Geithner Ignores Bailout History
Perhaps the biggest problem with the Obama plan to “reform” our financial system is the impact it would have on the market perception surrounding “too big to fail” institutions. In identifying some companies as “too big to fail” holders of debt in those companies would assume that they would be made whole if those companies failed. After all, that is what we did for the debt-holders in Fannie, Freddie, AIG, and Bear. Both former Secretary Paulson and Geithner appear under the impression that moral hazard only applies to equity, despite debt constituting more than 90% of the capital structure of the typical financial firm.
Geithner believes he’s found a way to solve this problem – he’ll just tell everyone that there isn’t an implicit subsidy, and there won’t be a list of “too big to fail” companies. Great, why didn’t I think of that. After all, the constant refrain in Washington over the years that Fannie and Freddie weren’t getting an implicit subsidy really prepared the markets for their demise.
Even more bizarre is Geithner’s assertion that the government can force these institutions to hold higher capital, maintain more liquidity and be subjected to greater supervision, all without anyone knowing who exactly these companies are. Does the Secretary truly believe that these companies’ securities disclosures won’t include the amount of capital they are holding? Whether there is an official list or not is besides the question, market participants will be able to infer that list from publicly available information and the actions of regulators.
One has to wonder whether Geithner spent any of his time at the NY Fed actually watching how markets work. Before we continue down the path of financial reform, maybe it would be useful for our Treasury Secretary to take a few weeks off to study what got us into this mess. We’ve already been down this road of denying implicit subsidies and then providing them after the fact. Maybe it’s time to try something different.
Online Privacy and Regulation by Default
My colleague Jim Harper and I have been having a friendly internal argument about Internet privacy regulation that strikes me as having potential implications for other contexts, so I thought I might as well pick it up here in case it’s of interest to anyone else. Unsurprisingly, neither of us are particularly sanguine about elaborate regulatory schemes—and I’m sympathetic to the general tenor of his recent post on the topic. But unlike Jim, as I recently wrote here, I can think of two rules that might be appropriate: A notice requirement that says third-party trackers must provide a link to an ordinary-language explanation of what information is being collected, and for what purpose, combined with a clear rule making those stated privacy policies enforceable in court. Jim regards this as paternalistic meddling with online markets; I regard it as establishing the conditions for the smooth functioning of a market. What do those differences come down to?
Filed under: Regulatory Studies; Telecom, Internet & Information Policy
A Bizarre Privacy Indictment
Page one of today’s Washington Times—above the fold—has a fascinating story indicting the White House for failing to disclose that it will collect and retain material posted by visitors to its pages on social networking sites like Facebook and YouTube. The story is fascinating because so much attention is being paid to it. (It was first reported, as an aside at least, by Major Garrett on Fox News a month ago.)
The question here is not over the niceties of the Presidential Records Act, which may or may not require collection and storage of the data. It’s over people’s expectations when they use the Internet.
Marc Rotenberg, president of the Electronic Privacy Information Center, said the White House signaled that it would insist on open dealings with Internet users and, in fact, should feel obliged to disclose that it is collecting such information.
Of course, the White House is free to disclose or announce anything it wants. It might be nice to disclose this particular data practice. But is it really a breach of privacy—and, through failure to notify, transparency—if there isn’t a distinct disclosure about this particular data collection?
Let’s talk about what people expect when they use the Internet and social networking sites. Though the Internet is a gigantic copying machine, some may not know that data is collected online. They may imagine that, in the absence of notice, the data they post will not be warehoused and redistributed, even though that’s exactly what the Internet does.
There can be special problems when it is the government collecting the information. The White House’s “flag@whitehouse.gov” tip line was concerning because it asked Americans to submit information about others. There is a history of presidents amassing “enemies” lists. But this is not the complaint with White House tracking of data posted on its social networking sites.
People typically post things online because they want publicity for those things—often they want publicity for the fact that they are the ones posting, too. When they write letters, they give publicity to the information in the letter and the fact of having sent it. When they hold up signs, they seek publicity for the information on the signs, and their own role in publicizing it.
How strange that taking note of the things people publicize is taken as a violation of their privacy. And failing to notify them of the fact they will be observed and recorded is a failure of transparency.
America, for most of what you do, you do not get “notice” of the consequences. Instead, in the real world and online, you grown-ups are “on notice” that information you put online can be copied, stored, retransmitted, and reused in countless ways. Aside from uses that harm you, you have little recourse against that after you have made the decision to release information about yourself.
The White House is not in the wrong here. If there’s a lesson, it’s that people are responsible for their own privacy and need to be aware of how information moves in the online environment.
Thursday Links
- Michael Tanner on the Obama health care speech: All sizzle, no substance.
- Why Main Street should embrace globalization. Plus, why international trade doesn’t cause unemployment at home.
- Should the IRS have the right to share your tax information with foreign governments? How about totalitarian ones? It may not be so far off.
- Libertarian news anchor John Stossel leaving ABC for Fox.
- Podcast- Obama: Hey, lets force everyone to have insurance, and fine Americans who don’t comply.
Picture Don Draper Stamping on a Human Face, Forever
Last week, a coalition of 10 privacy and consumer groups sent letters to Congress advocating legislation to regulate behavioral tracking and advertising, a phrase that actually describes a broad range of practices used by online marketers to monitor and profile Web users for the purpose of delivering targeted ads. While several friends at the Tech Liberation Front have already weighed in on the proposal in broad terms — in a nutshell: they don’t like it — I think it’s worth taking a look at some of the specific concerns raised and remedies proposed. Some of the former strike me as being more serious than the TLF folks allow, but many of the latter seem conspicuously ill-tailored to their ends.
First, while it’s certainly true that there are privacy advocates who seem incapable of grasping that not all rational people place an equally high premium on anonymity, it strikes me as unduly dismissive to suggest, as Berin Szoka does, that it’s inherently elitist or condescending to question whether most users are making informed choices about their privacy. If you’re a reasonably tech-savvy reader, you probably know something about conventional browser cookies, how they can be used by advertisers to create a trail of your travels across the Internet, and how you can limit this. But how much do you know about Flash cookies? Did you know about the old CSS hack I can use to infer the contents of your browser history even without tracking cookies? And that’s without getting really tricksy. If you knew all those things, congratulations, you’re an enormous geek too — but normal people don’t. And indeed, polls suggest that people generally hold a variety of false beliefs about common online commercial privacy practices. Proof, you might say, that people just don’t care that much about privacy or they’d be attending more scrupulously to Web privacy policies — except this turns out to impose a significant economic cost in itself.
The truth is, if we were dealing with a frictionless Coaseian market of fully-informed users, regulation would not be necessary, but it would not be especially harmful either, because users who currently allow themselves to be tracked would all gladly opt in. In the real world, though, behavioral economics suggests that defaults matter quite a lot: Making informed privacy choices can be costly, and while an opt-out regime will probably yield tracking of some who would prefer not to be under conditions of full information and frictionless choice, an opt-in regime will likely prevent tracking of folks who don’t object to tracking. And preventing that tracking also has real social costs, as Berin and Adam Thierer have taken pains to point out. In particular, it merits emphasis that behavioral advertising is regarded by many as providing a viable business model for online journalism, where contextual advertising tends not to work very well: There aren’t a lot of obvious products to tie in to an important investigative story about municipal corruption. Either way, though, the outcome is shaped by the default rule about the level of monitoring users are presumed to consent to. So which set of defaults ought we to prefer?
Filed under: Regulatory Studies; Telecom, Internet & Information Policy
Tom Ridge on the Bush Administration’s War on Terror
Former congressman, governor, and secretary of the Department of Homeland Security Tom Ridge is a long-time GOP loyalist. But he apparently doesn’t have good things to say about the Bush administration on its vaunted war on terrorism.
A new report on his upcoming book warns:
Tom Ridge, the first head of the 9/11-inspired Department of Homeland Security, wasn’t keen on writing a tell-all. But in The Test of Our Times: America Under Siege…and How We Can Be Safe Again, out September 1, Ridge says he wants to shake “public complacency” over security.
And to do that, well, he needs to tell all. Especially about the infighting he saw that frustrated his attempts to build a smooth-running department. Among the headlines promoted by publisher Thomas Dunne Books: Ridge was never invited to sit in on National Security Council meetings; was “blindsided” by the FBI in morning Oval Office meetings because the agency withheld critical information from him; found his urgings to block Michael Brown from being named head of the emergency agency blamed for the Hurricane Katrina disaster ignored; and was pushed to raise the security alert on the eve of President Bush’s re-election, something he saw as politically motivated and worth resigning over.
This confirms widespread suspicion that the Bush administration’s terrorism initiatives were highly political. It also undercuts the claim that we should trust government to protect us by sacrificing our liberties and giving trustworthy public servants greater discretion.
Filed under: Foreign Policy and National Security; Government and Politics
600 Billion Data Points Per Day? It’s Time to Restore the Fourth Amendment
Jeff Jonas has published an important post: “Your Movements Speak for Themselves: Space-Time Travel Data is Analytic Super-Food!”
More than you probably realize, your mobile device is a digital sensor, creating records of your whereabouts and movements:
Mobile devices in America are generating something like 600 billion geo-spatially tagged transactions per day. Every call, text message, email and data transfer handled by your mobile device creates a transaction with your space-time coordinate (to roughly 60 meters accuracy if there are three cell towers in range), whether you have GPS or not. Got a Blackberry? Every few minutes, it sends a heartbeat, creating a transaction whether you are using the phone or not. If the device is GPS-enabled and you’re using a location-based service your location is accurate to somewhere between 10 and 30 meters. Using Wi-Fi? It is accurate below 10 meters.
The process of deploying this data to markedly improve our lives is underway. A friend of Jonas’ says that space-time travel data used to reveal traffic tie-ups shaves two to four hours off his commute each week. When it is put to full use, “the world we live in will fundamentally change. Organizations and citizens alike will operate with substantially more efficiency. There will be less carbon emissions, increased longevity, and fewer deaths.”
This progress is not without cost:
Read the rest of this post »
Filed under: Law and Civil Liberties; Telecom, Internet & Information Policy
Would PASS ID Really Save States Money?
The proposed PASS ID Act is a national ID just like REAL ID, and it threatens privacy just as much. Some argue that a national ID under PASS ID should be palatable, though, because it reduces costs to states.
But savings to states under PASS ID are not at all clear. Let’s take a look at the costs of creating a U.S. national ID.
The REAL ID Act, passed in May 2005, required states to begin implementing a national ID system within three years. In regulations it proposed in March 2007, the Department of Homeland Security extended that draconian deadline. States would have five years, starting in May 2008, to move all driver’s license and ID card holders into REAL ID-compliant cards.
The Department of Homeland Security estimated the costs for this project at $17.2 billion dollars (net present value, 7% discount). Costs to individuals came it at nearly $6 billion – mostly in wasted time. Americans would spend more than 250 million hours filling out forms, finding birth certificates and Social Security cards, and waiting in line at the DMV.
The bulk of the costs fell on state governments, though: nearly $11 billion dollars. The top three expenditures were $5.25 billion for customer service at DMVs, $4 billion for card production, and $1.1 billion for data systems and IT. Getting hundreds of millions of people through DMVs and issuing them new cards in such a short time was the bulk of the cost.
To drive down the cost estimate, DHS pushed the implementation schedule way back. In its final rule of January 2008, it allowed states a deadline extension to December 31, 2009 just for the asking, and a second extension to May 2011 for meeting certain milestones. Then states would have until the end of 2017 to replace all cards with the national ID card. That’s just under ten years.
Then the DHS decided to assume that only 75% of people would actually get the national ID. (Never mind that whatever benefits from having a national ID drop to near zero if it is not actually “national.”)
The result was a total cost estimate of about $6.85 billion (net present value, 7% discount). Individual citizens would still spend $5.2 billion worth of their time (in undiscounted dollars) on paperwork and waiting at the DMV. But states would spend just $1.5 billion on data and interconnectivity systems; $970 million on customer service; and $953 million on card production and issuance—a total of about $2.4 billion. (All undiscounted—DHS didn’t publish estimates for the final rule the same way it published their estimates for the proposed rule.)
Maybe these cost estimates were still too high. Maybe they weren’t believable. Or maybe Americans’ love of privacy and hatred of a national ID explains it. But the lower cost estimate did not slow the “REAL ID Rebellion.” Given the costs, the complexity, the privacy consequences, and the dubious benefits, states rejected REAL ID.
Enter PASS ID, which supposedly alleviates the costs to states of REAL ID. But would it?
At a Senate hearing last week, not one, but two representatives of the National Governors Association testified in favor of PASS ID, citing their internal estimate that implementing PASS ID would cost states just $2 billion.
But there is reason to doubt that figure. PASS ID is a lot more like REAL ID – the original REAL ID – in the way that most affects costs: the implementation schedule.
Filed under: Law and Civil Liberties; Telecom, Internet & Information Policy
Review of the Big REAL ID Hearing
The Senate Homeland Security and Governmental Affairs Committee held a hearing yesterday on the REAL ID Act and the REAL ID revival bill, known as PASS ID. I attended and want to share with you some highlights.
Good News!
Little good came from the hearing, as it was primarily focused on how to get the states and people to accept a national ID. But there is some good news.
First, Department of Homeland Security Secretary Janet Napolitano declared REAL ID dead (much as I did in my testimony two-plus years ago). “DOA” is how she referred to it.
She also said that no state will be in compliance with REAL ID by the current December 31, 2009 deadline. This is important because a lot of people think that states doing anything about the security of drivers’ licenses and ID cards are complying with REAL ID.
Another highlight was the commentary of Senator Roland Burris (D-IL). He is a beleaguered outsider to the Senate and evidently wasn’t coached on the talking points around REAL ID and PASS ID. So he flat out asked why we shouldn’t just have “a national ID.”
Senator Susan Collins’ (R-ME) nervous smile was particularly noticeable when Burris asked why the emperor had no clothes. No one was supposed to talk about national IDs at this hearing! But that’s what PASS ID is.
REAL ID and PASS ID are two versions of the same national ID system, and nobody is denying it. That’s good news because the effort to rebrand REAL ID through PASS ID has failed.
Does the PASS ID Act Protect Privacy?
I’ve written about PASS ID here a couple of times before – first on whether or not it’s a national ID and, second, on the politics of this REAL ID revival bill. Now I’ll take a look at whether it fixes the privacy issues with REAL ID. Privacy is complicated. Buckle up.
The day the bill was introduced, the Center for Democracy and Technology issued a press release giving it a privacy stamp of approval.
“The PASS ID Act addresses most of the major privacy and security concerns with REAL ID,” said Ari Schwartz, Vice-President of CDT. The release cited four ways that PASS ID was an improvement over the bill it’s modeled on, REAL ID.
Interstate Data Sharing?
First, CDT said, PASS ID “[r]emoves the requirement that states ‘provide electronic access’ allowing every other state to search their motor vehicles records.” It’s technically true: The language from REAL ID directly requiring states to share information among themselves came out of PASS ID. But the requirements of the law will cause that information sharing to happen all the same.
Like REAL ID did, PASS ID would require states to confirm that “a person submitting an application for a driver’s license or identification card is terminating or has terminated any driver’s license or identification card” issued by another state.
How do you do that? You check the driver license databases of every other state. Maybe you do this by directly accessing other states’ databases; maybe you do this indirectly, through a “pointer system” or “hub.” But to confirm that you’re talking about the right person, you don’t just compare names. You compare names, addresses, pictures, and other biometrics.
Some Thinking on “Cyber”
Last week, I had the opportunity to testify before the House Science Committee’s Subcommittee on Technology and Innovation on the topic of “cybersecurity.” I have been reluctant to opine on it because of its complexity, but I did issue a short piece a few months ago arguing against government-run cybersecurity. That piece was cited prominently in the White House’s “Cyberspace Policy Review” and — blamo! — I’m a cybersecurity expert.
Not really — but I have been forming some opinions at a high level of generality that are worth making available. They can be found in my testimony, but I’ll summarize them briefly here.
What Is “De-Identified”?
On a post at the TechLiberationFront blog, I discuss the fluidity of important concepts in information policy — and catch a friendly organization disagreeing with itself.
The upshot? “Until more intellectual groundwork is laid, information policy arguments before regulators, lawmakers, and courts will not rest on solid footing.”
E-Verify: The Surveillance Solution
The federal government will keep data about every person submitted to the “E-Verify” background check system for 10 years.
At least that’s my read of the slightly unclear notice describing the “United States Citizenship Immigration Services 009 Compliance Tracking and Monitoring System” in today’s Federal Register. (A second notice exempts this data from many protections of the Privacy Act.)
To make sure that people aren’t abusing E-Verify, the United States Citizenship and Immigration Services Verification Division, Monitoring and Compliance Branch will watch how the system is used. It will look for misuse, such as when a single Social Security Number is submitted to the system many times, which suggests that it is being used fraudulently.
How do you look for this kind of misuse (and others, more clever)? You collect all the data that goes into the system and mine it for patterns consistent with misuse.
The notice purports to limit the range of people whose data will be held in the system, listing “Individuals who are the subject of E-Verify or SAVE verifications and whose employer is subject to compliance activities.” But if the Monitoring Compliance Branch is going to find what it’s looking for, it’s going to look at data about all individuals submitted to E-Verify. “Employer subject to compliance activities” is not a limitation because all employers will be subject to “compliance activities” simply for using the system.
In my paper on electronic employment eligibility verification systems like E-Verify, I wrote how such systems “would add to the data stores throughout the federal government that continually amass information about the lives, livelihoods, activities, and interests of everyone—especially law-abiding citizens.”
It’s in the DNA of E-Verify to facilitate surveillance of every American worker. Today’s Federal Register notice is confirmation of that.
Filed under: Cato Publications; Telecom, Internet & Information Policy; Trade and Immigration
Computers Freedom & Privacy 2009
The Computers Freedom & Privacy conference is consistently one of the most interesting and forward-looking privacy conferences. This year, it’s at George Washington University in Washington, D.C. June 1-4.
I helped organize it this time, though by no means does the event skew libertarian. What it does is bring together people of all ideologies to discuss common concerns about the present and future state of privacy.
I’ll be speaking on a panel called “The Future of Security vs. Privacy” on Tuesday, June 2nd. Here’s the program page. And here’s the registration page if any of this whets your appetite.
Cato on Facebook
Cato on Twitter
Cato on YouTube
Cato Tweets