Just a quick note to link to the final report (3.4 mb pdf) of the TAPAC on Safeguarding Privacy in the Fight Against Terrorism. The committee was chartered in the wake of the Terrorism Information Awareness controversy by the Secretary of Defense to “ensure the application of [TIA] or any like technology developed within DOD is carried out in accordance with U.S. law and American values related to privacy.” I’ll have more on the contents of the report in a future blog entry. Today’s Washington Post has an opinion piece from Heather McDonald of the Manhattan Institute taking particular issue with TAPAC’s recommendation that DOD seek a Foreign Intelligence Surveillance Court authorization before revealing any personally identifiable information known to or reasonably likely to concern US persons. I haven’t read enough of the report yet to know whether this recommendation really means what McDonald says it does.
Of course, as I’ve noted before, the irony of the attack on TIA is that research on privacy protecting technologies — the kinds of technologies that might allow the DOD to do a significant amount of data mining without revealing personally identifiable data — is no longer being funded as a result of the TIA shutdown, yet many of the other areas of TIA-related research are apparently moving forward “in the black” (in classified research in other agencies).
Anyway, I’ll share my thoughts on the report in another post in the near future….


Regulating Gmail

On May 28, 2004, in Policy, by Peter Harsha

As a Gmail account holder (peter.harsha), I’ve got mixed feelings about news that the California State Senate has approved Sen. Liz Figueroa’s (D) bill placing restrictions on Google’s web-based e-mail service in order to prevent, Figueroa says, Google from “secretly oogling private e-mails.” While I’m happy on the one hand that government appears to be getting the message that privacy is an important issue — one maybe not so well understood by most consumers — I’m a bit nervous about the California legislature intervening.
I was especially nervous about Figueroa’s original bill, which would have “forbid Google from secretly scanning the actual content of e-mails for the purpose of placing targeted direct marketing ads” and required the company to “obtain the informed consent of every individual whose e-mails would be ‘oogled’.” By “every individual” Figueroa meant not only the Gmail account holder, but any person who e-mailed a Gmail account holder, or (presumably) anyone whose original e-mail message may have been forwarded by a third party to a Gmail account holder. I was primarily nervous because it seemed to me that the hurdle this restriction posed would effectively kill Gmail, and I was kind of intrigued by the service (despite Ed Felten’s objections). :)
Though the bill passed by the CA Senate (SB 1822) appears to have been amended heavily — gone is the outright prohibition against scanning e-mail without consent for marketing purposes, replaced with language that notes the many legitimate uses of e-mail scanning (spam filters, translation into audio for the blind, automatic sorting and forwarding, blocking image ads and web bugs, stripping HTML for handhelds) — the bill still notes that

In the context of electronic mail and instant messaging communications where electronic mail is scanned for purposes other than those [exceptions listed above], full and informed consent or notification of parties to the electronic mail communication is both appropriate and necessary.

The bill also places restrictions on how, even if granted consent, Google can make use of the e-mail scanning: it can only provide automated scanning to provide contemporaneous ads — which I believe was Google’s plan all along. But it also means Google can’t keep, for any purpose, any information or “user characteristics” it gleans from my email — even if that purpose might provide me some great benefit (I don’t know what exactly…great deals on products I’d like? pointers to information I might find useful?). Don’t get me wrong, I realize that there are plenty of nefarious things Google might be able to do with a monstrous database full of user data. But there might also be plenty of good things it could do — things I might even want them to do — in the future. This bill, it seems to me, would insure Google won’t have an opportunity to innovate at all in that area. What I worry about with this CA Senate action is the same thing I was worried about in the Total (Terrorism) Information Awareness debate and the ongoing P2P filesharing debate: the act of locking down technologies because some uses might be illegitimate can kill areas of legitimate research and innovation (or send them underground). I really worry that the legislative hammer is just too blunt an instrument to tinker with these technologies. Rather than artificially constraining the technologies because there’s a hypothetical chance they might be used for something nefarious, maybe the effort would be better focused on stopping those who are actually doing nefarious things.
Update: The San Jose Mercury News makes the same point about stifling innovation in an editorial.
Update 2: Gene Spafford sends an interesting e-mail with his perspective:

I think the best way to look at any of these issues is through the lens of the Fair Information Principles. They have been refined over the years, and enacted into the laws of countries around the world (including Canada). They also are consistent with standard ethics as practiced in a number of fields.
One of the standard ideas is that of informed consent. Information should be given only with consent, and then only after the uses of the information have been fully disclosed. Gmail doesn’t do that — if I send email to your gmail account, I have not been fully informed nor have I given consent. The California law restores that. You are correct that the law probably goes too far.
I think the TIA issue is addressed the same way. If you apply the fair information principles, then it was an unethical use of personal information.


Agency Funding Only Going to Get Worse?

On May 27, 2004, in Funding, by Peter Harsha

Funding for federal agencies, including NSF, will face cuts in FY 2006, according to White House Office of Management and Budget budget planning guidance for agencies, the Washington Post reports today.
It’s important to point out that this is one of the very first steps in the budget process. The agencies will craft their budgets over the next 4-6 months keeping the OMB guidance in mind, then submit them to OMB for final approval before they become part of the President’s Budget Request in February 2005. And then Congress will take its crack at them during the 2005 legislative year. The numbers can and will change significantly before they’re finalized. However, the lower the number given to the agencies at the start of the process, the harder it is to raise it through the remainder of the process — so this guidance doesn’t bode well for some science agencies in FY 06.
From the story:

The funding levels referred to in the memo would be a tiny slice out of the federal budget — $2.3 billion, or 0.56 percent, out of the $412.7 billion requested for fiscal 2005 for domestic programs and homeland security that is subject to Congress’s annual discretion.
But the cuts are politically sensitive, targeting popular programs that Bush has been touting on the campaign trail. The Education Department; a nutrition program for women, infants and children; Head Start; and homeownership, job-training, medical research and science programs all face cuts in 2006.

The administration has widely touted a $1.7 billion increase in discretionary funding for the Education Department in its 2005 budget, but the 2006 guidance would pare that back by $1.5 billion. The Department of Veterans Affairs is scheduled to get a $519 million spending increase in 2005, to $29.7 billion, and a $910 million cut in 2006 that would bring its budget below the 2004 level.
Also slated for cuts are the Environmental Protection Agency, the National Science Foundation, the Small Business Administration, the Transportation Department, the Social Security Administration, the Interior Department and the Army Corps of Engineers.

Given OMB’s guidance, it’s easy to see why NSF’s Arden Bement was less than enthusiastic about future funding levels for his agency. The memo also apparently includes a proposed cut of 2.1 percent to the National Institutes of Health….