Tag: Privacy

What if the world’s states were to come together and create a single world currency? From a purely economic point of view, there would be significant advantages if every nation didn’t operate with its own money but with the same currency. Not only for an individual economy, but for the world economy as a whole, the optimal number of currencies is one. Let’s take a look.

The decisive factor is how this single world currency comes about, and who issues it. In a free market for money—in a natural process—a single world currency would emerge from the voluntary agreements of the market participants: the money demanders would decide which commodity they want to use as money. It is impossible to predict with certainty what the outcome of the free choice of currency would be; after all, it resembles a discovery procedure whose outcome is not known in advance. However, it can be assumed that a commodity currency would be created, that gold or possibly a cryptounit would be chosen as the money base.

However, if states monopolize money production, a single world currency cannot develop through voluntary decision-making. In 2023, several national fiat currencies coexist. But this is not a stable equilibrium. Rather, here too, there is a tendency to create a single world currency—because it is optimal for everyone in the world to trade and calculate with the same currency. This is what democratic socialism takes advantage of.

Creating a single world currency is a means to an end for democratic socialism. Its adherents recognize that a single world state cannot be established directly. The national resistance that would have to be overcome is too great. The detour, the indirect way, by which democratic socialism can achieve its goal is by creating a single world currency under state control. The eurozone can serve as a “model” for this process. We’ve seen nations voluntarily give up their monetary sovereignty and accept a single fiat currency that is issued by a supranational central bank. Within the eurozone, money is no longer controlled by individual national parliaments.

The shared euro currency creates major problems in and between the participating countries. But the forced euro marriage has not yet been through the “divorce courts” because of the high costs of a euro exit and also because the democratic socialists fight any attempts to withdraw from the euro with all political means available to them. The problems created by the single currency are increasingly forcing participating countries into communization. As part of the eurozone, some nations must pay for the national debts of others, and the cost of saving ailing banks from collapse is borne by all taxpayers and money users.

All of the problems of imposing one fiat money across many nation-states only became apparent after the euro community was locked into place—the potential problems received little or no attention beforehand. From the outset, it was not economic rationality that inspired the euro, but political endeavors that can be traced back, unsurprisingly, to…

Today, the House Energy & Commerce Subcommittee on Innovation, Data, and Commerce will hold a hearing on how a federal privacy law would fill gaps to protect Americans’ personal information. 

Those gaps are massive. There is no comprehensive federal law in the US governing the collection and use of personal data. Instead, some types and uses of data are regulated by sector-specific laws such as the Health Insurance Portability and Accounting Act (HIPAA), the Fair Credit Reporting Act (FCRA), the Children’s Online Privacy Protection Act (COPPA), the Family Educational Rights and Privacy Act (FERPA) and others, while many types of data are not protected at all. There are three overarching problems with this approach:

1. A sectoral approach leaves huge gaps in protections that have allowed the expansion of data collection and abuse across many different sectors, most notably online services;
2. The protections in the existing sectoral laws are actually quite narrow and limited, so even the types of data that are covered by these laws do not have adequate protection – many are based on an outdated notice-and-choice framework;
3. A sectoral approach leads to confusion by the public about what types of personal data are protected. For example, many people assume that HIPAA covers their health information generally, when in fact most of the health data collected outside of the doctor/patient or insurance relationship is not covered by HIPAA. 

In order to fill some of the gaps left by federal sectoral privacy laws, the Federal Trade Commission (FTC) has used its authority under the FTC Act, passed in 1914. The FTC’s mandate includes the power to prohibit unfair and deceptive trade practices, including the unfair and deceptive collection, use, or transfer of personal data. The Commission is also responsible for combatting unfair methods of competition and has specific authority to enforce and issue rules under several targeted privacy laws. However, the FTC does not have sufficient regulatory or penalty authorities to address the privacy threats posed by modern internet services. And there are significant limitations in the patchwork of data protection authorities at the FTC’s disposal. For example, the procedures by which the FTC can define unfair and deceptive practices are unnecessarily onerous, and the Commission is limited in its ability to penalize first- time data protection offenders. 

The US needs a comprehensive, coherent approach to privacy and data protection. A recent study from the Irish Council for Civil Liberties (ICCL) found that the Real-Time Bidding (RTB) market, which is the engine that tracks and shares what people view online and their location in order to drive targeted advertising, alone exposes the average American’s data 747 times per day. This means U.S. Internet users’ online activity and location is being tracked and disclosed 107 trillion times per year. ICCL cited some dangerous examples of the use of this data:

There is no way to restrict the use of RTB data after it is broadcast. Data brokers used it to profile Black Lives…

In a letter to the House and Senate Appropriations Committees, EPIC and a coalition of 40 advocacy groups called on Congress to stop funding DHS’s Targeted Violence and Terrorism Prevention (TVTP) Grants Program and to shutter the DHS Center for Prevention Programs and Partnerships (CP3) administering the program. The letter states, “First started in the Obama Administration as countering violent extremism, the TVTP program has a long history of targeting Americans based on religion, mental health, political beliefs, and innocuous behavior. These programs are wasteful, providing no security benefits and actively undermining civil rights, civil liberties, and privacy.”

EPIC works to uncover and roll back harmful surveillance practices. In 2020, EPIC obtained documents through the FOIA on a countering violent extremist meeting held in 2016 where high-ranking intelligence officials pressured tech companies to weaken encrypted messaging. Last year in comments to the Privacy and Civil Liberties Oversight Board (PCLOB), EPIC highlighted the bias inherent in the intelligence community’s “racially motivated violent extremism” label which has been used to group together white supremacist groups and racial justice protesters.

Last week, EPIC filed an amicus brief in Sequiera v. Department of Homeland Security, et al., in which targets of a mass surveillance program that collected the money transfer records of millions of people are suing the money transfer companies and federal agencies for illegally sharing their financial records. EPIC’s brief pushed back against the defendants’ arguments that, unlike bank customers, customers of money transfer companies have no right to privacy under the Right to Financial Privacy Act.

Money transfers companies offer financial services like wire transfers, both domestic and foreign, for a fee. Money transfer companies are particularly popular with the under- and unbanked—people who are unable to open a checking account at a traditional bank. Immigrant communities in particular use money transfer companies to send money to family abroad.

In 2010, the state of Arizona strong-armed Western Union—the world’s largest money transfer company—into handing over information on money transfers over $500 between the southwest United States and Mexico. Over the next decade, state and federal agencies expanded records requests to other money transfer companies and to transfers other than Mexico. An independent entity, the Transaction Records Analysis Center (“TRAC”), was formed to house and share the money transfer records with hundreds of federal and state agencies. Record acquisition was reportedly put on pause after Sen. Ron Wyden exposed the program in early 2022.

A group of money transfer company customers whose records were collected by the TRAC sued the six companies they used along with federal agencies that participated in the program. The group argues that the defendants violated the federal Right to Financial Privacy Act and California state law. The Right to Financial Privacy Act was passed in 1978 to provide a statutory right to financial privacy after the Supreme Court refused to recognize a constitutional right in United States v. Miller. The law established procedures that federal agencies must follow to obtain customer records from financial institutions, including a requirement that customers be notified and given a chance to challenge government access. The defendants argue that the Right to Financial Privacy does not cover money transfer customers.

EPIC’s brief explained the technological and legal changes that led Congress to recognize a right to privacy in financial records in the Right to Financial Privacy Act. The brief also argued that denying coverage of money transfer companies would decimate the financial privacy of immigrants and low income communities, which use money transfer companies for financial services because they are unable to afford to access the same services at traditional banks. EPIC routinely files amicus briefs in important privacy cases.

Austrian economics recognizes change as a constant and provides guidance for adapting to it and managing it. Change is changing for business — it’s faster and more fundamental in the digital age. Austrian economics can help even more as a result of its practical and realist approach to adaptation and continuous adjustment.

Knowledge Capsule

Change is changing.

Change is a constant. You can think of the market in constant flux, as Mises did, You can think in terms of VUCA — volatility, uncertainty, complexity, and ambiguity. You can think of it in terms of complexity or of absolute uncertainty. However you tune your mind and your business processes, there are always going to be more things that can happen than you can predict or prepare for.

There are some ways to think better about ceaseless change, however. One is to bucket the major themes or corridors of change, to organize your thinking and make some judgments about where and how to act and adapt. By recognizing these multiple types of change, businesses will be better prepared for adaptive action.

Our E4B guest Phil Simon has studied change in the workplace and recently published a new book titled The Nine — about nine tectonic forces that are reshaping business and the workplace where we conduct business. He advises businesses to be alert to the changing nature of change in the digital age.

People are changing.

The people you hire today and the people already working at your firm are not the same people as they were just a couple of years ago. They’ve been through a new, different and challenging experience of working through the Covid-19 pandemic, and they’ve been working with new technologies, in new places (i.e., working remotely) and they’ve been questioning how they relate to work, to their colleagues, and to the firm. Don’t expect them to be unchanged in their mindsets, attitudes, and work practices. The nature of the employment relationship is different today — less formal, less rigid, less standardized. Phil Simon uses the term “empowered employees” — employers must be empathic in understanding their new mental model as it relates to work.

The workplace is changing.

The workplace is no longer a physical space where people congregate to collaborate on work tasks, but a digital space of networked people, machines and software. New software and new machines are evolving all the time in this space, changing our relationship to it and to work. People are not going to go back to the office as the standard method of getting business done. If you want to have a physical space for people to meet in person, it must be reconfigured to support those business activities that can only be done in person, and not just as a standard structure of cubicles, offices and wiring. People must feel that there is more or better productivity to be enjoyed in the physical shared space than can be realized elsewhere.

The structure of work is changing.

Phil’s book includes…

EPIC and a coalition of civil rights, civil liberties, privacy, and community-based organizations have requested that the New York City Council hold a hearing on NYPD’s noncompliance with the POST Act. The Public Oversight of Surveillance Technology (POST) Act enables public oversight of surveillance technologies used by the NYPD. The POST Act requires the police to publish documents explaining their use of surveillance technologies, accept public comments about them, and provide a final surveillance impact and use policy to the public.

The NYPD recently introduced three new policing technologies including the Digidog, a remote controlled robot dog, and Knightscope’s K5, an autonomous surveillance robot. As the coalition letter explains, “the Mayor and NYPD announced these latest policing PR stunts without any notice to, or comment from, the public, as required under the POST Act.” Furthermore, the “latest episode highlights a long running effort by the NYPD to systematically evade and violate the POST Act.”

EPIC previously submitted comments to the NYPD calling for meaningful limits on the use of mass surveillance technologies including facial recognition, airplanes and drones, automated license plate readers, and social media monitoring tools. EPIC also joined with privacy and civil liberties advocates and academics in coalition comments urging the NYPD to make a good faith effort to meet the requirements of the POST Act.

The Washington State Legislature finalized passage Monday of the My Health My Data Act (MHMDA), the first state-level health data bill of its kind in the U.S. The bill now heads to Governor Jay Inslee’s desk for his signature to become law.

The MHMDA includes several strong provisions to protect consumer health data. In addition to requiring companies to obtain an individual’s express consent to collect, share or sell their health information, the bill also establishes consumer data rights to access and delete that information and to withdraw consent. MHMDA also requires detailed health data privacy policies and prohibits geofencing around certain health care locations. The Act can be enforced by both the Washington Attorney General’s Office and by individuals through a private right of action.

Notably, the scope of “consumer health data” covered by the MHMDA is fairly broad, defined as “personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status.” The definition goes on to list examples like prescription medications, diagnoses and health conditions, biometric data, and location information that would indicate a consumer’s attempt to receive health services, among other examples.

The passage of the MHMDA echoes recent momentum at the federal level concerning the protection of personal health data, including FTC enforcement actions and proposed legislation addressing health data security and privacy issues beyond the scope of HIPAA.  

If MHMDA becomes law, the law would gradually take effect between this summer and June 2024.

We face a data privacy crisis in the United States. Unrestricted data collection has eroded consumer privacy. Consumers are surveilled through constant monitoring, profiling, and targeting online. The absence of a comprehensive privacy legislation or regulation has allowed data-driven abuses and harms to flourish. For two decades, online firms have been allowed to collect and commodify every bit of consumer data, depriving consumers of control over their personal information, heightening security risks, and leading to data misuse, the loss of autonomy, manipulation, and discrimination.

The excessive data collection and processing that fuels commercial surveillance systems is inconsistent with the expectations of consumers, who reasonably believe that the companies they interact with will safeguard their personal information. These exploitative practices don’t have to continue. The Federal Trade Commission has the authority to usher in a better, fairer future by requiring that businesses only collect, process, retain, and transfer personal data consistent with the reasonable expectations of consumers and to the extent reasonably necessary to provide the goods or services that consumers request.

Data Minimization

Consumers are persistently tracked online and subjected to far-reaching data collection. Often, data processing is “not directly in service of fulfilling a consumer’s request,” including out-of-context secondary uses of data that regularly exceed the scope of reasonable consumer expectations. Not only is this data collection and use harmful in itself, but it also necessarily subjects consumers to downstream security risks and privacy harms. The unfair, systemic overcollection and misuse of personal data leads to “invasive, discriminatory targeting that violates the privacy and autonomy of consumers.”

When consumers interact with a business online, they reasonably expect that their data will be collected and used for the limited purpose and duration necessary to provide the goods or services that they requested. For example, a consumer using a map application to obtain directions would not reasonably expect that their precise location data would be disclosed to third parties and combined with other data to profile them. And indeed, providing this service does not requireselling, sharing, processing, or strong consumer data for an unrelated secondary purpose. Yet these business practices are widespread. Nearly every online interaction can be tracked and cataloged to build and enhance detailed profiles and retarget consumers. Even offline, credit card purchases, physical movements, and “smart” devices in homes create countless data points that are logged and tracked without consumer awareness or control. This data collection and surveillance can reveal or infer sensitive details about consumers. As EPIC has previously outlined, these extremely detailed profiles “can alter what we see, what prices we pay, and whether we are able to find the information that we seek online (including information about job opportunities, health services, and relationships).” The overcollection of consumer data can exacerbate the harm of security incidents and breaches, and consumers can also suffer privacy harms that range from economic and autonomy harm to psychological injury and reputational damage.

Although the FTC has brought a number of key privacy and data security…

DHS’s Immigrations and Customs Enforcement (ICE) proudly proclaimed its “first-ever Alternatives to Detention Privacy Impact Assessment”, bragging about the release of a document that the agency should have produced twenty years ago at the start of the so-called Alternatives to Detention (ATD) program. But the PIA that ICE produced is not just decades late, it is substantively deficient, likely wrong about key facts, and already outdated. This PIA process reflects the behavior of an agency that does what it wants and seeks justifications later.

Background

To start, we need to recognize that ICE is an agency with a continuing history of unauthorized and abusive practices. This month alone, two major stories about ICE’s bad behavior broke. According to Wired, the agency is using administrative subpoenas, a tool meant to pursue customs violators, to request information from “elementary schools, news organizations, and abortion clinics”. And a database of ICE’s internal investigations demonstrates how ICE agents and hired contractors regularly violate the agency’s rules on database access, allowing for stalking, wrongful surveillance and the sale of government information. That is on top of a long history of impersonating police officers, abusing immigrants in ICE detention, building a vast surveillance network of data purchased from brokers and other legally questionable means, and even detaining and deporting U.S. citizens. Any fulsome accounting for ICE’s impact on immigrants privacy and safety needs to consider that ICE agents and contractors are likely to abuse any data they have access to.

Under section 208 of the E-Government Act of 2002, every federal agency is required to produce a Privacy Impact Assessment (PIA) before it rolls out a “new collection of information … using information collection technology”. Agencies across the federal government routinely flaunt this requirement by doing their PIAs after they start using new technologies or initiating new collections. But no agency operates quite like ICE. For years, the agency has claimed that its Alternatives to Detention program is covered by tiny amendments to existing PIAs for other programs that failed to account for the size of the ATD program and couldn’t keep up with the technology that ICE was using. 

The Alternatives to Detention program is a system of electronic monitoring technologies that ICE applies to immigrants passing through the Southern border to the U.S or arrested in the U.S. and awaiting immigration hearings, along with immigrants who have had their hearings and are awaiting deportation. The ATD program is also frequently referred to as the Intensive Supervision Appearance Program (ISAP), though there are also several small pilot programs that do not rely heavily on surveillance technology.[1] ICE claims that ATD serves as a way to keep migrants out of detention facilities while ICE keeps tabs on them, but in reality the program has become something of a default for migrants crossing the Southern border. Historically, immigrants crossing the border would be released in the U.S. without any form of monitoring. Immigrants released without tracking reliably show up for…

In a recent NYT column, economist Paul Krugman mocks Florida Governor Ron DeSantis, who warned that a central bank digital currency (CBDC) would give the government too much power over Americans. Specifically, DeSantis argued that the feds could use a CBDC to further implement the “woke” agenda, penalizing Floridians if they bought too much gas or guns.

Human Action Podcast: Krugman Says It’s Paranoid to Worry About a Fed Digital Currency with Robert Murphy and Jonathan Newman

Krugman ridiculed the very notion that a CBDC might threaten civil liberties:

If this sounds crazy, that’s because it is. I have no idea whether DeSantis believes any of it, or even knows what a central bank digital currency is or what it would do (more on that later). And it’s possible that he’s taking this stand out of general paranoia.

But Krugman doesn’t actually think it’s mere paranoia that explains DeSantis’ opposition to a Fed-issued CBDC. Instead, Krugman thinks big Republican donors are currently benefiting from using anonymous currency as a way to shield their nefarious schemes. As Krugman concludes his column:

[These considerations] tells us what DeSantis’s attack on central bank digital currency would actually do. It wouldn’t protect the rights of Floridians to buy gas or guns; instead, it would protect the ability of wiseguys to evade taxes, launder money, buy and sell illegal drugs, and engage in extortion.

But hey, I guess thinking that money laundering and extortion are bad things is just another example of the wokeness that DeSantis is trying to kill.

As usual, Krugman’s smug attacks fall apart under scrutiny. For starters, my academic colleague Jonathan Newman pointed out that the Fed study Krugman linked to from his column, actually discussed the possible privacy dangers from a CBDC! As the Fed study put it:

In other words, it’s not just Ron DeSantis who realizes a CBDC could abuse citizens’ privacy—the Federal Reserve does too.

Beyond that, we have seen in recent history how monetary freedom can be violated in the pursuit of political objectives. For example, the Canadian government froze the funds of the Canadian truckers protesting Covid policies, and many Americans saw their donations likewise thwarted.

The practice of “civil asset forfeiture” also provides a grim warning of what could happen with a CBDC. Over the years, there have been many cases of motorists being pulled over for a routine traffic stop, where the police seize thousands of dollars in cash and then hold it until the driver can—months later—prove he’s not a drug dealer. For example, Phoenix businessman Jerry Johnson had $39,500 in cash which he was using to buy a truck, but police seized it at the airport. Johnson eventually got his money back, two and a half years later, even though he had never been charged with a crime, let alone convicted.

With the framework of civil asset forfeiture in mind, suppose the Federal Reserve implements a CBDC. All transactions would be held on the Fed’s ledger, where AI bots could look for “suspicious”…