Regulations and Their Emergent Effects

There’s a fascinating story in the New York Times, “Profits on Carbon Credits Drive Output of a Harmful Gas“:

[W]here the United Nations envisioned environmental reform, some manufacturers of gases used in air-conditioning and refrigeration saw a lucrative business opportunity.

They quickly figured out that they could earn one carbon credit by eliminating one ton of carbon dioxide, but could earn more than 11,000 credits by simply destroying a ton of an obscure waste gas normally released in the manufacturing of a widely used coolant gas. That is because that byproduct has a huge global warming effect. The credits could be sold on international markets, earning tens of millions of dollars a year.

That incentive has driven plants in the developing world not only to increase production of the coolant gas but also to keep it high — a huge problem because the coolant itself contributes to global warming and depletes the ozone layer.

Writing good regulation to achieve exactly the effects that you want is a hard problem. It’s not hard in the “throw some smart people” at it sense, but hard in the sense that you’re generally going to have to make hard tradeoffs around behavior like this. Simple regulations will fail to capture nuance, but as the regulation becomes more complex, you end up with more nooks and crannies full of strange outcomes.

We as people and as a society need to think about how much of this we want. If we want to regulate with a fine-toothed comb, then we’re going to see strange things like this. If we want to regulate more broadly, we’ll likely end up with some egregious failures and frauds like Enron or the mortgage crisis. But those failures are entirely predictable: companies occasionally fake their books, and bankers will consistently sell as much risk as they can to the biggest sucker. For example, Bush administration’s TARP program or Seattle taking on $200 million in risk from a hedge fund manager who wants to build a new sports stadium. At least that risk isn’t hidden in some bizarre emergent effect of the regulation.

That aside, long, complex regulations are always going to produce emergent and chaotic effects. That matters for us in security because as we look at the new laws that are proposed, we should look to see not only their intended effects, but judge if their complexity itself is a risk.

I’m sure there’s other emergent effects which I’m missing.

“Quartering large bodies of armed troops among us..”

So following up on our tradition of posting the Declaration of Independence from Great Britain on the 4th, I wanted to use one of those facts submitted to a candid world to comment on goings on in…Great Britain. There, the government has decided to place anti-aircraft missiles on the roof of a residential building near the Olympic park, and the residents objected.

However, the courts have ruled that such a decision is not subject to judicial review. (“London tower block residents lose bid to challenge Olympic missiles“) I think it’s a bit of a shame it didn’t happen here in the US, where it would be a rare opportunity for a bit of third amendment law:

No soldier shall, in time of peace be quartered in any house, without the consent of the owner, nor in time of war, but in a manner to be prescribed by law.

It’s not clear that a missile battery is a soldier, nor that on a house is equivalent to in a house, and I suspect those are two of the few remaining words in the Bill of Rights that haven’t been hyper-analyzed.

Kind of Copyrighted

This Week in Law is a fascinating podcast on technology law issues, although I’m way behind on listening. Recently, I was listening to Episode #124, and they had a discussion of Kind of Bloop, “An 8-Bit Tribute to Miles Davis’ Kind of Blue.” There was a lawsuit against artist Andy Baio, which he discusses in “Kind of Screwed.” There’s been a lot of discussion of the fair use elements of the case (for example, see “Kind of Bamboozled: Why ‘Kind of Bloop’ is Not a Fair Use“). But what I’d really like to talk about is (what I understand to be) a clear element of copyright law that is fundamental to this case, and that is compulsory mechanical licensing.

In TWIL podcast, there’s a great deal of discussion of should Baio have approached the photographer for a license or not. He did approach the copyright holders for Kind of Blue, who were “kind” enough to give him a license. They gave him a license for the music, but he didn’t need to approach them. Copyright law gives anyone the right to record a cover, and as a result, there is a flourishing and vibrant world of cover music, including great podcasts like Coverville, and arists like Nouvelle Vague, who do amazing bossa-nova style covers of punk. (Don’t miss their cover of Too Drunk to Fuck.) And you can listen to that because they don’t have to approach the copyright holder for permission. Maybe they would get it, maybe not. But their ability to borrow from other artists and build on their work is a matter of settled law.

I’m surprised this difference didn’t come up in the discussion, because it seems to me to be kind of important.

It’s kind of important because it’s a great example of how apparently minor variations in a law can dramatically change what we see in the world. It’s also a great example of how constraining rules like mechanical licensing can encourage creativity by moving a discussion from “allow/deny” to “under what circumstances can a copyright holder use the courts to forbid a copy.” If we had mechanical licensing for all copyrighted materials, Napster might still be around and successful.

Outrage of the Day: DHS Takes Blog Offline for a year

Imagine if the US government, with no notice or warning, raided a small but popular magazine’s offices over a Thanksgiving weekend, seized the company’s printing presses, and told the world that the magazine was a criminal enterprise with a giant banner on their building. Then imagine that it never arrested anyone, never let a trial happen, and filed everything about the case under seal, not even letting the magazine’s lawyers talk to the judge presiding over the case. And it continued to deny any due process at all for over a year, before finally just handing everything back to the magazine and pretending nothing happened. I expect most people would be outraged. I expect that nearly all of you would say that’s a classic case of prior restraint, a massive First Amendment violation, and exactly the kind of thing that does not, or should not, happen in the United States.

But, in a story that’s been in the making for over a year, and which we’re exposing to the public for the first time now, this is exactly the scenario that has played out over the past year — with the only difference being that, rather than “a printing press” and a “magazine,” the story involved “a domain” and a “blog.”

Read the whole thing at “Breaking News: Feds Falsely Censor Popular Blog For Over A Year, Deny All Due Process, Hide All Details…

“Can copyright help privacy?”

There are semi-regular suggestions to allow people to copyright facts about themselves as a way to fix privacy problems. At Prawfsblog, Brooklyn Law School Associate Professor Derek Bambauer responds in “Copyright and your face.”

Key quote:

One proposal raised was to provide people with copyright in their faceprints or facial features. This idea has two demerits: it is unconstitutional, and it is insane. Otherwise, it seems fine.

As an aside, Bambauer is incorrect. The idea has a third important problem, which he also points out in his post: “It’s also stupid.”

Read the whole thing here.

California gets a strengthened Breach Notification Law

Governor Brown of California has signed a strengthened breach notification bill, which amends Sections 1798.29 and 1798.82 of the California Civil Code in important ways. Previous versions had been repeatedly vetoed by Arnold Schwarzenegger.

As described[.DOC] by its sponsor’s office, this law:

  • Establishes standard, core content — such as the type of information breached, time of breach, and toll-free telephone numbers and addresses of the major credit reporting agencies — for security breach notices in California;
  • Requires public agencies, businesses, and persons subject to California’s security breach notification law, if more than 500 California residents are affected by a single breach, to send an electronic copy of the breach notification to the Attorney General; and,
  • Requires public agencies, businesses and persons subject to California’s security breach notification law, if they are utilizing the substitute notice provisions in current law, to also provide that notification to the Office of Information Security or the Office of Privacy Protection, as applicable.
  • senatorsimitian.com

    This makes California the fifteenth (!) state with a central notification provision on the books, the others being: Hawaii, Iowa, Maryland, Massachusetts, Minnesota, New Hampshire, New York, North Carolina, Oregon, Vermont, Virginia, West Virginia, Wisconsin, and Wyoming. Puerto Rico also has such a requirement. Ibid.

    I’m looking forward to the resulting information, and I hope California’s Attorney General has the good sense to post all received notification letters. This will undoubtedly be easier for the state than dealing with the inevitable FOIA requests, and serves the public interest by increasing transparency.

    “Pirate my books, please”

    Science fiction author Walter John Williams wants to get his out of print work online so you can read it:

    To this end, I embarked upon a Cunning Plan. I discovered that my work had been pirated, and was available for free on BitTorrent sites located in the many outlaw server dens of former Marxist countries. So I downloaded my own work from thence with the intention of saving the work of scanning my books— I figured I’d let the pirates do the work, and steal from them. While this seemed karmically sound, there proved a couple problems.

    Read more in “Crowdsource, Please.”

    What’s the PIN, Kenneth?

    There’s a story in the New York Times, “To Get In, Push Buttons, or Maybe Swipe a Magnet” which makes interesting allusions to the meaning of fair trade in locks, implied warranties and the need for empiricism in security:

    In court filings, Kaba argued that it had “never advertised or warranted in any way that any of its access control products are impenetrable.” Locksmiths learn techniques to defeat all kinds of locks, and “thieves and others who want to defeat locks can obtain the same tools and learn the same techniques locksmiths use,” the filings said. “Indeed, any thief — even the most clumsy — can use a sledgehammer, a pry bar or bolt cutter to bypass essentially any lock.”

    In a statement, Mr. Miller added that the company had “never received any confirmed report of a break-in” because of a magnetic bypass, and that it heard about the potential for magnetic mischief only in August 2010. Kaba is preparing a free kit to modify the locks and make them magnet-proof, he said.

    All of which is really an excuse to share with you this picture. I have no idea if it’s a Kaba lock or not, and I’m reasonably confident that the sign is not Kaba’s fault.
    IMG 0356

    Microsoft Backs Laws Forbidding Windows Use By Foreigners

    According to Groklaw, Microsoft is backing laws that forbid the use of Windows outside of the US. Groklaw doesn’t say that directly. Actually, they pose charmingly with the back of the hand to the forehead, bending backwards dramatically and asking, “ Why Is Microsoft Seeking New State Laws That Allow it to Sue Competitors For Piracy by Overseas Suppliers? ” Why, why, why, o why, they ask.

    The headline of this article is the obvious reason. Microsoft might not know they’re doing it for that reason. Usually, people with the need to do something, dammit because they fear they might be headed to irrelevancy think of something and follow the old Aristotelian syllogism:

    Something must be done.
    This is something.
    Therefore, it must be done.

    It’s pure logic, you know. This is exactly how Britney Spears ended up with Laurie Anderson’s haircut and the US got into policing China’s borders. It’s logical, and as an old colleague used to say with a sigh, “There’s no arguing with logic like that.”

    Come on, let’s look at what happens. I run a business, and there’s a law that says that if my overseas partners aren’t paying for their Microsoft software, then Microsoft can sue me, what do I do?

    Exactly right. I put a clause in the contract that says that they agree not to use any Microsoft software. Duh. That way, if they haven’t paid their Microsoft licenses, I can say, “O, you bad, naughty business partner. You are in breach of our contract! I demand that you immediately stop using Microsoft stuff, or I shall move you from being paid net 30 to net 45 at contract renegotiation time!” End of problem.

    And hey, some of my partners will actually use something other than Windows. At least for a few days, until they realize how badly Open Office sucks.