Like all wealthy countries, the United States has made a policy commitment to ensuring that everyone, regardless of income level, has access to enough food to sustain their health. One way we could make good on that commitment is by a system of compulsory food insurance: Everyone pays in, either via plans purchased on the individual market or through coverage employers are required to provide, and then you swipe your insurance card at the grocery store, and your insurance picks up the tab.
There are a bunch of obvious reasons this is not, in fact, the way we do things. The need to eat is not really a “risk” people need to “insure against.” Everyone needs to eat, and so the grocery bill is just a predictable, usually relatively stable, recurring expense. Second, while some bodies will need more food to sustain themselves than others—and there’s some minimum everyone’s going to have to spend on food to stay healthy—the cost, quality, and quantity of food people consume is also substantially a matter of individual choice and preference. You have foodies who devote substantial time, energy and money to culinary pleasures, and folks who keep a far more Spartan diet than they could afford.
So, of course, what we actually do is generally leave individuals with the responsibility of buying their own food, while providing subsidies of various sorts to the poor to ensure everyone is able to obtain some basic minimum, much as we do with necessities like housing or clothes. Many regard the current level of subsidy in the United States as inadequate, but that is no objection to the underlying structure of the arrangement, which seems to be widely accepted. Some expenses related to nutrition or diet are, of course, covered by insurance: Consultation with a doctor to identify medical conditions that may impose special dietary needs, or intravenous feeding for people who are either temporarily or persistently unable to consume ordinary food. But those cases provide no reason for covering routine food purchases on an insurance model.
The current debate over mandatory, no-copay contraceptive coverage under the Affordable Care Act is somewhat idiosyncratically focused on issues of religious conscience, and whether it is reasonable to compel employers with religious qualms about birth control (or certain forms of birth control) to directly underwrite it. That is surely a debate worth having on its own terms. But it strikes me as a bit odd that so little attention is given to the question of whether an insurance model really makes sense for contraception qua contraception—when it is not prescribed for some independent medical purpose.
There’s a dizzying array of condom brands and birth control pills, IUDs and long-term implants, surgical interventions, and so on, and people have an equally diverse array of reasons for preferring one option or another. Some people use one method or another of contraception pretty consistently throughout their adult lives, others only when they have chosen to be sexually active with a particular partner. While the costs of long-term birth control requiring surgery may be relatively high, the most popular forms typically involve regular, predictable expenditures within the means of the average person—costs which would doubtless be reduced if we sensibly allowed chemical birth control to be sold over the counter without prescription.
In short, birth control resembles food—surely a more vital health-related need—a whole lot more than it does the types of costly and unpredictable medical treatments that are the main reason for adopting an insurance model to pay for those types of healthcare. As a pure policy question, then, it seems more natural to adopt a similar model for contraception: Let everyone buy their own in accordance with their personal needs and preference, with subsidies for those below whatever income level we decide is appropriate.
The obvious reason we don’t do this, it seems to me, has very little do do with the policy merits and everything to do with politics. People who are opposed to mandatory contraceptive coverage are often simply opposed, on socially conservative or religious grounds, to contraception as such—or at any rate, to any government support for it. As with Social Security, the rationale for making coverage universal is a concern that a narrower means-tested program, though probably a better fit for the underlying policy goals, would not be politically viable over the long run. (“Programs for the poor,” as the saying goes, “tend to be poor programs.”) If conservatives were to accept the general desirability of guaranteeing broad access to contraception, it is hard to see any very compelling argument for using an insurance model to make good on that guarantee that would not apply at least as strongly to food, clothing, and housing—though I welcome any I may not have thought of in the comments.
So, first, I’m super flattered to have been included on Wired’s new “101 Signals” list of recommended writers on security and politics. As you may notice, however, I’m not writing all that frequently on those topics here on my personal site anymore. If you’re interested in that, therefore, you probably want to follow me on Twitter (where I usually link stuff I’m writing elsewhere) or check out my posts on the Cato Institute blog.
Second, as quite a few people have noticed, there’s an unfortunate paucity of women on the 101 signals list, which even leaving aside considerations of gender equity, left out many of the best writers and thinkers in this space. So, without any slight intended to the excellent resources flagged by Wired, let me suggest that if you’re coming here from that list, you’ll probably also find enormous value in the Women-in-Technology Twitter list maintained by formidable privacy & drones expert Amie Stepanovich.
Addendum: I note my own list is a bit melanin deficient; I tried to think of some women of color who regularly write for a popular audience on privacy/tech/surveillance/security issues and sadly came up short. So, again, suggestions welcome in the comments.
It was made of the magnetic tapes carrying millions of international telegrams, couriered daily to the NSA under Project SHAMROCK. And it was made of the computer punchcards, holding the names of American citizens on Project MINARET watchlists, so their communications could be filtered from those telegrams.
Its operating system was written in secret memos and directives that distorted the law and ignored Supreme Court decisions.
The machine was built to fight communism—but it was reprogrammed to fight democracy.
The machine was turned on labor unions and anti-war activists, on journalists and public officials, civil rights leaders and Supreme Court justices.
It was turned on Malcom X and Muhammad Ali, on Stokley Carmichael and H. Rap Brown, on Jane Fonda and I.F. Stone. It was turned above all on Martin Luther King, as the FBI waged a six year campaign to discredit and destroy him, so he could be replaced by what they called “the right kind of negro leader”—meaning one controlled by the FBI and the American intelligence community.
Democracy ultimately proved stronger than that machine—and in the late 1970s, we took steps to dismantle it. We imposed oversight, safeguards, and strict limitations designed to enforce the guarantees of our Constitution and restore the Fourth Amendment.
Decades later, time and fear had dulled those memories, and we began building a new and far more powerful machine—a machine as far beyond Hoover’s as an iPhone is past an abacus.
The new machine runs programs with names like BLARNEY and STELLAR WIND, PINWALE and PRISM—and the source code is still secret.
The old machine was large but limited. It could spy on the government’s “enemies”—but it couldn’t spy on everyone.
The new machine can. It is wired into the cell phones in our pockets, and the switches that route every Web site we read, and every e-mail we write.
And when this machine is reprogrammed in secret—when it is turned against us, whether out of panic or malice, by the next officials who can’t distinguish a national security threat from a threat to the status quo—there may not be anywhere left for us to hide.
There’s a time when the operation of the machine becomes so odious, makes you so sick at heart that you can’t take part! You can’t even passively take part! And you’ve got to put your bodies upon the gears and upon the wheels, upon the levers, upon all the apparatus — and you’ve got to make it stop!
Well, it is that time again. It is time for us to put our bodies on the gears and make this machine stop. It is time to restore the Fourth Amendment.
A brief, slightly confusing exchange between Rep. Jerrold Nadler and FBI director Robert Mueller at a hearing this week is stirring up a lot of fuss, as C-NET reports (and The Hill repeats) that it reveals an NSA admission that analysts sifting through metadata can, without further court authorization, listen to calls or read e-mails:
First, let me suggest that nobody go too nuts with this just yet: This is a two minute exchange referencing an earlier classified briefing, and the parties to it haven’t responded to requests for comment yet. That said, let’s try to figure out what’s going on.
One possibility is just that Rep. Nadler is talking about analysts having discretion to get the subscriberinformation on a suspicious number and blurring that with content. But those are two pretty different things, and it seems unlikely he’d make that error. So let’s assume for a moment that’s not it.
What seems more likely is that Nadler is saying analysts sifting through metadata have the discretion to determine (on the basis of what they’re seeing in the metadata) that a particular phone number or e-mail account satisfies the conditions of one of the broad authorizations for electronic surveillance under §702 of the FISA Amendments Act. Those authorizations allow the targeting of whole groups or “categories of intelligence targets,” as the administration puts it. Once the FISA Court approves targeting procedures, they have no further role in deciding which specific accounts can be spied on. This is, as those of us who wrote about the FAA during its recent reauthorization observed, kind of a problem.
Legally speaking, the analysts don’t have carte blanche. In other words, this isn’t “warrantless wiretapping” so much as “general warrant wiretapping.” They can’t just tap any old call or read any old e-mail they strikes them as “suspicious.” They’ve got to be flagging content for interception because they believe it’s covered by a particular §702 authorization, and observe whatever “targeting procedures” the FISA Court has established for the relevant authorization. They can’t “intentionally” intercept any calls or Internet communications that are “known at the time of acquisition” to be totally domestic. But then, what an analyst “knows at the time of acquisition” may be pretty hard to determine, unless they clearly should have been able to determine from the metadata that all ends were located in the United States. Often, especially for Internet communications, that won’t necessarily be so.
Also, the “target” of the acquisition has to be “believed to be” outside the United States. But there’s some ambiguity about exactly what that “targeting” limitation means. That is, it’s not clear whether the phone or e-mail user you’re spying on must be outside the United States, or whether it’s enough that you are seeking information about a group primarily located overseas. I’ll assume the former, more restrictive case for now: The analyst must believe that one end of the communication is outside the United States, and flag that account or phone line for collection. Note that even if the real target is the domestic phone number, an analyst working from the metadatabase wouldn’t have a name, just a number. That means there’s no “particular, known US person,” which ensures that the §702 ban on “reverse targeting” is, pretty much by definition, not violated.
None of that would be too surprising in principle: That’s the whole point of §702! It means analysts get discretion to decide what particular accounts fall under a very broad order. A key question, of course, is just what the checks in the process are. Can an analyst technically (if not legally) plug in any selector to start collecting on and just start getting material? Does anyone check their work before call and e-mail content starts flowing in? How closely are their error rates checked after it does? Again, legally, they don’t have a blank check, but it’s the details of the system architecture that determine whether you’d be able to tell the difference in practice.
Anyway, creepy as this all may sound, it’s not exactly a new revelation if Nadler is indeed talking about authority to collect content under §702, though the potential for error seems greater if the basis for acquisition is literally nothing more than a “suspicious pattern” culled from metadata. In theory, the system could be flagging calls and e-mails for interception almost automatically (like GMail deciding what to flag as “important’), with the analyst occasionally checking off an “OK” box.
Still, this is more or less what the FISA Amendments Act was designed to do. Shame people didn’t freak out to this extent at the end of 2012, when Congress voted for five more years of it.
A little ditty I wrote for frustrated journalists, activists, and academics to sing while tangling with our beloved, Byzantine Freedom of Information Act process—to the tune of “That’s Amore,” of course:
Well, not everything President Obama and the 112th Congress managed to achieve is so terrible. With scarcely any notice, much less controversy, they did at least preserve one of the country’s most important post-9/11 antiterror tools.
One wonders just what their basis could be for the claim that warrantless wiretapping has been “one of the country’s most important post-9/11 anti terror tools.” After all, a comprehensive audit by the intelligence community’s own Inspectors General found exactly the opposite: That the program launched by President Bush was of no greater value than other intelligence tools; that it generated an enormous number of false leads that wasted time and resources; and that, indeed, it was difficult for intelligence officials to point to a single clear cut case where the program made a crucial contribution to a counterterror success. Much about that program remains secret, of course, but the Journal‘s assertion here is contradicted by the public evidence.
That would be wiretapping, which you may recall liberals portrayed during the George W. Bush era as an illegal and unconstitutional license for co-President Dick Cheney and his spymasters to bug the bedrooms of all U.S. citizens. But now Washington has renewed the 2008 amendments to the Foreign Intelligence Surveillance Act that were due to expire at the end of 2012, with no substantive changes and none of the pseudo-apoplexy that prevailed during the Bush Presidency.
Perhaps we shouldn’t be shocked that a publication owned by Rupert Murdoch would be inclined to make light of concerns about illegal wiretapping, but surely it’s not that mysterious why someone might be more comfortable with a duly authorized surveillance statute that preserves a role for the courts, however anemic and symbolic, than with a president’s unilateral decision to simply ignore federal law and bypass the courts entirely. Still, they do have a point: Substantively the FISA Amendments Act is at least arguably more problematic than the Bush program, because the surveillance programs it authorizes are potentially much more sweeping than Bush’s was, at least on the basis of public reporting. And it really is telling that many people who expressed outrage over the Bush program seem totally uninterested in scrutinizing the track record of its successor now that we have a Democrat in the White House.
In September the House passed the “clean” five-year extension that the White House desired, 301 to 118. The Senate reserved all of a single day of debate on the floor to coincide with the post-Christmas fiscal cliff chaos, and a broad bipartisan majority defeated multiple amendments from the civil liberties absolutists on the left and right such as Kentucky’s Rand Paul.
This is a turnabout from 2007 and 2008, when letting U.S. spooks read al Qaeda emails or listen in on phone calls that passed through domestic switching networks supposedly spelled doom for the American Republic.
This is just not an accurate description of what the law permits. The programmatic surveillance authorized by the FAA is not limited to “al Qaeda e-mails,” or to the communications of terrorists; the “target” of surveillance can be any foreign group or individual, and the “target” need not actually be a party to the intercepted communications. Nor is it limited to communications that merely “pass through” domestic switching networks: Calls or e-mails sent and received by American citizens are also fair game. If the original Bush program is any guide, enormous numbers of entirely innocent communications are almost certainly being swept up in the process.
Hypocrisy aside, the irony is that the imperfect 2008 deal could have stood a little scrutiny. The concessions Mr. Bush was forced to make inserted the special FISA court into the wartime chain of command, requiring the national security agencies in most cases to get judicial permission to eavesdrop on even foreign enemies. We still don’t know if this new regime has compromised U.S. intelligence gathering.
This is also false. The law has never required court approval to eavesdrop on communications when both parties were known to be foreigners, and it still doesn’t. The vast majority of the NSA’s signals intelligence activities remain completely unregulated by FISA. The FISA Amendments Act covers wire communications between Americans and foreigners—which previously required far more rigorous individualized warrants if the wiretap was conducted in the United States—as well as cases where the location of one party to a communication can’t be determined in advance (as is often the case with e-mail). The latter presented a genuine problem that could and should have been solved far, far more narrowly. The FISA court’s minimal involvement in the FAA process—which is limited to rubber stamping broad “targeting procedures” developed by NSA—falls fall short of the traditional warrant approval process, and the idea that it could have “compromised U.S. intelligence gathering” seems frankly absurd.
If the “Imperial Presidency” is only imperial when the President is a Republican, at least that doesn’t represent a real political conviction, merely naked partisanship.
On this point, at least, the Journal is entirely correct: It is sad to see so many Democrats shed their concerns about executive surveillance powers—historically abused by presidents of both parties—now that their bête noire has left office. And with the FAA extended for five more years, Obama too is likely to be long gone before we have another occasion to debate the wisdom of these powers.
As a general rule, going on television reminds me why I’ve chosen a career in print, but between the reauthorization of the FISA Amendments Act and the David Petraeus scandal, I’ve nevertheless ended up making a handful of small-screen appearances in the past couple months. For those of you who are into that sort of thing, here are the clips.
I’ve just had a chance to play around with C-SPAN’s clip-and-share functionality from its video archives, which seems like a pretty great tool for wonks like me who actually pay attention to stuff like last week’s marathon Senate debate over the reauthorization of the FISA Amendments Act, which President Obama signed on Sunday evening. With the Fiscal Cliff firmly lodged in the headlines, most news media paid scant attention to the reauthorization—though the Rachel Maddow Show did have me on to talk about it. Now, at least, C-SPAN has made it relatively easy to assemble the important points from these legislative debates without spending hours fussing with video editing software. This strikes me as having great potential to enable crowdsourced efforts to draw attention to undercovered stories in an engaging format. So here are what I saw as some important moments from the FISA debate—mostly legislators proposing some extremely mild, common-sense reforms and safeguards that all got shot down.
Sen. Ron Wyden explains that the FISA Amendments Act isn’t just about foreigners, as supporters ritually claim, but can easily result in large-scale interception of Americans’ communications as well:
Over the weekend, I had a piece at Ars Technica urging Google to roll out end-to-end encryption for Gmail, allowing hundreds of millions of ordinary users to enjoy the level of privacy now largely reserved for paranoid ubergeeks. I tried to address some of the obvious economic reasons Google might be hesitant to do this, but as Princeton’s Ed Felten points out, there are important technical questions as well:
First, how would the crypto keys and crypto code be managed? […] To start with, we would need a place to store your private key. We could store it on your desktop, but this would conflict with the usual cloud model that gives you access from multiple devices. We could have Google store your private key for you, then download it to whatever device you’re using at the moment, but then what’s the point of encrypting your messages against Google? The best solution is to have Google store your private key, but encrypt your private key using a password that only you know. Then Google would download your encrypted private key to your device, you would enter your password, and the private key would be decrypted on the device.
This is pretty much how I’d imagined it working for the average user, but there’s no real reason we need a one-size-fits-all solution here; lots of cloud services that offer encryption let the user choose whether or not to let the provider keep a backup copy of the user’s keys. The more paranoid could sacrifice some mobility and convenience—and risk losing access to some of their messages if their local copies of the key are destroyed—by opting not to let Google keep even an encrypted copy of their key. Or, as a middle ground, a user could always store an encrypted backup copy of her key with a different cloud provider, like Dropbox, which need not even be known to Google. That provides all of the advantages of storing the key with Google at a relatively minor cost in added hassle, but substantially raises costs for any attacker, who now must not only crack the passphrase protecting the key, but figure out where in the cloud that key is located. Assuming it’s accessed relatively infrequently (most of us read our e-mail on the same handful of devices most of the time) even a governmental attacker with subpoena power and access to IP logs is likely to be stymied, especially if the user is also employing traffic-masking tools like Tor
What is most problematic is that the software code to do all of this–to manage your keys, decrypt messages, and so on–would itself be written and delivered by Google, which means that Google would, after all, have the ability to see your messages, simply by sending you code that silently uploaded your keys and/or data. So if your goal is to make it impossible for Google to see your messages, for the protection of you and/or Google, then you won’t have achieved that goal. […] The only solution we know is to acquire the secure functionality by a traditional download, incorporating carefully vetted code that cannot be modified or updated without user control. The code might be provided as a standalone app, or as a browser extension. We could do that for GMail (and at least one company has done it), but that would give up some of the portability that makes the cloud email attractive.
I think the speed issue is probably not that big a deal on newish devices, and will only become less of an issue, but for some of the other reasons Ed cites, the preferable way to do this is with dedicated client software. This does create some sacrifice in terms of portability, but frankly if you’re really concerned about secure communications you probably don’t want to be decrypting your sensitive messages on untrusted devices anyway. Also, as I note in the piece, this is where Google has an advantage as the distributor of a widely-used open source operating system and browser. The relevant functionality could come bundled with Chrome and/or Android (and serve as a selling point for both) as well as being offered as a separate plugin for other browsers (or bundled with Google’s widely-installed voice/video chat plugin). Users could still, of course, access their unencrypted webmail from any old browser, but one imagines that if Google leads the way, other developers will have a strong incentive to make their own software compatible.
The second major issue is how to keep messages secret while still providing GMail features that rely on Google seeing your messages. These features include spam filtering (which you couldn’t live without) and the content-based ads that Google shows next to your messages (which Google probably wouldn’t want to live without). Can these be provided without leaking the full content of messages to Google? I suspect the answer is a qualified yes–that pretty good versions of these features could be provided in a more privacy-friendly way–but that’s a topic for another day.
Add to these issues that encrypted messages won’t be searchable (unless stored locally as plaintext), which is a bit of an inconvenience, but probably not a dealbreaker. You can probably still do a good deal of spam filtering just using metadata, and it helps that most users will generally be trading encrypted messages with friends and contacts. Users might even elect to only get such messages from “buddies,” whitelisted addresses, or (more permissively) other Gmail users, which would make encrypted e-mail within the service a little bit more akin to Facebook or Gchat messaging. At least initially, it probably makes sense to have this be the default, and users who really need to get encrypted messages from random, unapproved senders they’ve never interacted with before can tweak their settings to let those messages through.
As for content ads, well, that’s the million dollar question—and as Vint Cerf has candidly acknowledged, a primary reason Google hasn’t already done this. My answer here is the same as it was in the article: First, most people are still going to exchange a lot of unencrypted messages, and Google can still serve keyword ads based on those. Second, Google recently revised its policies to allow sharing of user information between its disparate services, provoking some grumbles from privacy folks. That means they’ve got a hell of a lot of other data to draw on in determining what ads are likely to be relevant to a particular e-mail user, from search history to favorite YouTubes, which I’d actually expect to be substantially more useful for tailoring ads than e-mail keywords. Also, at least initially, using the encryption feature will probably mean logging directly into your Google account via their Web interface (where Google gets to show you ads) rather than simply reading your messages in an ordinary mail client (where they don’t). So the loss of one kind of targeting data from some messages has to be balanced against the probable increase in ad exposures. It’s up to Google’s accountants to figure out how that all nets out, but these considerations seem like a good prima facie reason to at least run the numbers if they haven’t done it recently.