The Internet Ahead

When discussing “the internet ahead,” the future that will be so closely related to the Obama administration’s policy formulation and enforcement, the proper way to conclude would be again with a question:  What is President-elect Obama’s true commitment to change?  This question is very similar to the one posed at the beginning of our blog, and it persists precisely because no one knows.

Hopefully, the answer is yes.  In such a case, Americans will see the naming of a new Chief Technology Office (already delayed, unfortunately), greater accountability, and improved Internet laws.  Additionally, we will benefit from greater civil liberties combined with more effective security/counterterrorism laws that equally benefit government and citizens.  And these hopes are only the beginning of a long list of expectations that people have.

Unfortunately, only time will tell if President Obama will be able to fulfill the promises he has made.  Previous incidents such as his campaign reversal on FISA (because it was the most agreeable solution, although by no means the best possible) don’t bode well for the future of Internet law.  Hopefully, Obama will avoid such reversals in the future; political expediency will do nothing in the long run when it comes to effective policymaking.  It remains to be seen if he is more committed to politics or promise, and that choice will be the crucial determinant of the internet ahead.

Previously, we talked about policy objects: pieces of software that follow laws, policies, etc. and enforce them. We take another look at quantitative analysis and how Barack Obama’s promises for open government will be realized.

John C. Dvorak is unabashedly critical of the spreadsheet. Blaming spreadsheets for the mortgage crisis, for Enron, and even for lead in toys, he points out that “Society as a whole has deteriorated ever since its invention”. He elaborates on the 30th anniversery of VisiCalc, the first spreadsheet software that revolutionized business operations:

By letting a program designed for accountants tell you what to do and what to think, you end up with an economic meltdown. The mechanism itself is flawed. Nobody ever wants to talk about the flaw with spreadsheets, do they? Most spreadsheets are, in fact, fiction, or even fantasy.

Certainly quantitative analysis (what he calls “what-if” analysis) has made us more productive in ways he fails to acknowledge. But he’s right in claiming that we criticize the principle of quantitative analysis only rarely. Sadly, the Internet generation, though best equipped to recognize the flaws of Spreadsheet Government, is its greatest promoter.

Barack Obama has earned countless scholarly backers by promoting the use of software, open data, and quantitative analysis as a revolution in government operations. Specifically, Obama calls for “making government data available online in universally accessible formats to allow citizens to make use of that data to comment, derive value, and take action in their own communities.” Incoming Safir Institute director Lawrence Lessig bases his endorsement of Obama primarily on this promise, noting that it’s a “really powerful promise to feed the data necessary for the Sunlights and the Maplights of the world to make government work better. Atomize (or RSS-ify) government data (votes, contributions, Members of Congress’s calendars) and you enable the rest of us to make clear the economy of influence that is Washington.” Countless others, from the lowly blogger to the television pundit, have emphasized that this commitment to open data will make government run great.

The gains will certainly be immense. Considering his new mission to explore the role money plays in influence, Lessig would be the first to point out that openness fights corruption. Furthermore, openness enables clever uses of information that government IT employees may have never imagined. In other words, openness generally means knowledge of government operations. The actual benefit comes from consumption of that knowledge to fight something like corruption, which results in greater efficiency is government.

But more knowledge leading to greater efficiency is not at all novel. Communications in general improves efficiency by reducing information imbalances. That is the fundamental theorem as its presented in economics, at least. In practical terms, the benefits Lessig talks about are not particular to software, but greater knowledge in general.

Curiously, technocrats–those “pundits and visionaries” who “talk about business intelligence and modern practices and this and that” (in Dvorak’s words)–haven’t paid much attention to other consequences of open information. Our brilliant scholars have definitely considered the consequences of open information and assume that the benefits outweigh the costs. But do they really?

Realistically, the president elect’s claims to open government will not be realized, because quantitative analysis interferes with executive judgment. In other words, a fully open government would enable every blogger with a spreadsheet to quantize decisionmaking and drown out the qualitative decisionmaking of our leadership. Dvorak rightly notes that in most businesses, “some bean counter does a what-if calculation before making the decisions.” Rather than trusting his judgement, Barack Obama would do like the “the spineless CEO,” who “worries about what the shareholders would think if he disagreed with what the spreadsheet and the CFO told him to do. To make him feel better, the board will give the CEO a fat bonus for saving money.” In a government facing an extraordinary budget deficit and uniformly skeptical voters, the president elect and his cabinet face the perfect storm for a coup of government by these so called bean counters.

Obama’s administration has two choices: it either reduces its promises for open government, or it becomes the “spineless CEO”. If the president elect reduces his promises for open government, he is substantially more likely to rely on that “good judgment” he often claimed he had throughout his campaign. Otherwise, he faces an onslaught of quantitative criticism, using algorithms not made by particularly brilliant programmers but rather your everyday blogger.

Whether quantitative analysis improves or hurts government is an open and complex question. But it’s not conclusive that it helps government. We must remain skeptical of the Spreadsheet Government, because there is no such thing as a free lunch: the benefits in efficiency must cost us somewhere.

TSA security checkpoints require indentification before searches in order to enter an airport terminal. Frustrated that he had to show identification on a domestic flight, civil rights activist John Gilmore sued the TSA for what he believed was an unconstitutional law.

Unfortunately, his case stood no chance: the law was secret. The TSA argued that disclosing the law in question would compromise national security; a lower court accepted and Gilmore appealed strictly the secret law argument. The Supreme Court declined to hear his appeal, upholding the Ninth Circuit’s opinion that “that the government did not have to make public its rules about requiring airlines to ask passengers for identification.” Suprisingly, once the judge reviewed the law, he disclosed that in fact passengers are not required to show identification at the checkpoint, but may opt for a screening instead.

Here, a secret law prevented the public from reviewing its enforcement, and ultimately we discovered that its enforcement was plainly wrong. In general, it seems absurd that the judiciary would hide laws that affect everyday airline passengers from public scrutiny. Unfortunately, secret laws are increasing in complexity, changing forms, and becoming more widespread as our government moves further into the 21st century.

Software, not TSA officials, is becoming the primary enforcer of law and policy. Considering its precision it comes as no surprise that we are becoming increasingly dependent on software, rather than people, to enforce laws. DRM is a well-understood form of software law-enforcement; the IRS is accused of to stealing commercial tax return software in order to more efficiently enforce its own audits; every major business uses a software design element called policy objects to automatically enforce business policies between data and data consumers (such as the algorithm that determines which passengers are bumped off an oversold United flight, or which Bank of America customers receive courtesy fee waivers). Software performs so many tasks that today’s generation intuitively replaces people with software, recognizing that they perform one and the same task.

Conflicts arise when the specific activities of the software–its source code–is secret. Software which enforces laws is particularly troublesome. Though the laws most software enforces are public, the specific way it enforces those laws is not. This seems as absurd as a secret law for TSA checkpoints, yet courts have ruled differently. In a Florida DUI case, a judge has ruled that breathalyzer manufacturer CMI must release its devices’ source code to the defense. Since companies rarely release their copyrighted and secretive source code, the defense likely requested the code as its primary strategy to win dismissal. Yet their argument consequently enabled freely-available source code in law enforcement. And statewide, the defense attorney opines that “that outside corporations cannot sell equipment to the state of Florida and expect to hide the workings of their machine by saying they are trade secret.” In other words, this case generated a revolutionary attitude towards source code in government: it its an implementation of policy, it, like the policy, must be free to inspect.

There has been little indication that the incoming administration acknowledges the complexity of ‘policy objects’. So much of what we do today is a set of rules implemented in software; we have always accepted the specification in lieu of the software code itself. A DUI case is an awful place to demand an open source government: We mustn’t allow software to be a loophole under which secret policies can hide. The TSA may liberally misapply secret laws; that’s dangerous, and an open government means eliminating secret laws in the first place. We must demand that source code be freely available and open to public scrutiny, just as we demand for the rest of government.

The president-elect’s commitment to broadband is a pleasant tease to the Internet community. We expect American broadband to perform as well as our electricity and water supplies; we expect the digital highway to be as well maintained and ubiquitous as our actual highway; and we expect broadband to always be less and less costly, inelastic to energy and labor and whatever kind of costs. Considering our expectations, many decry the idea that America globally ranks 15th in broadband speeds, and many point at the failure of our market Internet Service Providers to make our bandwidth and accessibility first-class. Here the president elect is at a crossroads, not the least because concrete plans to expand broadband rival the complexity of a national highway system and electrical grid. He faces an enormous, vital challenge because in order to “strengthen America’s competitiveness in the world,” he must eliminate competition here: specifically, he must nationalize the Internet infrastructure to make it the best in the world.

Internet nationalization is inevitable because there really isn’t any other way the president elect can fulfill his promises. There are no other options principally because the level of regulation and funding required to achieve his goals is effectively nationalizing broadband. For instance, the net neutrality debate is not framed between regulation versus no regulation, but what kind of regulation: namely, “zero discriminatory surcharge rules” versus “zero price regulations” (seen in a bill currently proposed by Rep. Ed Markey, D-MA). Furthermore, plans to improve the broadband infrastructure feature $30 billion figures funded exclusively by government tax revenue. The natural consequence of today’s Internet politics is that eventually, the government will run the Internet if we want the Internet’s performance to exceed our expectations.

Considering our expectations, making the Internet a utility like water, electricity, gas and roads seems intuitive. We expect our Internet connections to work precisely as well as regular state-controlled utilities. Since only one or two broadband providers are available to most customers, the market has failed precisely as it had for utilities like electricity and gas in the past. The government enforces complex competition clauses to prevent incumbent communications providers from abusing their positions in, for instance, the cable industry to expand into broadband anti-competitively. Most importantly, whether or not it was intended to become so valuable, broadband has evolved into an essential utility for almost all forms of commerce and communication. From all perspectives, whether supplying, consuming or regulating, broadband is effectively a utility. It’s essential to consider the arguments against nationalization, however, in order to fully grasp what the inevitable plan for national broadband will sacrifice.

By nationalizing broadband, we risk stifling innovation. This is the ‘cop-out’ cable company argument, perceived by many as the ISP’s excuse to keep prices high and costly investments into infrastructure low. Innovation doesn’t mean new ways of accessing the Internet. It really means infrastructural improvements, maintenance, paying employees to improve the network and other things known generally as capital expenditures. Profit usually goes to useful capital expenditures that help a company keep going. Consequently, theory says and history confirms that profit, even when achieved by predatory pricing, has the long term effect of keeping prices low and resource availability stable. Take national oil, for instance: In Russia, state control of the oil production means revenue is used for political expenses, not capital expenses. The result is that most Russian oil firms cannot perform capital reinvestment and improve their pumping or refining capacity. In other words, when oil demand rises, they can’t keep up, because their profits were used to balance the budget rather than to explore new reserves or build more derriks and pipes. Consequently, Russian oil firms aren’t as competitive as Exxon-Mobil, which invests the majority of its oft-derided windfall profits on itself.

Capital expenditures are a vital part of any company’s healthy growth. The decision to nationalize broadband means Internet will be priced at cost; no more capital expenditure. Without increasing taxes (generally unpopular), we face an Internet infrastructure that will crumble. And like our roads, government corruption and inefficiency necessarily means these costs skyrocket: highway maintance took $42 billion in Federal funds alone. Nationalizing broadband will be extraordinarily costly in the long term–what we sacrifice is better defined as efficiency and bandwidth speed, not “innovation.”

Are we prepared to exchange a fast Internet for a utility Internet? The prevailing opinion of the administration is yes, considering that speed nearly as quantitatively valuable as low-cost and widely available. Speaking for the administration, MIT computer scientist Daniel Weitzner advocated that we would “rather have a more open Internet at lower speeds than a faster Internet that has all sorts of discrimination built in… We’ve lived with tiny narrow little pipes and done extraordinary things with them.” Rather, he and the administration elaborate, it’s accessibility and openness, not speed, that is itself valuable.

By leaving ISPs to their own devices, their capital expenditures aren’t focused on national priorities. They’re focused on marketing priorities, like having high bandwidth speeds to advertise against their competitors. ISPs reinvest into infrastructure that makes more expensive Internet connections easy to sell and market, not into infrastructure that makes Internet access cheaper and more available. The greatest irony is that the administration itself, by focusing on broadband speeds, plays into the damaging business models of the incumbent ISPs. By promoting the importance of speed versus availability, even in his own speeches, the president elect reinforces the misconception that speed is valuable. Once we move past advertising and recognize actual national priorities and values, a utility Internet appears significantly more valuable than a fast Internet.

A utility Internet could be the most valuable stimulus to our economy in recent times. Several reports point to as many as 220,000 jobs generated by a modest $5 billion stimulus in IT and communications. Thus, though a government Internet is more expensive in the long run, it also generates more commerce and jobs than a privately-controlled Internet ever could. The net benefit of nationalized broadband is greater than the net benefit of private broadband, strongly suggesting that the Obama administration would be making a safe and succesful decision to introduce a single, national ISP.

Commence shorting Comcast, AT&T and Time Warner stock now.

Cybersecurity is an important field of national security with which the Obama administration must contend.  Currently, the United States government is extremely unprepared for any kind of cyber attack.  In his 2008 Annual Threat Assessment testimony, Director of National Intelligence Mike McConnell finally acknowledged the importance of cybersecurity, but admitted that the country is “not prepared to deal with it.”

This comment was certainly reinforced by a recent “cyberwar” simulation conducted by U.S. government and industry representatives this past December.  In the simulation, officials had to contend with a surge in computer attacks at a time of economic instability—a not unlikely scenario in today’s world.  However—despite Bush’s recent cybersecurity initiative that attempted to address this exact kind of situation—the game participants committed planning and communications errors and failed to properly reduce the damage done by the attacks.

Luckily, President-elect Obama has already vowed to strengthen the nation’s cyber infrastructure in a number of ways.  In a position paper on his website, Obama makes some of the following promises:  To “strengthen federal leadership on cyber security” by appointing  a national cyber advisor to coordinate and articulate national policy, to develop new and more secure hardware and software, to establish new IT standards for cyber security and physical resilience, and to prevent corporate cyber-espionage in order to protect the nation’s trade secrets.  

These initiatives are all good starting points for the improvement of cyber security; however, Obama’s recommendations are fairly generic and fail to articulate how he will build upon the work done during the Bush Administration.  After Chinese hackers managed to steal e-mail data from the Pentagon’s server in 2008, President Bush enacted a new Cyber Initiative (Presidential Directive 54).  The initiative is a multiagency project that will create a new monitoring system for federal networks and that will also allow for data exchange with the private sector.  Additionally, the Cyber Initiative will implement new smart-cards for employees and contractors (over the next few years) and will upgrade federal networks to a more secure IPv6 protocol.  As President, Obama should improve upon these projects and remove some of the secrecy surrounding Bush’s Initiative.  In this way, citizens can be assured that they will be protected at the same time that their privacy rights are protected, and the private sector can better cooperate with the government in order to prevent a security flaw or attack.

Other individuals and groups have also made some suggestions for the Obama administration that are worth noting.  We believe that one of the most important of these is also one of the most basic:  Obama needs to delink the connection that exists between federal cybersecurity efforts and the Bush war on terror.  This recommendation, made by Gartner analyst John Pescatore, seems pertinent.  In the post 9/11 world, the Bush administration has been overly concerned with the overall direction of the war on terror and has failed to address the more immediate threats to the federal cyber infrastructure.  

Several suggestions made by the Center for Strategic and International Studies (CSIS) could also help guide the Obama administration.  The CSIS Commission on Cybersecurity states that the acronym DIME—diplomatic, intelligence, military, and economic—should guide the new President, along with an emphasis on law enforcement.  In other words, a cybersecurity program needs to be comprehensive and multi-dimensional in order to effectively ward off cyber attacks.   Such a program would  require central coordination; the Commission suggests creating a new office for cyberspace in the Executive Office of the President.  Perhaps Obama’s proposed national cyber advisor could direct such an office, ensuring communication and cooperation with homeland security agencies (NSA, CIA, etc.) and technology agencies (perhaps the CTO’s office, if/when it is created) alike.

In addition, the CSIS recommends that the government buy only secure products.  As the largest single customer of information technology, the U.S. is extremely vulnerable to product flaws, the smallest of which could be devastating to national security.  With such a policy in place, combined with promises to build the government’s relationship with the private sector, the Obama administration would be significantly less exposed to attacks (such as the one that occurred last year).  Combined with better authentication of digital identities, cyber infrastructure will be much safer in the U.S.

While all of the above-mentioned initiatives would greatly improve cybersecurity in the United States, one important caveat must be made:  Privacy rights must be preserved.  One can easily get caught up in the wonders of new technology or security initiatives, but civil liberties are one of the most fundamental values articulated in the U.S. Constitution and must be considered before implementing any new program.  As we have mentioned in previous posts, the NSA’s warrantless wiretapping was a blatant and unnecessary intrusion on privacy rights, and should never occur again.  

This warning is particularly applicable if the U.S. government begins to work more closely with the private sector.  While we fully encourage the government to coordinate with private companies, there should be clearly articulated rules and guidelines that limit what information can be shared.  Such a request is not unreasonable.  In fact, it is merely a matter of openness and oversight:  A new cyberspace office would be able to monitor data sharing and coordination, and would be able to maintain the delicate balance between civil liberties and national security.  Hopefully, President Obama will be aware of this need when constructing a more detailed vision for cybersecurity and will learn from the mistakes of the secretive Bush administration.

The issue of internet safety—and, more specifically, child pornography and child predators—is one that invites debate over the means, not the ends, of enforcement.  There is little disagreement that the government needs to address the ever-growing risks that children are exposed to while online.  However, while a number of different groups have proposed that President-elect Obama take action on the matter, most of them disagree about what he should do.  Obama himself has said little about how he will promote online safety, leaving the issue open for further examination.  In this post, we will look at some of the proposals that have been made for the incoming administration, and articulate some of the pros and cons of each group’s ideas.

First, one must note the importance of the United States’ policies on child pornography to the rest of the world.  Former British prime minister Tony Blair has personally written to President-elect Obama, asking him to take action before the issue unduly hurts other countries.  According to the UK’s Internet Watch Foundation (IWF), more illegal images are hosted by U.S. internet companies than by any other country.  While President Bush ignored the British leader’s concerns, child protection charities are hopeful that the Obama administration will address the issue more forcefully.  We would hope that, under a proposed Chief Technology Officer, child pornography would be at the forefront of the White House’s concerns.

When it comes to more specific proposals, the Family Online Safety Institute has provided the most specific guidelines for Obama.  In their recently-released “Making Wise Choices Online” report, FOSI has lamented that the U.S. has no coordinated national strategy to address online safety.  To change this, the group has made several recommendations:

1. To create an annual White House Online Safety Summit
2. To create a United States Council for Internet Safety (by following the UK’s lead:  The nation had government, industry, and NGOs cooperate to create its program)
3. To create an Online Safety Program to fund research and educational projects (again along the lines of the UK’s Safer Internet Program), beginning with a $100 million awareness program
4. To institute the post of National Safety Officer within the office of the Chief Technology Officer

The report also emphasizes the importance of companies’ cooperation in the matter, stating that ISPs, phone companies, and wireless providers should play an active role in helping families to protect their children.  For example, FOSI cites the effort of MySpace (in the Internet Technical Task Force) to study what new technology can be used to help protect children online.

All of these suggestions are admirable.  However, as Julian Sanchez of Ars Technica points out, the report also includes some interesting commentary that could stem from the fact that the group is “composed of and funded by major telecom and software firms”.  FOSI spends some time downplaying the dangers of the Internet, claiming that much of parents’ fears are based on the hype created around TV shows like “To Catch a Predator” that place more emphasis on entertainment than on reality.  The report states that the resulting “technopanic” has caused parents to demand for legislators to create overly restrictive laws that have “distracted all of us from the real opportunities to teach critical thinking, digital citizenship, and a new form of media literacy that embraces the new technologies, rather than banning or blocking them”.  Thus, FOSI encourages the European model of education, a model that empowers children as those that must responsibly understand and participate in the online world.

This advice seems somewhat misguided.  Certainly, children must have an understanding of the Internet and its potential dangers or abuses, but they cannot be expected to have perfect judgment when it comes to such a large and mostly lawless world.  The fears promulgated by “To Catch a Predator” may be overblown, but they have a firm basis in the real world, and parents must be aware of that.  Legislation must be put in place to act as a safety net when children or families do make the wrong decisions, and it needs to be stringent.  Thus, while FOSI’s recommendations are useful, they should only be a starting point for the Obama administration.  More research or educational initiatives won’t do anything if they’re not coupled with real consequences for violations (by adults) of the law.

For this reason, the suggestions of other individuals and groups seem to be more appropriate.  Specifically, Chris Soghoian makes some useful recommendations when it comes to Obama’s child porn policy.  Somewhat along the lines of the FOSI report’s National Safety Officer, Soghoian stresses the need for some kind of “child pornography czar” under the CTO.  Such a position would ensure that the government exercised proper oversight over the enforcement of child pornography laws, which is not occurring in the status quo.  Currently, the National Center for Missing and Exploited Children (NCMEC) has been given the authority to fight child porn, but the organization is a nonprofit and isn’t subject to many laws that prevent governmental excesses and abuses (such as the Freedom of Information Act, the Privacy Act, and even the Constitution).  By demanding for a “czar” to ensure transparency of the law enforcement process, citizens can be sure that their rights are being protected even as children are being saved.

We would go a step further than Soghoian does in recommending duties for a child pornography czar.  Surely, governmental accountability is important, but a czar would also need to promote awareness of online safety issues and recommend alternatives for legislators.  Some ideas have included instituting an “.xxx” domain for porn and increased authority for the FBI to enforce child pornography laws.  All of these ideas have the potential to be successful if implemented over the upcoming years.  Again, family awareness and prevention is an important first step, but other measures need to be implemented if minors are be fully protected online.

In today’s post, we’ll continue the analysis of Obama’s guarantees of online privacy rights to American citizens.  Specifically, we will discuss the commitment to protect sensitive online health data that will be increasingly important as the President-elect attempts to reform the health care system.

Privacy Issues:  Electronic Health Records

The digitization of health records is an key part of President-elect Obama’s health care plan, as it will help to reduce costs while minimizing errors and improving the standard of care in the U.S.  However, this idea comes with many new risks of its own:  Not only can online/electronic records leave patients susceptible to general abuse, misuse, or theft of their data, but it also specifically could allow for discrimination in insurance or care.  Thus, it is important that the Obama administration acts proactively to safeguard such important information.

Luckily, the transition has already yielded positive results for the privacy of medical records.  On December 15, the Department of Health and Human Services released a document entitled “Nationwide Privacy and Security Framework For Electronic Exchange of Individually Identifiable Health Information,” providing guidelines for the protection of electronic records.  The document includes 8 key principles for the usage of these documents:

1. Individual access:  Individuals should be offered a reasonable and simple means of access to their health information.
2. Correction:  Individuals should be provided with a means to correct erroneous health information.
3. Openness and Transparency
4. Individual Choice:  Individuals should be given the opportunity to make decisions about the “collection, use, and disclosure” of their health information.
5. Collection, Use, and Disclosure Limitation:  Health information should be collected, used, and disclosed only to “the extent necessary to accomplish a specified purpose(s) and never to discriminate inappropriately”.
6. Data Quality and Integrity
7. Safeguards:  Medical records should be protected with technical and physical safeguards that prevent unauthorized abuse or disclosure.
8. Accountability:  Sufficient monitoring mechanisms should be used to ensure that the principles are followed.

Additionally, the Department released other documents applying the 1996 Health Insurance Portability and Accountability Act (HIPAA) to the future of electronic records.  While many software companies have argued that this act is sufficient to protect the privacy of health records, many other individuals are still concerned that it doesn’t go far enough and should be reformed to take into account the rapid changes occurring in technology. 

Recommendations 

This concern of privacy advocates is legitimate, and the Obama administration should address it before moving forward with the President-elect’s plans to use electronic health care records.  A few issues regarding HIPAA are of particular concern.  

First, the Act allows the disclosure of private health data—without consent—for “treatment, payment, or health-care operations.”  This is done without notifying the patient in any way, and should be changed so that individuals have greater control over how their personal information is used.  President-elect Obama has begun to address this issue through the “Individual Choice” principle, but should continue to do so by reforming the HIPAA.  

Additionally, the Center for Democracy and Technology notes that the HIPAA only applies to health entities.  As President, Obama should strengthen the Act for the new electronic records, but he should not merely extend these rules to non-health entities; the HIPAA would not address all of the additional potential privacy problems of employers and Internet companies that would also hold electronic medical records.  Instead, new laws must be tailored to these other groups that will have access to private health information.  

This is particularly important when one considers the potential for health discrimination.  Privacy and patient advocates point out that individuals should have greater control over what medical information employers and insurers have access over to prevent employment or coverage discrimination (i.e. not hiring someone with a terminal disease or charging higher premiums to someone genetically predisposed to having cancer).  Right now, forms of discrimination such as medical underwriting (when coverage is selectively provided on the basis of health) are prohibited by the HIPAA, but the law would not work when employers or insurers themselves were the ones holding the information.  The Obama administration should work to supplement this law.

Provided that President-elect Obama works to protect and enforce privacy laws while he attempts to fix the health care industry, electronic medical records with be a giant step forward.  However, if he fails to carry out the HHS’s 8 principles or does not take the above-mentioned steps to improve the HIPAA, electronic health information will become a dangerous issue in and of itself.

As a candidate, Present-elect Obama made little mention of privacy laws and the abuses committed by the Bush administration (for example, through the PATRIOT Act).  However, in his technology position paper, “Connecting and Empowering All Americans Through Technology and Innovation“, Obama promises to “safeguard our right to privacy” by:

1. Ensuring that terrorism-fighting mechanisms and information are not abused.
2. Updating surveillance laws and ensuring that other methods of law enforcement are carried out appropriately.
3. Protecting “particularly sensitive kinds of data”:  for example, online health records.
4. Tracking down cyber-criminals to crack down on spam, spyware, phishing, etc.

In this post, we will discuss the first two of these issues, the issues most closely related to the post-September 11th developments in privacy as the Bush administration began to exercise more control over the counterterrorism intelligence gathering process.  

Privacy Issues:  NSA Wiretapping and the ECPA

In particular, there has been controversy over the warrantless data mining and wiretapping done by the National Security Agency (NSA) as part of a program approved by President Bush to search for terrorists.  The secretive surveillance program, revealed by this article in the New York Times, allowed the NSA to search through large amounts of telephone and Internet communications both inside and outside of the United States.  

The revelation sparked a large outcry from privacy advocates, one that intensified when the Bush administration proposed legislation that would both expand the government’s domestic surveillance power and retroactively protect the telecommunications companies that assisted the NSA wiretapping process.  The bill would be used to update the Foreign Intelligence Surveillance Act (FISA), a 1978 bill used to allow “electronic surveillance in the context of foreign intelligence gathering” while “strik[ing] a delicate balance between national security interests and personal privacy rights”.

Originally, Obama opposed this invasion of privacy—this is made obvious by his policy paper on technology.  However, in a July 2008 note that he wrote to the public, Obama changed his position on the FISA matter, claiming that the bill was the best solution possible.  To further defend his new position, Obama’s campaign staff claimed that the “fact that there [was] an open forum on BarackObama.com where supporters [could] say whether they agree or disagree [spoke] to the strength of [their] campaign”.  Nevertheless, the candidate’s supporters were extremely angered by the decision, and groups like the EFF continue to fight for the repeal or reform of the new FISA bill.  It will be interesting to see how the new Obama administration will address these issues in the upcoming four years.

Another online privacy issue that has been addressed by the EFF and other privacy groups is the Electronic Communications Privacy Act (ECPA). This act—passed in 1986 to reform the Wiretap Act of 1968—extended restrictions on wiretaps to include online communications.  Specifically, the ECPA requires a court order for the government surveillance of “wire, oral, or electronic communications.”, and Title II of the act (the Stored Communications Act) regulates the circumstances under which a provider of electronic communication services (ECS) or of remote computing services (RCS) can provide information about emails or other forms of online communications.  According to the Stored Communications Act, a “governmental entity” may demand the disclosure of the contents of an opened e-mail or any e-mail that has been in storage for more than 180 days.  This can be done, according to Section 2703(b), without required notice to the customer provided that the government obtains a warrant, court order, or administrative subpoena.  According to the EFF, this act needs to be reformed in order to be more in line with “recent technological developments and Americans’ expectation of online privacy”, specifically so that privacy of online data doesn’t depend on how long it has been stored.  

Recommendations

President Obama will have the difficult job of maintaining the appropriate balance between national security and the privacy rights of U.S. citizens.  While the Bush administration has gone too far in the direction of government control and invasions of privacy, there is still some merit in insisting on surveillance measures in the name of protecting the nation.

For this reason, we recommend that Obama evaluates the programs he has in place and then reform them to be more in line with today’s standards of technology and privacy needs.  First, the FISA Amendments Act needs to be reformed.  The protection of illegal, warrantless wiretapping is and never should be justified.  The NSA wiretapping program was a blatant violation of the Fourth Amendment guarantee against “unreasonable searches and seizures”, particularly those done without probable cause.  Although the NSA should undoubtedly have more powers to conduct surveillance in the name of counterterrorism, these powers should never involve violations of the fundamental rights of the Constitution.  For this reason, telecommunications companies should not have been protected for assisting the government’s illegal wiretapping.

Secondly, the ECPA should also be reformed and clarified.  The government must develop standards beyond those of opened/unopened and the 180 days rule.  These categories are not only arbitrary, but are also unnecessary.  Moreover, the PATRIOT Act has amended the ECPA to relax the standards for Internet surveillance to be in line with the standards of telephone dialing.  The standards for phone usage are already too weak, and both measures should be reformed.  Governmental entities should be required to prove the relevance of their surveillance beyond telling a judge that information is necessary to their investigation.  There should be standards for how and why they conduct Internet and telephone surveillance; specifically, a probable cause standard should be used.  Applying this Fourth Amendment standard to all e-mail communications—regardless of how old they are—and other private online content (no matter where it is stored) is important to protect Americans in this increasingly digital age.  We believe that this will not hinder any counterterrorism investigations; if it does, then national security experts should have to explain the potential harms of using probable cause.

In these ways, the Obama administration will hopefully be able to strike the proper balance between security and privacy over the next few years.  President Obama should maintain his promises to the nation outlined in his policy paper by ensuring that the proper reforms are made before irreparable damage is done to the values of the U.S. Constitution.

Change.gov.  This website—the president-elect’s new space for providing transition and policy information—is a symbol of the new age ushered in by President Obama’s election in 2008.  Newspapers make the claim that he is younger and “hipper” than previous presidents because he lives on his Blackberry and will probably be the first to have a computer in the Oval Office, but the transition website is a sign of true change.

Why, you may ask?  At the most immediate level, Change.gov promises to bring accountability and openness to the White House.  Through the site, President-elect Obama asks the American public for ideas and participation, and provides them a forum to interact with one another as they comment on policy and provide feedback.  This creation alone should be lauded as a breakthrough in American politics.

However, many groups have praised Change.gov for an entirely different reason, one worth examining in of itself:  its use of a Creative Commons Attribution license.  With this license, the Obama transition team has given the American public the freedom to copy, share, and even remix the website’s content as long as they attribute the work to its original source.  

As seemingly unimportant as this policy might seem, Obama’s use of Creative Commons is a powerful symbol of the changes to come once he takes office in 2009.  Where government was once closed, opaque, and slow-moving, it is now open, transparent, and innovative.  Under President Bush, a policy suggestion site would have been unimaginable—could we imagine Bush or Cheney or Karl Rove listening to public input on national security or Iraq?—but today, it has already occurred.  Moreover, the President-elect’s rapid embrace of a (relatively) new concept like Creative Commons represents his willingness to transform policy in arenas previously ignored, such as copyright law on the internet.  

Hopefully, Obama will follow through on this promising start once he takes office in January.  Only time will tell.  In the hopes that he will, in fact, focus on Internet law (he has promised to appoint a Chief Technology Officer, which could help guide him in such a complex and rapidly-changing field), we have created a blog that provides suggestions for his administration.  

Over the next few weeks, “The Internet Ahead” will discuss some of the key issues that the Obama administration will face in cyberspace.  Although the blog couldn’t begin to cover every issue that needs to be addressed in the upcoming years, we will discuss in depth some of the most salient topics of Internet law.  During his campaign, President-elect Obama personally addressed some of these issues—for example, Net Neutrality—and has put forth ideas for policy change.  Other topics such as online privacy he has not directly addressed.  Regardless, we will examine the various sides of each issue that his administration will face; then, we will recommend a particular course of action that will best ameliorate the problems that exist today.  By doing this, we hope to open a dialogue on the importance of Internet law to our country’s future in a rapidly-changing world.