Tag Archives: privacy

“Not Private, Not Protected”

Posted on by
Reply

A brief comment, just for clarification; although the point being clarified isn’t trivial.

Colorado has a bill wending its way through the state legislature that would tighten restrictions on government access to an individual’s private information. The bill would refer

a question to voters in November asking whether law enforcement should get warrants to search electronic data, such as phone and email records, or personal data stored in a cloud. If approved by lawmakers and voters, the requirement would be added to the state constitution.

Senate President Morgan Carroll (D), who supports the bill/amendment had this to say about the matter:

I think a lot of people weren’t necessarily aware of how much their information may actually be not private, not protected.

No. Carroll’s heart is in the right place, but he misunderstands the crucial thing. Private and protected are not the same thing. It’s often (usually) necessary to protect private things, like our electronic data, but a lack of protection in no way eliminates the essential privacy of the thing. To give up privacy, a separate act is necessary: the thing must explicitly and affirmatively be placed into a public venue.

Even the act of explicitly and affirmatively placing the thing into the hands of a third party does not cancel the essential privacy of the thing: we expect that third party to take sufficient measures to protect, not just the thing itself, but its privacy also.

What Personal Data? It’s Government’s Data

Posted on by
Reply

And we don’t care about its security.

Security experts worried that 35 state health exchange websites were vulnerable to hackers and were rated as “high risk” for security problems before ObamaCare’s launch….

Fears that the health law’s websites could put consumers at risk have plagued the program’s rollout from the beginning, but the administration told The Associated Press that the documents offer only a partial and “outdated” snapshot of an improving situation.

Never mind that “improving” now doesn’t alter the fact that the security failures existed at the time of the rollout.  And HHS rolled out their ObamaMart, anyway.  For example:

In order to connect to Federal computers, state and other outside systems must undergo a security review and receive an “authority to connect.”

With [Obamacare], states needed approval to connect to a new Federal data hub, an electronic back room that pings Social Security, the Internal Revenue Service, Homeland Security to verify personal details….  The hub handles sensitive information, including income, immigration status and Social Security numbers.

[In an] email from Sept 29, a Sunday two days before the launch, Teresa Fryer, chief information security officer for the Federal Centers for Medicare and Medicaid Services, wrote of the state security approvals, “The front office is signing them whether or not they are a high risk.”

…CMS administrator Marilyn Tavenner approved nine states to connect although the approval document noted that “CMS views the October 1 connections to the nine states as a risk due to the fact that their documentation may not be submitted completely nor reviewed…by Oct. 1.”

The Obama view of citizens’ personal security: “Hey, we got away with it; nothing bad happened.  We think.  It’s all good.”

Health Plans vs Emergency Cash Savings

Posted on by
Reply

In light of the rapidly rising cost of health “coverage,” courtesy of Obamacare, I thought I’d offer a few thoughts comparing health plans with emergency cash savings.  To concretize things, let’s say a medical emergency costs $50,000.  A three-person household consisting of 43- and 41-year old parents and a 16-year-old child, a family with an $85,000 annual income in Collin County, Texas might select a Silver Plan from the ObamaMart that has a $681 monthly premium and that pays 70% of covered medical expenses after deductible and copays (this Plan has a $12,700 annual deductible with copays of $500 for ER and $250 for a hospital stay of any length, but let’s ignore these for this comparison.  On the other hand, let’s say the $50k medical event is a comprised of items that are covered under the Plan.  Also, it should be clear that, even though I’m positing a three-member family, the principles illustrated would apply to a family of any size, from a single person on up).

Health Plan Pros:

  • provides all the coverage it ever will with the first premium

Health Plan Cons:

  • only useable for the covered items
  • premiums paid are lost forever from the perspective of the family—they can’t be recalled and redirected
  • covers low probability, high cost events (under Obamacare, routine, minor expenses, like annual checkups, contraceptives, and so on also are covered; I’ll come back to that below)
  • guaranteed to cover only a fraction of the covered item(s)’ actual expenses—70% of them under this family’s Plan; under Obamacare generally, the per centage can go as low as 60%

Emergency Cash Savings Pros:

  • accumulates money to cover those same low probability, high cost events
  • usable for any expense, and there are no arguments over whether the item is a covered item
  • have chance of paying for 100% of the emergency expense
  • entirely under control of family doing the saving, including how the money is held or invested.  Also, the person doing the saving gets the proceeds of any investing plan, not a Plan provider

Emergency Cash Savings Cons:

  • must be accumulated before there’s enough money to cover the emergency/medical event

Now consider how Health Plan providers (and the insurers in the remaining insurance industry—life, property, etc—generally) make their money.  First they estimate the likelihood of a payout for a covered event (and their actuarial statisticians are very good), then they aggregate that over the number of customers they have for that event coverage, and they arrive at a premium that exactly covers the expected payouts.  That is, if their numbers are right, the collected premiums will exactly pay for the most likely total payouts in, say, a year’s time.  Then the insurers plus up the premium actually charged so as to cover additional costs like R&D, marketing, and so on, and a profit.  The result of this is that the Health Plan buyer (for instance) pays a bit higher premium than he’s expected to collect on the actual occurrence of the medical event(s) for which he bought the Plan.

It seems to me that, at least for a family that’s fundamentally healthy and doesn’t take too many risks with that health (e.g., they eat moderately well and they exercise moderately regularly), they’re better off funding their own Emergency Cash Savings fund.  The pros and cons above favor the ECS, if the family is willing to run the risk of having such an event before their fund is fully loaded.

But look at what’s expected of the family, if it buys the Plan described at the outset: it’s expected to pay to the provider $681 per month, month in and month out, year in and year out, even if the covered medical event(s) never happen.

It occurs to me that if the family can afford to make those payments, it can afford instead to sock them away in its own ECS, ultimately fully funding it.  Doing that, at essentially 0% return (e.g., sticking the money into a bank savings account or a money market fund), means the family will accumulate the $50,000 of the posited medical event in six years.  Oh, and in those six years, the 30% not paid by their Plan also is covered.  Just getting to the $35,000 paid by the Plan will take a skosh over four years.

Now, invest that at a nominal rate, seed it with some startup money, and the family’s ECS is accumulated much more quickly.  And will continue to grow.

Notice, too, that that fund, under the sole control of the family, is not limited to a medical event, or to any particular purpose.  It’s available, also, to repair/replace the roof that got nailed in one of those Texas hail storms.  Or it can be drawn on to replace the car that failed catastrophically.  Or….  You don’t have that flexibility with a Health Plan.  And the Plan costs the same.

A Pending Blow for States’ Rights

Posted on by
Reply

A group of legislators in Maryland has introduced the “Fourth Amendment Protection Act” in the Maryland state legislature, a bill that would deny state support to Federal agencies engaged in warrantless electronic surveillance.  This bill is aimed directly at the National Security Agency and its warrantless monitoring and tracking of US citizens (secret warrants?  C’mon), and it would block the provision of “material support, participation, or assistance in any form” by any state entity or any entity of a political subdivision of the state, or by companies with state contracts.

That “material support, participation,…” ban would include providing water and electricity via public utilities to the NSA at its Ft Meade HQ.  Other parts of the bill would prohibit the use of evidence gathered by the NSA in state courts and prevent state universities from partnering with the NSA on research.

The bill would have state or local officials who violate the ban subject to as much as a year in a county jail and a $5,000 fine.  Such officials also would be fired from their jobs and be barred from public service

Delegate Michael Smigiel (R, Dist 36):

I want Maryland standing with its back to its people holding a shield. Not facing them holding a sword.

Expectation of Privacy

Posted on by
Reply

In Klayman v Obama, DC District Federal Judge Richard Leon issued an injunction requiring the government to stop collecting metadata on Americans’ phone calls, ruling the NSA’s program likely unconstitutional.  Leon then stayed his injunction pending appeals.

The Wall Street Journal had some thoughts about Leon’s ruling; as some might expect, I have some thoughts about the WSJ‘s thoughts.

While obtaining the content of phone calls requires a warrant, the High Court ruled that people have no “reasonable expectation of privacy” for information about phone calls such as the date, time and length of their calls and the numbers they dial.  Such transactional data inevitably belong to the service provider, not to individuals….

This is plainly fallacious: that I surrender some of my private data to a third party in no way alters my expectation of privacy.  I expect that third party to protect my data as I would; I expect that third party to protect my data as though they were the third party’s own.  We even have laws on the books requiring such safeguarding; the principle is well established.  It’s true enough that the Supremes have ruled on this before, claiming no expectation of privacy (on a wireless telephone wiretap case some decades ago).   However, that Court had to do a fair amount of mind reading to reach that lack of expectation, and it’s not the first time the Court has been wrong.  Leon is presenting the Supremes with a golden opportunity to correct this particular error.

Contrary to Judge Leon, the reality of the information age is that we all have less expectation of privacy.

This is simply wrong.  I’ve not at all lowered my expectation of privacy; in fact, I expect these advances in technology to enhance my privacy, not deprecate it.

No one who makes calls and emails on a smart phone, visits an e-commerce website, uses a credit card, drives with an Easy Pass or otherwise benefits from modern technology can truly believe that he is not entrusting data to third parties about personal behavior.

This is a careless conflation of two separate issues.  In no way do I reduce my expectation of privacy; I simply expect that third party to safeguard my data.  Those third parties even have procedures to allow me explicitly to instruct them either to safeguard my data or not collect them at all.  My smart phone even has the means to turn off the on-board GPS—and if I turn it on, there’s nothing in that act that permits my location data to be collected for any use but my own.  There’s nothing at all in my use of my smart phone (or my car’s mapping facility) that authorizes the collection of my behavioral data beyond the specific task for which it’s collected—most especially not for government collection.

And, to get to the conflation, the fact that a third party comes into possession of my personal data has absolutely nothing to do with the fact that those data concern my personal behavior.

Well, so what?  The NSA isn’t surveilling lighters at rock concerts, or creating personal mosaics.  The agency is collecting the same basic telephony metadata.

It’s amazing to me that the WSJ would make this argument at all, it’s so plainly fallacious.  The government might decide, at any point, that it’s time to begin surveilling lighters, or the rock concert performers.  Or anyone else about whom it decides to manufacture a suspicion.  Or create those mosaics just because—it certainly now has the data with which to make a good start.

No.  The whole structure of our social compact and of our Constitution is to effect prior restraint of government, not to correct it after it has done its wrong.  That’s a one way street, too: that we tell our government that it cannot engage in prior restraint of us in no way means we cannot engage in that prior restraint of government.

And this, written by Robert Turner, co-founder of the Center for National Security Law at the University of Virginia School of Law, in a separate WSJ op-ed about Klayman:

Consider another, more common, type of warrantless search.  Every time Americans catch a flight at a commercial airport, they first must submit to intrusive searches by federal agents without the slightest probable cause or individualized suspicion.  Yet every federal court to decide the issue has held that these searches are “reasonable” and thus consistent with the Fourth Amendment (which prohibits only “unreasonable” searches).

Clearly, the privacy interests infringed by airport searches are far greater than having a government computer glance through our telephone bills to make sure we have not been communicating with foreign terrorists.

This is a specious argument.  Turner carefully ignores the vast hue and cry over these searches—based entirely on their privacy invasion aspect—by the travelling public.  There is, indeed, a very strong expectation of privacy, the mind-reading a judiciary insulated by design from the public notwithstanding.

Expectation of privacy is alive and well everywhere but in the minds of most of that insulated judiciary.  Leon got this right.