You are here

OpenMarket: Privacy and Cybersecurity

  • Court Upholds Legality of NSA's Bulk Collection of Telephone Records

    August 31, 2015 4:35 PM

    On Friday, the U.S. Court of Appeals for the District of Columbia Circuit handed down its much-awaited ruling in Obama v. Klayman, one of several lawsuits challenging the legality of the NSA’s bulk collection of Americans’ telephone records. In 2013, the District Court for D.C. issued a preliminary injunction after it found the plaintiffs were “substantially likely” to show that the NSA was collecting their telephone records in violation of the Fourth Amendment to the U.S. Constitution. The D.C. Circuit disagreed with this conclusion, reversing the preliminary injunction and sending the case back to the lower court for further proceedings.

    Although the D.C. Circuit’s decision in Klayman has major implications for future cases about government surveillance, it won’t immediately affect the NSA’s bulk collection program. When the District Court in D.C. granted the plaintiffs a preliminary injunction, the court decided to “stay” its preliminary injunction pending an appeal—meaning the NSA could continue its bulk collection while the lawsuit made its way through the federal courts. This process has taken longer than expected, with nearly two years elapsing since the preliminary injunction issued in December 2013.

  • Did North Dakota Just Authorize Pepper-Spraying Police Drones?

    August 27, 2015 1:26 PM

    The Daily Beast’s Justin Glawe has written an article about a North Dakota law aimed at limiting law enforcement use of unmanned aircraft systems (UAS), or drones. He claims that the law was watered down by police interests and corporate lobbyists, and that the weakened protections now authorize law enforcement’s use of non-lethal UAS-mounted weapons:

    With all the concern over the militarization of police in the past year, no one noticed that the state became the first in the union to allow police to equip drones with “less than lethal” weapons. House Bill 1328 wasn’t drafted that way, but then a lobbyist representing law enforcement—tight with a booming drone industry—got his hands on it.

    The bill’s stated intent was to require police to obtain a search warrant from a judge in order to use a drone to search for criminal evidence. In fact, the original draft of Representative Rick Becker’s bill would have banned all weapons on police drones.

    Then Bruce Burkett of the North Dakota Peace Officer’s Association was allowed by the state house committee to amend HB 1328 and limit the prohibition only to lethal weapons. “Less than lethal” weapons like rubber bullets, pepper spray, tear gas, sound cannons, and Tasers are therefore permitted on police drones.

    Scary stuff, right? I certainly don’t want the police to have armed UAS—whether they be deployed with lethal or non-lethal weapons—and requiring warrants is a good first step. But based on a reading of the statute in question, it does not appear to do what Glawe and others claims it does.

  • Senate Prepares to Vote on Cybersecurity Information Sharing Act (CISA)

    August 5, 2015 12:59 PM

    Today, the U.S. Senate is scheduled to vote on the Cybersecurity Information Sharing Act (CISA), which is a serious threat to civil liberties and privacy.

    CEI’s Ryan Radia offered these thoughts:

    CISA doesn’t provide any meaningful deterrent against government agencies using information they receive from companies in ways that exceed the uses authorized by the Act. Although CISA requires agencies to issue guidelines that are supposed to prevent the misuse of information shared under the Act, this is hardly reassuring. Agencies violate their own internal procedures and guidelines all the time with impunity, from the IRS to the State Department.

    That’s why it’s critical that any cyber information sharing legislation include a provision that gives relief to individuals injured by governmental misuse of information shared by companies. In this Congress, and in the last two Congresses, the House passed cyber threat information sharing legislation that allowed injured parties to sue the government for damages (i.e., a waiver of sovereign immunity). Another approach to deterring misconduct, used in the Wiretap Act, would bar the government from using evidence in court that is derived from shared cyber threat information for purposes beyond those allowed by the bill. Either a waiver of sovereign immunity or a suppression remedy needs to be included in any bill that liberalizes information sharing, or else companies won’t be able to meaningfully ensure that the government doesn’t use information they share with it for impermissible purposes.

    Read more on CISA:

    CISA Steps into the Limelight with a Manager’s Amendment and Agency Discontent

  • Fix Cyber Information Sharing Bill, Free Market Groups Urge

    April 21, 2015 11:29 AM

    The Competitive Enterprise Institute, TechFreedom and a coalition of free-market groups issued an open letter to Members of Congress, urging them to consider amendments to the National Cybersecurity Protection Advancement Act (NCPAA) of 2015. The NCPAA intends to increase cyber security by facilitating greater sharing of potential cyber threats by private companies with each other and with government. But it also raises real privacy concerns because potential Cyber Threat Indicators could include private information like email content or Internet usage history.

    “Congress must ensure that agencies can’t strongarm companies into sharing information involuntarily, and that agencies can be held liable for recklessly misusing private data they might receive. And agencies should be barred from using such information for regulatory purposes or for unrelated criminal prosecutions,” said Ryan Radia, Associate Director of Technology Studies at the Competitive Enterprise Institute. “Finally, the existing bill’s blanket immunity for ‘defensive measures’ could encourage unauthorized access to protected computers, potentially endangering innocent bystanders caught in the middle of cyberattacks.”

    The letter proposes eight amendments:

  • House Intel Committee Chair Ignores Report Calling NSA Surveillance Illegal

    June 2, 2014 11:51 AM

    At a recent event titled “A Statesman Forum on Cybersecurity Policy and Diplomacy” at George Washington University, House Intelligence Committee Chairman Mike Rogers (R-Mich.) stated:

    Every investigation, every group that review it found no illegal activity, no abuses, and that it was lawful. It’s hard to say that there was some horrible rogue agency when all the groups that investigated it came to the same conclusion.

    Rep. Rogers is wrong. His statement, which referred to the National Security Agency’s data collection programs under Section 215 of the USA PATRIOT Act (50 U.S.C. § 1861), ignores the report published by the Privacy and Civil Liberties Oversight Board (PCLOB) in January 2014 concluding that the NSA’s data collection programs under Section 215 are illegal. The findings of PCLOB—an independent federal agency established in 2004 to ensure that government surveillance does not overstep its lawful bounds—are worth revisiting after the USA FREEDOM Act, a bill intended to reform NSA surveillance activities, lost more than half of its sponsors last week following a new version of the bill out of the House Rules Committee.

    Section 215 is the provision of the USA PATRIOT Act, a 2001 law which amended the Foreign Intelligence Surveillance Act (FISA), that prescribes the conditions under which intelligence agencies, like the NSA, may gain access to information such as phone call data. This law has been the key legal justification for the NSA’s controversial metadata collection programs, which many people accuse the agency of using to collect domestic data. In June 2013, Edward Snowden, a former private contractor for the NSA, revealed documents to Glenn Greenwald and other reporters who used them to expose these programs.

  • The Premises of Net Neutrality

    May 19, 2014 4:12 PM

    In the electric power industry, if you run an extension cord across the street to serve another, you go to jail. The local utility has a protected monopoly. We’ve put most of that "public utility" vision behind us in communications. Wired and wireless and satellite options abound for Internet service; we'll likely see blimps and communications drones, and who knows what else.

    Yet special interests still want the Federal Communications Commission (FCC) to regulate the content flows and grid infrastructure, the prices and services of the Internet via something called net neutrality. They actually are quite open about wanting government regulated monopoly power.

    The Internet as a utility, like the power company. They want speed limits.

    We're nearly a decade into a series of disruptive efforts to inflict "net neutrality" on the Internet; Neutrality is the idea that we won't have access to content where and when and as fast as we want it without government and special interests controlling the wires.

    Neutrality proponents want to inflict a "Mother-May-I" method of operation on the Internet; they want planning boards and regulatory affirmation of content carriage arrangements and of infrastructure deals.

    It's not a bright new idea, and not even one rooted in a plausible belief in natural monopoly, or one informed by angelic visions of "common carriage. Regulation like net neutrality devolves into cronyism. It was also rooted in cronyism.

    Early telecommunications and power networks were highly competitive, with duplicative infrastructure. The powerful didn't like the competition. The cronies got a franchise and guaranteed profit, everybody else got shut out, and the effects still linger.

  • USDOT Calls for Connected Vehicle Mandate; Security and Privacy Concerns Remain

    February 3, 2014 2:03 PM

    The U.S. Department of Transportation (DOT) announced today it would chart a regulatory path that would require all new automobiles to be equipped with vehicle-to-vehicle (V2V) communications systems sometime in the next several years. This follows a National Transportation Safety Board recommendation that connected vehicle technology be mandated on all new vehicles.

    V2V and vehicle-to-infrastructure (V2I) safety systems could provide large safety benefits in the future. Unfortunately, DOT has jumped the gun, requiring systems while large challenges remain, particularly issues related to data privacy and security.

    A November 2013 report from the Government Accountability Office (GAO) provides a good description of what DOT is attempting to do:

  • Target, Retailers Use Dodd-Frank to Skimp on Data Security

    January 22, 2014 12:29 PM

    Chutzpah, thy name is the National Retail Federation!

    In the wake of the recent credit and debit card breach at Target that may have compromised the data of up to 110 million consumers, the leading retail trade association argued in federal court on Friday that it should pay even less for fraud prevention and cleanup after fraud losses.

    Joined by the National Association of Convenience Stores and the National Restaurant Association, the NRF claimed to the court that it is actually against the law for banks and credit unions to charge retailers for fraud losses in debit card processing fees. "The inclusion of fraud losses in the allowable costs recoverable ... cannot be justified," the groups maintained in a legal brief (page 20).

    The interchange fees that banks and credit unions charge merchants for debit card transactions -- what retailers pejoratively call "swipe fees" -- have been subject to price controls since the passage of the Dodd-Frank financial overhaul in 2010. Dodd-Frank's Durbin Amendment, which came about as a result of heavy lobbying by Target, Wal-Mart and other big retailers, states that the debit interchange fees charged to retailers must be “reasonable and proportional to the cost incurred by the issuer [bank or credit union issuing the card] with respect to the transaction.”

    CEI opposed the Durbin Amendment from the start, because we believe price controls are a violation of individual property rights and turn out to be impractical. But many who voted for the Durbin Amendment believed that the price-setting process would be similar to rate regulation of electricity and phone service, in that the fee set would allow for infrastructure and service costs plus what is judged as a "reasonable rate of return."

    What happened, though, was that ever since the Fed began implementing the provision, the retail lobby has argued that the provision not only bars banks and credit unions from profiting on the fees charged to retailers, only a very limited portion of costs could actually be recovered in the fee.

  • Target Breach -- Are Dodd-Frank "Swipe Fee" Price Controls to Blame?

    December 24, 2013 10:41 AM

    Target wants  you to know it is oh-so-sorry for any inconvenience its data SNAFU (as OpenMarket is a family blog, please look up the acronym) has caused, and as a token of its concern, it offered customers a whooping 10 percent discount this weekend!

    In the meantime, who is cleaning up the mess from Target's breach that has affected as many as 40 million credit and debit card accounts? The nation's banks and credit unions -- big and small. In East Tennessee, for instance, Citizens National Bank canceled and reissued 1,000 credit and debit cards potentially affected, but took the step of calling each customer beforehand.

    This is just the latest incident in which banks and credit unions that issue credit and debit cards have had to step up to the plate after a retailer's customer data is compromised. As noted by Wisconsin Credit Union League CEO Brett A. Thompson, upon a data breach at Michaels craft stores in 2001, the financial institutions “had to determine which states were involved, monitor potentially compromised accounts, manually reduce limits for both ATM and PIN transactions, monitor ATM transactions in the affected states, notify debit card holders of potential fraud on their accounts, issue new debit cards to those whose accounts were compromised and refund money to fraud victims.”

    Yet how do retailers repay banks and credit unions and their own customers? By complaining about how much the have to pay in credit and debit card "swipe fees" and lobbying for price controls, such as the Durbin Amendment of the 2010 Dodd-Frank financial "reform," which limited what retailers can be charged for debit cards to 21 cents per swipe (a level a judge has now ruled is not draconian enough in a pending court case!).

  • Memo to Road Socialists: There Is Nothing Unlibertarian about Road Pricing

    November 5, 2013 11:10 PM

    Virginia just elected Democrat Terry McAuliffe as governor, as had been predicted by every poll conducted during the past few months -- although at much smaller margins than had been projected. During the twilight hours of the campaign, some of Republican Ken Cuccinelli's supporters began attacking Libertarian Robert Sarvis for various alleged ideological sins. One in particular involved Sarvis's expressed support for adopting a user-based funding model for Virginia's roads, specifically his mention of a mileage-based user fee as a possible replacement to fuel and non-user tax revenue.

    The claim is that this is necessarily a government surveillance scheme and that such a proposal is inherently unlibertarian. This is false and is based upon ignorance of how such systems actually operate. Furthermore, labeling a mileage-based user fee system as unlibertarian runs contrary to the opinions of virtually every libertarian transportation scholar. What follows is my attempt to articulate why libertarians ought to support mileage-based user fees over fuel taxes and general tax revenue funding for transportation.

    Virginia's New Transportation Law

    To put this in context, outgoing Republican Virginia Governor Bob McDonnell enacted this past spring a tax-and-spend transportation law that raised taxes, failed to do serious program reform, and increased the share of non-user funding for Virginia's roads. CEI harshly criticized the plan for these reasons. In the lead up to the vote, Cuccinelli supported a watered-down proposal that didn't rely on the general sales and use tax increases backed by McDonnell. However, the Cuccinelli-supported plan, just like the McDonnell plan, relied on increased sales tax funding of transportation, and assumed Congress would legalize state Internet sales taxes so Virginia could use the "Amazon tax" to fund transportation projects.

    In October, the Cuccinelli campaign released a seemingly reasonable transportation plan that stressed the devolution of funding and management responsibility from the state to local authorities (the Sarvis campaign also repeatedly stressed decentralization of transportation funding and management). While decentralization, ideally to the facility level, is a goal shared by many fans of free markets and limited government, the Cuccinelli plan failed to articulate how locally controlled roads should be funded -- specifically, the revenue collection mechanisms. Out of the three candidates, only Sarvis offered user-based road pricing alternatives such as tolling and a mileage-based user fee (MBUF).

Pages

Subscribe to OpenMarket: Privacy and  Cybersecurity