January 19, 2025

Posts Comments

Twenty-First Century Wiretapping: Recording

May 9, 2006 by

Yesterday I started a thread on new wiretapping technologies, and their policy implications. Today I want to talk about how we should deal with the ability of governments to record and store huge numbers of intercepted messages.

In the old days, before there were huge, cheap digital storage devices, government would record an intercepted message only if it was likely to listen to that message eventually. Human analysts’ time was scarce, but recording media were relatively scarce too. The cost of storage tended to limit the amount of recording.

Before too much longer, Moore’s Law will enable government to record every email and phone call it knows about, and to keep the recordings forever. The cost of storage will no longer be a factor. Indeed, if storage is free but analysts’ time is costly, then the cost-minimizing strategy is to record everything and sort it out later, rather than spending analyst time figuring out what to record. Cost is minimized by doing lots of recording.

Of course the government’s cost is not the only criterion that wiretap policy should consider. We also need to consider the effect on citizens.

Any nontrivial wiretap policy will sometimes eavesdrop on innocent citizens. Indeed, there is a plausible argument that a well-designed wiretap policy will mostly eavesdrop on innocent citizens. If we knew in advance, with certainty, that a particular communication would be part of a terrorist plot, then of course we would let government listen to that communication. But such certainty only exists in hypotheticals. In practice, the best we can hope for is that, based on the best available information, there is some known probability that the message will be part of a terrorist plot. If that probability is just barely less than 100%, we’ll be comfortable allowing eavesdropping on that message. If the probability is infinitesimal, we won’t allow eavesdropping. Somewhere in the middle there is a threshold probability, just high enough that we’re willing to allow eavesdropping. We’ll make the decision by weighing the potential benefit of hearing the bad guys’ conversations, against the costs and harms imposed by wiretapping, in light of the probability that we’ll overhear real bad guys. The key point here is that even the best wiretap policy will sometimes listen in on innocent people.

(For now, I’m assuming that “we” have access to the best possible information, so that “we” can make these decisions. In practice the relevant information may be closely held (perhaps with good reason) and it matters greatly who does the deciding. I know these issues are important. But please humor me and let me set them aside for a bit longer.)

The drawbacks of wiretapping come in several flavors:
(1) Cost: Wiretapping costs money.
(2) Mission Creep: The scope of wiretapping programs (arguably) tends to increase over time, so today’s reasonable, well-balanced program will lead to tomorrow’s overreach.
(3) Abuse: Wiretaps can be (and have been) misused, by improperly spying on innocent people such as political opponents of the wiretappers, and by misusing information gleaned from wiretaps.
(4) Privacy Threat: Ordinary citizens will feel less comfortable and will feel compelled to speak more cautiously, due to the knowledge that wiretappers might be listening.

Cheap, high capacity storage reduces the first drawback (cost) but increases all the others. The risk of abuse seems particularly serious. If government stores everything from now on, corrupt government officials, especially a few years down the road, will have tremendous power to peer into the lives of people they don’t like.

This risk is reason enough to insist that recording be limited, and that there be procedural safeguards against overzealous recording. What limits and safeguards are appropriate? That’s the topic of my next post.

Filed Under: Uncategorized Tagged With: ,

Twenty-First Century Wiretapping

May 8, 2006 by

The revelation that the National Security Agency has been wiretapping communications crossing the U.S. border (and possibly within the U.S.), without warrants, has started many angry conversations across the country, and rightly so. Here is an issue that challenges our most basic conception of the purposes of government and its relation to citizens.

Today I am starting a series of posts about this issue. Most discussions of the wiretap program focus on two questions: (1) Is the program legal? and (2) Regardless of its legality, does the program, as currently executed, serve our national interest (bearing in mind the national interest in both national security and citizens’ privacy)? These questions are surely important, but I want to set them aside here. I’m setting aside the legal question because it’s outside my expertise. I’m setting aside any evaluation of the current program for two reasons. First, we don’t know the exact scope of the current wiretap program. Second, most people – on both sides – think the second question is an easy one, and easy questions lead to boring conversations.

I want to focus instead on the more basic questions of what the extent of national security wiretapping should be, and why. The why question is especially important.

The first thing to realize is that this is not your parents’ wiretap debate. Though the use (and sometimes misuse) of wiretapping has long been a contentious issue, the terms of the debate have changed. I’m not referring here to the claim that 9/11 changed everything. What I mean is that wiretapping technology has changed in ways that ought to reframe the debate.

Two technology changes are important. The first is the dramatic drop in the cost of storage, making it economical to record vast amounts of communications traffic. The second technology change is the use of computer algorithms to analyze intercepted communications. Traditionally, a wiretap would be heard (or read) immediately by a person, or recorded for later listening by a person. Today computer algorithms can sift through intercepted communications, looking for sophisticated patterns, and can select certain items to be recorded or heard by a person.

Both changes are driven by Moore’s Law, the rule of thumb that the capability of digital technologies doubles every eighteen months or, equivalently, improves by a factor of 100 every ten years. This means that in 2016 government will be able to store 100 times more intercepted messages, and will be able to devote 100 times more computing capability to its analysis algorithms, compared to today. If the new world of wiretapping has not entirely arrived, it will be here before long.

So government will have greater eavesdropping capabilities and, more interestingly, it will have different capabilities. How should we respond? Surely it is not right simply to let government do whatever it wants – this has never been our policy. Nor can it be right to let government do no wiretapping at all – this has not been our policy either. What we need to understand is where to draw the line, and what kind of oversight and safeguards we need to keep our government near the line we have drawn. I hope that the next several posts can shed some small amount of light on these questions.

Filed Under: Uncategorized Tagged With: ,

Return to Monkey High

May 3, 2006 by

Newsweek has released its annual list of America’s top high schools, using the same flawed formula as last year. Here’s what I wrote then:

Here is Newsweek’s formula:
“Public schools are ranked according to a ratio devised by Jay Mathews: the number of Advanced Placement and/or International Baccalaureate tests taken by all students at a school in 2004 divided by the number of graduating seniors.”

Both parts of this ratio are suspect. In the numerator, they count the number of students who show up for AP/IB tests, not the number who get an acceptable score. Schools that require their students to take AP/IB tests will do well on this factor, regardless of how poorly they educate their students. In the denominator is the number of students who graduate. That’s right — every student who graduates lowers the school’s rating.

To see the problems with Newsweek’s formula, let’s consider a hypothetical school, Monkey High, where all of the students are monkeys. As principal of Monkey High, I require my students to take at least one AP test. (Attendance is enforced by zookeepers.) The monkeys do terribly on the test, but Newsweek gives them credit for showing up anyway. My monkey students don’t learn enough to earn a high school diploma — not to mention their behavioral problems — so I flunk them all out. Monkey High gets an infinite score on the Newsweek formula: many AP tests taken, divided by zero graduates. It’s the best high school in the universe!

[Note to math geeks annoyed by the division-by-zero: I can let one monkey graduate if that would make you happier.]

Though it didn’t change the formula this year, Newsweek did change which schools are eligible to appear on the list. In the past, schools with selective admission policies were not included, on the theory that they could boost their ratings by cherry-picking the best students. This year, selective schools are eligible, provided that their average SAT score is below 1300 (or their average ACT score is below 27).

This allows me to correct an error in last year’s post. Monkey High, with its selective monkeys-only admission policy, would have been barred from Newsweek’s list last year. But this year it qualifies, thanks to the monkeys’ low SAT scores.

Newsweek helpfully includes a list of selective schools that would have made the list but were barred due to SAT scores. This excluded-schools list is topped by a mind-bending caption:

Newsweek excluded these high performers from the list of Best High Schools because so many of their students score well above average on the SAT and ACT.

(If that doesn’t sound wrong to you, go back and read it again.) The excluded schools include, among others, the famous Thomas Jefferson H.S. for Science and Technology, in northern Virginia. Don’t lose heart, Jefferson teachers – with enough effort you can lower your students’ SAT scores and become one of America’s best high schools.

Filed Under: Uncategorized Tagged With:

Happy Endings

April 28, 2006 by

Cameron Wilson at the USACM Policy Blog writes about a Cato Institute event about copyright policy, which was held Wednesday. The panel on the DMCA was especially interesting. (audio download; audio stream; video stream)

Tim Lee, author of the recent Cato paper on the ill effects of the DMCA, spoke first.

The second speaker was Solveig Singleton of PFF, who offered some amazing arguments. Here is her response to the well-documented list of DMCA misuses:

Even if you set aside some of the errors in the Cato paper, you’re left with a set of examples, many of which have happy endings, without any change to the law. Ed Felten’s case, for example. There are other cases. There were lawsuits that were threatened but not brought. Lawsuits that were brought but ultimately failed. Lawsuits that succeeded but on grounds other than the DMCA.

(This is my transcription from the audio stream.)

To call the case of my colleagues and me a “happy ending” takes some real chutzpah. Let’s catalog the happy consequences of our case. One person lost his job, and another nearly did. Countless hours of pro bono lawyer time were consumed. Anonymous donors gave up large amounts of money to support our defense. I lost at least months of my professional life, and other colleagues did too. And after all this, the ending was that we were able to publish our work – something which, before the DMCA, we would have been able to do with no trouble at all.

In the end, yes, we were happy – in the same way one is happy to recover from food poisoning. Which is not really an argument in favor of food poisoning.

She goes on to argue for the efficacy of the DMCA, using the example of Apple’s FairPlay technology (which is used by the iTunes music store):

But … are they [Apple] going to be able to get music developers to the table to negotiate with them to help create this library [of music] if they can’t make some reasonable assurances that that content isn’t going to show up free everywhere else?

Never mind that all of the songs Apple sells are available for free on P2P networks, despite FairPlay and the DMCA. Never mind that FairPlay has a huge and widely known hole – the ability to burn songs to an unprotected CD – which Apple created deliberately.

It’s understandable that DMCA advocates don’t want to give a realistic, straightforward explanation of exactly why the DMCA is needed. If they tried to do so, it would become clear that the DMCA, as written, is poorly suited for their purpose. Instead, we get strawmen and arguments from counterfactual assumptions.

I’ll close with a quote from Emery Simon of the Business Software Alliance, another speaker on the same panel, making a claim so far off-base that I won’t even bother to rebut it:

[If not] for copy protection technologies, whether it’s Macrovision or CSS or Fairplay, my VCR and my television set would be devices no more useful to me than my car without gasoline.

Filed Under: Uncategorized Tagged With: , , , ,

U.S. Copyright May Get Harsher and Broader

April 25, 2006 by

Rep. Lamar Smith is preparing to introduce a bill in Congress that would increase penalties for copyright infringement and broaden the scope of the DMCA and other copyright laws, according to a news.com story. (The story seems to get some details of the bill wrong, so be sure to look at the bill itself before drawing conclusions.)

The bill would increase penalties for small-scale, noncommercial copyright infringement beyond even their current excessive levels. For example, noncommercial distribution of copyrighted material worth $2500 or more would carry a maximum sentence of ten years in Federal prison. Even attempting to commit that level of infringment would potentially carry a ten-year sentence. That’s the same maximum sentenced faced by bribe-taking Congressman Duke Cunningham, whose corruption probably cost taxpayers millions of dollars. It’s also more than the average Federal sentence for manslaughter (33 months), sexual abuse (73 months), arson (87 months), fraud (14 months), embezzlement (7 months), bribery (10 months), or racketeering/extortion (72 months).

The bill would also expand the scope of copyright in several respects. Most interesting to readers here is an expansion of the DMCA’s anticircumvention rules.

Recall that Section 1201 of the DMCA bans circumvention of technical protection mechanisms (TPMs), and also bans trafficking in circumvention devices. The Smith bill would expand the trafficking ban, by redefining “trafficking” as follows:

[T]he term ‘traffic in’ means to transport, transfer, or otherwise dispose of, to another, or to make, import, export, obtain control of, or possess, with intent to so transport, transfer, or dispose of.

In short, where the law now bans distribution of a circumvention device, the bill would also ban possession of a circumvention device with intent to distribute it.

This bill, if passed, would probably increase the DMCA’s chilling effect on research. Currently, a researcher can steer clear of the trafficking provision by keeping any circumvention devices to himself, using those devices himself (lawfully) in the lab. If the Smith bill passes, the researcher would have to worry that a plaintiff or prosecutor will misjudge his intent and bring a case, and that a judge or jury might be convinced that the researcher was eventually planning to distribute the device. Even if the claim of bad intent is baseless, refuting it will be slow, painful, and expensive.

I’m eager to hear the rationale for these expansions. But I wouldn’t be surprised if no rationale is offered, beyond the standard “piracy is bad” mantra or vague claims to be “rationalizing” the statute.

Filed Under: Uncategorized Tagged With: , ,