Kosar talks Congressional Regulation Office on C-Span

kosar cspan

R Street Governance Project Director Kevin Kosar was on C-Span’s Washington Journal program recently to discuss his recent piece in National Affairs proposing a Congressional Regulation Office and the concept of regulatory budgeting. The full video is embedded below.

Self-driving car bill would authorize Cal DMV to do what’s already done


New legislation introduced in the California Assembly would mandate the state Department of Motor Vehicles revoke the registration of any autonomous vehicle that isn’t operated in compliance with state law.

Sponsored by Assemblyman Phil Ting, D–San Francisco, Assembly Bill 87 also includes fines of $25,000 per day and a provision prohibiting manufacturers or operators found to violate the law from operating any other autonomous vehicle in California for two years. For manufacturers, in particular, this would be a catastrophic punishment. Given how fast the technology is progressing, a two-year ban from operating any autonomous vehicles amounts to “one strike and you are out” of the self-driving car market.

Ting’s bill is a classic example of legislating by headline, which is a terrible way to make law. But it’s also notable in that it appears to create an authority—to revoke the registrations of self-driving cars—that the DMV has already used.

Back in December, ridesharing firm Uber argued its autonomous vehicles tests were legal, based on the plain meaning of the state’s testing regulations. The DMV ultimately disagreed, revoking the vehicle registrations of all of the Uber testing vehicles. Uber would later roll its shiny new Volvo XC90 test vehicles onto semitrailers bound for Arizona, where the company expected a more reasonable regulatory regime.

If the DMV already had the authority to revoke registrations in cases like Uber’s, why is it necessary to grant that authority again, as Ting’s bill does? Perhaps, as written, Ting is seeking to make revocation compulsory in cases like Uber’s. But that seems unlikely, given the department’s own explanation of the registration revocations.

Speaking on the revocations at the time, a DMV spokesperson said:

…consistent with the department’s position that Uber’s vehicles are autonomous vehicles, the DMV has taken action to revoke the registration of 16 vehicles owned by Uber. It was determined that the registrations were improperly issued for these vehicles because they were not properly marked as test vehicles.

Under the Vehicle Code, the DMV has broad discretion when it comes to revoking a vehicle’s registration and enjoys substantial deference in how it interprets the code. But there are only a limited number of areas of authority from which the DMV could draw its power to revoke Uber’s registrations.

The first, Vehicle Code Section 38750, empowers the department to draft regulations related to testing autonomous vehicles. Under that section, it may draft “special rules for the registration of autonomous vehicles.” In fairness to the DMV, within the adopted rules, there are special registration requirements, including a marking requirement. But there is no explicit authority to revoke a vehicle’s registration because it failed to comply with the rules. Whether it’s appropriate to infer that authority is unclear.

Then there’s Vehicle Code Section 8880, which states that registration may be revoked on the basis of fraud, mechanical safety and a slew of other rationales. The DMV could have, for instance, argued that the Uber test vehicles were mechanically unsafe and thus subject to Sec. 8880(a)(2), the explanation I cited above from the DMV spokesperson does not jibe particularly well with the authority granted under Section 8880.

Relying on the vagaries of Section 38750 and the rules promulgated under its authority was risky business for the DMV. Had it chosen, Uber could have plausibly argued that the DMV’s interpretation was dead wrong. Ultimately, it didn’t matter whether the DMV actually had the authority it was claiming because, having marshalled the Office of the Attorney General, the department likely recognized that asserting the pretense of authority would be enough to force Uber’s hand. Litigating the matter, from Uber’s perspective, would have made little sense, given that other testing locales are available.

Now, only after publicly bringing an end to Uber’s testing in California, is the DMV seeking to explicitly affirm its authority to do what it has already done. Whether Ting’s bill is redundant will remain an open question. What is abundantly clear is that the discord between the rhetoric of “innovation” in California’s state government and the reality of legislative opportunism and regulatory capriciousness is more striking than ever.

Image by Cassiohabib

Join us tonight for Le Hackie Awards


DC Legal Hackers hosts its third annual Le Hackie Awards tonight, an event to honor companies, organizations, legal hackers and the best legal hacks of 2016.

For those not familiar, a legal hacker is:

  1. One who uses technology to improve law; or
  2. One who uses law to improve technology.

The legal hack network initially was formed in late 2011 by a group of Brooklyn Law students troubled by the U.S. House’s anti-piracy legislation, the Stop Online Piracy Act, and its Senate counterpart, the PROTECT IP Act, also known as SOPA and PIPA. Like many in the internet community, the students were concerned that Congress had, without consulting the public, crafted a bill that so plainly limited a user’s right to digital free speech.

Legal Hackers had its first meeting in New York in 2012 and has since grown into a movement with chapters in Washington, Los Angeles, Miami and many other cities around the globe.  The group consists of like-minded individuals in the fields of law and technology who enjoy getting together to discuss pertinent legislation, case law and the state of play within the tech and legal communities.

R Street looked to do its own small part to promote legal hacking in 2016 by creating EveryCRSReport.com, the Technology Policy Working Group and the Legislative Branch Capacity Working Group. That’s why we are co-sponsoring tonight’s event, along with allies like the Open Government Foundation, the Data Coalition, the Data Foundation and FastCase. We invite you to stop by, grab a slice of pizza and help us honor this year’s recipients.

Image by GaudiLab

Making Congress great again


It hasn’t exactly been a smooth first week for the Republican-controlled 115th Congress. On Monday, House Republicans voted to gut the Office of Congressional Ethics—only to reverse their decision a day later after receiving harsh backlash from constituents, ethics watchdogs and President-elect Donald Trump himself.

But despite the bad optics of the OCE fiasco, which dominated the news cycle, House Republicans actually took some important steps this week to improve democratic accountability and strengthen their ability to carry out their constitutional role in our system of checks and balances.

On Wednesday, the House passed the Midnight Rule Relief Act, a bill that protects Americans from a last-minute avalanche of Obama administration regulations by allowing Congress to repeal any rule finalized in the last 60 days of the administration with a single vote. And on Thursday, the House passed the Regulations from the Executive in Need of Scrutiny (REINS) Act, which provides a meaningful check on regulations by requiring Congress to vote on any executive branch regulation with an economic impact of $100 million or more.

Both ideas have been supported by Republicans in Congress for a while, and the REINS Act has passed the House three times – in the 112th, 113th and 114th Congresses. Now, with a Republican-controlled Senate and an incoming Republican administration, there’s hope that they will finally be enacted as law.

While House Republicans should be applauded for passing these important bills and placing such high priority on regulatory reform during their first week in session, there remains much to be done to stem regulatory overreach. For one, the bills obviously still have to pass the Senate and be signed by President Trump—not necessarily a given, since they actively weaken the power of the executive branch. And even if they are signed into law, clawing back power from the massive regulatory state remains a formidable task that requires continued vigilance and reform.

There are many other reform ideas and regulation-whacking tools at Congress’ disposal that should continue to be pursued and given due consideration in the 115th Congress. R Street Governance Project Director Kevin Kosar has highlighted a number of promising reform ideas, including regulatory budgeting, utilizing the Congressional Review Act and creating a nonpartisan Congressional Regulation Office to analyze significant regulations.

As House Republicans turn their attention to what will be the defining feature of their first 100 days in session—the repeal and replace of Obamacare—it’s important that legislators continue to pursue sensible regulatory reform and hold the executive branch accountable. The time may be ripe for Republican and Democratic lawmakers to come together in the effort to Make Congress Great Again.

The intelligence community should be more accountable to Congress


The salvo between President-elect Donald Trump and the U.S. intelligence community continues to intensify. Having downplayed and dismissed unanimous intelligence agency conclusions about Russian involvement in the DNC hack, Trump now wants to restructure the Office of Director of National Intelligence and the Central Intelligence Agency because he finds our nation’s top spy agencies “bloated and politicized,” the Wall Street Journal reports.

To be sure, there are problems in the intelligence community.  But rather than restructure the agencies, the first step should be to improve congressional oversight of the community’s practices. Rank-and-file members of Congress still have not been briefed on the DNC hack or any possible Russian involvement. They are left entirely in the dark.

The intelligence community has briefed President Barack Obama and senators; and briefed the president-elect this morning. But out of 435 members of the House of Representatives, only the 24 members of the House Permanent Select Committee on Intelligence (HPSCI) have been briefed. The rest of Congress has been stonewalled from fulfilling their constitutional responsibility.

This is par for the course. House rules are structured to make rank-and-file members completely dependent on the HPSCI for morsels of intelligence-related information. Representatives are not properly staffed or guided through the nuances of these often tricky matters.  They are dissuaded from exercising “healthy American skepticism” to question surveillance practices.

Questions about the future of American-Russian relations, or how the intelligence community does its job, are of the utmost of national importance. Yet most of our elected officials are on the sideline. It is time to make sure all our duly elected legislators are fully informed and can enact proper oversight over these delicate issues.

Image by jgolby

Yes, fewer traffic fatalities is a good thing!

Outlet bias is a hallmark of the bored and lazy, and also of The Daily Wire‘s Ben Shapiro.

Taken by the recent headline of a piece I wrote with colleague Anne Hobson, “Self-driving cars will make organ shortages even worse,” Ben declares, in a wonder of incoherence:

Slate thinks that self-driving cars are the problems. Meaning that the real problem is that healthy young people aren’t dying at sufficient rates.


Ben’s histrionic content can be exhausting even when it bothers to reflect reality, but in this case, it simply doesn’t. In sum, the piece describes self-driving technology and a challenge that it may present—since even positive safety outcomes have externalities associated with them—before venturing toward a possible free-market solution.

It should be noted that R Street has advocated consistently for the rapid development and deployment of automated technology. At the same time, that rapid deployment will require considering the otherwise unexpected ways in which self-driving technology may affect society. The point of the Slate piece was to highlight a hitherto underappreciated issue. This is why we were as clear as we could possibly be in writing:

We’re all for saving lives—we aren’t saying that we should stop self-driving cars so we can preserve a source of organ donation. But we also need to start thinking now about how to address this coming problem.

Should folks like Ben wish to learn more about the technology, its upsides and the case for regulatory restraint, here are some links to R Street’s latest work on the issue:

Autonomous vehicles could change everything you know about traffic stops

Self-driving car makers shouldn’t have to ask NHTSA ‘mother, may I?’

In internet of things era, cybersecurity for autonomous vehicles will require restraint

Uber and California DMV fight over definition of self-driving cars

Don’t over-regulate driverless technology

The new federal safety guidelines for self-driving cars are too vague… and states are already making them mandatory

Don’t demonize bitcoin, blockchain, Tor and other online privacy tools


“Can bitcoin be used for good?” read the headline of an April article in The Atlantic.

It’s not just a headline writer’s attempt at provocative rhetoric. The phrases “darkest corners of the web” and “illicit transactions” appear in paragraphs 1 and 2, respectively.

The implication, of course, is that bitcoin was created to facilitate illegal transactions over the internet. Only midway through does the article begin to discuss potential benefits of the cryptocurrency. The negative slant is indicative of the attitude the mainstream media are taking in general to technologies than anonymize users—as if the desire for privacy itself indicates ulterior motives.

We have seen similar treatment of other online privacy tools, such as the Tor browser, which media and law enforcement never miss a chance to associate with child pornography. On the other hand, very little is reported about Tor’s importance in circumventing internet filters and firewalls set up by the world’s repressive governments.

Yet in the larger scheme, anonymizing technologies like these will be important countermeasures for safeguarding privacy, as underlying internet technology allows small bits of personal information spread across countless databases to be searched, collected and analyzed cheaply and instantaneously.

Individuals today are asked to provide greater amounts of personal information just to navigate the routine aspects of daily life. This isn’t simply social networking and search applications; whether it’s banking, credit cards, purchasing (online and off), health insurance, travel, school enrollment or any one of dozens of other daily interactions, governments and institutions are requesting—demanding—more of your personal information for the privilege of doing business. There’s no opt-out.

Right now, as you’re reading this, think of how much of your daily activities third parties have recorded and documented. How much water did you use to shower, shave and brush your teeth? Metered and documented. Did you ride public transportation? Your fare card reported where you got on and where you got off. Surveillance cameras recorded you boarding a specific bus or subway car. Did you drive to work? The EZ pay toll and traffic cams can show the route you took. That coffee and doughnut purchase paid by debit card? Documented and searchable. That cigarette you smoked midmorning outside the building? Security cameras recorded it. Every site you visited, whether on your phone, tablet, home or work PC—logged and documented in the cloud.

None of this information is within your control. It is not your property and, as of now, your rights to correct, edit or delete it are extremely limited. Any of it, at any time, can be used against you.

Today, the bulk of information collected is used for marketing purposes. It’s not all bad. Amazon will remember that great pair of running shoes you bought, so you can purchase them again when you need to. Google can tailor news for you based on what its algorithms discern as your interests. As the “internet of things” takes shape, intelligent systems will be able to crunch massive amounts of data to make traffic flow better; to help businesses manage inventories, supply chains and transactions faster, quicker and more securely. That means less wasted resources, including fossil fuels. It means shorter lines at the checkout counter (or no checkout counter at all) and reduced chances of small mistakes that can have huge consequences, such as an error on medical records.

But just because there are social benefits to sharing some personal information doesn’t mean there are greater social benefits to sharing all information. This is what makes the oft-heard claim that information gathering shouldn’t bother those with “nothing to hide” so infuriating. Privacy is not about keeping secrets. Privacy is about the individual right to set personal boundaries. Legally, this idea is implicit in the First, Second, Fourth, Fifth and Sixth Amendments. To put it more mundanely, I have no obligation to notify the world every time I buy a bottle of milk and a loaf of bread.

So, yes, bitcoin can be used for good. Bitcoin is a cryptocurrency, a form of digital cash that can be exchanged online for goods and services. It is accepted by a growing number of merchants, including Overstock.com, Apple’s iTunes, Virgin Galactic and MGM Resorts (a good list is here). Unlike conventional currencies, transfers do not need to go through a third-party payment system, like a debit or credit card transaction does. This eliminates the cost of that transaction. The protocol that underlies bitcoin, known as blockchain, allows both anonymity and verification, two factors often thought to be mutually exclusive in e-commerce.

Blockchain itself may be the most significant development in safeguarding online privacy. Although the processes involved are complex, it essentially creates a method of secure data authentication independent of personal identification. This could make it ideal for networked device applications by allowing extensive database interaction to analyze dynamic real-time situations without compromising identifiable individuals. That is, unless government interference ruins it. Unsurprisingly, Russia and China are promoting an international effort to regulate the use of blockchain.

As for Tor, an FBI sting—aided by a hyperventilating media—damaged its reputation by associating Tor with child pornography in the public mind. In the sting, which itself raised ethical questions, the FBI for one week kept a seized child porn site online and publishing in order to gather web addresses of its users. The site was part of the so-called “dark web,” accessible only through open-source browsers such as Tor (proprietary browsers such as Chrome, Bing, Explorer and Safari won’t index dark websites). Tor, short for The Onion Router, was created by volunteer programmers and is designed to route browser inquiries through a large number of nodes, making it difficult to trace the IP address and location of the user.

In addition to child porn, the dark web is known for supporting other criminal transactions such as arms purchasing and drug trafficking. Former U.K. Prime Minister David Cameron raised the thought of banning Tor, and Tor and its defenders regularly battle false reports that its use is illegal.

But Tor serves a vital function by allowing individuals to access websites, exchange emails and post video and photos while retaining a high degree of anonymity. (Tor isn’t completely secure in this regard). While for Americans that might mean fewer targeted web ads, for someone in China, Iran or Saudi Arabia, it means there will be no 3 a.m. knock on the door.

Moreover, Tor’s role in propagating child porn likely is overstated. The U.K. Parliament’s Office of Science and Technology cited a U.K. National Crime Agency’s Child Exploitation and Online Protection Command (CEOP) finding that Tor hidden services plays “only a minor role in the online viewing and distribution of indecent images of children.”

Anonymity tools themselves are a marketplace response to public perception of a lack of internet security. Just last week, Yahoo reported that information in 1 billion customer accounts may have been hacked and compromised. Most of this year’s presidential candidates, including President-elect Donald Trump, supported the FBI’s demand that Apple employees be forcibly deputized to unlock the cellphone used by the San Bernardino attackers. Despite debating it for several years, Congress still hasn’t extended constitutional due process protections to personal information stored in the cloud, even though users rely on web-based storage for app functionality across devices and protection against loss due to a local hard drive failure.

If the internet of things is to succeed, consumers must be confident that the information they share will be anonymized as a matter of course. When that is unfeasible, they must have utmost confidence that their data won’t be shared improperly or used against them. Anonymizing tools should not be banned or demonized because the government—or industry—can’t or won’t meet a desired level of security. That will not solve the problem. It will only kill the internet of things. And, frankly, if information security isn’t an option, internet of things development will suffer.

Image by Zapp2Photo

January promises an end to FCC’s zero rating attack


There’s a quote posted in the guidance counselor’s office at my son’s middle school: “Fairness isn’t everyone gets the same.”

Unfortunately, that is how outgoing Federal Communications Commission Chairman Tom Wheeler has defined internet policy throughout his term, typified by the adoption of network neutrality rules under which no Internet Service Provider may provide speedier transmission, error correction or any other added value to any application crossing its network.

To do so, Wheeler believed, would favor certain applications with advantages unavailable or unaffordable to others. Never mind that consumers, applications providers and ISPs all benefit when some applications, like 4K streaming video, are handled differently. When that happens, according to Wheeler, everyone isn’t getting the same thing and it’s unfair.

Now that Wheeler has said he will step down on Inauguration Day, backing off a plan to retain his chairmanship through the beginning of the Trump administration, the FCC can move quickly away from ideologically driven rulemaking to more sensible policies that confront problems that actually exist.

In the days before he said he would step down, it looked as if Wheeler, an Obama appointee, was going to take a network neutrality inquiry well into 2017. Earlier this month, the FCC notified AT&T of a preliminary finding that the company’s DirecTV Now violates net neutrality because it does not apply streamed DirecTV programming against customers’ data caps.

The pricing strategy, known as zero rating, has become popular, especially among wireless carriers that, with limited spectrum, face more network management challenges in delivering bandwidth-intensive services. Zero rating is touted in that T-Mobile ad in which a young driver must choose between streaming Ariana Grande and using her navigation app. The driver gets her music and her app without paying more! Wheeler openly questions whether these promotions are net neutrality violations.

He’s not the first. For all we know, Wheeler ultimately might decide he’s fine with zero rating, given its consumer benefits. Still the fact that he is reviewing it at all underlines the arbitrary nature of the regulation and the “Mother, May I?” climate it has created.

Even if I thought net neutrality was a good idea, zero rating is not the first battle I would pick. Why attack a feature that gives consumers more utility for less cost? Even in the days when strict common carriage rules applied to phone service, the FCC didn’t ban toll-free 800 calling as unfair, even though a small bed-and-breakfast could hardly equal the telecom and marketing budget of a hotel chain like Sheraton. But when ideology dictates that every app gets treated the same, it doesn’t matter if the market has devised a way to foster more usage, more innovative apps and, in general, greater internet connectivity.

This is also an example of how technology regulations always lag the current market reality, as noted in my recent blog post on tech antitrust. The FCC’s network neutrality policy was formulated in the early 2000s, when most video files were 10-minute max uploads by YouTube users and massive multiplayer gaming was nascent.

In 2016, regulators are still trying to impose a one-size-fits-all regime on a medium that not only is replacing multichannel cable TV, but stands to form the foundation for everything from smart homes to autonomous vehicles to automated manufacturing. In this environment, a government policy that deliberately blocks any attempt at specialized differentiation in pricing or handling internet applications downright foolish.

Returning to my son’s middle school wisdom, the full quote, attributed to author Rick Riordan, goes, “Fairness does not mean everyone gets the same. Fairness means everyone gets what they need.” Consumers need zero rating and other such strategies to get full value for their internet dollar. Audio and video streaming providers, and any advertisers that support them, need zero rating to reach a wider audience. ISPs need zero rating to be competitive. It’s that simple.

Image by Mark Van Scyoc

Michigan looks to become autonomous vehicle mecca


Michigan Gov. Rick Snyder last week signed a package of four bills (S.B. 995-998) intended to signal the state’s commitment to the autonomous future, including by opening up 122,000 miles of roadway for autonomous vehicle testing in all kinds of conditions, allowing fleets of autonomous commercial trucks to travel together at a set speed and allowing the driverless vehicles of the future to travel on nearly every roadway in the state.

Michigan first passed legislation in 2013 to allow partially autonomous vehicles to operate on specific stretches of road, but only with a driver at the wheel. This new package should put Michigan ahead of the eight other states that currently have enacted legislation for self-driving cars, as well as a few others, like Arizona and Massachusetts, that have regulated the technology via executive order.

The package also grants legal authority for an AV testing and design center, creates a Michigan Council of Future Mobility and will permit networks of driverless cars to pick up passengers on demand.

Separately, the University of Michigan is readying a 32-acre site at its North Campus in Ann Arbor to become the Mobility Transformation Center, nicknamed Mcity. As the university describes it:

Mcity simulates the broad range of complexities vehicles encounter in urban and suburban environments. It includes approximately five lane-miles of roads with intersections, traffic signs and signals, sidewalks, benches, simulated buildings, street lights, and obstacles such as construction barriers.

California has been a locus of AV testing, but Michigan thinks its four-season climate and history as home to the Big Three auto manufacturers will generate a compelling case.  The Michigan Department of Transportation, engaged at every level in the new plans, is already collecting digital information for autonomous snowplows of the near future.

Image by Karsten Neglia

R Street panel on NHTSA rules for self-driving cars


When the National Highway Traffic Safety Administration released its much anticipated self-driving vehicle guidelines, instant reaction was generally favorable. But upon further reflection, a more complicated picture was revealed.

In light of the guidance, there are important questions that confront Congress, the states and industry. What new authority will Congress need to consider to oversee the development and deployment of self-driving vehicles effectively? Do the guidelines strike the correct balance between the state and federal spheres of authority? Do self-driving vehicles require heightened regulatory scrutiny?

I moderated an Oct. 11 R Street panel to consider those questions, joined by David Strickland, former NHTSA administrator and counsel to the Self-Driving Coalition for Safer Streets; Hilary Cain, director of technology and innovation policy at Toyota; Gary Shapiro, president of the Consumer Technology Association; Marc Scribner, a fellow at the Competitive Enterprise Institute; and, Adam Thierer, a senior research fellow with the Mercatus Center at George Mason University. Video of the event is embedded below.