The ‘Privacy Bill of Rights’ Is in the Bill of Rights
Every lover of liberty and the Constitution should be offended by the moniker “Privacy Bill of Rights” appended to regulatory legislation Senators John Kerry (D-MA) and John McCain (R-AZ) introduced yesterday. As C|Net’s Declan McCullagh points out, the legislation exempts the federal government and law enforcement:
[T]he measure applies only to companies and some nonprofit groups, not to the federal, state, and local police agencies that have adopted high-tech surveillance technologies including cell phone tracking, GPS bugs, and requests to Internet companies for users’ personal information–in many cases without obtaining a search warrant from a judge.
The real “Privacy Bill of Rights” is in the Bill of Rights. It’s the Fourth Amendment.
It takes a lot of gall to put the moniker “Privacy Bill of Rights” on legislation that reduces liberty in the information economy while the Fourth Amendment remains tattered and threadbare. Nevermind “reasonable expectations”: the people’s right to be secure against unreasonable searches and seizures is worn down to the nub.
Senators Kerry and McCain should look into the privacy consequences of the Internal Revenue Code. How is privacy going to fare under Obamacare? How is the Department of Homeland Security doing with its privacy efforts? What is an “administrative search”?
McCullagh was good enough to quote yours truly on the new effort from Sens. Kerry and McCain: “If they want to lead on the privacy issue, they’ll lead by getting the federal government’s house in order.”
Strip-Search Images Stored
The Transportation Security Administration will be sure to point out that it was not them—it was the U.S. Marshals Service—that kept ”tens of thousands of images recorded with a millimeter wave system at the security checkpoint of a single Florida courthouse,” according to Declan McCullagh of C|Net news.
The TSA has taken pains to make sure that their use of strip-search machines does not produce compromising images of the traveling public, but rules are made to be broken. How do you protect privacy in the use of a technology that is fundamentally designed to invade privacy?
The Information Economy Stops Evolving Today
That would be the message if a bill introduced in Congress this week were to pass. H.R. 5777 is the “Building Effective Strategies To Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act” or the “BEST PRACTICES Act.” If acronyms were a basis for judging legislation, it should be widely hailed as a masterwork.
But its substance is concerning, to say the least. The bill’s scope is massive: Just about every person or business that systematically collects information would be subject to a new federal regulatory regime governing information practices. By systematic, I mean: If you get a lot of emails or run a website that collects IP addresses (and they all do), you’re governed by the bill.
There’s one exception to that: The bill specifically exempts the government. What chutzpah our government has to point the finger at us while its sprawling administrative data collection and surveillance infrastructure spiral out of control.
Reviewing the bill, I found it interesting to consider what you get when you take a variety of today’s information “best practices” and put them into law. Basically, you freeze in place how things work today. You radically simplify and channel all kinds of information practices that would otherwise multiply and variegate.
I spoke about this yesterday with CNet News’ Declan McCullagh:
Harper says it reminds him of James C. Scott’s book, “Seeing Like A State.” Governments and big corporations “radically simplify what they oversee to make it governable,” he said. “In things like forestry and agriculture, this has had devastating environmental effects because ecosystems don’t function when you eliminate the thousands of ‘illegible’ relationships and interactions. This is Seeing Like a State for the information economy.”
Give people remedies when they’re harmed by information practices, and then leave well enough alone. There’s no place for a list of “must-do’s” and “can’t-do’s” that choke our nascent information economy—especially not coming from a government that doesn’t practice what it preaches.
Planning a Cybersecurity Auto-Immune Reaction
A Senate plan to give the president authority to seize control of the Internet in the event of emergency is security malpractice of the highest order. As I told C|Net’s Declan McCullagh, this is a plan for an auto-immune reaction. When something goes wrong with the Internet, the government will attack that infrastructure and make society weaker.
The Internet is the medium over which we communicate and self-organize. It’s where emergency response happens—where individuals learn what is happening, communicate it to others, compare notes with friends and loved ones, and determine appropriate responses. (Our appreciation for “first responders” should not be diminshed by noting that they are typically second responders, taking over for private citizens who are almost always first on any scene.)
The Internet is also self-repairing. When weaknesses in it are exposed, that fact is communicated via Internet, and the appropriate fixes and patches are distributed via Internet. Seizing control of the Internet—to the extent the government can do that—would degrade society’s natural response to emergency, and it would undercut the Internet’s ability to self-heal.
This idea—of government authority taking over the Internet for our protection—fundamentally misunderstands the nature of the Internet, the nature of our society, and the type of government the Framers prescribed for us.
New at Cato Unbound: Ten Years of Code
Code and Other Laws of Cyberspace, Lawrence Lessig’s seminal work on Internet law, turns ten this year. To mark the occasion, Cato Unbound has invited a distinguished panel of Internet law experts to discuss the book’s enduring significance: What did it get right? What did it get wrong? And where do we go from here?
Joining us will be Adam Thierer, Jonathan Zittrain, and Lawrence Lessig himself. The lead essay, up this morning, is by Declan McCullagh. Readers of Code will recall that McCullagh was called out by name in the book’s final chapter, and his “do-nothing” cyberlibertarian views were criticized at length. Ten years later, is it time to reconsider? Join us and find out.
Cato on Facebook
Cato on Twitter
Cato on Google+
Cato on YouTube
