Yesterday the House Subcommittee on Commerce, Manufacturing, and Trade held a hearing addressing the economic consequences of the European Union’s internet privacy regulations. The hearing is part of a comprehensive review of the online privacy aimed at encouraging discussion about how to best satisfy consumer privacy concerns while maintaining a robust and innovative digital ecosystem.

Among the issues raised was the concern that the US’s less restrictive framework for online privacy puts American companies at a disadvantage in the form of aggressive enforcement by EU member states. Also discussed was the question of whether there is a demonstrable harm to consumers from behavioral advertising, which utilizes browsing data to improve advertising efficiency for both businesses and customers.

Catherine Tucker presented results from a ten year study she conducted with Avi Goldfarb evaluating the effects of the EU Data Privacy Directive on advertising by European companies. Their study revealed that the directive “reduced advertising performance by 65%.” She cited an estimate based on the study indicating U.S. companies could suffer losses of $33 billion over five years if Congress chose to adopt opt-in online privacy measures similar to the EU directive. Tucker also observed that strict regulations in this area can incentivize companies to switch to more intrusive, less tailored advertising to maintain their current business models, or even switch to pay-wall type models.

Despite these findings, many are concerned that the hearing will undermine legislative efforts to more thoroughly regulate online privacy. In August I wrote an op-ed explaining why online privacy measures are best left to consumers through marketplace solutions, and not through congressional action. As I noted, there are already ample tools at consumers’ disposal:

Privacy is important, to be sure, but regulatory mandates are ill-equipped to account for the dynamism of the digital age. Not all consumers demand the same level of privacy protection. For the many consumers who deeply value their privacy, the market is responding accordingly. Increasingly, firms compete on privacy protection. Microsoft, for instance, touts its Trustworthy Computing effort as a core feature of many of its software and online products.

Consumers also enjoy an array of tools and services that deliver the level of privacy they demand. Several Web browsers already incorporate “do-not-track” features, while independent software developers are constantly experimenting with technologies that give users control over what they reveal online. Organizations, including PrivacyChoice and TRUSTe, inform consumers about how numerous sites collect data, enabling users to opt out of tracking activities they don’t like.

A heavy regulatory hand will ultimately do damage to both consumers and business. Congress should heed the warnings of European startups, and not follow down that same burdensome path.

Have a listen here.

Mr. Fuddlesticks is an anonymous YouTube user who posted embarrassing videos about the Renton, Washington, police department. They convinced a judge to let them request Mr. Fuddlesticks’ personal information from Google, YouTube’s parent company. While the charges were eventually dropped, Research Associate Nicole Ciandella thinks this highlights a major problem in applying telephone-era laws to the Internet era.

You may get some extra-special attention from the Transportation Security Administration (TSA) in the near future — but this isn’t just another pat-down or body scanner. Agents will be randomly interrogating flyers waiting in line at the security checkpoints of an expanded number of American airports, asking routine questions in the hopes of picking up on facial expressions that signify “deception” or “malicious intent.”

Costing over $200 million per year since its implementation in 2007, The Screening of Passengers by Observation Techniques (SPOT) program has deployed over 3,000 Behavioral Detection Officers (BDOs) to 161 US airports. Despite the official-sounding moniker, these CIA-style lie-detectors go through a mere four days of classroom training and 24 hours of working experience before they may claim their BDO title.

Lina Texiera, a 41 year old nurse with psychiatric experience, expressed her doubts about the adequacy of the preparation: “You’re telling me someone with a three-week training course is going to be able to do that?… I just don’t think the training they’re getting is enough.”

In spite of its $1-billion three-year price tag and its several thousand BDOs, SPOT’s effectiveness has never been scientifically established and the program has never caught a terrorist. But that didn’t stop President Obama from increasing its funding by $232 million in his 2011 budget. As I explain in the Daily Caller, this backwards mentality of rewarding ineffectiveness and failure is the standard within government.

This morning the House Judiciary Committee began markup on H.R. 1981, the “Protecting Children from Internet Pornographers Act of 2011,”  which would among other things force all commercial Internet providers who charge fees for web access to store data on the customer Internet Protocol (IP) addresses for an entire year. The Competitive Enterprise Institute, TechFreedom, and Americans for Tax Reform’s Digital Liberty joined together in raising grave concerns about the legislation in a letter which can be viewed here.

Child exploitation is a heinous crime and should be punished severely. Allocating more resources to law enforcement to pursue such criminals and evaluating the effectiveness of current data sharing procedures is a logical first step. Instead, H.R. 1981 will impose a collection regime that casts suspicions on ordinary law-abiding Americans.

The retention requirement will burden Internet providers with significant equipment and maintenance costs, which will inevitably be passed onto consumers. The legislation draws no distinction between large companies and smaller outfits, and would impose substantial burdens on providers who are forced to refit their networks in order to comply. As the coalition letter states,

Requiring all firms that sell Internet access to log temporary network address data as prescribed in the legislation would impose substantial costs. As with all burdensome regulations on the private sector, consumers themselves ultimately bear most of the costs incurred by companies in complying with the data retention mandate. Thus, the bill would directly hinder Congress’s laudable objective of promoting the deployment and adoption of broadband at a time when many Americans are struggling to make ends meet. Lawmakers should be working aggressively to remove burdensome regulations on Internet service providers, rather than creating costly new mandates.

Additionally, this would create new security risks for consumer and providers. Requiring providers to store this information for extended periods of time would give bad actors a ripe target to exploit, and also raise the likelihood of inadvertent disclosures or other data abuses.

The passage of such requirements would also represent a shift toward policies antithetical to our social values. Blanket data retention, as opposed to measures aimed specifically at criminals, undermines the American pillars of anonymous speech and the presumption of innocence. H.R. 1981 would transform how Americans use the Internet and cause them to think twice before browsing the web, no matter how lawful and appropriate their intended use.

As Representative Zoe Lofgren declared during Wednesday’s debate, H.R. 1981 is a “mess of a bill.” Congress should head back to the drawing board and devise a more effective solution to this problem that properly balances both law enforcement and privacy needs.

The TSA has a habit of confiscating security-unrelated items. Over at The American Spectator, I recall just such an experience that I had at O’Hare. After years of wondering what became of my beloved Leatherman, I was able to find a likely answer: it probably found its way to a government surplus store. One store alone made $300,000 just from TSA-confiscated items. As I conclude:

So rest easy the next time a TSA screener takes away your spear gun (yes, that’s on the verboten list). You’re not just making air travel safer by leaving it behind. You’re also doing your part to reduce government deficits.

TSA policies are an over-reaction to a rare threat that kills fewer people each year than lightning strikes. Unfortunately, the human mind is not entirely rational when calculating the risk from rare but conspicuous threats, so the TSA is probably here to stay.

On Wednesday, I appeared on the Laura Ingraham Show to discuss the Obama administration’s stance on reforming the 1986 law that governs law enforcement access to private electronic communications.

CEI has joined a number of policy groups, corporations, and academics in urging Congress to amend outdated U.S. laws originally intended to protect citizens against unwarranted law enforcement access to their private information held electronically by third parties. However, as CNET’s Declan McCullagh has chronicled, the Justice Department recently expressed to Congress its opposition to strengthening privacy laws.

You can listen to the whole interview here (subscription required). Here’s an excerpt:

MS. INGRAHAM: The Electronic Communications Privacy Act . . . was passed back in 1986, and now it’s being interpreted . . . to allow e-mails stored with an Internet provider for more than 180 days as if they were abandoned. And it makes them available to the government to access with only a subpoena. No search warrant. . . . How does a 1986 law . . . apply to e-mails when e-mails weren’t around in 1986?

MR. RADIA: In 1986, e-mail was actually brand new, and the notion that somebody would be storing their e-mails for 180 days was just unheard of. Today, of course, companies like Google encourage you to store all of your e-mails on the cloud forever. It’s really convenient, but it creates this real risk that government, law enforcement will get your e-mails with a mere subpoena, which is pretty much rubberstamped by a court.

MS. INGRAHAM: Well, here’s what we know: both Republicans and Democrats have asked for this thing to be updated, and yet we’re seeing opposition to this. Why?

MR. RADIA: It’s the law enforcement community. . . . They told Congress in a hearing earlier this month . . . that they don’t think reforming this law to establish real privacy protections is a good idea. It’s really worrisome because the Fourth Amendment that protects our right to be free from unreasonable search and seizure has been eroded by technology and by this statute — this 1986 law that’s out of date.

MS. INGRAHAM: Well, right now I think people hope that they can hold on to their e-mails, right? . . . I guess once they send the e-mail, even if they’ve deleted it on their own computer, it’s still somewhere, right?

MR. RADIA: Right. When you send an e-mail, it could be not only on your computer but on that of your recipient. What you can do, however, is pull the e-mail off the cloud and store it locally on your hard drive. Due to a series of court decisions, there’s this strange reality now that if you store something in your home, the government almost always has to get a warrant to access it.

Have a listen here.

Associate Director of Technology Studies Ryan Radia talks about how to prevent data privacy violations in the Internet age. Your data may be safe if it’s stored on your personal hard drive. But if it’s in the cloud, as with Gmail or Dropbox accounts, you can’t count on the Fourth Amendment to protect you against unreasonable search and seizure. Radia suggests some reforms to outdated laws to better reflect today’s technological realities.

[youtube:http://www.youtube.com/watch?v=vVCROjpgCB0 285 234]

The smartphone is arguably one of the most empowering and revolutionary technologies of the modern era. By putting the processing power of a personal computer and the speed of a broadband connection into a device that fits in a pocket, smartphones have revolutionized how we communicate, travel, learn, game, shop, and more.

Yet smartphones have an oft-overlooked downside: when they end up in the wrong hands, they offer overreaching agents of the state, thieves, hackers, and other wrongdoers an unparalleled avenue for uncovering and abusing the volumes of sensitive personal information we increasingly store on our mobile phones.

Over on Ars Technica, I have a long feature story that examines the constitutional and technical issues surrounding police searches of mobile phones:

Last week, California’s Supreme Court reached a controversial 5-2 decision in People v. Diaz (PDF), holding that police officers may lawfully search mobile phones found on arrested individuals’ persons without first obtaining a search warrant. The court reasoned that mobile phones, like cigarette packs and wallets, fall under the search incident to arrest exception to the Fourth Amendment to the Constitution.

California’s opinion in Diaz is the latest of several recent court rulings upholding warrantless searches of mobile phones incident to arrest. While this precedent is troubling for civil liberties, it’s not a death knell for mobile phone privacy. If you follow a few basic guidelines, you can protect your mobile device from unreasonable search and seizure, even in the event of arrest. In this article, we will discuss the rationale for allowing police to conduct warrantless searches of arrestees, your right to remain silent during police interrogation, and the state of mobile phone security.

You can read the full essay on Ars Technica here. And while you’re at it, I highly recommend watching this informative YouTube video that explains why it’s not a good idea to talk to police:

Public outrage at the TSA’s new policies has died down. That’s a real shame. If people stop pressing the issue, full-body scanners and pat-downs aren’t going anywhere. People are still having experiences like this: