Organized e-mailers can drown rule-making
By Robert Gellman
The citizen-friendly e-mail capability you've spent years setting up can turn and bite your agency.
In particular, agency rule-making or rule proposals can be affected by organized
e-mailers who can overwhelm you and your rule-makers.
Here's a case in point. Late last year, four bank regulatory agencies, including the Federal Deposit Insurance Corp., published rules that became known as Know Your Customer, or KYC. The rules would have required banks to verify the identity of customers, know where their money comes from and determine their normal pattern of transactions. Banks would have to report to law enforcement authorities any suspicious transactions or activities. The goal was to assist the government in its efforts to combat money laundering and other illegal activities.
Horrified people in the privacy and Internet communities saw this proposal as an invasion of privacy. Banks would become a surveillance arm of law enforcement agencies so the government might be able to avoid inconvenient requirements such as satisfying statutory access rules or meeting standards for starting criminal investigations. Let the banks do the work and pay the costs, too. But the merits of that proposal aren't my point here.Thunderous response
The public response to a seemingly mundane bank regulatory proposal was extraordinary. FDIC accepted public comments over the Internet, and it received more than 250,000. Yup, a quarter of a million people filed comments, 100 times more than had ever filed comments on a banking regulation before. All but a few opposed the rule.
The political response to the public comments was also extraordinary. Toward the end of the comment period, the Senate voted 88-0 to ask regulators to drop the KYC proposal. The House Banking Committee adopted an amendment that would have killed it. Politicians didn't have any trouble sensing the public view on this issue. In the end, neither did the banking agencies. They all bowed to the inevitable and withdrew the proposals. Encouraged, some privacy advocates vowed to press for new restrictions on existing money laundering laws. That seems unlikely, but you never know.
In this case, the electronic outpouring resulted from an incredibly strong public concern about privacy. The push to kill KYC came from left- and right-wing advocates who shared a concern about privacy and increased governmental power. Now that they know how to use the Internet to undermine anti-privacy regulatory proposals, you can expect more of the same.
But this is not only a privacy phenomenon. It is an Internet phenomenon. Advocates for any issue can use the Internet to identify government proposals they find unappealing, find a constituency of like-minded people and organize a comment filing effort.
This type of activity used to be expensive and time-consuming. Doing it on the Net is a snap. People who would never bother to write a snail-mail letter can easily find some suitable verbiage already written by others. With a few mouse clicks, a person can clip and paste those comments and send a new e-mail off to an agency. It's cheaper than a stamp and envelope. One KYC opponent wrote that filing comments was a lot better than writing his congressman.
Agencies are obligated to consider all comments and respond to objections in some substantive fashion. Burying an agency in comments will certainly slow a proposed rule down, if not stop it altogether. Can you imagine reading and summarizing 250,000 comments?
For years, the Republicans tried to throw every monkey wrench they could into the rule-making process. They burdened rule-making with new requirements to slow or stop new regulations altogether. Nothing really worked, of course, because they kept passing laws with new regulatory requirements.
Who would have thought that the Internet would have become the ultimate monkey wrench? Rule-making may never be the same again. I don't know the next target for this type of public participation in the rule-making process. It may be another anti-privacy proposal, an environmental regulation or anything at all.
If I were a federal agency, however, I would sure think twice about messing with privacy enthusiasts or similar groups. As a program manager or systems administrator, I'd brace myself when the policy folks get too far out in front of public opinion.Robert Gellman is a Washington privacy and information policy consultant. His e-mail address is firstname.lastname@example.org.