because it followed in time, the shooting appears to be a result of his continued military service or his looming deployment to Afghanistan. But it is not so obvious that his discharge from the service would have caused him to go limp, take a job at a convenience store, and live a happy life.

Had he been pushed out of the military, it’s quite plausible that his resentments would have grown, his contacts with jihadis would have increased, his planning would have been more strategic, and so on. It is simple assumption that expelling Hasan from the military would have averted so many deaths and collective national pain, just like it is simple assumption that it wouldn’t have.

As I discussed in a recent podcast, information always points to what happened next when you look at it after the fact. Data does not point so clearly to any conclusion when you observe it in real time along with all the other then-relevant data.

The Fort Hood shooting was a tragic and regrettable incident, but correctable security failure is not easily shown. The idea that the shooting was predictable is fueled by a small array of common perception problems and errors in logic. These errors have now inspired a hearing in the Senate Homeland Security and Governmental Affairs Committee later this week. The committee will try to find security lapses and seek after conditions in which ”no such attack ever occurs again.”

Politicians can promise the public that every tragedy can be averted, but soldiers know better than most that tragedy and loss do happen. At the memorial service for the Fort Hood victims, Lt. General Cone captured that reality, and the spirit in which we must accept it, saying to victim’s families, ”The Fort Hood community shares your sorrow as we move forward together in a spirit of resiliency.”

Being a smart, informed, and aggressive consumer is each person’s responsibility if a free market is to operate well. The alternative is a negative feedback loop in which government authorities protect us, we rely on that protection and stop policing retailers. Thereby we abandon the field of consumer protection to government authorities, who—try as they might—can never do as good a job for us as we can for ourselves.

The Senate Commerce Committee is having a hearing today on “Aggressive Sales Tactics on the Internet and Their Impact on American Consumers.”

But here’s a delight I ran across this morning: the Los Angeles Times arguing against techno-panic despite the use of Web sites to research and case potential burglary victims (by the “bling ring,” soon to be the subject of a major motion picture).

The Times editorializes:

[T]hieves [did not] have to wait for the invention of Google maps to reconnoiter neighborhoods in search of easily accessible homes. That’s worth remembering if, as we fear, some legislator decides that a law should be passed to prevent Internet surfers from looking at houses they easily could scope out from the sidewalk. . . . . A law against photographing a home or what occurs outside it in plain sight — or disseminating the images to others — would be overreaching, not to mention unconstitutional.

What a delight—a major newspaper arguing to keep a hot issue in perspective and citing the constitution as a limit on government power! Thank you, L.A. Times.

“I doubt the most notorious terrorists of our time — the Sept. 11 hijackers, Timothy McVeigh — would have been stopped by these new DMV requirements,” Dvorak writes. ”All these laws have done is make us more harried, more paranoid and more red-faced than ever.”

The extremely competitive ten-week program comes with a $7,000 stipend, and is a chance to do serious policy work on issues like privacy and surveillance, telecommunications regulation, and other things you read about on Slashdot.   Applications are due December 28, so get cracking!

Reactions generally consist of pundits pouring their preconceptions over what is known of the facts. These are the least worthy of our time, and rejoinders like this one from Stephen M. Walt of Harvard University in the Fort Hood section of The Politico’s Arena blog dispense with them well:

Of course [Fort Hood] is being politicized; there is no issue that is immune to exploitation by politicians and media commentators. The problem is that there are an infinite number of “lessons” one can draw from a tragic event like this — the strain on our troops from a foolish war, the impact of hateful ideas from the fringe of a great religion (and most religions have them), the individual demons that drove one individual to a violent and senseless act, etc., — and so no limits to the ways it can be used by irresponsible politicians (is that redundant?) and pundits.

My favorite response—by “response,” I mean careful, productive analysis—was written last year as a general admonition about events like this (which at least has terrorist connotations):

Above all else is the imperative to think beyond the passions of those who are hurt, frightened or angry. Policymakers who become caught up in the short-term goals and spectacle of terrorist attacks relinquish the broader historical perspective and phlegmatic approach that is crucial to the reassertion of state power. Their goal must be to think strategically and avoid falling into the trap of reacting narrowly and directly to the violent initiatives taken by these groups.

That’s Audrey Kurth Cronin, Professor of Strategy at the U.S. National War College in her monograph, Ending Terrorism: Lessons for Defeating al-Qaeda.

But I want to turn to a critique leveled against my recent post, ”The Search for Answers in Fort Hood,” which discussed how little Fort Hood positions us to prevent similar incidents in the future. (I hope it was response and not reaction, but readers can judge for themselves.)

A thoughtful Cato colleague emailed me suggesting that there may have been enough indication in Nidal Hasan’s behavior—in particular, correspondence with Anwar al-Awlaki—to stop him before his shooting spree.

There may have been. Current reporting has it that his communications with al-Awlaki were picked up and examined, but because they were about a research paper that he was in fact writing, he was deemed not to merit any further investigation.

This can only be called error with the benefit of hindsight. And it tells us nothing about what might prevent a future attack, which was my subject.

If humans were inert objects, investigators could simply tweak the filter that caused this false negative to occur. They could not only investigate the people who contact known terrorists as they did Nidal Hassan, they could know to disregard claimed academic interests. Poof! The next Nidal Hassan would be thwarted at a small cost to actual researchers.

But future attacks are not like past attacks. Tweaking the filter to eliminate this source of false negatives would simply increase false positives without homing in on the next attacker. Terrorists and terrorist wannabes will change their behavior based on known and imagined measures to thwart them. Nobody’s going to be emailing this al-Awlaki guy for a while.

In “Effective Counterterrorism and the Limited Role of Predictive Data Mining,” IBM distinguished engineer Jeff Jonas and I used examples from medicine to illustrate the problem of false positives when searching for terrorism in large data sets, concluding:

The question is not simply one of medical ethics or Fourth Amendment law but one of resources. The expenditure of resources needed to investigate 3,000,000, 15,000,000, or 30,000,000 fellow citizens is not practical from a budgetary point of view, to say nothing of the risk that millions of innocent people would likely be under the microscope of progressively more invasive surveillance as they were added to suspect lists by successive data-mining operations.

The same problems exist here, where tens of thousands of leads may present themselves to investigators each year. They must balance the likelihood of harm coming to U.S. interests against the rights of U.S. citizens and the costs of investigating all these potential suspects.

Armchair terror warriors may criticize these conclusions a variety of ways, believing that post hoc outrage or limitless grants of money and power to government can produce investigative perfection. (n.b. Getting victim states to dissipate their own money and power is how terrorism does its work.) But none can accurately say based on currently available facts that anyone made an error. Much less can anyone say that we know any better how to prevent essentially random violent incidents like this in the future.

Subpoenas like, for instance, the one issued last year seeking the complete traffic logs of the left-wing site Indymedia for a particular day. According to tech journo Declan McCullah:

It instructed [System administrator Kristina] Clair to “include IP addresses, times, and any other identifying information,” including e-mail addresses, physical addresses, registered accounts, and Indymedia readers’ Social Security Numbers, bank account numbers, credit card numbers, and so on.

The sweeping request came with a gag order prohibiting Clair from talking about it. (As a constitutional matter, courts have found that recipients of such orders must at least be allowed to discuss them with attorneys in order to seek advise about their legality, but the subpoena contained no notice of that fact.) Justice Department officials tell McCullagh that the request was never reviewed directly by the Attorney General, as is normally required when information is sought from a press organization. Clair did tell attorneys at the Electronic Frontier Foundation, and  when they wrote to U.S. Attorney Timothy Morrison questioning the propriety of the request, it was promptly withdrawn. EFF’s Kevin Bankston explains the legal problems with the subpoena at length.

Perhaps ironically, the targeting of Indymedia, which is about as far left as news sites get, may finally hep the populist right to the perils of the burgeoning surveillance state. It seems to have piqued Glenn Beck’s interest, and McCullagh went on Lou Dobbs’ show to talk about the story. Thus far, the approved conservative position appears to have been that Barack Obama is some kind of ruthless Stalinist with a secret plan to turn the United States into a massive gulag—but under no circumstances should there be any additional checks on his administration’s domestic spying powers.  This always struck me as both incoherent and a tragic waste of paranoia. Now that we’ve had a rather public reminder that such powers can be used to compile databases of people with politically unorthodox browsing habits, perhaps Beck—who seems to be something of an amateur historian—will take some time to delve into the story of COINTELPRO and other related projects our intelligence community busied itself with before we established an architecture of surveillance oversight in the late ’70s.

You know, the one we’ve spent the past eight years dismantling.

Is that 72-hour delay happening? Some say yes. Some say no.

On the “yes” side are some folks at the Sunlight Foundation. John Wonderlich wrote a post last Sunday called “72 Hours is Now.” He hailed the posting of the health care bill well in advance of a vote.

“Public outcry, partisan pressure, and rising expectations are forcing Congress’s hand,” he wrote, ”and it’s now (apparently) taken as a matter of course that this bill is online for a long weekend before its final consideration.”

Paul Blumenthal followed that up mid-week, sounding slightly more cautious notes but hailing the posting of the “final manager’s amendment.” His post restarted the 72-hour clock.

Which brings us to the folks who say no.

On the Weekly Standard blog, John McCormack says that Speaker Pelosi plans to violate the promise to post the health care bill online for 72 hours.

House members are still negotiating important issues in the bill — whether it will provide taxpayer-funding for abortions, for example. Pelosi is pushing for a Saturday House vote, and a number of big changes will be introduced, likely less than 24 hours before the vote takes place (if in fact it does).

Did Pelosi promise to post a bill? Yes — and she did, when it was pretty near final.

Meanwhile, though, the really tricky details — the stuff that matters to a lot of people — are still being hammered out. The spirit of the 72-hour pledge remains unfulfilled.

And this reveals a weakness in H. Res. 554, the preferred reform of the Sunlight-backed ”Read the Bill” effort. It would install a House rule giving bills 72 hours of online airing “before floor consideration.”

Floor consideration can and regularly does include the adoption of a “manager’s amendment” which can revamp a bill wholesale or add and subtract key details — things that matter.

H. Res. 554 has a loophole you can drive a truck through, and Speaker Pelosi is revving her engines.

This episode is a good, if regrettable, illustration that “self-reform” by a branch of government isn’t reliable. “Read the bill” is a good idea, but the genius of President Obama’s parallel “Sunlight Before Signing” pledge to hold bills coming out of Congress for five days before signing them is that it is based on interbranch rivalry. Especially, but not only, when there is partisan division between the president and Congress, competition among branches will promote the practice.

(More on “Read the Bill” and “Sunlight Before Signing” here.)

Getting Congress to hold up its own legislation for 72 hours, giving meaningful access to the public of every detail, is asking Congress to be altruistic. And Congress is anything but altruistic.

“[I]t is simply not possible to validate (evaluate) predictive models of rare events that have not occurred, and unvalidated models cannot be relied upon,” says the report.

In December 2006, Jeff Jonas and I published a paper making the case that predictive modeling won’t discover rare events like terrorism. The paper, Effective Counterterrorism and the Limited Role of Predictive Data Mining, was featured prominently in a Senate Judiciary Committee hearing early the next year.

Privacy gives way to appropriate security measures, as the Fourth Amendment suggests where it approves “reasonable” searches and seizures. Given the incapacity of data mining to catch terrorism and the massive data collection required to “mine” for terrorism, data mining for terrorism is a wrongful invasion of Americans’ privacy—and a waste of time.

Choicepoint, coincidentally, is one of the largest clients of the consulting firm run by former Attorney General John Ashcroft. Little wonder given the amount of cash at stake: As reporter Tim Shorrock has documented, some 70 percent of our vast intelligence budget is channeled through private-sector contractors, which means that we need to understand government surveillance policy in the context of a “surveillance-industrial complex” that parallels the more familiar military-industrial complex known for bringing us $600 toilet seats and other forms of pork in camo gear. It’s worth bearing in mind that it’s not just investigatory zeal and public fear driving the expansion of the surveillance state—a lot of people are making a lot of money off it as well.

Readthebill.org is where you can learn more about H. Res. 554.

Have a transparent Halloween everybody!

Alas, I’m selectively quoting. What they actually said, snidely, was that Cato is a “hired voice of reason during political debates, because of its pseudo-academic affiliations.” (I don’t know why they italicized “voice of reason” – I always thought Reason was the voice of reason.)

But my selective quotation is as accurate as the selective research that VOIP News did for this fluffy hit piece. You see, Cato recently published a lengthy paper that articulates the benefits of net neutrality (referred to as the end-to-end principle).

Where do you find that in the paper? Here’s the first paragraph of the executive summary:

An important reason for the Internet’s remarkable growth over the last quarter century is the “end-to-end” principle that networks should confine themselves to transmitting generic packets without worrying about their contents. Not only has this made deployment of internet infrastructure cheap and efficient, but it has created fertile ground for entrepreneurship. On a network that respects the end-to-end principle, prior approval from network owners is not needed to launch new applications, services, or content.

The paper expresses well-founded concerns about net neutrality regulation—taking a good engineering practice and making a mandate of it for lawyers and bureaucrats to implement. From the executive summary’s third paragraph:

New regulations inevitably come with unintended consequences. Indeed, today’s network neutrality debate is strikingly similar to the debate that produced the first modern regulatory agency, the Interstate Commerce Commission. Unfortunately, rather than protecting consumers from the railroads, the ICC protected the railroads from competition by erecting new barriers to entry in the surface transportation marketplace. Other 20th-century regulatory agencies also limited competition in the industries they regulated. Like these older regulatory regimes, network neutrality regulations are likely not to achieve their intended aims.

It’s tough sledding, working through most of a one-page executive summary. But many publications go that far in researching the pieces they publish.

I do sincerely appreciate the nod to our prominence in this debate. I hope VOIP News does a better job of portraying where we stand and why in the future.

As Julian points out, if “VoIP News” had done its homework, it might have discovered that Cato makes its annual report freely available online. Then they they would have noticed that corporate support accounts for about 1 percent of Cato’s budget, and that none of Cato’s corporate funders are major opponents of network neutrality regulation.

Shoddy reporting aside, the “VoIP News” article does actually highlight an important point: the people who built the Internet are deeply split on the issue of regulating the Internet, with eminent computer scientists including Bob Kahn (co-inventor of the Internet’s TCP/IP protocols with Vint Cerf) and Dave Farber (another networking pioneer) on the anti-regulation side. And based on conversations I’ve had here at Princeton, Kahn and Farber are far from the only computer scientists who are skeptical that the FCC is up to the job of regulating the Internet.

In a vacuous appearance on Rachel Maddow last week, blogger Xeni Jardin cited Vint Cerf’s support of regulation and urged viewers to “side with the geeks who actually built the Internet.” She did not, of course, mention that Kahn and Farber, who fit that description as well as Cerf does, are on the other side. “The geeks” are as split on this issue as everyone else.

Update: Tim Carney has an excellent article making a similar point: Internet companies like Google and Amazon, who have lobbied hard for network neutrality, gave overwhelmingly to Obama over McCain in the 2008 election. This doesn’t prove Obama and Chairman Genachowski are insincere in their support for network neutrality. But it does mean we should take both side’s arguments with a grain of salt.

“IDSP Issues Report Calling for National Identity Verification Standard” is the release, and it’s bristling with error and malformed policy assertions. IDSP is the “Identity Theft Prevention and Identity Management Standards Panel,” an ANSI subgroup.

Take this doozy:

[T]he Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA) and the REAL ID Act of 2005 require verification of identity prior to the issuance of birth certificates and driver’s licenses / ID cards, respectively. However, the IRTPA regulations have not yet been released even in draft form and the REAL ID regulations do not provide practical guidance on how to corroborate a claim of identity under different circumstances.

Folks, REAL ID repealed the identity security provisions in the Intelligence Reform and Terrorism Prevention Act. (It’s a good bet that regulations for a repealed law aren’t going to move out of draft form for a very long time, eh?) And REAL ID does not require verification of identity prior to issuance of birth certificates. What could that even mean?! “Hey you—little baby—let me see some ID before I issue you your birth certificate.”

The release repeats the tired mantra that 9/11 terrorists got U.S. identity documents—”some by fraud.” The 9/11 Commission dedicated three-quarters of a page to its identity recommendations—out of 400 substantive pages—and neither the commission nor anyone since has shown how denying people U.S. identity documents would prevent terrorism.

Are there needs for identity standards? Of course. And there are a lot of projects in a lot of places working on that. If an organization doesn’t know the law, and doesn’t know how the subject matter it’s dealing with functions in society, I don’t know how it could possibly be relied on to set appropriate standards.

ANSI should take a look at this subgroup and see if its work is actually competent. Judging by this press release, it’s not.

I don’t think so.

But on National Review’s “The Corner” blog, Mark Krikorian of the Center for Immigration Studies takes a federal contractor’s self-serving statements about E-Verify as evidence that it’s “working fine.”

Of course it is! If you carefully consider the evidence you want to!

Tim Lee’s paper, The Durable Internet, dispels the idea that owners of Internet infrastructure can actually control the Internet. The preferred approach to “net neutrality” is to let Internet users decide what they want from their ISPs and let ISPs and content companies do unmediated battle with one another to create and capture the greatest value from the Internet ecosystem.

If the FCC were to reduce its power by freeing up more wireless spectrum—either selling it as property or dedicating it to commons treatment—competition to provide Internet service would strengthen consumers’ hands.

The AP story linked just above does a good job of recounting the benefits of open source in this application: chiefly, low cost and high security.

Arnold Kling wrote recently on the Library of Economics and Liberty blog relating the work Elinor Ostrom did to win the Nobel prize in economics to how the Internet enables private provision of public goods—no regulation, little to no centralized authority at all.

Open source is nothing if not an example of that, and it’s good to see this use of open source joining many others across the big, beautiful Internet.

Three months later, the committee still has not reported the bill, meaning that the public doesn’t get access to the version the committee passed. (A resolution in the House would require committees there to publish amendments to bills within 24 hours.) But the Congressional Budget Office scored the bill this week. That is often a signal that legislation is on the move.

So it’s a good time to look at costs again. The National Governors Association and the National Conference of State Legislatures both premised their support for PASS ID on the idea that it would reduce costs to states to just $2 billion.

But in July I examined the likely costs of PASS ID and NGA’s cost calculations. To save you a burdensome click, here are some highlights:

But there is reason to doubt [the NGA's $2 billion] figure. PASS ID is a lot more like REAL ID — the original REAL ID — in the way that most affects costs: the implementation schedule.

Under PASS ID, the DHS would have to come up with regulations in just nine months. States would then have just one year to begin complying. All drivers’ licenses would have to be replaced in the five years after that. That’s a total of six years to review the documents of every driver and ID holder, and issue them new cards.

How did the NGA come up with $2 billion? Maybe they took the extended, watered-down, 75%-over-ten-years estimate and subtracted some for reduced IT costs. (The NGA is free to publish its methodology, of course.)

But the costs of implementing PASS ID to states are more likely to be closer to $11 billion than the $2 billion figure that the NGA puts forward. In just six years, PASS ID would send some 245 million people into DMV offices around the country demanding new cards. States will have to hire and train new employees to handle the workload. They will have to acquire new computer systems, documents scanners, data storage facilities, and so on.

The NGA’s claim of savings from PASS ID is weak. Did the new CBO score change anything?

First, let’s review what a CBO score is. When CBO scores a bill, it reports how a bill will change costs to the federal government. Other CBO reports may include overall costs for federal programs, but when CBO scores a bill, it just reports the difference between current federal spending and spending if a new proposal should pass. CBO sometimes mentions mandates on states and private-sector costs in their bill-scores, but those are rarely if ever thoroughly reported. CBO’s wheelhouse is federal spending, and that’s what it reports.

Now, let’s look at how CBO has done with estimating the costs to states from implementing federal national ID standards.

Its first cut at scoring national ID standards was when it looked at H.R. 10 in the latter stages of the 108th Congress. (This was before REAL ID — H.R. 10 was an early version of the bill that became law as the Intelligence Reform and Terrorism Prevention Act.) When CBO scored H.R. 10 in late 2004, it lumped national ID standards along with several other policies and programs in a category called ”Mandates With no Significant Costs.”

Four months later, in early 2005, CBO scored the REAL ID Act, which had been introduced early in the new Congress. It found then that the national ID standards Congress had put into law in December had changed from a mandate with “no significant costs” to a mandate costing more than $100 million.

CBO thought REAL ID would only cost $20 million more than that, an amount below the reporting threshold of the Unfunded Mandates Reform Act, so CBO did not do a thorough analysis.

Then the folks actually faced with implementing it took a look at REAL ID. More realistic estimates of costs to states in the $10+ billion range came forward, including an estimate from the National Governors Association, as I discussed in my previous post on costs.

With that background we’re ready to look at the CBO score for PASS ID. CBO makes no precise estimate of costs to states. Its specialty, again, is federal spending. But it makes a few observations about such costs:

• “The bill would require states to issue public notices about their security and privacy policies that include information about how personally identifiable information is used, stored, accessed, and shared.”

This, all should agree, is a complex problem but a small cost.

• “The bill also would require states to have a process that would allow individuals to access, amend, and correct their information. Information from groups representing state governments [NGA and NCSL, most likely] indicates that most states currently have such policies and procedures, though some may need to be revised.”

No. They. Do. Not.

As I said in my post on the privacy consequences of PASS ID:

This is a new and different security/identity fraud challenge not found in REAL ID, and the states have no idea what they’re getting themselves into if they try to implement such a thing. A May 2000 report from a panel of experts convened by the Federal Trade Commission was bowled over by the complexity of trying to secure information while giving people access to it. Nowhere is that tension more acute than in giving the public access to basic identity information.

No state has opened its driver databases for review and correction by the public. That would be an all-you-can-eat buffet for identity fraudsters. The CBO has been bamboozled about state policies.

But the language of PASS ID finesses this, doesn’t it? It says that opening up identity data and giving the public correction rights would be done “as determined appropriate by the State.” So states wouldn’t really have to do anything, right? Right!

Except that the Department of Homeland Security gets to interpret what that language means, and a court will defer to any reasonable DHS interpretation. That’s the Supreme Court’s Chevron doctrine. (It’s an unfortunate abdication of power to administrative agencies, but it’s the law today.)

If the NGA and NCSL have told their clients that they will have the last word on how PASS IS is implemented, they are wrong. It’s DHS’ call — not states’. There may be huge costs to states — hidden at first, but growing and growing — if they stick their heads into the jaws of the federal lion.

Returning to the CBO’s assessment of state costs:

• “The bill would repeal the requirements of the REAL ID Act and replace them with more flexible requirements for issuing compliant driver’s licenses and identification cards.”

This is true in some respects, and not in others. As I noted before, PASS ID is on a tighter implementation schedule which is the main driver of costs.

• “The bill also would authorize appropriations that could be used to pay for those requirements, and it would prohibit the federal government from charging fees to states to access the SAVE and SSOLV data systems.”

Because it’s federal, this is something that CBO actually knows about, and its assessment is that PASS ID would dole out a total of $123 million to states over the next five years. Washington, D.C.’s highest spending year would be fiscal 2013, in which it would spend $39 million, less than $1 million per state.

And those savings when the federal government doesn’t charge states for using its databases? Just $2 million each year in fiscal 2010 and 2011.

Nothing in the CBO estimate changes the conclusion that implementing a national ID would cost states over $10 billion dollars, as they hired new staff, acquired new equipment and systems, and marched 250 million Americans through their DMVs. The federal government is promising to dole out $123 million and offer states a whopping $4 million in savings on data access.

The National Governors Association’s argument that PASS ID reduces costs to states is ludicrous. And the paltry funds Congress might share with states is a drop in the bucket. The homeland security appropriations bill for fiscal 2010 cuts funding for REAL ID by $40 million from its 2009 funding level. PASS ID would fare no better.

State governors and legislatures that have fallen for the PASS ID cost estimates of the National Governors Association and National Conference of State Legislatures should fire these financial advisors. NGA and NCSL are trying to grow federal power at the expense of state coffers.

U.S. communications regulators voted unanimously Thursday to support an open Internet rule that would prevent telecom network operators from barring or blocking content based on the revenue it generates.

The proposed rule now goes to the public for comment until Jan. 14, after which the Federal Communications Commissions will review the feedback and possibly seek more comment. A final rule is not expected until the spring of next year.

Cato Director of Information Policy Studies Jim Harper appeared on Fox News this week to discuss the FCC decision. “This is governmental tinkering with a market place that is working really well and growing right now,” said Harper. “The last thing we need is to cut that off.”

Watch:

There are ways to achieve net neutrality without regulation, says Timothy B. Lee:

An important reason for the Internet’s remarkable growth over the last quarter century is the “end-to-end” principle that networks should confine themselves to transmitting generic packets without worrying about their contents. Not only has this made deployment of internet infrastructure cheap and efficient, but it has created fertile ground for entrepreneurship. On a network that respects the end-to-end principle, prior approval from network owners is not needed to launch new applications, services, or content.

…Like these older regulatory regimes, network neutrality regulations are likely not to achieve their intended aims. Given the need for more competition in the broadband marketplace, policymakers should be especially wary of enacting regulations that could become a barrier to entry for new broadband firms.

Read the whole thing.

Here is an article or two about what is happening with Vietnamese bloggers.

A Washington Post story summarizes their concerns: “[W]ithout a strong anti-discrimination policy, companies like theirs may not get a fair shot on the Internet because carriers could decide to block them from ever reaching consumers.”

No ISP could block access to these popular services and survive, of course. What they could do is try to charge the most popular services a higher tariff to get their services through. Thus, weep the helpless, multi-billion-dollar Internet behemoths, we need a “fair shot”!

Plain and simple, these companies want regulation to ensure that ISPs can’t capture a larger share of the profits that the Internet generates. They want it all for themselves. Phrased another way, the goal is to create a subsidy for content creators by blocking ISPs from getting a piece of the action.

It’s all very reminiscent of disputes between coal mines and railroads. The coal mines “produced the coal” and believed that the profitability of the coal-energy ecosystem should accrue only to themselves, with railroads earning the barest minimum. But where is it written that digging coal out of the ground is what creates the value, and getting it where it’s used creates none? Transport may be as valuable as “production” of both commodities and content. The market should decide, not the industry with the best lobbyists.

What happens if ISPs can’t capture the value of providing transport? Of course, less investment flows to transport and we have less of it. Consumers will have to pay more of their dollars out of pocket for broadband, while Facebook’s boy CEO draws an excessive salary from atop a pile of overpriced stock holdings. The irony is thick when opponents of high executive compensation support “net neutrality” regulation.

Another reason why these Internet companies’ concerns are bogus is their size and popularity. They have a direct line to consumers and more than enough capability to convince consumers that any given ISP is wrongly degrading access to their services. As Tim Lee pointed out in his excellent paper, “The Durable Internet,” ownership of a network service does not equate to control. ISPs can be quickly reined in by the public, as has already happened.

A “net neutrality” subsidy for small start-up services is also unnecessary: They have no profits to share with ISPs. What about mid-size services—heading to profitability, but not there yet? Can ISPs choke them off? Absolutely not.

Large, established companies are not known for being ahead of trends, for one thing, and the anti-authoritarian culture of the Internet is the perfect place to play “beleaguered upstart” against the giant, evil ISP. There could be no greater PR gift than for a small service to have access to it degraded by an ISP.

The Internet companies’ plea for regulation is bogus, and these companies are losing their way. The leadership of these companies should fire their government relations staffs, disband their contrived advocacy organization, and get back to innovating and competing.

So like every good dorm room bull session, we begin in the weeds of  policy and quickly find ourselves breathing the rarefied air of constitutional theory. Supposing for the moment that we thought it were a good idea on policy grounds, would it be within the power of Congress to set ground rules for online advertisers who gather personal data from Web browsers? Recall that there are two particular rules that I’ve said I’d be tentatively open to, but which Jim rejects: a requirement of notice when information is being collected (say via a small link from the adspace to a privacy policy) and a rule establishing that privacy policies are enforceable, so that individual users can sue for damages if a company knowingly  violates its stated policy (thus far, courts have not generally found these to be binding). Does this fall within the power to “regulate commerce … among the several states”? I think so. I’ll start with what I hope will be some uncontroversial arguments and go from there.

So first, let’s grant that there’s one type of “original intent” that everyone ought to care about, whatever their more general interpretive stance: what Ronald Dworkin calls the linguistic intent of the Framers. That is, if words like “commerce” and “regulate” had narrower meanings in 1787 than they do today, we must, of course, read them now in that light: “Commerce” means actual interstate traffic in goods and services, rather than economic activity more generally, and “regulation” is centrally about establishing uniform rules and procedures.  With these appropriately narrowed readings in mind, I think it’s still a slam-dunk that online ads are covered.

There are, in fact, at least three different senses in which behavioral ads might be classed as interstate commerce. First, the purchase of the ad space itself is obviously a commercial transaction—frequently though not necessarily between entities in different states—and there’s a reasonable question of whether a host site with posted privacy policy is implicitly committed to applying that policy as a condition on ad space sold to third parties. The ads themselves will typically propose a commercial transaction, and in a more direct way than other ads are, can plausibly be seen as the first step in the transaction itself, as clicking on the ad will often bring you directly to a page where you can complete the purchase it recommends. Finally, the personal and behavioral user data collected is itself a valuable commodity, and many sites function with a pretty explicit informational quid pro quo: You will receive access to our content in exchange for registering and providing us with certain data. Since the Internet is borderless, most sites will be getting most of their traffic from people located in different states or countries, and even narrowly state-focused sites are likely to have substantial border-crossing traffic. So on a pretty straight reading of the constitutional language, I find very little reason to doubt that Congress may set uniform default rules for these interstate transactions, rather than leaving it to a patchwork of state rules.

Now, Jim’s reason for questioning this seems to be that the primary concern of the Framers was to prevent states from creating trade barriers. That may be, but if we skip ahead to Article 1, Section 10, we find that Congress knew perfectly well how to enact general and purely prohibitory bans on such shenanigans  using more apt “no state shall” language. Instead, they used precisely the same language for interstate commerce as they did for international commerce, where history suggests that the Framers (many of them steeped in the mercantilist economic theories of the day) had been above all concerned to preserve the ability to erect protectionist trade barriers. So we’re left with a choice between ascribing to the Framers a frankly stunning level of linguistic incompetence or supposing that the Constitution actually does grant the affirmative power that a facial reading suggests.

Needless to say, this does not require us to adopt the post–New Deal reading that places anything with the least potential influence on economic activity under Congressional purview. But we’re pretty close to the core here. Indeed, one of the early cases I know Jim considers a lodestone for the “no trade barriers” reading, Gibbons v. Ogden, involves a congressional grant of a license to operate steamboats. The court found that this superseded the monopoly New York had sought to grant another steamboat operator, which fits Jim’s point to an extent, but it’s crystal clear from that (1824) ruling that the power of Congress here is a broad authority to grant or withhold a privilege to operate interstate vessels, and establish conditions on such vessels, including restrictions on ownership and personnel. It seems to me you’d have to get awfully creative to read the clause in a way that authorizes that kind of authority over an “instrumentality” of commerce (water navigation) but forbids Congress from specifying the kind of notice a merchant must provide when initiating an actual interstate commercial transaction.

A slightly more controversial suggestion: When the specific substantive intent of the Framers is not explicitly embedded in the Constitution’s language—by which I mean, the specific use they thought a wise Congress would make of enumerated powers in light of contemporary economic theories, whether liberal or mercantilist—I am not inclined to give it very great weight. Or more bluntly, when the legal language is abstract, I don’t think we’re bound by an original conception of how or where it applied in specific cases—to the extent such a consideration is even intelligible when we’re talking about Internet advertising. Manifestly, very few people at the time of the passage of the Fourteenth Amendment believed that the abstract guarantee of “equal protection” entailed a substantive right of black children to attend public schools the states restricted to whites. But insofar as what they wrote into law was the abstract guarantee, I don’t think we’re required to care what they believed. Our modern reading should be constrained by the original sense of the words used, and to some extent by the original structural purpose served (translated as necessary). But in specific application—whether privacy rules for online ads are encompassed within “regulation” of “commerce”—then even if you pulled out the Ouija board and got a personal verdict from James Madison, it would just be one more opinion.

Finally, and maybe most controversially: What kind of recommendations should we make in a world where our preferred interpretation of the Constitution lost the fight a long time ago? If the question is what we should recommend to judges, presumably we want to recommend that they start shifting back in the direction of a reading we regard as better justified. But what about when, as Jim imagines, we’re advising legislators? Should we only recommend what we believe to be authorized by what we hold to be the best reading of the Constitution, or will it sometimes make sense to endorse legislation that is plainly allowed by the current regnant interpretation, but that might be outside the scope of the interpretation we regard as superior? I think it will, partly for theoretical, and partly for pragmatic reasons.

At a practical level, both legislators and citizens widely believe Congress to have broader policy discretion than most of the authors here. So very generally speaking, I don’t think it serves limited government to refrain from weighing in on the relative merits of policy options that wouldn’t be on the table at all if our arguments had fared better at the meta-level. (Recall the old joke about the principled pacifist answer to how to respond to World War II: Don’t sign the Treaty of Versailles!) Now, on this particular question it’s not a sure thing that Congress or the FTC will act, and maybe “hands off” is the best advice to give. But there are plenty of areas where there’s no realistic chance that Congress is going to abstain altogether, even if we think that’s what the best interpretation of the Constitution requires. In those cases, I think it’s at least sometimes appropriate to flag the meta objection and then say something about the policy merits. Obviously there are limits—I don’t expect I’ll ever express a view on the “best” way to run a torture chamber—but there are plenty of issues where it seems perverse for the people most concerned with limited government to sit out the day-to-day debates and focus on getting Wickard v. Filburn overturned, glad as I am that there are folks hammering that.

That dovetails with the theoretical reason, which has to do with the broader question of why constitutional principles are binding on us at all. I assume it is not because the Founders, brilliant though they were, enjoyed some divine right of command that the inheritors of their institutions are compelled to obey. Partly it’s that the principles embedded in the Constitution are good ones, but a substantial piece of the answer, I think, is that they provide a stable framework within which we conduct our political and private lives. Judges give weight to stare decisis even when they think the case at the fountainhead of a line of precedent was poorly decided, in part because the legitimacy and authority of law are to a great extent a function of its predictability, of the way it allows us to take actions and make agreements and know pretty much what the legal consequences will be, however much else may remain unpredictable. Constitutional restraints do this one level up, establishing (albeit roughly) a domain of legal variation over the longer term. This is  not, for what it’s worth, wacky postmodern Critical Legal Studies stuff; it’s an extrapolation from Hayek. To imagine that you can remake a society’s institutions wholesale—even if your guide is the best interpretation of a founding document, and even if you’re pretty sure that interpretation held sway a couple centuries ago—is the fallacy of constructivist rationalists.

Now, I think the right account of why we should regard the Constitution as binding starts with considerations along these lines, but this has the (perhaps unfortunate) consequence that even if you had a super-awesome unanswerable argument for why the Constitution mandates libertopia, at least when read properly absent the accretions of precedent, you still wouldn’t have an argument that judges, legislators, and government officials must all start acting on this understanding as of tomorrow. What you’d have is a good starting point for a much more gradual process of paring government back down. Not, to be clear, because I think the Constitution “means whatever the Supreme Court says it does”—that would be incoherent, since the court’s practice is unintelligible, and its legitimacy illusory, unless we assume there’s an independent meaning for them to strive toward.  But an “independent” meaning can be located in a community of interpretation and practice that extends beyond the framing generation. By analogy: If I want to use language “correctly” to communicate, I don’t get to just assign whatever meanings I like to words. It’s even possible to make a strong argument that the majority of speakers at a particular historical moment are using a word—like “decimate” or “hopefully” or “brutalize”—improperly. But neither does it mean that the first person to coin the term gets to specify its legitimate uses forever. And, in fact, anyone who insisted on using “decimate” to mean only “reduce by ten percent” would probably find his attempts at communication misfiring badly. To say that meaning is necessarily public and independent—consult Hayek’s cousin Wittgenstein here—does not require a baptismal view of meaning. Or at any rate, whether it does or not depends on the function your interpretive practice serves.

So yeah, that’s all pretty far removed from our original discussion—and I’m hoping far enough below the fold that it doesn’t put me on the wrong end of another dozen arguments with colleagues. I’ll do another post later this week where I actually get to the policy question, and some potent objections that both Jim and Tim Lee have raised.