Friday, June 29, 2018

Nanny Super-State Blues

“We extricated ourselves from the British Empire only to accept unthinkingly the rule of the Roman Catholic Church and after that the EU.”
Irish Sunday Independent columnist Ruth Dudley Edwards, October 9, 2016
The other day my wife asked me to check whether a particular procedure was covered by our medical insurance. Finding the written policy overly complex and not very user-friendly, I decided to try the little chat window that always pops up on the insurance company’s web site. After waiting in a queue for several minutes, I was eventually informed that my wife would have to contact them directly. They could not converse with me about her coverage—even though we are married and it is all one policy—under Europe’s new General Data Protection Regulation (GDPR).

Unlike most policies/directives/edicts handed down by the crowd in Brussels, the GDPR is actually having a noticeable effect on my life. And I don’t just mean that my wife now has to get her own insurance-related questions answered. For instance, when I visit the web sites of many U.S. newspapers—including the one in Bakersfield which was the local daily paper I read growing up—all I get is a screen informing me that I cannot access the content because my IP address is in the European Union. Even more aggravatingly, one of the apps I use on multiple devices to save and read online articles (Instapaper) has stopped working for me. The web site explains that, in order to avoid any potential violation of European law, European users are being blocked until further notice while they study the law to see what they need to do in order to be in compliance. I suppose I could blame Instapaper. After all, anyone who was paying attention knew this was coming two years ago. On the other hand, I can understand why operators of a U.S.-based web site might put a low priority on something that, in theory, only affects users in other countries.

I mused on the possible effects of GDPR just as it was about to go into effect last month. To recap, this is a regulation handed down by the European Union which has the force of law in all EU countries even though no national parliament actually enacted it. It establishes very strict legal requirements for the storage and retention of individual citizens’ personal data as well as establishing sweeping legal rights for citizens to exert control over such data. In practice, as far as I have observed anyhow, the main practical effect is that for those of us in the EU there are many more legal agreements to review and agree to before we can do anything online. Of course, such agreements were common before GDPR, but now they are even longer and more complex and virtually ubiquitous. Past surveys have suggested that most people click on the “agree” button without bothering to read the agreement, and I have little reason to think it is any different now. As I understand it, I do now have the legal entitlement to contact any web site I have used and direct them to delete any or all of my data which they hold and/or to let me see it. Personally, I do not envision doing this, but who knows? Maybe a situation will arise in which I will be glad for this protection. In other words, I am not sure the benefit for me personally outweighs the inconvenience it has caused.

One U.S. publication that has not shut me out of its web site is The Wall Street Journal—probably because of the money I pay them. The paper’s tech columnist Joanna Stern notes that GDPR requires privacy policies to be “concise, easily accessible and easy to understand” and also written in “clear and plain language.” She adds, a bit mischievously, “Ironically, that’s found on page 11 of the 88-page official document.” As an example of the regulation’s effect, Twitter’s privacy policy has expanded from about 3,800 words to around 8,890.

According to two cybersecurity and privacy attorneys (Brian E. Finch and Steven P. Farmer of Washington and London, respectively) writing in The Journal last month, the main beneficiary of GDPR could well be cybercriminals. After all, the whole point of the regulation is to severely restrict sharing of individuals’ information. Apparently, this extends even to law enforcement.

“No government has ever before sought to impose such a sweeping privacy control,” observe Finch and Farmer, “perhaps because of the obviously deleterious effects on law enforcement.” Cybersecurity journalist Brian Krebs has written that European-based security companies have become “reluctant to share” internet-address information that could help identify cybercriminals.

Maybe you think it’s a good trade-off to make things easier for terrorists and criminals to communicate over the internet as long as it means that people won’t have Russian bots micro-targeting them to try to stir them up over populist issues. Me, I’m not only not sure it’s a good trade-off, I’m not sure that such internet mischief will be seriously curtailed.

Maybe I will be proved wrong, though, and I will see it differently over time. For now, however, this looks increasingly like what happens when you hand a problem to an army of bureaucrats who are not accountable to—indeed not even in the same country with most of—the vast swathes of people who will have to comply with their handiwork. To top it off, it may well actually make worse the problem they were supposed to solve.

Still, I will keep an open mind. In the meantime, if you come across any really interesting news from Bakersfield, please pass it on to me.

Wednesday, May 23, 2018

Election Protection

“An article on Sunday about Campbell Brown’s role as Facebook’s head of news partnerships erroneously included a reference to Palestinian actions as an example of the sort of far-right conspiracy stories that have plagued Facebook. In fact, Palestinian officials have acknowledged providing payments to the families of Palestinians killed while carrying out attacks on Israelis or convicted of terrorist acts and imprisoned in Israel; that is not a conspiracy theory.”
—Correction published in The New York Times, April 24

“Zuckerberg Bombarded with Facebook Ads for Suits, Haircuts”
—Headline in the Irish satirical newspaper Waterford Whispers, April 12
“I hate the internet!”

So declared someone in our house recently while reading her phone. I share her annoyance. Her exclamation was presumably prompted by yet another email asking or demanding her to review and approve a revised privacy policy for some web site or app. I’ve been getting a lot of those myself, and I am guessing that you are too.

On Friday the European Union’s General Data Protection Regulation (GDPR) goes into effect, spurring internet companies and publishers to comply by informing and/or getting permissions from their consumers. Generally, companies outside the EU seem to be following suit because it makes sense business-wise. The GDPR was adopted two years ago, but its imminent long-planned implementation has timely urgency in the wake of concerns over deceptive social media advertising and aggressive data mining, such as Cambridge Analytica’s early work for the Trump campaign. It is interesting to note that, in the past, these sorts of European edicts were directives that then had to be enacted in national legislation for them to take effect in each country. By contrast, this regulation is directly enforceable by the EU on its own authority. I think we can pretty much consider the EU a true super-state now.

Like most things governments do to protect or look out for the interests of citizens, much of the burden—and indirectly the cost—ends up landing on the shoulders of those very same citizens. It creates a lot of profitable work for lawyers who are required to draw up new user agreements and policies, and end-users wind up with clogged in-boxes full of links to long, detailed, jargon-filled on-line documents that few will bother to actually read. In the end, will we all be safer privacy-wise? Count me as a hard skeptic.

Something else is happening on Friday. Ireland is holding a referendum in which voters will decide whether to preserve or delete language in the national constitution giving the unborn equal status under the law with the women who carry them. I find it strange that a constitution would actually include medical policy in the first place, but on the other hand, the U.S. Constitution does the same (although to opposite effect)—at least as ruled by the Supreme Court in Roe v Wade, which said that abortion is a constitutional right. If Friday’s referendum passes, the government has said it will legislate to make abortion freely available in Ireland up to the twelfth week and in limited cases after that. Polling suggests that the repeal will be enacted, largely on the strength of a surge in registration of urban voters.

No one can have missed the competing campaigns, as posters proclaiming “Yes” (“Tá” in Irish) and “No” cover every available electricity and telephone pole. The debate is also taking place on the internet, and that is where we may be getting a glimpse of where the hysteria over Russian “meddling” may lead us. A couple of weeks ago Facebook announced that it would ban any referendum advertising that originated outside of Ireland. Google went a step further and said it would ban all Irish referendum advertising—regardless of geographic origin—from the large number of web sites displaying ads via Google. (My own movie blog would be the most minor of examples of sites running Google’s third-party ads.) Interestingly the Yes side declared it was quite happy with this, while the No side cried foul. The anti-abortion side has benefited significantly from foreign supporters, notably groups in the U.S.

Legally, Facebook and Google are private companies which are entitled to accept or reject advertising from any clients they wish, but a moment like this drives home just how much influence these businesses’ decisions can have in the general dissemination of ideas and opinions. Internet companies are under intense pressure to eliminate “fake news” from users’ feeds, but who gets to say exactly what “fake news” is? If you are one of the millions of Americans who are distraught over the last presidential election, you may see no problem with social media companies filtering out foreign-sourced posts working to Donald Trump’s advantage. Once you start censoring content for any reason, though, there will be unintended consequences or—if you are a cynic—possible malevolent intended consequences. It is worth remembering that the Russians also did some boosting of Bernie Sanders, since their ultimate goal was to undermine the supposedly inevitable winner, Hillary Clinton.

Here is another way to look at it. Suppose the Russians, instead of using Facebook and other social media, had put their provocative political content on good old-fashioned paper and put it into envelopes and mailed them through the U.S. Postal Service. Would we now be talking about having the post office filter out certain types of letters with certain kinds of content from its system?

The difference between snail mail and social media is that, unlike the USPS, Facebook is a private company that would like to keep government regulation as light as possible. As such, it is susceptible to influence from politicians—not to mention its own internal biases. Also, the nature of digital data is such that, unlike traditional mail, it is relatively easy to design algorithms to screen out certain types of information deliberately.

Just as ordinary citizens are the ones who bear the ultimate burden when governments and super-states try to protect us, it could ultimately be our access to a free flow of information—the good along with the bad—which could suffer because hysterical people did not like the outcome of one election.

Tuesday, April 24, 2018

Scout’s Honor?

“James and Patrice Comey have five children, having lost one son, Collin, who died at a very early age. The couple’s four daughters, after being disappointed that Hillary Clinton didn’t win, have been politically active in the wake of the 2016 election. ‘I wanted a woman president really badly, and I supported Hillary Clinton. A lot of my friends worked for her. And I was devastated when she lost,’ Patrice Comey told [George] Stephanopoulos.”
—Meghan Keneally, “James Comey’s wife warned him: ‘Don’t be the torture guy,’ ”, April 15
In my previous post I patted myself on the back for my prescience five years ago in seeming to see where the pursuit of political data mining was going to go. In the interest of balance, allow me to revisit some comments more than a year ago where I now realize I got it wrong.

Fifteen months ago I wrote, “I have nothing but sympathy for [FBI Director James] Comey. He had a sterling reputation going into the election period, but he wound up in a situation where he was guaranteed to have political activists on all sides livid at him. He clearly did not want to be discussing the investigation at all, but his boss Attorney General Lynch left him no alternative.”

At that point I saw Comey as a man forced unwillingly into a terrible position. Because I had heard so many people on both sides of the political divide refer to him invariably as “a Boy Scout” and “a straight shooter,” I took it on faith that he was a disinterested public servant doing his best in a difficult situation. Subsequent events—not the least of which are his recently published book and his non-stop media publicity tour—have shown me once again it is wise to be skeptical even when—or maybe mostly when—“everybody” seems to agree on something.

The picture that has emerged of Comey is not now nearly so flattering. When the investigation into Hillary Clinton’s rogue email server was completed, it was unusual that the findings were announced publicly. It was even more unusual that they were announced personally by the FBI director. The proximate reason for it going down that way was that Attorney General Loretta Lynch had announced she would automatically accept the FBI director’s recommendation on the matter. While not formally recusing herself, she effectively gave Comey the last word, which explains why he made the announcement instead of her. This happened because a short time before she had had a private meeting in her personal jet with the former president who had jump-started her career by appointing her as a U.S. Attorney and who also happened to be Hillary Clinton’s husband. We now know from Comey that he actually quite willingly took the opportunity to make the announcement, not only because of the appearance of conflict-of-interest in the Lynch/Clinton meeting but also because of other compromising information about Lynch that was not revealed.

“In early 2016,” reported on Comey’s interview with George Stephanopoulos, “the U.S. intelligence community obtained classified information that, according to Comey, ‘raised the question of whether Loretta Lynch was controlling me and the FBI and keeping the Clinton campaign informed about our investigation.’ ”

Many people blame Comey’s announcement of the (brief) re-opening of the email investigation for costing Clinton the election. There is no way to know that, but amazingly Comey has now explained that he made the announcement to actually help Clinton, i.e. to avoid any reason for her opponents to later accuse her administration of being illegitimate. He has said he only made the announcement because he was sure she win the election anyway. Text messages between FBI officials Peter Strzok and Lisa Page, who were desperate not to see Donald Trump be elected, have suggested that Clinton’s exoneration had always been a done deal. They also suggest that FBI deputy director Andrew McCabe was doing his best to sit on re-opening the investigation until after the election but ran out of time. Thus the investigation was re-opened at the worst possible time for Clinton—just days before the election. In other words Comey and McCabe were actively trying to help Clinton but inadvertently may have doomed her chances. With friends like them, who needs enemies?

That top officials of the FBI would be taking sides in an election and attempting to affect the results is frightening and shocking. Such behavior could possibly be justified if they had concrete evidence that Trump represented an existential threat to the republic. In his book and interviews, Comey does his best to insinuate that this is the case. Yet the best case he can muster for his animus against Trump is that Comey finds him morally unfit. He has provided no hard evidence that would justify an impeachment and, in fact, nothing that voters did not know when they voted in 2016. Having felt that strongly, Comey’s only viable course would have been to resign in protest and to give his principled reasons. Instead, he did his best to hold on to his job. He has actually said that he thought he was safe because, as FBI chief, he was in charge of the Russia investigation. In other words, he thought he had leverage over Trump. When Trump resisted that leverage by insisting Comey state publicly what he was telling the president privately (that Trump was not a target of the investigation), Comey refused. Trump then fired him, and Comey retaliated by leaking his own notes of their meeting, knowing it would trigger a special counsel. A year later there is still no sign of anything chargeable or impeachable involving Trump personally in relation to the Russian election meddling. In fact, so far there is much more evidence of collusion coming from within the Justice Department on behalf of Trump’s opponent.

In light of what we know now, it is actually reasonable to understand that, when Trump told Comey he needed loyalty, what he meant was that he needed to know he would not be stabbed in the back. If that is indeed what he meant, he certainly got his answer soon enough.

I have absolutely no interest in being a defender of Donald Trump, but here is the thing. By the end of January 2021—2025 at the latest—Trump will be gone. The FBI, on the other hand, does not face elections and enjoys a certain amount of independence from our elected representatives. It will still be around long after Trump has left the White House. Maybe a politicized FBI does not bother you because you happen to agree with Comey’s political views, but it certainly scares me. I do not like the idea of an FBI director who feels he knows better than the voters who should be in charge of the government—and who is willing to use the bureau’s resources accordingly.