 One of the joys of being at the Cato Institute is you get to meet interesting and creative people and you get to make great friends. Our next speaker is, falls into all those categories, an interesting thinker and creative thinker and one of my friends. Sove Singleton is now the director of information studies at Cato and she's the author of what my little script here says is a provocative paper on privacy titled, Privacy Ascentorship A Skeptical View of Proposals to Regulate Privacy in the Private Sector. Could have been a shorter title I guess and other articles on privacy, free speech and telecommunications deregulation. Sove and together with Tom Bell are the co-editors of Regulators Revenge, the future of telecommunications deregulation which Cato published earlier this year. She has spoken about a controversial theories of privacy and telecommunication regulation at many industry and policy related events and her articles appeared in The Washington Post, The Philadelphia Green Choir, The Washington Times and The Wall Street Journal and many other papers. Sove's undergraduate degree is from Reed College where she majored in philosophy. She then graduated cum laude from Cornell Law School and went to work at Kellogg-Huber-Hanson Todd Nevins which is a boutique telecommunications law firm in Washington D.C. Sove. Thanks very much Lawrence. When I was at Comdex a few years ago I heard about a rather horrifying sophisticated information collecting device. It picks up auditory signals on a narrowband channel at about 640,000 bits per second. Registers heat, cold and pressure at about 13 megabits per second. Picks up visual signals without motion at about a billion bits per second. Picks motion at 7 gigabits per second and can create a full spatial model of reality at about 880 gigabits per second. Now what is this amazing device? This is a human being. This is the rate at which our ears, eyes and sense of touch process information and that doesn't include smell and taste because those are chemical signals that you it's not very easy to translate them into bits per second. So the kind of creatures we are is we are extremely greedy for information about our environment and our senses aren't even enough to satisfy ourselves. We process symbols as well and we create libraries of symbols. We also have a lot of mechanisms that most people don't think of as being information relays, markets themselves for example. If a Hayek described how the price system sends signals throughout the economy solving the knowledge problem that Soviet central planners utterly failed to solve, that is the problem of relaying throughout the economy information about who has what resources, who needs them, how much, how badly and when. So what I'm going to talk about today is how a new regulatory vision of privacy potentially threatens to interfere with the free flow of information in human society. Perhaps only at the margins, perhaps it'll have a larger impact, it's hard to tell. But this new regulatory vision of privacy comes from the idea that people own information about themselves and so that if a business picks up information about a customer in the course of a transaction or in the course of dealing with an employee that if they want to use that information for say for marketing purposes or trade that information to another business and so on they would need to have to notify the data subject in some explicit way, get their consent and give them access to the information so they can correct it and so on. Now this idea has been translated into a sort of embryonic regulatory proposal by Al Gore and others within the United States but in Europe it has matured into a new and broad regulatory regime in the form of the European Data Protection Directive. Now Europe, this Data Protection Directive then creates a kind of classic trade problem with the US, X country has a set of regulations, Y country does not have them and so rather than tolerate the resulting regulatory arbitrage, European regulators will ask the US to make sure that when US companies are dealing with European data that they also comply with the European Data Protection Directive. Now there are a number of large problems with the Data Protection Directive which I will not have time to address in detail here but I'll just outline them very quickly. One of them is that it's create the sort of type of language that it uses is extremely imprecise and it creates an enormous problem of uncertainty for businesses. Second it will create because of its breadth an enormous scope of regulatory discretion which because it concerns the flow of information across borders and trade across borders has the potential to become a very protectionist sort of regulatory regime. A third problem is the cost of some of the specific regulations, what some of the specific regulations require such as the provision of access, we've got a requirement in the United States in the context of credit reporting that customers be allowed to access their credit reports and it's quite possible that that belongs in that sector of the economy that's a separate issue but we do know that operating that kind of access center is tremendously expensive it requires hundreds and hundreds of employees and millions of dollars a year and it's a significant part of the cost of credit in the United States. And finally another problem with the European Data Protection Directive is part of the reason it that there was strong support for it in Europe is concern about abuses of data in the human rights context by for example the Nazis use census data in a number of countries during World War II to track people down and put them in camps and so on. So it's purportedly a human rights measure and when I first heard that I was sort of tremendously impressed by it but the problem is that when you look at it more closely you see that wherever it matters most to governments specifically in the area of their power to tax and enforce criminal laws the Data Protection Directive gives them lots of exemptions and at the end of the day when all the exemptions are done with what you have is a directive that basically will impact activities in the private sector like marketing or employment and it will have perhaps a marginal impact on the power of the welfare state in Europe but not any significant restraint on government power. But the most interesting problem with the directive which I'm going to focus most of my attention on today is the conflict with the general default rule of human beings thinking about other human beings and that is that we're generally free to share information about other human beings without asking their permission first that is to say as a general rule people don't own information about themselves especially once they've given up that information to other people you can sit in the audience there and you can look at me and observe that I have brown hair and brown eyes you can make other observations about me which you would be perfectly free to share with other people you can make the observation for example that the suit that I'm wearing today is not nearly as loud as the suit I was wearing yesterday and you would be free to go forth and talk about that amongst your friends similarly journalists regularly write articles about other people without getting their permission first even though that might be quite embarrassing to the other people and then finally of course there's the familiar example of gossip which is something that it's regularly derided and it's certainly and not a very accurate information transmission mechanism but it turns out that in many social and economic contexts it that it's much better than having no information about the people around you at all anthropologists Sally Engel Mary has noticed that in many primitive communities gossip performs a key economic function in hunting gathering societies they gossip about water and food resources lap blenders gossip about who might have stolen a reindeer and what you begin to see in more advanced economies is gossip begins to evolve into more accurate and more formal mechanisms for trading information about other human beings in the 19th century there was a silk merchant named Louis Tappan and he was concerned about he didn't know which businesses he could safely extend credit to so he began a network of letters all around the United States sort of informally trading information about other businesses this in the long run grew into Dunn and Bradstreet which is the business that handles credit reporting for other businesses credit reporting for consumers in the 19th century didn't exist at all if you wanted to buy goods on credit you needed to personally know the storekeeper and probably if you were poor you wouldn't be able to get credit at all then it was carried on as a nonprofit activity for a while and today it's grown into an enormous formal business but the basic default rule has been that people have a tremendous need for information about other people and they're allowed to communicate that without asking anybody's permission now we do craft important exceptions to this rule and create islands of privacy for ourselves some of these are technological examples and some of these examples will seem silly because we take them so for granted so for example we build the walls of our houses out of opaque materials we don't use glass or plexiglass so people can see through in certain businesses such as medicine and law customs of confidentiality have grown up and those businesses have learned that that's extremely valuable to carrying on their business in a normal way we have other kinds of property rights and information we've got patent law we've got copyright law but on the whole patent law applies to a tremendously narrow category of information and copyright law which is broader you still cannot copyright a fact or an idea so it's relatively narrow as well we also have thing common law actions like defamation and common law privacy rights as well but again all of those specific little legal bits of regulation of information are relatively narrow and bounded for the most part the way human beings process information about other human beings has been far too subtle and far too complicated for any legislative process that regulates things from the top down the sort of a the question of when human beings need to trust one another when they need to share information when they want autonomy when they want to provide confidentiality when information security is important and what technology is best used to provide information security all those questions turn out to be incredibly subtle and complicated ones so what are the potential things that could happen when one lays over top of this free flow of information a new set of regulations that essentially have the potential to stop or substantially impede businesses from communicating with other businesses about things they know about people in the meat space economy which is the the term that some of my cyberspace minded friends have coined for the non cyberspace world the fundamental problem is the Hayek's knowledge problem which I've already mentioned that is the question of how you allocate resources who you discover who wants to trade with you who you discover how who not to trade with because they're going to try to cheat you and pricing helps solve that problem so does advertising direct marketing has been developed as a way of solving this problem it's not a very effective way though it's only about you only get about a one to two percent response rate so there's a tremendous amount of waste there an enormous room for information for new types of information and new kinds of information processing to reduce that amount of waste so there's two main impacts there's a lot of impacts there but all that the new privacy regulations have the potential to have on the ordinary economy one of these is an impact on competition if you for example were starting a business selling baby clothes you have some really firmly established competitors big department stores like Macy's and Hex and so on Nordstrom on the West Coast how are you going to break into that market it's tremendously helpful to you if you can buy a list of people who might be interested in buying your baby clothes similarly people who start magazines or newsletters are absolutely dependent on lists that they can rent or buy of potential people who might be interested in those publications also I've noticed that on nonprofit groups like humane societies tend to make very very heavy use of lists that are compiled by other humane societies in knowing who to send mail to asking for donations in the employment context if you make it harder for an employer to access something like a credit report and considering who to promote or hire there might be a very very strong respect in which your attempt to be more fair to people backfires and that the employer in act in the absence of being able to easily access the credit report instead of sort of saying okay this information is none of my business instead says gee I better not hire people who I don't know personally so there's a there'll be a tendency if you block off access to formal information mechanisms for them to turn back again to gossip and more informal and less reliable and much less fair information mechanisms in electronic space though in the electronic economy I think the privacy rules have a potential to have a really an enormously harmful impact because there in that electronic economy all of a sudden we are strangers dealing with strangers at an immense distance all the information you might pick up from your customer or from the business you're trying to buy something from in a face-to-face encounter is gone all the assumptions the business might be able to make about the tastes and preferences and needs of its customers that they might have from working for a long period in a certain geographic area all that information is gone you don't know where your customer is and so what electronic businesses have found is that banner ads have a tremendously slow response rate there's a lot of other problems with setting up really effective indexes and so on for connecting people who want to trade with each other and I would anticipate that there's a potential for enormously interesting new mechanisms for processing information and new institutions to arise in the electronic commerce context to solve some of these problems and I think the vital things for this experimentation and processing of new information to go on in civil society in the marketplace so that new institutions are developed from the bottom up rather than being imposed from the top down this doesn't mean that there won't be mistakes and there won't be problems but it does mean that the kinds of solutions to involve that's that arise to solve those problems are not the kinds of things that that'll legislature will mandate so to sum up then from the standpoint if your concern is human rights then the European approach the omnibus approach to privacy in the end has done little or nothing to check the part the power of government the growth of the welfare state and the enumerated powers model of limited government which is described in the United States Constitution although often ignored here is a much more powerful model the European approach to privacy turns normal rules of human interaction on their heads in a large number of cases and I'm concerned that it will block civil society from moving forward without fear into the information age thanks very much for your attention we're gonna have time for maybe two questions so I sent you email a week or so ago I'm an unusual combination I'm deeply libertarian and a privacy advocate the I'll try and keep this short since you want to get two questions in it's going to be a struggle I'm I'm not in favor of regulations of prohibiting industrial gossip okay I think it serves it serves a great need in lots of cases the problem that arises that I see is that there's an economic externality that current laws don't don't provide any redress for when industrial gossips make mistakes not and when they say who's interested in what who should be on this mailing list who you should who you should try and sell baby clothes to but who's good whose credit is good or who's who's employable on at us at a secure institution when they make mistakes individuals are hurt and it's tremendously costly to them and the current regulatory regime gives the individual no redress they just they don't have any ability to do anything and in most cases it costs them basically an extra full-time job for I think we get the point yeah let me go ahead and answer that I think the question is I mean clearly we don't live in a perfect world so any private institutions are going to make mistakes again my concern is that when you develop a formal mechanism for trading information like credit reporting yes they're going to make mistakes the error rate is somewhere between 14% and 1% it's difficult to estimate you usual numbers are more like 10% to 30% but no actually there let me talk a little bit about that because those those are numbers that are controversial there were two studies done of the rate of error in credit reporting one by the public interest research actually the rate isn't what's important what's important is that individuals are hurt yes but let me talk about the studies first there was one done by the public interest research group another done by consumer reports they reported extremely high rates of error like 30 to 40% the problem is that both of those studies had some serious methodological errors the consumer reports study for example surveyed employees of consumer reports and their acquaintances the public interest research group study surveyed people who had recently requested copies of their credit reports in other words people who had reason to believe something might be wrong a random sample study conducted by Arthur Anderson which was statistically valid and didn't have these methodological errors showed a much lower error rate from 14% to 1% and it's probably probably on the low end rather than on the high end so but nevertheless it's definitely true that individuals are hurt there is a mechanism that's created by the credit reporting act for correcting that and there are a lot of problems with that it doesn't work very well I think on the whole there's clearly there's something going wrong when a credit report has information about you that's bad but it might be better to have that the process of regulating that dispute going on through the courts rather than through the access mechanism that the credit reporting act created because the courts tend to be much more neutral in resolving these questions than an access mechanism created and operated by a credit reporting company so yes there definitely problems people are hurt I should also point out though that if you begin to close off these formal mechanisms if you begin to make the cost of credit more expensive and so on you're also hurting people so it's it's we're not going to get to a perfect world either way I think let's take the next question now though because we are trying to get back on schedule I'm Peter boss it seems to me that they are tremendous benefits for having a free flow of information I mean apart from the credit problem that just discussed here so generally there seem to be a lot of benefits why is there such strong support for the kind of protection that you have in Europe I mean apart from the irrational fears that people have are there any what are the valid rational reasons that people should should want such protection I believe a large part of it in Europe comes from the growth of the welfare state there and it's a legitimate concern which then translated into the European data protection directive has a completely ineffective and illogical solution specifically what began to happen in Europe is there was of course what the Nazis did with census data in World War two but also things like the creation of federal driver's license databases and so on also Europeans have very high tax rates and they are tremendously sensitive about people knowing what kind of stuff they have because that stuff might be subject to taxes and yet these are all problems that the data protection directive really doesn't do very much to solve another part of what's going on in Europe is something more related to the French sentiment which you see in many other regulatory initiatives in France and that is just the view that employers and people who sell things are doing something that is bad that is ignoble that is exploitive and that I mean from my standpoint that is just so tremendously wrong that I don't even know how to begin how to start talking about the many things that I would have to say about that but I I I mean many of these countries for example ban certain types of advertising and as much as we hate advertising and it's sort of crass as it seems sometimes think about what happens in markets where something like price advertising is banned I mean we tried different experiments in the US some states banned price of advertising of things like to go back to Virginia Postrell's talk yesterday on contact lenses and eyeglasses and what you saw was in the states in which optometrists were allowed to have price advertising there was a you know there were price wars and prices went down and in the states where the optometrists succeeded in saying you know no we must not do this crass thing called advertising we must be like doctors the prices were nice and wonderful and for them and they were quite high so I think in Europe there's there's two things going on there's a legitimate nervousness that people have because of the growth of the welfare state which would be better addressed by just a plain old-fashioned limitations on the power of government and then at the other hand you have this tremendous suspicion of commercial activity which I think is misplaced I just like to follow on but there's also a lot of support in America for privacy and how does one account for that a lot of it is concerned about security which I think is valid for example credit card companies they let you change the information in your account by giving your mother's maiden name and your social security number neither of those are good passwords both of those bits of public information are are often widely available to a large number of people and the good features of a password and actually credit David Bryn for making this observation to me the good features of our password are that they are absolutely secret they're known only to the user and they're changed frequently so I think a lot of the concern about privacy in this country is is it really a concern about security which is a valid concern a lot of it is that if you ask people on a survey are you concerned about privacy they're not very likely to say no and they may not understand the regular the impact of regulations on the economy they may think that it's something that they're getting for nothing when it isn't time to thank you very much time to move on