CPSR'S APPROACH TO ADVISING POLICYMAKERS

October 17, 1996

In the early 1980s, a group of computer researchers in California formed an organization called Computer Professionals for Social Responsibility (CPSR) to address their concerns about military application of computing technology and military funding of computer-science research. The organization quickly grew to a membership of about 2000 nationwide and has remained at approximately that size ever since. CPSR also has broadened its focus to include electronic privacy, computers in the workplace, and other areas where computer technology affects society.

From the beginning, CPSR has enjoyed much greater influence over technology policy in the United States than one might expect given the size of its membership. This influence often comes about by CPSR's being directly involved in the policymaking process. Policymakers at all government levels -- federal, state, and local -- pay attention to CPSR's analyses and positions, and often solicit CPSR's involvement in policy deliberations. See the accompanying sidebar for a summary of situations in which CPSR has had direct influence on government policymakers in the U.S.

Even though this chapter focuses on ways in which CPSR and FifF have been *directly* involved in advising policymakers, it is worthwhile to mention briefly several *indirect* ways that such organizations can have an impact. For example, CPSR often sponsors public talks and debates on the issues within its purview, organizes and sponsors conferences, publishes books and articles, and serves as a resource for the broadcast and print media. Another indirect means CPSR has of influencing policy is raising the social consciousness of computer professionals, enhancing their ability to recognize and control how their work affects society.

One thing to mention about CPSR's ability to advise policymakers is that CPSR, like other non-profit, tax-exempt, public-interest organizations in the U.S., is not permitted to spend much of its budget advocating specific legislation. Such activity is called "lobbying". Tax-exempt organizations are not supposed to lobby. For example, CPSR cannot print many articles in its Newsletter supporting or opposing proposed laws. However, this does not prevent CPSR from directly advising legislators. Organizations such as CPSR may spend a small proportion of their budget on lobbying activities. CPSR can also publish as many articles as it wants that provide general education about the issues raised by a pending policy decision or proposed law. Furthermore, lobbying done by volunteers costs no money and therefore doesn't count against the organization's limit. Finally, advising lawmakers is not considered lobbying if the lawmakers request the advice.

WHY CPSR HAS INFLUENCE

If CPSR had millions of members, it would be easy to understand why politicians in the U.S. listen to its analyses and recommendations: potential votes. Given CPSR's relatively small membership, something else must account for its high degree of influence with policymakers. It seems likely that several aspects of CPSR's organizational purpose and identity play an important role.

First, CPSR provides policymakers with technical expertise that is free of any direct stake in the policy being discussed. The stakeholders in a policy decision are those who stand to gain or lose as a result of it. The commodities most often at stake are money and power. Stakeholders include companies in industries that sell or use technology (in both regulated and unregulated industries), government agencies, and organizations of people who would be affected. Large stakeholders always present their arguments to policymakers. It is worthwhile for them to pay experts to back up their position with technical arguments, e.g., "It would work better to do it our way instead of your way," or "What you're asking us to do is technically infeasible." Since government policymakers usually lack technical expertise, they have no way to evaluate such arguments on their own. Therefore, they welcome technical advice from an organization that does not represent a stakeholder interest.

Second, it is important that CPSR represents the "public-interest", rather than a "special interest". In American English, a "special-interest group" is an organization that works to improve conditions for a sub-group of the population. Examples of special interest groups might be industry associations (e.g., the American Electronics Association), labor unions (e.g., United Autoworkers), and citizens groups (e.g., the American Association of Retired People). A "public-interest group," in contrast, works to improve or maintain conditions and rights for everyone, not just members of any particular group. Examples of public-interest groups in the U.S. are the American Civil Liberties Union (ACLU), the American Heart Association, and CPSR. Because of its name, some people think CPSR is an advocacy organization for computer professionals, but in fact, CPSR is not and has never been that sort of organization, but rather seeks to improve the impact of computer technology on everyone. Policymakers recognize this, and pay more attention to CPSR as a result.

Third, for influencing policymakers in the U.S. Federal government, it is important that CPSR's base of operations is outside of Washington, D.C. Politicians and their staff in the capital are so often bombarded with opinions and suggestions from think-tanks, policy institutes, and lobbyists "inside the beltway" (refering to the circular highway that rings the U.S. capital city) that they tend to pay less attention to them than to organizations based "outside the beltway".

Fourth, when advising policymakers at all levels of government, it helps that CPSR has a membership, even though a small one. (Policymakers sometimes assume that CPSR is larger than it really is, and CPSR doesn't always bother to correct their impression.) Politicians and their staff often seem to place more weight on advice they get from someone who represents a public constituency, rather than from someone who represents the opinion of an individual, a company, or an industry.

Fifth, CPSR has influence on policymakers because it has a reputation for providing well-reasoned arguments and positions. There are two very different ways a public-interest organization can speak out on an issue. CPSR's historically-preferred approach is to present its positions "professionally," be diligent in doing its homework, and have evidence to back up its claims. This tendency is probably the result of CPSR's origins in academia and research labs. It certainly is effective in winning the respect of government policymakers. The alternative approach is to be loud, inflammatory, and strident in presenting arguments. In the U.S., this is called "presenting catchy sound-bites." While this tactic gets the attention of the press and the public, CPSR uses it sparingly, because an organization that uses it too much may find itself no longer welcome at the policy table.

Sixth, while CPSR often positions itself as a dissident voice in the computer industry, the organization is usually willing to work with authorities to devise policies that benefit the public. As a result, CPSR is treated as a fellow policymaker. The danger of this is that CPSR could be co-opted and compromised into positions with which it disagrees. On the other hand, if CPSR always acted as a vocal dissident, it might remain true to its ideals, but would probably be marginalized and ignored by policymakers, thereby being rendered ineffective.

Seventh and last, it helps that policymakers are impressed by CPSR's credentials. The representatives CPSR sends to advise policymakers tend to have advanced degrees, faculty and research jobs, technical publications, etc. CPSR also has an Advisory Board onsisting of some of many world-class computer scientists and professionals. Unlike CPSR's Board of Directors, members of the Advisory Board rarely take an active role in the organization. Their main function is to lending their eminence to the organization so that policymakers will take CPSR seriously.

COMMON PATTERN

When one examines the many situations in which CPSR has participated in government policymaking, a common pattern can be seen, consisting of some or all of the following steps:

1. Someone in a government agency notes a problem (e.g., that it is costly and slow to collect road tolls) and proposes a technological solution (e.g., putting a unique-identifier + transponder in every auto). Those who propose the solution often do not notice problems it would create, or they base their proposed technological solution only on best-case analyses.

2. CPSR gets involved either by inserting itself into the policymaking process through public-comment opportunities or by being invited in by policymakers. Sometimes CPSR is invited to participate in an official capacity after CPSR members have testified as members of the public, because policymakers see that CPSR can provide technical expertise that is independent of any stakeholder position.

3. CPSR produces an analysis that points out flaws or disadvantages of the proposed solution. These usually have to do with privacy, reliability, and safety.

4. The agency that proposed the criticized technological solution accuses CPSR of being opposed to technological progress, and of being against solving the original problem, e.g., against alleviating traffic jams at toll booths.

5. CPSR proposes a solution that solves the original problem but without the undesirable side-effects, e.g., encrypted temporary vehicle identifiers, issued anew at the beginning of each trip.

6. The agency claims CPSR's solution isn't feasible, and eventually reveals that they have reasons other than those they initially stated for their particular proposal. That is, they consider some of the "negative" side-effects CPSR has exposed to be *desireable*, e.g., to help keep track of peoples' whereabouts. CPSR's alternative, which avoids those side-effects, is therefore unsatisfactory to them.

Fortunately, step 6 of this pattern is not always present. In many cases, the alternative solutions proposed by CPSR have been adopted, satisfying the government agency and serving the interests of the public.

A good example of CPSR influencing government decisions by advising policymakers is provided by the Calling Number ID controversy. It is a good example because it contains most of the steps in the above-mentioned pattern, because CPSR advised policymakers at several levels of government, and because the advice was delivered both directly and indirectly.

Calling Number ID (CNID) is a new telephone service that delivers the numbers of calling telephones to the recipient's telephone. It is often referred to as "Caller ID," even though that name is less accurate. The stated purpose of CNID is to allow people to screen the calls they receive. A full explanation of CPSR's position on Calling Number ID is beyond the scope of this chapter. For present purposes, suffice it to say that CPSR finds CNID to be a poor solution for screening calls to residences as well as a threat to people's privacy, and believes that better solutions are possible that don't have CNID's problems.

CPSR's initial involvement in the CNID controversy was to publish several opinion articles about it. The articles were published in the CPSR Newsletter and in newspapers around the U.S. Then, CPSR began to get directly involved in hearings being held by Public Utilities Commissions (state agencies that regulate telephone industry and other utilities) in several states.

In California for example, a CPSR member spoke at a public participation hearing, and was immediately invited by the Commission to participate in more official hearings. In addition to testifying in the hearings, CPSR provided written background material to Commission officials. In these hearings, CPSR proposed alternatives to CNID that avoid the privacy problems of CNID, but the telephone companies argued that those alternatives were not feasible. Unfortunately for them, it was revealed during the hearings that the alternatives were quite feasible, and that the telephone company had in fact implemented some of them already. It became clear that "infeasible" really meant "unsatisfactory to businesses," and that the desire of businesses to collect consumer data is the actual motive for CNID. The hearing officer therefore recommended to the California PUC that CNID be disallowed in California. The Commission then decided to allow CNID, but with such severe privacy safeguards that the telephone companies decided not to offer the service because under those conditions it wouldn't be profitable enough for them.

In Oregon, the situation was better: step 6 of the above-described common pattern was absent. CPSR's participation in the PUC hearings led to direct discussions with telephone company officials, from which important compromises and improvements emerged.

Afer testifying in several state PUC hearings, while waiting for the PUCs to reach their decision, CPSR returned to indirect advocacy, publishing opinion articles in the popular press to improve public awareness of the problems of CNID. CPSR also began advising state legislatures, which had responded to the CNID controversy by considering laws that would, independent of PUC decisions, require telephone companies to provide privacy safeguards.

When several of the Public Utilities Commissions CPSR had advised eventually decided to place strong privacy restrictions on CNID, telephone companies ran crying to the to the Federal Communications Commission (FCC) of the U.S. government, arguing that it should overrule the decisions by the states. CPSR submitted written arguments to these hearings on several occasions. Unfortunately, the FCC decided to impose a single rule nationwide -- overruling the state decisions -- that provides weaker privacy protection. Several states appealed and requested delays in the starting date for CNID, and CPSR submitted testimony to the FCC supporting this request.

The example of CNID shows that advising government policymakers on technology matters is quite complicated: it can be done in a variety of ways, at many different levels of government, and it requires extensive preparation to overcome determined and often well-funded opposition.

APPENDIX: SITUATIONS IN WHICH CPSR HAS ADVISED POLICYMAKERS DIRECTLY

Federal:

• - Invited to debate before Congressional staffers on SDI in early 1980's. - Asked by House Representatives to review FBI NCIC 2000 proposal in mid-1080's. Wrote report.
• - Solicited and collected e-mail Advice for (newly-elected) President Clinton about the Information Superhighway, and delivered it to his staff in early 1993.
• - Asked by White House office of science and technology policy to write NII report in 1993.
• - Held privacy policy roundtables in early 1990s; invited administrative and congressional staffers.
• - The Telecommunications Policy Roundtable/Northeast, of which CPSR is a founding member-organization, met with staff of Senators Edward Kennedy and John Kerry, and Representative Edward Markey in 1995. - Submitted written testimony to FCC hearings on CNID in early to mid-1990s. - Submitted expert testimony in Federal cases having to do with computer crimes, e.g., Operation Sundevil.
• - Invited to offer testimony before the U.S. Academy of Sciences' National Cryptography Policy Committee in 1995.

State:

• - Advised several state public utilities commissions on CNID: California, Washington, Oregon, Pennsylvania, Massachusetts. - Advised California state legislature on privacy issues and on making govt. info available online.
• - Testified at a CalTrans hearing on privacy implications of automatic vehicle identification for toll collection. - Testified in Virginia state deliberations on uses of social security numbers. - Participated in Washington State Governor's Task Force on Public Information Access Policy. The task force produced a report that is being used to devise legislation.
• - Served on a Citizen's Advisory Board in Washington State that provides the Public Utilities Commission with a public-interest perspective on cases before it.
• - Testified and advised Washington State legislature regarding privacy laws. - Assist with California NetDay: connecting local school districts to the Internet.
• - Invited to testify on issues of privacy for student records before the Pennsylvania House of Representatives Education Commitee, 1995-1996.

Local:

• - Reviewed Santa Clara county's implementation of data-protection laws and recommended improvements.
• - Invited to participate in Sunnyvale city meetings on future NII policy. - Work with city libraries and governments in various cities around the U.S.to set up local civic computer networks (e.g., the Seattle Community Network).
• - Advised local governments on risks of computerized election-tallying systems. - Serving on Citizens' Telecommunications and Technology Advisory Board for the Seattle (Washington state) City Council.