Digital Policy Roundup

FTC Calls for Legislation to Regulate Data Brokers

On Tuesday, the Federal Trade Commission (FTC) released its long-awaited report resulting from an extensive study of “data brokers.” The report, entitled “Data Brokers, a Call for Transparency and Accountability,” presents the findings of the study, and provides recommendations for both legislation and industry best practices. Among the legislative recommendations, the Report calls for substantial transparency requirements to be placed on both first and third party companies, and requirements for consumers to be able to access the correct their records, and to opt-out entirely. In response to the Report, SIIA issued a statement expressing support from increased transparency and consumer access, but cautioned a legislative approach in favor of industry-led self-regulation. SIIA’s statement follows related advocacy, including recent comments to the FTC regarding “alternative scoring” and a 2013 white paper, highlighting the effectiveness of the current Fair Credit Reporting Act regulatory framework to prevent harm to consumers.

Surveillance Reform Legislation Passes House After Key Amendments

Last Thursday, the House passed the USA Freedom Act by a vote of 303-121, but only after several last minute amendments that limited the amount of transparency able to be provided by businesses and expanded a critical definition that, instead of entirely blocking the government’s ability to collect bulk amounts of Internet user’s data, the new bill could potentially allow federal agents to gather information broadly. The measure now moves to the Senate, where Judiciary Chairman Patrick Leahy has promised to make changes to strengthen these areas. While the legislation represents a significant step forward in the efforts to reform the National surveillance laws, there will be continued debate in the weeks ahead on these key details. In response to the bill’s passage, SIIA issued a statement affirming that surveillance reform legislation is an essential part of restoring the public trust and providing support for U.S. businesses internationally, and committing to ensure that the bill does not inadvertently provide for bulk collection of user data on the Internet.

White House Calls for Voluntary Cyber Action, Not Regulation

In a blog last week, White House Cyber Czar Michael Daniel declared that no new cybersecurity regulations are needed at this time, instead stating that “existing regulatory requirements, when complemented with strong voluntary partnerships, are capable of mitigating cyber risks to our critical systems and information.” Specifically, the Administration’s internal review by several key agencies – DHS, HHS and EPA – reached the conclusion that existing laws and regulatory authority are sufficient, particularly in light of the voluntary framework. Earlier this year, SIIA hailed the NIST Cybersecurity Framework for creating a voluntary approach to cybersecurity that would preserve IT innovation and technology neutrality, contrasting this with an inflexible regulatory approach, and we applauded the recent Administration conclusion last week.

House adds DOTCOM Bill to National Defense Authorization Act

On May 21, 228 Republican and 17 Democrats voted in favor of the DOTCOM bill with 177 members opposed. The Bill would oblige the GAO to provide a study to Congress within one year of the Commerce Department receiving a proposal on how to transition the Internet Assigned Names Authority (IANA) functions to a multistakeholder managed group, thereby relinquishing the last vestige of U.S. government “control” of the Internet. Currently, the Internet Corporation for Assigned Names and Numbers (ICANN) is contractually responsible (with Verisign doing the work) to the Commerce Department for managing these functions. The study would oblige the GAO to write a report on the following topics:

[Read more...]

White House Cyber Review Calls for Voluntary Action, Not Regulation

Earlier this year, SIIA hailed the NIST Cybersecurity Framework for creating a voluntary approach to cybersecurity that would preserve IT innovation and technology neutrality, contrasting this with an inflexible regulatory approach.  We are therefore very pleased today that the Administration’s review by several key agencies—DHS, HHS, EPA—reached the same conclusion.  In a blog this afternoon, White House Cyber Czar Michael Daniel concluded that no new regulations are needed at this time, instead stating,

“existing regulatory requirements, when complemented with strong voluntary partnerships, are capable of mitigating cyber risks to our critical systems and information.”

We couldn’t agree more.  SIIA and our members remain committed to promoting the Framework which leverages industry-led standards, and creates effective, flexible best practices for cybersecurity preparedness.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPubPolicy.

Digital Policy Roundup

Student Privacy: SIIA Releases Policy Guidelines at CA Testimony; Markey-Hatch Discussion Draft

It’s been another busy week for student privacy. SIIA took the opportunity of its invited testimony before a joint hearing of the California Assembly Education and Select Privacy Committees to release its new “Policy Guidelines for Building a Student Privacy Trust Framework.” The SIIA guidelines outline principles and considerations to ensure policies are appropriately targeted to enhance student confidentiality while limiting unintended or unnecessary barriers to school operations or digital learning opportunities. The guidelines address the definition of student information; transparency/governance/capacity; use of information; deletion; and access and correction, among other areas. SIIA intends for the guidelines to inform not only state legislatures, but also federal efforts such as the discussion draft introduced by U.S. Senators Markey (MA) and Hatch (UT) to amend FERPA.

Petrella v. MGM Copyright Case Ruling

On Monday, in a 6-3 majority opinion, the U.S. Supreme Court decided the Petrella v. MGM copyright case, ruling that the equitable defense of laches cannot be invoked as a bar to the plaintiff’s claim for damages brought within the Copyright Act’s three-year statute of limitations. The doctrine of laches is an equitable doctrine used by courts to prevent and/or limit claims when the plaintiff has waited an unreasonable length of time to file the suit, and the delay has caused prejudice to the defendant. The case involved a dispute over the 1980 Oscar-winning movie “Raging Bull” and whether the screenwriter’s daughter waited too long (18 years) to sue the defendants, MGM and Fox, over the renewal of copyright under the equitable doctrine of laches.

The case will now go back to the lower court where Petrella will seek damages back to 2006 (three years before the filing of her lawsuit). Although Petrella’s delay did not bar her suit, the Supreme Court did specify that the district court take into account Petrella’s delay in commencing the suit when determining what damages should be awarded as well as determining the appropriate injunctive relief. SIIA had joined an amicus brief drafted by the Motion Picture Association of America (MPAA) in support of Metro-Goldwyn-Mayer Inc. and Twentieth Century Fox unsuccessfully arguing that laches should be a defense to a copyright claim even when it is brought within the statute of limitations.

FCC Proposal for Open Internet Invites Comment, Draws Broad Criticism

[Read more...]

Digital Policy Roundup

Administration Releases Long-Awaited Study on “Big Data” and Privacy

On May 1, the White House released its long-awaited report on “big data and privacy.” The report, entitled “Big Data: Seizing Opportunities, Preserving Values,” is the result of a 90 day study directed by President Obama in January. Overall, the report captures the great opportunities presented by data-driven innovation, and it highlights a wide range of conclusions and makes concrete recommendations for Administration attention and policy development in a few key areas. As highlighted by the study’s lead, John Podesta, the report represents a starting point for an increased focus on policy issues related to big data by the Obama Administration.

In response to the study, SIIA released a press statement welcoming the report and highlighting the effectiveness of current legal and regulatory framework to accommodate privacy and security concerns associated with big data. SIIA also supports the specific proposals in the report about maximizing the educational benefits of data and making an important contribution to the International discussion.

SIIA is thoroughly reviewing the White House study, as well as a related study issued by the President”s Council of Advisors on Science and Technology (PCAST), which takes a more detailed and “technological perspective” on big data and privacy. We will provide a detailed summary and analysis of the reports for members in the near future.

President Obama and Chancellor Merkel Repeat Positions on Privacy/Surveillance

At a May 2 press conference the President reiterated that he had “taken the unprecedented step of ordering our intelligence communities to take the privacy interests of non-U.S. persons in everything they do, something that’s not been done before and most other countries in the world do not do.” Obama also said that the United States was committed to a “cyberdialogue” with Germany. He was firm, however, that there would be no “no spy” agreement between the two countries.

The Chancellor said: “Under the present conditions, we have, (after all ?), possibilities, as regards differences of opinion, to overcome these differences in the medium term and in the long term.” She mentioned the U.S.-Germany cyberdialogue, the U.S.-EU Safe Harbor Framework negotiations, and the Eu’s proposed General Data Protection Regulation. Chancellor Merkel also called for more cooperation between parliaments, i.e. the U.S. Congress and the European Parliament. The German leaders mentioned “proportionality” as one issue still dividing the United States and Germany. What that means is that from the German perspective, national security-related privacy exceptions must be “proportional” to the national security risk at hand.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPubPolicy.

Digital Policy Roundup

Administration Readies Big Data and Privacy Report

The Administration signaled that it would release its long-awaited report on privacy and big data this week. In an interview with AP over the weekend, White House Counselor John Podesta, who has been tasked by President Obama to lead the review effort, indicated that the report will highlight the extraordinary common good benefits of increasingly accurate analytical predictions. It is also likely that the report will focus some attention on big data and discrimination. In anticipation, SIIA posted this blog, noting that current law works to control possible discriminatory uses of data.

Patent Reform, Manager’s Amendment Delayed

The anticipated Monday release of a manager’s amendment for Thursday’s markup has been delayed with the earliest release cited as this evening. Some attribute the delay to a coalition of large patent holders who are contesting crucial provisions. Negotiations will continue – and hopefully be finalized – later today. Any further delay would most certainly mean the Thursday markup will be pushed to next week. As these developments are in a state of flux and liable to change, stay tuned.

Netmundial Internet Governance Conference a Success

The conference, hosted by the Brazilian government in Sao Paulo April 23-24, concluded with an outcome statement on principles to guide Internet governance and a “roadmap” for future Internet governance reform. SIIA welcomed the outcome because the participants supported continued multistakeholder Internet governance, encouraged ICANN to reach out beyond its normal range of stakeholders for advice on the IANA transition, and highlighted the importance of qualified stakeholder participation in meetings. The outcome is non-binding but will feed into other meetings this year such as the ICANN 50 meeting in London June 22-26 (the meeting is open to all who wish to attend, but the registration deadline is May 2), WSIS +10 High Level Event in Geneva June 10-13, and the IGF meeting in Istanbul September 2-5. For the next year or so, Internet governance discussions will be dominated by the question of who will succeed NTIA and Verisign in managing the domain name server system, but there are many other Internet governance issues such as cybersecurity, ISO standards, IVP6, spam, to name just a few, that also require international consideration. Currently, ICANN is requesting input by May 8 on its suggested process for developing a proposal for the IANA transition.

Brazilian President Internet Bill of Rights at Netmundial

In a symbolic gesture, the President of Brazil, Dilma Roussef, signed the bill shortly before delivering opening remarks at the Netmundial conference. The impetus for the bill came as a result of the Snowden revelations, prompting calls to include data localization requirements in the law. However, partly as a result of successful advocacy and partly because of the implementation challenges, data localization was not included. The bill does include a network neutrality mandate, limits on metadata collection, requirements that companies collecting data in Brazil comply with Brazilian law (even if the data is transferred overseas), fines for non-complying companies of up to 10% of revenues of the company in Brazil, and many other features generally designed to enhance individuals’ protection. There is also a provision saying that Internet intermediaries are not liable for content that users post online.

SIIA Comments to FTC on Consumer Score Regulation

In comments to the FTC in response to their workshop on Alternative Scoring Products, SIIA urged the agency to focus consumer score regulation on prevention of actual harm. It is SIIA’s view that the workshop did not reveal evidence of significant unregulated harmful acts or practices that could result from the use of consumer scores. If the need for additional consumer protections is substantiated by compelling evidence, these protections should be undertaken at the stage of usage or implementation, rather than at the stages of data collection or analysis. As an alternative to increased government regulation, companies need to take on a greater role in consumer protection. Such an accountability framework would shift the burden of responsibility for protecting consumers from harm, from the data subject to those entities that engage in collection, analysis and use of such data.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPubPolicy.

Digital Policy Roundup

District Court Upholds FTC Data Security Authority

On April 7, U.S. District Judge Esther Salas in New Jersey upheld the Federal Trade Commission’s authority to bring cases against firms for failure to observe reasonable security practices. The FTC has brought over 30 data security cases in the last decade, but the hotel chain Wyndham World challenged that authority in court in 2012 after the FTC brought a case against them. The judge refused to “carve out a data-security exception to the FTC’s authority” to protect consumers, saying Wyndham’s position would “bring us into unchartered territory.” The judge, however, also said her ruling “does not give the FTC a blank check to sustain a lawsuit against every business that has been hacked.” The ruling was silent on the merits of the underlying complaint, and Wyndham said it continued to believe that the FTC lacked authority to bring the case.

European Court Rejects Data Retention Mandate

The European Court of Justice (ECJ) ruled today that the 2006 EU directive requiring telecom operators to retain data for two years in invalid. The directive, which was passed as an anti-terrorism measure after the July 7, 2005 London subway and bus terrorist bombings, obliged telecom firms to keep data for two years about customer locations, calls texts and emails. The operators were not obliged to keep the contents of these communications. However, the ECJ still ruled that the directive contravened the EU’s Charter of Fundamental Rights and therefore recommended that the directive be overturned. The directive has been controversial since it was passed and some member states such as Germany have not passed legislation implementing it. The ECJ heard the case in response to complaints from civil society groups about telephone data retention laws in Ireland and Austria. Those laws can now be challenged. Member of the European Parliament and General Data Protection Regulation Rapporteur, Jens Albrecht, welcomed the ruling.

House Committee Ponders Preservation and Reuse of Copyrighted Works

Last week, the House Judiciary Subcommittee on Courts, IP and the Internet held a hearingon Preservation and Reuse of Copyrighted Works. The hearing spanned a wide range of topics, and Committee Chairman Goodlatte (R-VA) expressed interest in several key issues, including digitization in cases of deterioration of works caused by age and decay; the notion that Copyright Act is outdated in the digital age; how to best allow public access to works that may have been abandoned; and technological platforms to connect users and copyright owners. However, there was no uniform view from the six witnesses testifying, nor were there consensus positions demonstrated by committee members. In all, the hearing provided another significant input into the Committee’s ongoing copyright review process. For more information about the hearing and witness testimony, check out the Cmte site.

Recommended Read: The Global War for Internet Governance

Professor Laura DeNardis discussed her book: “The Global War for Internet Governance” at the New America Foundation on April 3. DeNardis book is timely, especially given the Commerce Department’s March 14 decision to privatize the Internet Domain Name Function. She stated that this decision was, in fact, a “big deal.” Brazilian Embassy Minister Counselor Benoni Belli said that as a result of the decision, the atmosphere surrounding the April 23-24 Internet Governance “Netmundial” conference in Sao Paulo is much better. Briefly, the management of the Internet’s root zone file will be transferred from ICANN and Verisign to a multistakeholder body as early as 2015 when the ICANN/Versign contracts with the Department of Commerce lapse. There are conditions though, chiefly that whatever model emerges supports and enhances the multistakeholder approach. DeNardis supports “multistakeholderism,” although she cautioned that the multistakeholder approach is not the answer to every Internet Governance challenge.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPubPolicy.

Digital Policy Roundup

SIIA Weights in with White House on “Big Data and Privacy”

On Monday, SIIA submitted comments in response to the White House’s request for information on how the government can best protect citizens’ privacy in the age of “big data” analytics. SIIA’s overarching recommendation for policymakers is to proceed cautiously when considering new data policies, as these are likely to steer the future of data-driven innovation and the scope of what is possible for American innovation for decades to come. Policies that seek to curb the use of data could stifle this nascent technological and economic revolution before it can truly take hold. Additional inputs for the ongoing Obama Administration big data review process include full day workshops at UC Berkely on April 1st, and NYU on March 17th. The Administration is expected to release the outcome of the 90 day review on April 17th.

Student Data Privacy Legislative Update

Student data privacy bills are pending in a majority of state legislatures, though few have reached the finish line. Most notably, SB 167 was defeated in Georgia, a significantly modified version of NY S6007 was included in the NY State Budget signed into law yesterday, and discussions are ongoing regarding CA SB 1177. SIIA continues to emphasize the need to limit restrictions to “personally identifiable” information, the challenges to schools of parent opt-in/out policies, the important use of meta-data to drive product algorithms, and that one-size requirements on service providers will not work if they fail to address school primary governance in areas such as breach notification, data deletion, and access and correction. Meanwhile, U.S. Senator Markey (MA) indicates continued work toward introducing a bill to amend the Federal Family Educational Rights and Privacy Act (FERPA). SIIA members interested in student privacy should contact SIIA’s Mark Schneiderman.

New School Technology Funding Advances

State and federal initiatives are advancing around technology access, infrastructure and related educator supports. The 2014-2015 New York State Budget signed into law yesterday will authorize up to $2 billion from state bonds to fund school broadband infrastructure and student devices, pending voter approval, with funding distributed on a needs-base formula over the next few years to schools with a state approved technology plan. Equity in technology access was among the SIIA recommendations in testimony 18 months ago to Governor Cuomo’s education reform commission. At the federal level, the FCC issued a second NPRM for the E-rate, calling for comments on their proposed rules, including to prioritize new funding for internal connections including school Wi-Fi, eliminate or phase out voice support, and potentially provide funding eligibility to caching servers and network filtering software. Finally, President Obama’s 2015 Education Budget proposal includes $200-$500 million for a new ConnectEDucators program, which would provide competitive grants for teacher and principal professional development in the improvement of curriculum and instruction through technology.
[Read more...]

Curated By Logo