The Most Powerful Privacy Setting
Amid the hullaballoo about Facebook and privacy, it’s easy to forget the most powerful privacy setting.
In my 2004 Policy Analysis, “Understanding Privacy—and the Real Threats to It,” I wrote about the “privacy-protecting decisions that millions of consumers make in billions of daily actions, inactions, transactions, and refusals.”
Inactions and refusals. Declining to engage in activities that emit personal information protects privacy. Not broadcasting oneself on Facebook protects privacy. Not going online protects privacy.
The horror, some may think, of not having access to the wonders of the online world. Actually, many people live full and complete lives without it, enjoying the perfect online privacy default. The irony is a little too rich when avid users of Facebook—which is little more than a publicity tool—complain about its privacy problems.
Facebook does have some work to do on rationalizing and communicating the privacy protections its offers its publicity-seeking users. But people will always have the privacy protecting option of not using Facebook.
Not so for government-sponsored incursions on privacy, like the national ID system proposed by Senator Chuck Schumer (D-NY). Inaction and refusal of his national ID system would not be a practical option if Senator Schumer has his way. The irony isn’t just rich, it’s curdled and reeking when Senator Schumer leads the attack on Facebook for its privacy practices.
How Much Government Snooping? Google It Up!
The secrecy surrounding government surveillance is a constant source of frustration to privacy activists and scholars: It’s hard to have a serious discussion about policy when it’s like pulling teeth to get the most elementary statistics about the scope of state information gathering, let alone any more detailed information. Even when reporting is statutorily required, government agencies tend to drag their heels making statistics available to Congress — and it can take even longer to make the information more widely accessible. Phone and Internet companies, even when they join the fight against excessive demands for information, are typically just as reluctant to talk publicly about just how much of their customers’ information they’re required to disclose. That’s why I’m so pleased at the news that Google has launched their Government Requests transparency tool. It shows a global map on which users can see how many governmental demands for user information or content removal have been made to Google’s ever-growing empire of sites — now including Blogger, YouTube, and Gmail — starting with the last six months.
So far, the information up there is both somewhat limited and lacking context. For instance, it might seem odd that Brazil tops the list of governmental information hounds until you bear in mind that Google’s Orkut social network, while little-used by Americans, is the Brazilian equivalent of Facebook.
There are also huge gaps in the data: The United States comes in second with 3,580 requests from law enforcement at all levels, but that doesn’t include intelligence requests, so National Security Letters (tens of thousands of which are issued every year) and FISA warrants or “metadata” orders (which dwarf ordinary federal wiretaps in number) aren’t part of the tally. And since China considers all such government information requests to be state secrets — whether for criminal or intelligence investigations — no data from the People’s Republic is included.
Neither is there any detail about the requests they have counted — how many are demands for basic subscriber information, how many for communications metadata, and how many for actual e-mail or chat contents. The data on censorship is similarly limited: They’re counting governmental but not civil requests, such as takedown notices under the Digital Millennium Copyright Act.
For all those limits — and the company will be striving to provide some more detail, within the limits of the law — this is a great step toward bringing vital transparency to the shadowy world of government surveillance, and some nourishment to the data-starved wretches who seek to study it. We cannot have a meaningful conversation about whether censorship or invasion of privacy in the name of security have gone too far if we do not know, at a minimum, what the government is doing. So, for a bit of perspective, we know that U.S. courts reported a combined total of 1,793 (criminal, not intel) wiretaps sought by both federal and state authorities. Almost none of these (less than 1 percent) were for electronic interception.
This may sound surprising, unless you keep in mind that federal law establishes a very high standard for the “live” interception of communications over a wire, but makes it substantially easier — under some circumstances rather terrifyingly easy — to get stored communications records. So there’s very little reason for police to jump through all the hoops imposed on wiretap orders when they want to read a target’s e-mails.
If and when Google were to break down that information about requests — to show how many were “full content” as opposed to metadata requests — we would begin to have a far more accurate picture of the true scope of governmental spying. Should other major players like Yahoo and Facebook be inspired to follow Google’s admirable lead here, it would be better still. Already, though, that one data point from a single company — showing more than twice as many data requests as the total number of phone wiretaps reported for the entire country — suggests that there is vastly more actual surveillance going on than one might infer from official wiretap numbers.
Consumers in the Driver’s Seat—Oh, the Humanity!
Yesterday the D.C. Circuit ruled that Congress hadn’t given the Federal Communications Commission power to regulate the Internet and the FCC couldn’t bootstrap that power from other authority. It was a rare but welcome affirmation that the rule of law might actually pertain in the regulatory area.
But the Open Internet Coalition put out a release containing threat exaggeration to make Dick Cheney blush:
“Today’s DC Circuit decision . . . creates a dangerous situation, one where the health and openness of broadband Internet is being held hostage by the behavior of the major telco and cable providers.”
That’s right. It’s a hostage-taking when consumers and businesses—and not government—hammer out the terms and conditions of Internet access. Inferentially, the organization representing Google, Facebook, eBay, and Twitter believes that Internet users are too stupid and supine to choose the Internet service they want.
What these content companies are really after, of course, is government support in their tug-of-war with the companies that transport Internet content. It’s hard to know which produces the value of the Internet and which should gain the lion’s share of the rewards. Let the market—not lobbying—decide what reward content and transport deserve for their roles in the Internet ecosystem.
As I said of the Open Internet Coalition’s membership on a saltier, but still relentlessly charming, day: “[T]hese companies are losing their way. The leadership of these companies should fire their government relations staffs, disband their contrived advocacy organization, and get back to innovating and competing.”
Iranian Thugs Take Crackdown Worldwide
Political repression is old news. Thuggish regimes have been holding their citizens prisoner for centuries. But Iran’s government now is borrowing an innovative Soviet and Nazi tactic: targeting family members of dissenters, even those living in the U.S.
Reports the Wall Street Journal:
His first impulse was to dismiss the ominous email as a prank, says a young Iranian-American named Koosha. It warned the 29-year-old engineering student that his relatives in Tehran would be harmed if he didn’t stop criticizing Iran on Facebook.
Two days later, his mom called. Security agents had arrested his father in his home in Tehran and threatened him by saying his son could no longer safely return to Iran.“When they arrested my father, I realized the email was no joke,” said Koosha, who asked that his full name not be used.
Tehran’s leadership faces its biggest crisis since it first came to power in 1979, as Iranians at home and abroad attack its legitimacy in the wake of June’s allegedly rigged presidential vote. An opposition effort, the “Green Movement,” is gaining a global following of regular Iranians who say they never previously considered themselves activists.
The regime has been cracking down hard at home. And now, a Wall Street Journal investigation shows, it is extending that crackdown to Iranians abroad as well.
In recent months, Iran has been conducting a campaign of harassing and intimidating members of its diaspora world-wide — not just prominent dissidents — who criticize the regime, according to former Iranian lawmakers and former members of Iran’s elite security force, the Revolutionary Guard, with knowledge of the program.
Internet Companies’ Bogus Plea for Regulation
Some of the most prominent Internet companies sent a letter yesterday asking for protection from market forces. Among them: Facebook, Google, Amazon, and Twitter.
A Washington Post story summarizes their concerns: “[W]ithout a strong anti-discrimination policy, companies like theirs may not get a fair shot on the Internet because carriers could decide to block them from ever reaching consumers.”
No ISP could block access to these popular services and survive, of course. What they could do is try to charge the most popular services a higher tariff to get their services through. Thus, weep the helpless, multi-billion-dollar Internet behemoths, we need a “fair shot”!
Plain and simple, these companies want regulation to ensure that ISPs can’t capture a larger share of the profits that the Internet generates. They want it all for themselves. Phrased another way, the goal is to create a subsidy for content creators by blocking ISPs from getting a piece of the action.
It’s all very reminiscent of disputes between coal mines and railroads. The coal mines “produced the coal” and believed that the profitability of the coal-energy ecosystem should accrue only to themselves, with railroads earning the barest minimum. But where is it written that digging coal out of the ground is what creates the value, and getting it where it’s used creates none? Transport may be as valuable as “production” of both commodities and content. The market should decide, not the industry with the best lobbyists.
What happens if ISPs can’t capture the value of providing transport? Of course, less investment flows to transport and we have less of it. Consumers will have to pay more of their dollars out of pocket for broadband, while Facebook’s boy CEO draws an excessive salary from atop a pile of overpriced stock holdings. The irony is thick when opponents of high executive compensation support “net neutrality” regulation.
Another reason why these Internet companies’ concerns are bogus is their size and popularity. They have a direct line to consumers and more than enough capability to convince consumers that any given ISP is wrongly degrading access to their services. As Tim Lee pointed out in his excellent paper, “The Durable Internet,” ownership of a network service does not equate to control. ISPs can be quickly reined in by the public, as has already happened.
A “net neutrality” subsidy for small start-up services is also unnecessary: They have no profits to share with ISPs. What about mid-size services—heading to profitability, but not there yet? Can ISPs choke them off? Absolutely not.
Large, established companies are not known for being ahead of trends, for one thing, and the anti-authoritarian culture of the Internet is the perfect place to play “beleaguered upstart” against the giant, evil ISP. There could be no greater PR gift than for a small service to have access to it degraded by an ISP.
The Internet companies’ plea for regulation is bogus, and these companies are losing their way. The leadership of these companies should fire their government relations staffs, disband their contrived advocacy organization, and get back to innovating and competing.
Online Privacy and Regulation by Default
My colleague Jim Harper and I have been having a friendly internal argument about Internet privacy regulation that strikes me as having potential implications for other contexts, so I thought I might as well pick it up here in case it’s of interest to anyone else. Unsurprisingly, neither of us are particularly sanguine about elaborate regulatory schemes—and I’m sympathetic to the general tenor of his recent post on the topic. But unlike Jim, as I recently wrote here, I can think of two rules that might be appropriate: A notice requirement that says third-party trackers must provide a link to an ordinary-language explanation of what information is being collected, and for what purpose, combined with a clear rule making those stated privacy policies enforceable in court. Jim regards this as paternalistic meddling with online markets; I regard it as establishing the conditions for the smooth functioning of a market. What do those differences come down to?
A Bizarre Privacy Indictment
Page one of today’s Washington Times—above the fold—has a fascinating story indicting the White House for failing to disclose that it will collect and retain material posted by visitors to its pages on social networking sites like Facebook and YouTube. The story is fascinating because so much attention is being paid to it. (It was first reported, as an aside at least, by Major Garrett on Fox News a month ago.)
The question here is not over the niceties of the Presidential Records Act, which may or may not require collection and storage of the data. It’s over people’s expectations when they use the Internet.
Marc Rotenberg, president of the Electronic Privacy Information Center, said the White House signaled that it would insist on open dealings with Internet users and, in fact, should feel obliged to disclose that it is collecting such information.
Of course, the White House is free to disclose or announce anything it wants. It might be nice to disclose this particular data practice. But is it really a breach of privacy—and, through failure to notify, transparency—if there isn’t a distinct disclosure about this particular data collection?
Let’s talk about what people expect when they use the Internet and social networking sites. Though the Internet is a gigantic copying machine, some may not know that data is collected online. They may imagine that, in the absence of notice, the data they post will not be warehoused and redistributed, even though that’s exactly what the Internet does.
There can be special problems when it is the government collecting the information. The White House’s “flag@whitehouse.gov” tip line was concerning because it asked Americans to submit information about others. There is a history of presidents amassing “enemies” lists. But this is not the complaint with White House tracking of data posted on its social networking sites.
People typically post things online because they want publicity for those things—often they want publicity for the fact that they are the ones posting, too. When they write letters, they give publicity to the information in the letter and the fact of having sent it. When they hold up signs, they seek publicity for the information on the signs, and their own role in publicizing it.
How strange that taking note of the things people publicize is taken as a violation of their privacy. And failing to notify them of the fact they will be observed and recorded is a failure of transparency.
America, for most of what you do, you do not get “notice” of the consequences. Instead, in the real world and online, you grown-ups are “on notice” that information you put online can be copied, stored, retransmitted, and reused in countless ways. Aside from uses that harm you, you have little recourse against that after you have made the decision to release information about yourself.
The White House is not in the wrong here. If there’s a lesson, it’s that people are responsible for their own privacy and need to be aware of how information moves in the online environment.
My Morning Tabloid
Why is a U.S. senator’s extramarital affair on the front page of The Washington Post this morning?
Don’t get me wrong, I like a juicy sex scandal as well as the next guy. And I’m amused at my friend and former colleague Radley Balko’s Facebook comment (or was it a tweet? who can keep up with the new media?) that ”sadly, growing public acceptance for gay marriage has given yet another conservative politician no choice but to cheat on his wife.” But this affair fit Bill Kristol’s definition of good Republican behavior: “Republicans have old-fashioned extramarital affairs with other adults.” No prostitution, no underage interns, no public toilets.
So why is it front-page news?
Meanwhile, you know what’s not on the front page, today or any day so far? President Obama’s firing of the AmeriCorps inspector general, in apparent violation of a law that Senator Obama voted for, perhaps in retaliation for the IG’s investigation of Sacramento mayor Kevin Johnson, an Obama supporter. It’s an interesting story. As a Wall Street Journal lead editorial explained:
In April 2008 the Corporation [for National and Community Service] asked Mr. Walpin to investigate reports of irregularities at St. HOPE, a California nonprofit run by former NBA star and Obama supporter Kevin Johnson. St. HOPE had received an $850,000 AmeriCorps grant, which was supposed to go for three purposes: tutoring for Sacramento-area students; the redevelopment of several buildings; and theater and art programs.
Mr. Walpin’s investigators discovered that the money had been used instead to pad staff salaries, meddle politically in a school-board election, and have AmeriCorps members perform personal services for Mr. Johnson, including washing his car.
Other papers have been on the story, notably the Washington Examiner. But as even The Washington Post‘s ombudsman notes, not a word in the Post (until a small story on page A19 today, featuring the Obama administration’s spin on the issue). The Post is, however, ahead of The New York Times, which has apparently not run a word on the story, even online, though it did have room for the senatorial affair.
And I have to wonder: If George W. Bush had fired an inspector general who had alleged fraud by a key Bush supporter, would the Post and the Times have covered the story?
Breaking through the Great Firewall of China
So when China blocked social networking sites for the 20th anniversary of the Tiananmen square massacre, were they successful?
Cato on Facebook
Cato on Twitter
Cato on Google+
Cato on YouTube
