Innovation Files has moved! For ITIF's quick takes, quips, and commentary on the latest in tech policy, go to

Science & Tech

Photograph of the NIST Advanced Measurement Laboratory (AML) building Gaitherburg, MD

Impact of Sequestration on Technology and Innovation

As required by the Sequestration Transparency Act, the White House released details about how the $120 billion in budget cuts would be applied if Congress does not stop the sequestration plan agreed to as part of the Budget Control Act. As the White House's document makes clear, these budget cuts would have a dramatic impact on the budget of defense and non-defense programs, including many projects important for technology R&D, modernizing government, spurring clean energy innovation, and developing digital platforms. Many of these cuts will have a substantial impact on specific policy initiatives. For example, these cuts include $86 million in cuts to DHS's information security program and $8 million in cuts to the Public Safety Trust Fund. It also includes $400 million in cuts to basic energy research as well as $23 million to high-risk, high-reward clean energy R&D at ARPA-E. In terms of information technology (IT), these cuts include:
  • National Institute of Standards and Technology (NIST) - $62 million
...Read the rest

MCX Announcement Highlights Growing U.S. Interest in NFC-Based Mobile Payments

The announcement today that more than a dozen retailers have announced plans to create a mobile-payments system called Merchant Customer Exchange (MCX) highlights the growing interest in near-field communications (NFC)-based mobile payment solutions in the United States, a field in which the United States has trailed several Asian countries. The competition this will create with Isis—a mobile-payments solution being developed by AT&T Mobility, T-Mobile USA, and Verizon—Google Wallet, Square, and others will drive innovation and growth in the nascent industry while encouraging competitors to develop solutions delivering maximum value for consumers. However, as ITIF notes in Explaining International Leadership in Contactless Mobile Payments, it remains important for policymakers to support the development of interoperable NFC standards so that these solutions can work across a wide array of mobile devices and point of sale systems. Moreover, any successful mobile wallet system should be able to do more than simply handle payments; it should be fully functional, storing identification/authentication credentials and/or key codes, thus enabling customers to check into hotels, movie theatres, schools, gyms, etc. using their mobile device.

Safari browser

Whatever happened to “No harm no foul”?

The Wall Street Journal (WSJ) reports that the Federal Trade Commission (FTC) is close to reaching a record settlement with Google for the charge that it tracked Apple Safari web browser users. Google had earlier signed a 20-year consent decree in which it agreed not to misrepresent its privacy practices to consumers. Tracking Apple Safari users appears to be in violation of that agreement because Google had posted a statement in its online help center stating that these Safari users would not be tracked. The WSJ reports that Google will pay a penalty of $22.5 million, a record fine for the FTC.

When this issue first came out I wrote a post in which I argued:

“As always, the FTC can and should investigate if it discovers legitimate concerns about the business practices of a particular company. But companies should not face punitive sanctions for actions that do not cause consumer harm and are taken in good faith. To do so would discourage the type of fast-paced innovation that has defined the remarkable progress of the Internet era.”

I stand by these comments today. It’s always good to see

Read the rest

decoder ring

Decoding the “Declaration of Internet Freedom”

Online activists have started promoting a new manifesto for the Internet. Unfortunately their message was written in code. Luckily I’ve obtained a secret decoder ring that decrypts their message. I’ve posted both the original and decoded message below. They say: “We stand for a free and open Internet.” They mean: “We want free Internet service and free content.” They say: “We support transparent and participatory processes for making Internet policy and the establishment of five basic principles.” They mean: “We want all views we disagree with discarded after an open and participatory process.” They say: “Expression: Don't censor the Internet.” They mean: “Don’t take down pirated content.” They say: “Access: Promote universal access to fast and affordable networks.” They mean: “Everyone should be able to quickly download pirated content.” ... Read the rest

Library of Congress reading room

We Need More than a “Good Samaritan” Law for Cybersecurity Information Sharing

With the Senate planning to vote on cybersecurity legislation in early June, opponents of the legislation are stepping up their opposition. During the Memorial Day recess a coalition of groups plan to pressure members of Congress to oppose the two Senate cybersecurity bills: S. 2105, the Cybersecurity Act and S. 2151, the Secure IT Act.  These groups assert that the information-sharing measures included in the bills will violate individual privacy rights. While much of the debate about information sharing has focused on the privacy aspects, some have basically argued that information sharing has little to no value for improving cybersecurity. For example, Jim Harper at Cato Institute has complained about “the fetishization of information sharing on Capitol Hill.” In his view, the government should have a minimal role, if any, in promoting information sharing for cybersecurity purposes. Instead we should “let competitive pressure drive cybersecurity, rather than collective, government-run cybersecurity information sharing programs.”

While I agree that information sharing is not the only, nor even close to the most important, aspect of improving cybersecurity, it is still highly relevant. For example, although the number of zero-day attacks was down in

Read the rest

Soldier fills out an absentee ballot

The Importance of Absentee Voting for Accessible Elections

In a new report, Thad Hall and Mike Alvarez, political scientists at the University of Utah and Cal Tech respectively, provide the first comprehensive assessment of political participation by people with disabilities in the United States in the 2008 and 2010 elections. Importantly, the report also highlights the impact that various policies can have on the accessibility of elections for people with disabilities. The report is worth a read in its entirety but I will repeat a few of the interesting top-level findings:

  • People with disabilities were less likely to vote than people without disabilities. In 2008, they were 7% less likely; in 2010, they were 3% less likely.
  • People with disabilities were less likely to be registered to vote than people without disabilities. In 2008, they were 4.6% less likely; in 2010, they were 1.2% less likely.
  • Compared to individuals without disabilities, people with disabilities are more likely to report a voter registration problem, having difficulty with voting equipment, and having needed help voting. On a positive note, they were less likely to report having to wait in line. (One reason for this might be some jurisdictions allow
Read the rest

A "Wordle" of NIST

Improved Metrics Should be Primary Goal of FISMA Reform

Cybersecurity policy generally focuses on one of three areas: 1) federal agencies, 2) critical infrastructure (which sometimes overlaps with #1), or 3) “everything else.” While much of the debate about cybersecurity legislation in Congress has been about the latter two, reforming the security policies and practices of federal agency is important as well. The Federal Information Security Management Act (FISMA) is the primary policy that specifies the security requirements for information systems managed by federal agencies. This year will mark the 10-year anniversary of FISMA which was signed into law as part of the E-Government Act of 2002. As we approach this milestone, it seems clear that agencies are better off today than they were 10 years ago, but more progress is needed. In particular, FISMA should be improved so that agencies report on security performance, not just security compliance. The purpose of FISMA was to institutionalize the information security programs that agencies had begun to develop as part of the Government Information Security Reform Act (GISRA). Under GISRA (and later FISMA) agencies were required to develop a comprehensive security plan for their IT systems. This included creating a risk-based,

Read the rest

Swiss National Park

Greenpeace Misses the Forest for the Trees

This week, Greenpeace came out with a report that takes several IT companies – Apple, Amazon, and Microsoft – to task for relying on so-called dirty energy to power their data centers. Even disregarding the fact that the report, How Clean is Your Cloud?, inexplicably puts nuclear power on par with coal power as an unclean energy source, Greenpeace’s analysis ironically misses the forest for the trees. While it is indeed unfortunate that some IT companies and businesses in general may derive their energy from undesirable sources, the underlying issue of real importance is that clean energy is too expensive.

ITIF said as much last year when commenting on the release of a similar Greenpeace study:

Read the rest

Panopticon drawing from Jeremy Bentham

Create a Virtual Panopticon to Cut Wasteful Government Spending

As the federal debt continues to grow, examples of wasteful government spending rightfully antagonize taxpayers who are fed up with footing the bill for unnecessary expenses. This has been brought to the forefront in recent months because of the GSA’s lavish Las Vegas Conference where over $800,000 was spent on commemorative coins, clowns, and a mind reader. Today, the House Committee on Oversight and Government Reform held a hearing where Members of Congress took turns expressing outrage over GSA’s unchecked spending.

While it appears criminal charges may be filed in this case, the real question now is how do we prevent this from occurring next time? While bad judgment and negligence certainly played a role in some of this, at least part of the problem is that there is still a lack of transparency and accountability in government spending.  Even at the hearing today, Members of Congress were unable to get facts about recent spending at conferences held in Palm Springs and Napa Valley.

As I watched the hearing today, I couldn’t help but wonder, why not make more of this data public by default?

Read the rest

cover of FTC report on privacy

The FTC Report on Consumer Privacy Misses the Mark

This week the FTC released its much anticipated report on consumer privacy, “Protecting Consumer Privacy in an Era of Rapid Change”. The report is an update to the preliminary staff report released in December 2010 which laid out the FTC’s proposed framework for privacy. In the new report, the FTC lays out a set of principles for consumer privacy and calls on Congress to implement privacy legislation using the framework laid out in this report.  While the report does provide a comprehensive discussion of many of the major privacy challenges, too often the report sides with privacy advocates at the expense of competition and innovation.

One important change in the new report is that the FTC has proposed that its privacy framework apply to all commercial entities that collect or use consumer data, except those who collect data on fewer than 5,000 consumers.  The FTC exempts small businesses from the privacy framework because of the potential burden that would be imposed on them. However, larger businesses would face similar burdens and these costs would ultimately be passed on to consumers.

Read the rest