The Daily Caller reports that Senator Harry Reid (D-NV) is planning another effort at Internet regulation—right on the heels of the SOPA/PIPA debacle. The article seems calculated to insinuate that a follow-on to SOPA/PIPA might slip into cybersecurity legislation the Senate plans to take up. Whether that’s in the works or not, I’ll detail here the privacy threats in cybersecurity language being circulated on the Hill.

A Senate draft currently making the rounds is called the “Cybersecurity Information Sharing Act of 2012.” It sets up “cybersecurity exchanges” at which government and corporate entities would share threat information and solutions.

Sharing of information does not require federal approval or planning, of course. Information sharing happens all the time according to market processes. But “information sharing” is the solution Congress has seized upon, so federal information sharing programs we will have. Think of all this as a “see something, say something” campaign for corporate computer security people. Or perhaps “e-fusion centers.”

Reading over the draft, I was struck by sweeping language purporting to create “affirmative authority to monitor and defend against cybersecurity threats.” To understand the strangeness of these words, we must start at the beginning:

We live in a free country where all that is not forbidden is allowed. There is no need in such a country for “affirmative” authority to act. So what does this section do as it in purports to permit private and governmental entities to monitor their information systems, operate active defenses, and such? It sweeps aside nearly all other laws controlling them.

“Consistent with the Constitution of the United States and notwithstanding and other provision of law,” it says (emphasis added), entities may act to preserve the security of their systems. This means that the only law controlling their actions would be the Constitution.

It’s nice that the Constitution would apply</sarcasm>, but the obligations in the Privacy Act of 1974 would not. The Electronic Communications Privacy Act would be void. Even the requirements of the E-Government Act of 2002, such as privacy impact assessments, would be swept aside.

The Constitution doesn’t constrain private actors, of course. This language would immunize them from liability under any and all regulation and under state or common law. Private actors would not be subject to suit for breaching contractual promises of confidentiality. They would not be liable for violating the privacy torts. Anything goes so long as one can make a claim to defending “information systems,” a term that refers to anything having to do with computers.

Elsewhere, the bill creates an equally sweeping immunity against law-breaking so long as the law-breaking provides information to a “cybersecurity exchange.” This is a breath-taking exemption from the civil and criminal laws that protect privacy, among other things.

(1) IN GENERAL.—No civil or criminal cause of action shall lie or be maintained in any Federal or State court against any non-Federal governmental or private entity, or any officer, employee, or agent of such an entity, and any such action shall be dismissed promptly, for the disclosure of a cybersecurity threat indicator to—
(A) a cybersecurity exchange under subsection (a)(1); or
(B) a private entity under subsection, (b)(1), provided the cybersecurity threat indicator is promptly shared with a cybersecurity exchange.

In addition to this immunity from suit, the bill creates an equally sweeping “good faith” defense:

Where a civil or criminal cause of action is not barred under paragraph (1), a good faith reliance by any person on a legislative authorization, a statutory authorization, or a good faith determination that this Act permitted the conduct complained of, is a complete defense against any civil or criminal action brought under this Act or any other law.

Good faith is a question of fact, and a corporate security official could argue successfully that she acted in good faith if a government official told her to turn over private data. This language allows the corporate sector to abandon its responsibility to follow the law in favor of following government edicts. We’ve seen attacks on the rule of law like this before.

A House Homeland Security subcommittee marked up a counterpart to this bill last week. It does not have similar language that I could find.

In 2009, I testified in the House Science Committee on cybersecurity, skeptical of the government’s ability to tackle cybersecurity but cognizant that the government must secure its own systems. “Cybersecurity exchanges” are a blind stab at addressing the many challenges in securing computers, networks, and data, and I think they are unnecessary at best. According to current plans, cybersecurity exchanges come at a devastating cost to our online privacy.

Congress seems poised once again to violate the rule from the SOPA/PIPA disaster: “First, do no harm to the Internet.”

The Senate’s SOPA Counterattack?: Cybersecurity the Undoing of Privacy is a post from Cato @ Liberty - Cato Institute Blog

…on the Google privacy policy change.

The idea that people should be able to opt out of a company’s privacy policy strikes me as ludicrous.

Plus she embeds a valuable discussion among her Xtranormal friends. Highlight:

“Well, members of Congress don’t send angry letters about privacy issues very often.”

“Oh, well, actually, they do.”

Read the whole thing. Watch the whole thing. And, if you actually care, take some initiative to protect your privacy from Google, a thing you are well-empowered to do by the browser and computer you are using to view this post.

Kashmir Hill Has It Right… is a post from Cato @ Liberty - Cato Institute Blog

Does a more careful reading of the Supreme Court’s decision in U.S. v. Jones turn up a lurking victory for the government?

Modern media moves so fast that the second-day story happens in the afternoon of the first. The Supreme Court ruled unanimously Monday morning that government agents conduct a Fourth Amendment search when they place a GPS device on a private vehicle and use it to monitor a suspect’s whereabouts for weeks at a time. Monday afternoon, a couple of commentators suggested that the case is less a win than many thought because it didn’t explicitly rule that a warrant is required to attach a GPS device to a vehicle.

Writing on the Volokh Conspiracy blog, George Washington University law professor Orin Kerr noted “What Jones Does Not Hold.”

The Court declined to reach when the installation of the device is reasonable or unreasonable. … So we actually don’t yet know if a warrant is required to install a GPS device; we just know that the installation of the device is a Fourth Amendment “search.”

And over on Scotusblog, Tom Goldstein found that “The Government Fared Much Better Than Everyone Realizes“:

[D]oes the “search” caused by installing a GPS device require a warrant? The answer may be no, given that no member of the Court squarely concludes it does and four members of the Court (those who join the Alito concurrence) do not believe it constitutes a search at all.

So there is a constitutional search when the government attaches a GPS device to a vehicle, but the Court conspicuously declined to say that such a search requires a warrant. Do we have an “a-ha” moment?

When the Supreme Court granted certiorari in the case, it took the unusual step of adding to the questions it wanted addressed. In addition to “[w]hether the warrantless use of a tracking device on respondent’s vehicle to monitor its movements on public streets violated the Fourth Amendment,” the Court wanted to know “whether the government violated respondent’s Fourth Amendment rights by installing the GPS tracking device on his vehicle without a valid warrant and without his consent.” These are both compound questions, but the dimension added by the second is the Fourth Amendment meaning of attaching a device to a vehicle. The case was about attaching a device to a vehicle, and if the Court didn’t walk through every clause in each of the questions presented, that’s why.

On that central question in the case, the government argued the following: “Attaching the GPS tracking device to respondent’s vehicle was not a search or seizure under the Fourth Amendment.” The government lost, full stop.

Now, it’s true that the Court’s majority opinion didn’t explictly find that the “search” that occurs when attaching and using a GPS device requires a warrant, but look at its characterization of the opinion it affirmed: “The United States Court of Appeals for the District of Columbia Circuit reversed [Jones's] conviction because of admission of the evidence obtained by warrantless use of the GPS device which, it said, violated the Fourth Amendment.”

The Court did decline to consider the argument that the government might be able to attach a device based on reasonable suspicion or probable cause—that argument was “forfeited” by the government’s failure to raise it in the lower courts—but if the Supreme Court were limiting its holding to the attachment-as-search issue, it would have remanded the case back to the lower courts for further proceedings consistent with the opinion. It did not, and the sensible inference to draw from that is that the general rule applies: a warrant is required in the absence of one of the customary exceptions. Failing to make that explicit was not “opening a door” to a latent government victory. U.S. v. Jones was a unanimous decision rejecting the government’s warrantless use of outré technology to defeat the natural privacy protections provided by law and physics.

At least one serious lawyer I know has raised the point that I address here, and it is a real one, but some in the commentariat are a little too showy with their analysis and far too willing to go looking for a government victory in what is nothing other than a government defeat.

The Second-Day Story on U.S. v. Jones is a post from Cato @ Liberty - Cato Institute Blog

The Supreme Court has delivered a big win for privacy in U.S. v. Jones. That’s the case in which government agents placed a GPS device on a car and used it to track a person round-the-clock for four weeks. The question before the Court was whether the government may do this in the absence of a valid warrant. All nine justices say No.

That’s big, important news. The Supreme Court will not allow developments in technology to outstrip constitutional protections the way it did in Olmstead.

Olmstead v. United States was a 1928 decision in which the Court held that there was no Fourth Amendment search or seizure involved in wiretapping because law enforcement made “no entry of the houses or offices of the defendants.” It took 39 years for the Court to revisit that restrictive, property-based ruling and find that Fourth Amendment interests exist outside of buildings. “[T]he Fourth Amendment protects people, not places” went the famous line from Katz v. United States (1967), which has been the lodestar ever since.

For its good outcome, though, Katz has not served the Fourth Amendment and privacy very well. The Cato Institute’s brief argued to the Court that the doctrine arising from Katz “is weak as a rule for deciding cases.” As developed since 1967, “the ‘reasonable expectation of privacy’ test reverses the inquiry required by the Fourth Amendment and biases Fourth Amendment doctrine against privacy.”

Without rejecting Katz and reasonable expectations, the Jones majority returned to property rights as a basis for Fourth Amendment protection. “The Government physically occupied private property for the purpose of obtaining information” when it attached a GPS device to a private vehicle and used it to gather information. This was a search that the government could not conduct without a valid warrant.

The property rationale for deciding the case had the support of five justices, led by Justice Scalia. The other four justices would have used “reasonable expectations” to decide the same way, so they concurred in the judgement but not the decision. They found many flaws in the use of property and “18th-century tort law” to decide the case.

Justice Sotomayor was explicit in supporting both rationales for protecting privacy. With Justice Scalia, she argued, “When the Government physically invades personal property to gather information, a search occurs.” This language—more clear, and using the legal term of art “personal property,” which Justica Scalia did not—would seem to encompass objects like cell phones, the crucial tool we use today to collect, maintain, and transport our digital effects. Justice Sotomayor emphasized in her separate concurrence that the majority did not reject Katz and “reasonable expectations” in using property as the grounds for this decision.

Justice Sotomayor also deserves special notice for mentioning the pernicious third-party doctrine. “[I]t may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties.” The third-party doctrine cuts against our Fourth Amendment interests in information we share with ISPs, email service providers, financial services providers, and so on. Reconsidering it is very necessary.

Justice Alito’s concurrence is no ringing endorsement of the “reasonable expectation of privacy” test. But he and the justices joining him see many problems with applying Justice Scalia’s property rationale as they interpreted it.

Along with the Scalia-authored Kyllo decision of 2001, Jones is a break from precedent. It may seem like a return to the past, but it is also a return to a foundation on which privacy can be more secure.

More commentary here in the coming days and weeks will explore the case’s meaning more fully. Hopefully, more Supreme Court cases in coming years and decades will clarify and improve Fourth Amendment doctrine.

U.S. v. Jones: A Big Privacy Win is a post from Cato @ Liberty - Cato Institute Blog

When Senator William Proxmire (D-WI) proposed and passed the Fair Credit Reporting Act forty years ago, he almost certainly believed that the law would fix the problems he cited in introducing it. It hasn’t. The bulk of the difficulties he saw in credit reporting still exist today, at least to hear consumer advocates tell it.

Advocates of sweeping privacy legislation and other regulation of the information economy would do well to heed the lessons offered by the FCRA. Top-down federal regulation isn’t up to the task of designing the information society. That’s the upshot of my new Policy Analysis, “Reputation under Regulation: The Fair Credit Reporting Act at 40 and Lessons for the Internet Privacy Debate.” In it, I compare Senator Proxmire’s goals for the credit reporting industry when he introduced the FCRA in 1969 against the results of the law today. Most of the problems that existed then persist today. Some problems with credit reporting have abated and some new problems have emerged.

Credit reporting is a complicated information business. Challenges come from identity issues, judgments about biography, and the many nuances of fairness. But credit reporting is simple compared to today’s expanding and shifting information environment.

“Experience with the Fair Credit Reporting Act counsels caution with respect to regulating information businesses,” I write in the paper. “The federal legislators, regulators, and consumer advocates who echo Senator Proxmire’s earnest desire to help do not necessarily know how to solve these problems any better than he did.”

Management of the information economy should be left to the people who are together building it and using it, not to government authorities. This is not because information collection, processing, and use are free of problems, but because regulation is ill-equipped to solve them.

Information Regulation that Hasn’t Worked is a post from Cato @ Liberty - Cato Institute Blog

I attended the Supreme Court’s oral argument in U.S. v. Jones today, the case dealing with the Fourth Amendment constitutionality of using GPS to track individuals’ movements without a warrant. Predicting outcomes is fraught, and you’re getting your money’s worth from the following free observations.

It seemed to me that most members of the Court want to rule that the government does not have free reign to attach GPS devices to cars. Justices Kennedy, Breyer, and Sotomayor, for example, noted the vast consequences if the government were to win the case. Law enforcement could attach tracking devices to people’s overcoats, for example, and monitor their movements throughout society without implicating the Fourth Amendment. Voluble as he often is, Justice Scalia did not say that the Fourth Amendment doesn’t reach GPS because GPS data wasn’t around for the Framers to insulate from government access.

Justice Alito’s thinking seemed to venture the furthest. He noted how insufficient it would be if the Court were to decide the case based on the narrow ground that attaching a GPS device to a car is an unreasonable seizure. Doing so would not account for the vast amount of personal data the government might access without attaching something to a car, clothing, or other property. If not in this case, the Court will soon have to face the (pernicious) third-party doctrine, which holds that a person has no Fourth Amendment interests in information shared with others.

If the Court desires to rule against the government, the one thing it lacks is a rationale for doing so. When it was time for Jones’s counsel to argue, the Justices seemed frustrated not to have a principle on which to base a decision.

Justice Scalia early-on declared his concern with GPS tracking and his dismay that the “reasonable expectation of privacy” test from Katz v. United States (1967) might shrink the zone of privacy the Framers sought to protect in the Fourth Amendment. But he later retreated into a sort of catch-all posture: the Congress can control GPS tracking if it wants. (Jones’s counsel cleverly suggested that there were 535 reasons not to do that.)

Other Justices’ questions danced awkwardly with the “reasonable expectation of privacy” test. Justice Kennedy was equivocal once about whether it would apply. Chief Justice Roberts seemed acutely aware of the Court’s incompetence to make judgments of such broad societal sweep. This is for good reason: there is no way to determine what society thinks, or what is “reasonable” in terms of privacy, when new technologies are applied new ways.

The solution to this conundrum can be found in the Cato Institute’s amicus brief in the Jones case. The Court should not use the “reasonable expectation of privacy” test from Justice Harlan’s Katz concurrence. Rather, it should follow the majority holding, which accorded Fourth Amendment protection to information that Katz had kept private using physical and legal arrangements. The government stands in the same shoes as the general public when it comes to private information—that is, information that can’t be accessed legally or with ordinary perception. When the government accesses information that was otherwise private, those searches and seizures must be reasonable and must almost always be based upon a warrant.

This way of administering the Fourth Amendment is not a snap of the fingers. There will be details to hash out when the Court eventually finds that having a Fourth Amendment interest in information turns on a factual question: whether someone has concealed information about him- or herself.

The biggest impediment to adoption of this rule may be getting lawyers to realize that “reasonable expectation of” is not a prefix required every time they use the word “privacy.”

U.S. v. Jones: The Court’s Search for a Rationale is a post from Cato @ Liberty - Cato Institute Blog

The Children’s Online Privacy Protection Act became law just over thirteen years ago, passed in the name of protecting children online. It imposes various obligations on Web sites providing content to children thirteen and under.

So? How’s it doing?

danah boyd (she doesn’t capitalize her name) is a skilled researcher into the worlds of social media, youth practices, “public” and “private,” social networking, and other intersections between technology and society. In a Huffington Post article published this week, she reveals conclusions from her research into COPPA and its results. Here are some choice lines from “Why Parents Help Tweens Violate Facebook’s 13+ Rule“:

COPPA is a well-intentioned piece of legislation with unintended consequences for parents, educators, and the public writ large. It has stifled innovation for sites focused on children and its implementations have made parenting more challenging. …

Rather than reinforcing or extending a legal regime that produces age-based restrictions which parents actively circumvent, we need to step back and rethink the underlying goals behind COPPA and develop new ways of achieving them. This begins with a public conversation about what it means to parent in a digital world.

That is a non-libertarian’s research-based conclusion about the COPPA law and its poor fit between means and ends—using federal Internet regulation to protect children. It echoes the words of a report issued a decade ago finding that the White House Web site had violated a Clinton administration policy applying COPPA to federal Web sites.

The difficulty of applying the Children’s Online Privacy Protection Act to just one leading federal Web site … shows how governments rob people of power over information about themselves and their children. It also suggests that future privacy laws and regulations should be studied much more carefully before being put into effect. On government or private-sector Web sites, they can be deeply burdensome and have dramatic unintended effects.

That’s yours truly in a report entitled “Making the Rules, Breaking the Rules: How the “White House for Kids” Web Site Violates Federal Privacy Policy.” The report helped generate a USA Today editorial, which in turn drew a response from White House Chief of Staff John Podesta. Pretty good for a kid trying to break in the debate about privacy policy.

boyd’s research has borne out what this student of privacy told you a decade ago: Policymakers don’t know enough about society to decide how the manifold interests people pursue online can properly be protected. We have parents for that.

Our free society should decide how the Internet works and how people communicate on it.

I Told Ya So is a post from Cato @ Liberty - Cato Institute Blog

Why shouldn’t the government collect biometric data unless absolutely necessary? Things like this can happen to it:

The stolen database contained the name, date of birth, national identification number, and family members of 9 million Israelis, living and dead. More alarmingly, the database contained information on the birth parents of hundreds of thousands of adopted Israelis—including children—and detailed health information on individual citizens.

It’s a good, short write-up from Fast Company. Read the whole thing and pass it along.

Biometrics Collection = Risk Creation is a post from Cato @ Liberty - Cato Institute Blog

If the government put a GPS monitor on your car and used it to track every vehicular movement of yours for four weeks, do you think that would violate your Fourth Amendment rights? The government would like to be able to do that kind of thing without getting a warrant, and the Supreme Court will soon decide whether it can.

On November 8th, the Court will hear oral argument in U.S. v. Jones. Yours truly was the lead author of Cato’s amicus brief in the case, which may have a significant effect on how Fourth Amendment law intersects with new information technologies for decades to come.

In 2004, suspecting that Antoine Jones was dealing drugs, the FBI secretly attached a GPS tracking device to his car without a valid warrant. The FBI used this device to monitor and record the car’s movements, noting its location every ten seconds when it was in motion, for nearly a month before finally arresting Jones. The U.S. Court of Appeals for the D.C. Circuit found that the FBI’s action was unconstitutional because it violated Jones’s “reasonable expectation of privacy”—the two-part Fourth Amendment standard developed in the landmark case of Katz v. United States. Though he traveled on public roads, the totality of his movements was available to nobody and thus was private.

Our brief argues that the government’s conversion of Jones’s vehicle into a surveillance device was an unreasonable seizure under the Fourth Amendment. Even though he didn’t lose a “possessory” interest in his car, the government invaded Jones’s various property rights, including the right to exclude, the right to manage, the right to use, and the right to the profits. Similarly, using his car to collect detailed data on his movements over this extended period without getting a warrant was an unreasonable search. The data reflecting his movements would never have come into existence without the government attaching its GPS device to his car. These are tough, interesting issues arising in the new circumstances created by information technology.

We spent as much time in the brief on the “reasonable expectations of privacy” test. The product of one Justice’s lone concurrence in the Katz case, it holds that if a person has an actual (subjective) expectation of privacy and that expectation is one society is prepared to accept, then the Fourth Amendment protects the object of that expectation.

Courts have never faithfully applied this test, and for good reason: it’s a doctrinal mess that reverses the Fourth Amendment’s focus. Courts have second-guessed what the citizenry thinks in terms of privacy rather than examining government action to see if it is reasonable. Under “reasonable expectations” doctrine, things that are left in plain view are always available to the government while things that are hidden—well, the Court will look to see whether keeping it private comports with “reasonable expectations.”

The majority ruling in Katz rested on physical and legal protection that Katz had given to the sound of his voice when he entered a telephone booth. Because Katz had secured the privacy of his conversation, the government wasn’t allowed to access it using a wiretap—not without a warrant. That’s the rule the Court should apply here. The government can’t use uncommon surveillance technology to access private information, including private information about things that happened “in public,” without a valid warrant.

With information technology still rapidly increasing in power, it is critically important that the Supreme Court update Fourth Amendment law while maintaining its consistency with ancient property principles. Doing so will ensure that technology doesn’t render the Fourth Amendment’s protections for our “persons, papers, houses, and effects” quaint.

You can read more, and our brief, on the Cato.org page about U.S. v. Jones.

Will GPS Tracking Render the Fourth Amendment Quaint? is a post from Cato @ Liberty - Cato Institute Blog

The Hon. Alex Kozinski gave the annual B. Kenneth Simon lecture at Cato’s Constitution Day conference on September 15, 2011. He spoke about changing cultural expectations of privacy regarding new technologies and how judicial applications of the Fourth Amendment have changed over time to reflect these expectations. Judge Kozinski is the Chief Judge on the U.S. Court of Appeals for the Ninth Circuit.

Kozinski on Privacy at Constitution Day is a post from Cato @ Liberty - Cato Institute Blog

Being the world’s self-appointed defender of so-called tax havens has led to some rather bizarre episodes.

For instance, the bureaucrats at the Organization for Economic Cooperation and Development threatened to have me thrown in a Mexican jail for the horrible crime of standing in the public lobby of a hotel and giving advice to low-tax jurisdictions.

On a more amusing note, my efforts to defend tax havens made me the beneficiary of grade inflation and I was listed as the 244th most important person in the world of global  finance — even higher than George Soros and Paul Krugman.

But if that makes it seem as if the battle is full of drama and (exaggerated) glory, that would be a gross exaggeration. More than 99 percent of my time on this issue is consumed by the difficult task of trying to convince policymakers that tax competition, fiscal sovereignty, and financial privacy should be celebrated rather than persecuted.

Sort of like convincing thieves that it’s a good idea for houses to have alarm systems.

And it means I’m also condemned to the never-ending chore of debunking left-wing attacks on tax havens. The big-government crowd viscerally despises these jurisdictions because tax competition threatens the ability of politicians to engage in class warfare/redistribution policies.

Here’s a typical example. Paul Vallely has a column, entitled “There is no moral case for tax havens,” in the UK-based Independent.

To determine whether tax havens are immoral, let’s peruse Mr. Vallely’s column. It begins with an attack on Ugland House in the Cayman Islands.

There is a building in the Cayman Islands that is home to 12,000 corporations. It must be a very big building. Or a very big tax scam.

As I’ve already explained in a post about a certain senator from North Dakota, a company’s home is merely the place where it is chartered for legal purposes. A firm’s legal domicile has nothing to do with where it does business or where it is headquartered.

In other words, there is nothing nefarious about Ugland House, just as there is nothing wrong with the small building in Delaware that is home to more than 200,000 companies. President Obama, by the way, demagogued about Ugland House during the 2008 campaign.

Let’s see what else Vallely has to say:

Are there any legitimate reasons why anyone would want to have a secret bank account – and pay a premium to maintain their anonymity – or move their money to one of the pink dots on the map which are the final remnants of the British empire: the Caymans, Bermuda, the Turks and Caicos and the British Virgin Islands?

Actually, there are lots of people who have very compelling reasons to keep their money in havens, and only a tiny minority of them are escaping onerous tax burdens.What about:

• Jews in North Africa and the Middle East?
• Persecuted ethnic Chinese in Indonesia and the Philippines?
• Political dissidents in places such as Russia and Venezuela?
• Entrepreneurs in regimes such as Venezuela and Zimbabwe?
• Families threatened by kidnapping failed states such as Mexico?
• Homosexuals in homophobic regimes such as Iran?

As this video explains, there are billions of people around the world who are subject to state-sanctioned (or at least state-permitted) religious, ethnic, racial, political, sexual, and economic persecution. These people are especially likely to be targeted if they have any money, so the ability to invest their assets offshore and keep that information hidden from venal governments can, in some cases, be a life-or-death matter.

And let’s not forget the residents of failed states, where crime, expropriation, kidnapping, corruption, extortion, and economic mismanagement are ubiquitous. These people also need havens where they can safely and confidentially invest their money.

Vallely is apparently unaware of these practical, real-world concerns. Instead, he is content with sweeping proclamations:

The moral case against is clear enough. Tax havens epitomise unfairness, cheating and injustice.

But if he is against unfairness, cheating, and injustice, why does he want to empower the institution — government — that is the largest source of oppression in the world?

To be fair, Vallely does attempt to address the other side of the argument.

Apologists insist that tax havens protect individual liberty. They promote the accumulation of capital, fair competition between nations and better tax law elsewhere in the world. They also foster economic growth.

…Yet even if all that were true – and it is not – does it outweigh the ethical harm they do? The numbered bank accounts of tax havens are notoriously sanctuaries for the spoils of theft, fraud, bribery, terrorism, drug-dealing, illegal betting, money-laundering and plunder by Arab despots such as Gaddafi, Mubarak and Ben Ali, all of whom had Swiss accounts frozen.

He can’t resist trying to discredit the economic argument by resorting to more demagoguery, asserting that tax havens are shadowy regimes. Not surprisingly, Vallely offers no supporting data. Moreover, you won’t be surprised to learn that the real-world evidence directly contradicts what he wrote: the most comprehensive analysis of dirty money finds 28 problem jurisdictions, and only one could be considered a tax haven.

Last but not least, the author addresses the issue that really motivates the left: the potential loss of access to other people’s money, funds that they want the government to confiscate and redistribute.

Christian Aid reckons that tax dodging costs developing countries at least $160bn a year — far more than they receive in aid. The US research centre Integrity estimated that more than $1.2trn drained out of poor countries illicitly in 2008 alone. …Some say an attack on tax havens is an attack on wealth creation. It is no such thing. It is a demand for the good functioning of capitalism, balancing the demands of efficiency and of justice, and placing a value on social harmony.

There are several problems with this passage, including Vallely’s confusion of tax evasion with tax avoidance. But the key point is that the burden of government spending in most nations is now at record levels, undermining prosperity and reducing growth. Why add more fuel to the fire by giving politicians even more money to waste?

Consider some real-world evidence: The Wall Street Journal has an article on the Canton of Zug, Switzerland’s tax haven within a tax haven. This hopefully won’t surprise anyone, but low-tax policies have been very beneficial for Zug:

Developed nations from Japan to America are desperate for growth, but this tiny lake-filled Swiss canton is wrestling with a different problem: too much of it. Zug’s history of rock-bottom tax rates, for individuals and corporations alike, has brought it an A-list of multinational businesses. Luxury shops abound, government coffers are flush, and there are so many jobs that employers sometimes have a hard time finding people to fill them.

Here’s some more evidence of how better fiscal policy promotes prosperity. This is economic data, to be sure, but isn’t the choice between growth and stagnation also a moral issue?

Zug long was a poor farming region, but in 1947 its leaders began to trim tax rates in an effort to attract companies and the well-heeled. In Switzerland, two-thirds of total taxes, including individual and corporate income taxes, are levied by the cantons, not the central government. The cantons also wield other powers that enable them compete for business, such as the authority to make residency and building permits easy to get.

…[B]usinesses moved in, many establishing regional headquarters. Over the past decade, the number of companies with operations of some sort in the canton jumped to 30,000 from 19,000. The number of jobs in Zug rose 20% in six years, driven by the economic boom and foreign companies’ efforts to minimize their taxes. At a time when the unemployment rate in the European Union (to which Switzerland doesn’t belong) is 9.4%, Zug’s is 1.9%.

It turns out that Zug is growing so fast that lawmakers actually want to discourage more investment. What a nice problem to have.

Describing Zug’s development as “astonishing,” Matthias Michel, the head of the canton government, said, “We are too small for the success we have had.”

…Zug has largely stopped trying to lure more multinationals, according to Mr. Michel.

It’s worth pointing out that the residents of Zug are not some sort of anomaly. The rest of Switzerland is filled with people who recognize the value of limited government:

[T]he Swiss are mostly holding fast to their fiscal beliefs. Last November, in a national referendum, they overwhelmingly rejected a proposal that would have established a minimum 22% tax rate on incomes over 250,000 francs, or about $315,000.

Sadly, even though the world is filled with evidence that smaller government is good for prosperity (and even more evidence that big government is bad for growth), statism is not abating.

Indeed, the anti-tax haven campaign continues to gain steam. At a recent OECD meeting, high-tax nations (with the support of the Obama administration) put in place a bureaucratic monstrosity that is likely to become a world tax organization.

This global tax cartel will be akin to an OPEC for politicians, and the impact on taxpayers will be quite similar to the impact of the real OPEC on motorists.

If that’s a moral outcome, then I want to be amoral.

To conclude, here are two other videos on tax havens. This one looks at the economic issues:

And here’s a video debunking some of the usual attacks on low-tax jurisdictions:

Are Tax Havens Moral or Immoral? is a post from Cato @ Liberty - Cato Institute Blog

It’s tempting to believe that the Transportation Security Administration’s move to change the software in strip-search machines is a response to the court ruling finding that it violated the law in rolling out the machines, but it’s almost surely coincidence.

The new software will show items that the software deems suspicious on a generic outline of a body rather than showing a detailed body image. The change will indeed reduce the invasiveness of the machine strip-search process. And because the image is less revealing, it can be viewed in the screening area instead of at a remote location. That means there doesn’t need to be a person dedicated to looking at denuded images of travelers. A major cost of running these machines—payroll—drops by a substantial margin.

The software will almost certainly not do as good a job of discovering hidden weapons as a human looking at a detailed image would. If it’s calibrated to over-report, TSA agents will rightly start to ignore its alerts on belt buckles and underwire bras. If it’s calibrated to under-report, well, it might fail to alert on an actual weapon or bomb. But those things are exceedingly rare, and the increased risk probably won’t make a difference.

In fact, that’s the interesting thing happening here: the TSA is allowing a small increase in risk in exchange for large gains in privacy and cost savings. The reason it took years of complaints, litigation, legislation, and other conflict is because the TSA did not analyze the risks and its responses before going forward with strip-search machines as it did. Trial-and-error isn’t costly to the government. The taxpayer fronts the money and gives up the privacy.

None of this means the TSA has now gotten the balance right. The airport security gauntlet will still be an overwrought mess and an affront to constitutional liberty. We will have to remain insistent on principle, on dignity and privacy, and on sound risk management while TSA gets a public relations bump from being less awful than it was before.

TSA’s Partial Retreat From Full-Body Scans is a post from Cato @ Liberty - Cato Institute Blog

In February 2004, privacy advocates were put off by a Supreme Court case called Doe v. Chao, in which the Court found that the Privacy Act requires a victim of a government privacy violation to show “actual damages” before receiving any compensation. The Act appeared to provide for $1,000 per violation in statutory damages, but the Court interpreted the legislation to require that actual damages be proven, after which the victim would be entitled to a minimum award of $1,000. (Statutory damages are appropriate in privacy cases against the government because government bureaucrats pay little price themselves when their agency gets fined. A penalty is required to draw oversight and political attention to violations of the law.)

Doe v. Chao was a close call given the statutory language, and the Court chose the outcome that would limit the government’s exposure to Privacy Act liability. Doing so marginally weakened the government’s attentiveness to the already insubstantial protections of the Privacy Act.

A companion case to Doe v. Chao has now reached the Supreme Court. FAA v. Cooper, which the highest court recently agreed to hear, involves a victim of a government privacy invasion who alleges “actual damages” based on evidence of mental and emotional distress. Cooper, a recreational pilot who was HIV-positive, had chosen to conceal his health status generally, but revealed it to the Social Security Administration for the purposes of pursuing disability payments. When the SSA revealed that he was HIV-positive to the Department of Transportation, it violated the Privacy Act. Cooper claims in court that he suffered mental and emotional distress at learning of the disclosure of his health status and inferentially his sexual orientation, which he had kept private.

In the Ninth Circuit Court of Appeals and now in the Supreme Court, the Obama Administration has argued that it doesn’t have to pay the victim of this privacy violation because mental and emotional distress do not qualify as “actual damages.” No one disputes that Cooper has to present objective proof of harm as a check on the truth of his claims. But the government isn’t saying that Cooper is faking distress at having his health status and sexual orientation illegally exposed by the government. The government is arguing that the court should limit “actual damages” to economic injury simply because it’s the government being sued.

The doctrine of sovereign immunity holds that the state is generally not subject to lawsuits. The state can make itself liable by a clear statement in legislation that it agrees to be sued. In the Privacy Act, Congress did exactly that: it created a cause of action against the government for Privacy Act violations.

But now the Obama Administration is arguing that the statute should be interpreted narrowly based on sovereign immunity. It’s an attempt to limit Privacy Act liability once again, insulating government officials from consequences of their wrongdoing. The Court should reject the sovereign immunity argument. Congress made the government subject to suit, and the chips should fall where they may on the question of what constitutes “actual damages.”

Putting aside sovereign immunity, what about the “actual damages” question? Should the Court recognize mental and emotional distress as a harm coming from privacy violations?

Privacy is the subjective condition people enjoy when they have the power to control information about themselves and when they have exercised that power consistent with their interests and values. People can, and often do, maintain privacy in information they share with a limited audience for limited purposes. Privacy is violated when that sense of control and controlled sharing is upended.

A privacy violation is called a “violation” because of the loss of confident control over information, which, depending on the sensitivity and circumstances, can be very concerning and even devastating. When privacy violations have this effect–not idle worry about who knows what, but the shock and mortification of having specific, sensitive information wrested from one’s control and exposed–that’s the case when actual damages should probably be found. If the Privacy Act is to protect the interest after which it’s named, the Court will recognize proven mental and emotional suffering as “actual damages.”

Obama Administration Fights Privacy Act Liability is a post from Cato @ Liberty - Cato Institute Blog

This podcast, put together by the high-performance folks at the Performance Marketing Association, is a pretty good exploration of privacy and proposals to create a “do-not-track” system for the World Wide Web. Though I do use the word “hedonic” at one point, which is a bit much…

Podcast on Internet Privacy and Do-Not-Track is a post from Cato @ Liberty - Cato Institute Blog

The Supreme Court’s decision in Sorrell vs. IMS Health is being touted in many quarters as a privacy case, and a concerning one at that. Example: Senator Patrick Leahy (D-VT) released a statement saying “the Supreme Court has overturned a sensible Vermont law that sought to protect the privacy of the doctor-patient relationship.” That’s a stretch.

The Vermont law at issue restricted the sale, disclosure, and use of pharmacy records that revealed the prescribing practices of doctors if that information was to be used in marketing by pharmaceutical manufacturers. Under the law, prescription drug salespeople—”detailers” in industry parlance—could not access information about doctors’ prescribing to use in focusing their efforts. As the Court noted, the statute barred few other uses of this information.

It is a stretch to suggest that this is a privacy law, given the sharply limited scope of its “protections.” Rather, the law was intended to advance the state’s preferences in the area of drug prescribing, which skew toward generic drugs rather than name brands. The Court quoted the Vermont legislature itself, finding that the purpose of the law was to thwart “detailers, in particular those who promote brand-name drugs, convey[ing] messages that ‘are often in conflict with the goals of the state.’” Accordingly, the Court addressed the law as a content- and viewpoint-oriented regulation of speech which could not survive First Amendment scrutiny (something Cato and the Pacific Legal Foundation argued for in their joint brief.)

What about patients’ sensitive records? Again, the case was about data reflecting doctors’ prescribing practices, which could include as little as how many times per year they prescribe given drugs. (They probably include more detail than that.) The risk to patients is based on the idea that patients‘ prescriptions might be gleaned through sufficient data-mining of doctors prescribing records (no doubt with other records appended). That’s a genuine problem, if largely theoretical given the availability and use of data today. Vermont is certainly free to address that problem head on in a law meant to actually protect patients’ privacy—against the state itself, for example. Better still, Vermonters and people across the country could rely on the better sources of rules in this new and challenging area: market pressure (to the extent possible in the health care area) and the (non-prescriptive, more adaptive) common law.

Whatever the way forward, Sorrell vs. IMS Health is not the privacy case some are making it out to be, it’s not the outrage some are making it out to be, and it’s not the last word on data use in our society.

Sorrell vs. IMS Health: Not a Privacy Case is a post from Cato @ Liberty - Cato Institute Blog

It might be tempting to laugh at France’s ban on words like “Facebook” and Twitter” in the media. France’s Conseil Supérieur de l’Audiovisuel recently ruled that specific references to these sites (in stories not about them) would violate a 1992 law banning “secret” advertising. The council was created in 1989 to ensure fairness in French audiovisual communications, such as in allocation of television time to political candidates, and to protect children from some types of programming.

Sure, laugh at the French. But not for too long. The United States has similarly busy-bodied regulators, who, for example, have primly regulated such advertising themselves. American regulators carefully oversee non-secret advertising, too. Our government nannies equal the French in usurping parents’ decisions about children’s access to media. And the Federal Communications Commission endlessly plays footsie with speech regulation.

In the United States, banning words seems too blatant an affront to our First Amendment, but the United States has a fairly lively “English only” movement. Somehow, regulating an entire communications protocol doesn’t have the same censorious stink.

So it is that our Federal Communications Commission asserts a right to regulate the delivery of Internet service. The protocols on which the Internet runs are communications protocols, remember. Withdraw private control of them and you’ve got a more thoroughgoing and insidious form of speech control: it may look like speech rights remain with the people, but government controls the medium over which the speech travels.

The government has sought to control protocols in the past and will continue to do so in the future. The “crypto wars,” in which government tried to control secure communications protocols, merely presage struggles of the future. Perhaps the next battle will be over BitCoin, an online currency that is resistant to surveillance and confiscation. In BitCoin, communications and value transfer are melded together. To protect us from the scourge of illegal drugs and the recently manufactured crime of “money laundering,” governments will almost certainly seek to bar us from trading with one another and transferring our wealth securely and privately.

So laugh at France. But don’t laugh too hard. Leave the smugness to them.

Government Control of Language and Other Protocols is a post from Cato @ Liberty - Cato Institute Blog

The fiscal 2012 Department of Homeland Security spending bill is starting to make its way through the process, and the House Appropriations Committee said in a release today that “the bill does not provide $76 million requested by the President for 275 additional advanced inspection technology (AIT) scanners nor the 535 staff requested to operate them.”

If the House committee’s approach carries the day, there won’t be 275 more strip-search machines in our nation’s airports. No word on whether the committee will defund the operations of existing strip-search machines.

Saving money and reducing privacy invasion? Sounds like a win-win.

House Approps Strips TSA of Strip-Search Funds is a post from Cato @ Liberty - Cato Institute Blog

As I noted earlier, the Senate Judiciary Committee’s Subcommittee on Privacy, Technology, and the Law held a hearing this morning entitled: “Protecting Mobile Privacy: Your Smartphones, Tablets, Cell Phones and Your Privacy.” In it, Sentor Richard Blumenthal (D-CT) engaged in a fascinating colloquy with Google’s Alan Davidson.

Blumenthal pursued Davidson about the year-old incident in which Google’s Street View cars collected data on the location of WiFi nodes and mistakenly gathered snippets of “payload data”—that is, the data traveling over open WiFi networks in the moments when their Street View cars were passing by.

Some payload data may have contained personal information including passwords. Google has meekly been working with data protection authorities around the world since then, hoping once and for all to delete this unneeded and unwanted data.

Blumenthal was prosecutorial in tone, but made a classic prosecutor’s error: He asked questions to which he didn’t know the answers.

Isn’t “payload data” extremely valuable for mapping WiFi networks?, queried Senator Blumenthal.

Davidson’s answer, and the consensus of panelists: Ummmm, no, not really.

(If you were to map pay phones, it wouldn’t matter whether people were talking on them, either, or what they were saying.)

Despite looking foolish, Senator Blumenthal persisted, asking Davidson whether collecting “payload data” should be illegal. Davidson demurred, but it’s a fascinating question.

Should it be against the law to collect data from open WiFi networks? That is, to observe radio signals passing your location on a public street? Should the government determine when you can collect radio signals, or what bands of the radio spectrum you may observe? What should you be allowed to do with information carried on a radio signal that you inadvertently capture?

If the government should have this power, the same logic would support making it illegal to collect photons that arrive at your eyes or that enter your camera lens. The government might proscribe collecting sound waves that come to your ears or microphone.

Laws against observing the world around you would certainly protect privacy! Let the government blind us all, and privacy will flourish. But this is not privacy protection anyone should want.

To understand privacy, you have to understand a little physics. As I said in an earlier comment on Google’s collection of open WiFi data:

Given the way radio works, and the common security/privacy response—encryption—it’s hard to characterize data sent in the clear as private. The people operating them may have wanted their communications to be private. They may have thought their communications were private. But they were sending out their communications in the clear, by radio—like a little radio station broadcasting to anyone in range.

Trying to protect privacy in unencrypted radio broadcasts (like public displays or publically made sounds) is like trying to reverse the flow of a river—it’s a huge engineering project. Senator Blumenthal would start to protect your privacy by blinding you to the world around you. Then narrow exceptions would determine what radio signals, lights, and sounds you are allowed to observe…

Want Privacy? We Start by Blinding You! is a post from Cato @ Liberty - Cato Institute Blog

This morning, the Senate Judiciary Committee’s Subcommittee on Privacy, Technology, and the Law had a hearing entitled: “Protecting Mobile Privacy: Your Smartphones, Tablets, Cell Phones and Your Privacy.”

Among the witnesses was Deputy Assistant Attorney General Jason Weinstein from the Department of Justice’s Criminal Division. Weinstein made a gallingly Orwellian pitch: If you want privacy protection, increase government surveillance.

From his written statement:

ISPs may choose not to store IP records, may adopt a network architecture that frustrates their ability to track IP assignments and network transactions back to a specific account or device, or may store records for only a very short period of time. In many cases, these records are the only evidence that allows us to investigate and assign culpability for crimes committed on the Internet. In 2006, forty-nine Attorneys General wrote to Congress to express “grave concern” about “the problem of insufficient data retention policies by Internet Service Providers.”

Without more customer data retention by ISPs, and without greater government access to this data, the government won’t be able to prosecute crimes, some of which threaten privacy, Weinstein said in his spoken comments.

So there you have it. Turn more data over to the government so we can protect your privacy. War is peace. Freedom is slavery.

Want Privacy? Increase Government Surveillance! is a post from Cato @ Liberty - Cato Institute Blog

The latest report to Congress on the Justice Department’s use of foreign intelligence surveillance powers has just been released, and it shows a truly stunning increase in the number of Americans whose sensitive phone, Internet, and banking records were obtained by the FBI — without judicial oversight — pursuant to National Security Letters. In 2009, a total of 14,788 NSL requests were issued targeting U.S. persons — a number that excludes requests for “basic subscriber information” as opposed to phone or e-mail logs — and 6,114 different Americans were affected by those demands for information. In 2010, the number of NSL requests targeting Americans rose to 24,287.

What’s really shocking, however, is the number of people affected. A whopping 14,212 American citizens and permanent residents had records of their financial, telephone, and online activity seized last year.  The previous record, set in 2005, was 9,475. Were you one of those 14,212? If so, what did the FBI get? Thanks to the gag orders that come with NSLs, you will almost certainly never get to find out. But even if the Bureau decides there’s no reason to continue investigating you, whatever data they obtained — lists of phone numbers, credit card purchases, financial transactions, e-mail correspondents, or IP addresses visited — are likely to remain in a massive government database indefinitely

This pattern suggests that the Bureau is doing broader but shallower investigation — sweeping more people into the information vacuum, but issuing fewer requests per person, presumably because the results of the initial request provide few grounds for further scrutiny.  Needless to say, the overwhelming majority of those people are not terrorists — and, indeed, are probably guilty of nothing more than a second- or third-degree connection to the subject of an investigation. Remember, as expiring Patriot Act provisions come up for reauthorization at the end of this month: These tools are fundamentally not about spying on terrorists. The government has always had ample power to do that. They’re about authority to spy on the innocent.

Record Number of Americans Targeted by National Security Letters is a post from Cato @ Liberty - Cato Institute Blog