DOJ Provides Significant First Step in Surveillance Transparency Improvement

Yesterday, the U.S. Department of Justice (DOJ) announced that it would allow companies to publicly report more details about the government’s demands for user data under national security authorities. This is a very significant improvement over current law, but the enhanced disclosures still fall short of the recommendations provided by the President’s Review Group and the Privacy and Civil Liberties Oversight Board (PCLOB).   It also falls short of broadly supportive legislative proposals , providing less detailed reports on the number of requests and continuing to prohibit companies from specifying what provision of law authorized the order (for example, Section 702 or 703 of FISA).

Greater transparency is critical not only for the American people, who are entitled to have an informed public debate about the appropriateness of that surveillance, but also for international users of U.S.-based service providers who are concerned about privacy and security.

SIIA views this announcement as a very positive step forward and an indication of the Obama administration’s serious commitment to enhanced transparency.  However, as Congress considers surveillance reform proposals in 2014, we hope to see enactment of transparency measures which will enable U.S. ICT companies to publish additional basic statistics about government demands for user data.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPolicy.

SIIA Digital Policy Roundup

SIIA Submits Comments on U.S. Department of Commerce Green Paper
On Friday, SIIA submitted comments to the Internet Policy Task Force in response to its request for public remarks on its Copyright Green Paper. Addressing a majority of the Task Force’s questions, SIIA’s response focused in on the Task Force’s examination of the first sale defense in the digital environment. In summary, SIIA is concerned that potential application of the first sale doctrine to licensed material, or other undue restrictions that may be placed on either the ability of publishers to license or the manner in which publishers license, will make it more challenging for publishers to recoup the investment they have made to develop new products and update existing ones and to widely distribute their products and services to the public in the manner that consumers enjoy today.

President’s Privacy and Surveillance Announcement a Mixed Bag
On Friday, the President announced the outcomes of a broad-ranging review of U.S. intelligence programs. Mark MacCarthy attended this event in person on behalf of SIIA. The President’s speech followed the release by SIIA and ITI on Thursday of Global Principles for Governments Engaged in Surveillance Activities. In conjunction with his speech, the President issued a Presidential Policy Directive (PPD) that “lays out new principles that govern how we conduct signals intelligence collection, and strengthens how we provide executive branch oversight of our signals intelligence activities.” The President also provided a fact sheet that provides a general overview of his recommendations and next steps.

In general, the President’s recommendation represent a step in the right direction, including several of our recommendations, such as a call for greater transparency, the creation of a special advocate to participate in FISC proceedings, a commitment to centralize and improve the Mutual Legal Assistance Treaty (MLAT) process, and extension of meaningful human rights protections to non-U.S. persons. SIIA issued an immediate statement citing this as a positive step forward, expressing our disappointment about the lack of detailed transparency improvements and pledging to engage on the “big data review.” In addition to using the opportunity to conflate government surveillance with consumer privacy issues, the President did NOT express any support for reforming of the Electronic Communications Privacy Act (ECPA).

Trade Talks with Europe Continue with Consultation on Investor-to-State Dispute Settlement
On January 22, EU Trade Commissioner Karel De Gucht announced his decision to consult the public on the investment provisions of the Transatlantic Trade and Investment Partnership (TTIP). In early March, he will release proposed text for the protection of investments and investor-to-state dispute settlement (ISDS) and allow the EU public three months to comment. The focus of the Commission’s concern appears to be ISDS and the need to protect the national right to regulate in the public interest. The Commission has come under criticism from some civil society groups who say that ISDS would undermine the EU’s regulatory prerogatives. The consultation reflects the Commission’s strong desire to demonstrate that it is taking into account civil society, as well as business, input into TTIP. But the TTIP negotiations themselves are going forward as USTR officials have clarified. Moreover, the EU press releaseon the subject states: “No other part of the negotiations is affected by this public consultation and the TTIP negotiations will continue as planned.” SIIA members interested in providing views on ISDS should send comments to Senior Director for International Public Policy Carl Schonander at

NIST Provides Update on Cyber Framework, Privacy Methodology
Last week, the National Institute of Standards and Technology (NIST) provided an update regarding the development of the Cybersecurity Framework. Among the changes, NIST announced its intention to substitute the proposed methodology for privacy and civil liberties in Appendix B by incorporating the alternative methodology, supported by SIIA and others in the business community, into the “How To Use” section of the final Framework with additional context on privacy derived from comments and public input. NIST also indicated that it will continue to consider privacy standards and best practices as an area of focus for future work and in the next version of the Framework. NIST is still expecting to publish the Cybersecurity Framework (Version 1.0) on Feb. 13, 2014. The Framework is intended to be a “living document,” and NIST intends to continue updating and refining the Framework based on lessons learned through use as well as integration of new standards, guidelines, and practices that become available.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPubPolicy.

SIIA Digital Policy Roundup: New year kicks off with Student Privacy, Copyright Review, Trade, Data Security and More

First weeks of 2014 Promise a Busy Year on Student Data Privacy
Senator Edward Markey (D-MA) announced plans today to introduce student data privacy legislation, likely amending the Family Educational Rights and Privacy Act (FERPA). The announcement was made at an EPIC event and featured reaction from CLIP’s Joel Ridenberg and USED CPO Kathleen Styles, among others. Senator Markey’s legislationwould restrict the use of student data for commercial purposes, require parental access and correction, require minimum security safeguards, and require private companies to delete information no longer needed to serve those students. SIIA responded that Federal Laws Protect Student Privacy. This week’s USED response to questions from Senator Markey similarly reinforced current federal protections. Meanwhile, state legislatures are considering bills across the country ranging from parental opt-in or opt-out to Parent’s Bill of Rights to breach penalties to state chief privacy officer appointments. With multiple bills pending in New York, SIIA met last week with the senior staff of NY Governor Andrew Cuomo to inform the Governor’s understanding and policies. Please review and share SIIA’sFrequently Asked Questions about Student Data Privacy.

House Kicks off Copyright Review Agenda for 2014
On Tuesday, the House Judiciary IP Subcommittee kicked off 2014 with a return to its review of the Copyright Act with a hearing on the Scope of Copyright Protection. This is the first of several copyright review hearings planned for this year, including additional hearings on the scope of fair use and the notice and takedown system. We expect that additional hearings will also focus on the Copyright Office operations, and other issues that have been raised by theU.S. Copyright Office (e.g., Orphan Works, Small Claims Court) or in the Administration’s Copyright Green Paper (e.g., statutory damages, first sale) among other topics. The topics will be addressed generally in the order they appear in the statute. In 2013 the Committee averaged about one copyright review hearing each month. We expect that will increase to about 1 1/2 hearings per month in 2014. SIIA will continue to closely track this ongoing process and provide input to the Committee as appropriate.

EU Report on Safe Harbor Begins U.S. – EU Negotiations
Stakeholders in the United States are currently assessing the Commission’s 13 recommendations contained in the November 27, 2013 Communication to the European Parliament and the Council on the Functioning of the Safe Harbor from the Perspective of EU Citizens and Companies Established in the EU. With these recommendations, the Commission has made many constructive suggestions and demonstrated a willingness to continue to preserve the Safe Harbor framework.
SIIA is encouraged that the United States and the European Union are in a position to work intensively to arrive at mutually acceptable agreements on the future of the Safe Harbor. The U.S.-EU negotiations on the Safe Harbor start this year in Brussels, the week of January 20. These talks are expected to continue until the summer and SIIA will be working intensively with members to provide U.S. negotiators with suggestions and feedback during the coming six or so months.

Additional Digital Policy Developments You Should Know
The first two weeks of 2014 were filled with as many digital policy developments as any in recent memory -surely a harbinger for the remainder of the year. Here’s a rundown of other top digital policy issues that we’ll cover next more detail in the weeks ahead:

  • Data Security - the Target data breach has caught the attention of policymakers far and wide, spurring a renewed push on the Hill for data security legislation.  Most notably, Sen. Judiciary Chairman Patrick Leahy has re-introduced his legislation on this topic and has made it one of his priorities for the year.
  • Net Neutrality - A federal appeals court sent shockwaves through the Internet on Tuesday with its much anticipated ruling on net neutrality, striking down the FCC’s regulations that require Internet providers to treat all traffic the same.  The immediateresponse from FCC Chairman Tom Wheeler was a pledge to “consider all available options, including those for appeal, to ensure that these networks on which the Internet depends continue to provide a free and open platform for innovation and expression…” The ruling is also likely spur a renewed push on the Hill for a legislative fix.
  • Privacy and Surveillance Review - The major issue of the year for 2013, revelations about USG surveillance, continues to sit on a hot front burner in 2014, as Congress already held a high-profile hearing and President Obama is expected to issue new proposals on the topic Friday.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPubPolicy.

SIIA Digital Policy Roundup: Many Key Developments As 2013 Comes To A Close

SIIA Responds to Student Privacy Fears
With increased public attention to the issues of student data privacy in K-12 schools, SIIA released responses to Frequently Asked Questions about Student Data Privacy. SIIA hopes it will help address much of the public misunderstanding and inform policymakers. Adding to the debate was a recent critical study out of Fordham Law School, “Privacy and Cloud Computing in Public Schools.” SIIA responded with a statement that the CLIP Study on Privacy and Cloud Computing Doesn’t Account for Strict Federal Data Protections. SIIA also held a webinar for members only with federal officials explaining FERPA guidance. SIIA expects 2014 to present a very busy state (and possibly federal) legislative season around student information privacy and related issues. For example, SIIA is reviewing recent NY State legislation after having testified in November before the state education committee.

Senate Commerce Cmte. Gets Jump on Data Broker Debate
On Thursday, the Senate Commerce Committee went out with a bang by releasing aCommittee report and holding a high-profile hearing to explore how “data brokers,” collect and use data. This is a very important issue to SIIA member companies, as the expansive definition often used to define a “data broker” could be interpreted to include an extremely wide range of companies that collect and share consumer information. As policymakers consider whether new laws or regulations are necessary to protect consumers, SIIA released a white paper about how the Fair Credit Reporting Act (FCRA) consumer protection framework is keeping pace with technological innovation to protect consumers and is s a good model for privacy policy in the age of data-driven innovation. The FTC is also expected to release a long-awaited report on the topic no later than February 2014, and hold a workshop to explore potential gaps in current regulation.

Intellectual Property Priorities Hot topic in Closing Months
Over the past weeks we have seen significant action on two of the most important intellectual property issues to SIIA: Patent Litigation Abuse Legislation and Copyright Review. As reported previously, the Innovation Act, H.R. 3309, passed the House two weeks ago, and this Tuesday the Senate held a hearing to consider its own legislative proposals. The Supreme Court also announced that it was will be taking on patent issues in 2014 when it decides a case that will determine the appropriate standard for the patentability of software, and just last week the PTO appointed the new Deputy Director, Michelle Lee. Last week, the PTO and NTIA also held a long-awaited policy meeting to discuss important copyright issues in the digital environment that were raised in the Copyright Green Paper. Additional roundtables will be held on these issues in the first half of 2014. The House also plans on holding copyright review hearing in early January relating to the scope of copyright rights and other topics.

2013 Wraps without Postal Reform, Rate Hikes Pending
With Congress heading into recess, it is official that 2013 will end without enactment of postal reform legislation – in fact the Senate failed to keep pace with the House when the scheduled Committee markup scheduled for Dec. 18 was postponed due to a lack of support by committee members. It goes without saying that this doesn’t bode well for postal reform in the second session of Congress in 2014- an election year. In the meantime, the much anticipated decision about the the Postal Service’s proposed exigent rate increase is expected from the Postal Regulatory Commission any day now.

SIIA Commends Surveillance Reform Recommendations
On Thursday, SIIA commended the White House Review Group on Intelligence and Communications Technology, for proposing surveillance recommendations that closely tracked recommendations that SIIA made in our October comments to the Group. In ourpublic response, we reiterated our call for reforms that will preserve U.S. national security interests, but with built-in privacy protections. Additionally, SIIA highlighted the critical priority for governments around the world to engage in global dialogue regarding policy reforms on surveillance and pledged to continue working closely with the Obama Administration as they consider these proposed reforms.

Federal IT Reform Pulled from Spending Bill
Add federal IT reform to the list off issues that will be punted to the second session of the 113th Congress. One of the last acts of Congress this week was to pass legislation Authorizing FY2014 National Defense spending, but the legislation was stripped of the Federal IT Acquisition Reform Act (FITARA), which was included in the original defense authorization bill passed in the House this summer. Therefore, this issue will now have to be addressed either as part of next year’s defense authorization or as a stand-alone bill. To that end Sen. Tom Udall (D-NM) and Sen. Jerry Moran (R-KS) introduced new reform legislation this week, the Federal IT Savings Accountability and Transparency Act (FITSAT), which incorporates a number of provisions from the original FITARA legislation, including those that would expand the authority of the agency CIO.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPubPolicy.

Public Sector Innovation Roundup

IT Acquisition Reform Update:
Last week, I reported that there was expected to be some progress on IT acquisition reform when the Senate returned from its recess, with at least three pending amendments seeking to address the issue. This week, it looks like that has been put on hold as the Senate now looks to consider a “compromise” defense authorization bill that was negotiated between the House and Senate which they will try to move through the House this week and the Senate next week, without amendment. The base text, according to the House Armed Services Committee Summary does not include any language addressing IT acquisition reform. FITARA or parts of it could potentially move as stand-alone legislation next year, according to Rep. Gerry Connolly (D-VA). FCW has a story with the latest.

Ryan, Murray Reach Budget Framework Agreement:
Senator Patty Murray (D-WA) and Rep. Paul Ryan (R-WI) unveiled a bipartisan budget agreement on Tuesday that would roll back $63 billion of the sequester cuts (split between defense and non-defense programs), reduce the deficit by approximately $23 billion and fund the government for the next two fiscal years at slightly over $1 trillion each year. The bill, if approved by the House and Senate, would eliminate the possibility of a government shutdown when the current continuing resolution expires in January and provides a level of funding certainty that hasn’t been seen in Washington for a number of years. The deal does not raise the debt ceiling, which Congress will have to address by early February. Politico has a report.

Interior Shifts CIO Responsibilities, Consolidates IT:
Three years ago, the Department of Interior, began the transformation of their CIO operations, including a structural change establishing a single Chief Information Officer for the entire Department, while retitling bureau level CIOs as Assistant Directors for Information Resources (ADIRs). Since that process began, Interior has consolidated 55 data centers, combined 14 email systems into one and moved a host of other applications and systems to the cloud.FedNewsRadio reports on the progress Interior has made.

White House Unveils New Open Government Framework:
On December 5th the White House released the second and latest U.S. Open Government National Action Plan. The new policy aims to build upon prior efforts to create a more open, efficient and effective government, leveraging technology to achieve this goal. Among the highlights of the latest policy is a plan to consolidate FOIA requests across government and making government spending data available in machine-readable formats, leveraging The FOIA plans are interesting in that they will only be consolidated at the front end, and the requests themselves will still be routed to the relevant agency for review and approval. FCW covers it here.

DOE to Move 6,000 More to Google Apps:
The Department of Energy announced last week that they plan to move 6,000 more employees to Google Apps for Government cloud email and collaboration. The move comes after 5,000 DOE employees at the Idaho National Lab moved to Google last year with the expectation of consolidation, efficiency and cost-reduction. Unisys has the contract for the transition, which includes integration of the department’s mobile users. GCN has more.

Michael Hettinger is VP for the Public Sector Innovation Group (PSIG) at SIIA. Follow his PSIG tweets at @SIIAPSIG. Sign up for the Public Sector Innovation Roundup email newsletter for weekly updates.

SIIA Digital Policy Roundup: The FTC Takes Close Look at Native Advertising, Supreme Court Agrees to Review Software Patent Case

The FTC Takes Close Look at Native Advertising, Additional Guidance Likely
On Dec. 4, the Federal Trade Commission (FTC) hosted a full day workshop to examine the blending of advertisements with news, entertainment, and other editorial content in digital media, referred to as “native advertising” or “sponsored content.” The workshop was titled “Blurred Lines,” highlighting the FTC’s concerns about the ability of users to distinguish editorial content from sponsored content. FTC Chairwoman Edith Ramirez identified the key focus of the workshop to explore whether industry self-regulation and best practices are working, to ensure that users are able to distinguish between paid and editorial content, and the retransmission and aggregation of native advertising and the various ways this is done.

While the daylong discussion ended with an admission by FTC staff that the workshop probably raised more questions than it answered, they also affirmed their commitment to continue reviewing current trends and best practices, with the likely outcome of providing guidelines to help publishers, media companies and marketers avoid deception. FTC staff indicated that we could expect guidance to be similar to the recent guidance on Dot Com Disclosures.

Read the fully summary and analysis of the Workshop on SIIA’s Digital Discourse Blog. SIIA invite’s member feedback to help us inform the Commissions consideration of this important topic in the months ahead.

Supreme Court Agrees to Review Software Patent Case
On Dec. 6th, the Supreme Court agreed to review a lower court decision on an important case pertaining to the patentability of software. The case, Alice Corp. Pty, Ltd. v. CLS Bank International left considerable open questions surrounding whether claims to computer-implemented inventions – including claims to systems and machines, processes, and items of manufacture – are patentable and if so, what is the proper standard for determining such patentability. In short, while many were looking to the Federal Circuit to use this case to clarify some very complex legal issues surrounding the standards for determining the patentability of software, the resulting decision(s) only added to the confusion. Now the Supreme Court has taken up this mantel and hopefully will add some clarity where the Federal Circuit did not.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPubPolicy.

Leading IT Companies Call for Global Gov. Surveillance Reform

On Monday, several of the largest and most popular IT service providers called for Global Government Surveillance Reform.  In a joint letter, AoL, Facebook, Google, LinkedIn, Microsoft, Twitter and Yahoo called on the world’s governments to address the practices and laws regulating government surveillance of individuals and access to their information.

The letter underscored the goals of ensuring that government law enforcement and intelligence efforts are rule-bound, narrowly tailored, transparent, and subject to oversight, and it highlighted a new set of principles on which to enact reforms.  The principles include the following:

  1. Limiting Governments’ Authority to Collect Users’ Information
  2. Oversight and Accountability
  3. Transparency About Government Demands
  4. Respecting the Free Flow of Information
  5. Avoiding Conflicts Among Government

As the Senate Judiciary Committee this afternoon holds an oversight hearing regarding U.S. Government Surveillance Authorities, this letter provides a timely and useful call for the discussion to be cast more broadly.

Given the opportunity for laws of various jurisdiction to conflict with the laws of others, it is incumbent upon governments to work together to resolve the conflict, it is critical for governments around the world to work to establish a robust, principled, and transparent framework to govern lawful requests for data across jurisdictions, such as improved mutual legal assistance treaty — or “MLAT” — processes.  In recent comments to the U.S. Privacy and Civil Liberty Oversight Board and the Presidential Review Group, SIIA called on the U.S. Government to take a leading role in achieving this objective.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPubPolicy.