Digital Discourse / Archives for Mark MacCarthy

SIIA Welcomes State Department’s Interventions on Cloud Computing and Privacy

December 14, 2012 By

Last week U.S. Ambassador to the European Union, William Kennard, addressed Forum Europe’s 3rd Annual European Data Protection and Privacy Conference, and responded to the myth that the U. S. system of government access to information is a threat to the privacy rights of citizens of the other countries. He was especially effective in rebutting concerns directed at cloud computing, where the misconception has developed that information stored in cloud computing servers can be accessed by the U.S. government without any effective privacy controls.

His intervention is a welcome attempt to set the record straight before these erroneous beliefs become widespread and entrenched.  It was accompanied the release of State Department white paper that dispels the misconceptions about the U.S. legal system and government access to information.

The fact is that the U.S. has a well-developed and established system to protect individual liberties from government intrusion.  We have a general distrust of a powerful government and are suspicious of anything that advances the growth of government power.  Our bias is in favor of a limited government that lets people chose their own good in their own way.  As a result we are far less tolerant of government intrusion into our private lives than other countries, and have set up a system whereby the U.S. extends privacy protections to non-U.S. citizens as well.

At the same time, the U.S. is more tolerant of the use of information for innovative and productive use by businesses than other countries, to our great advantage in the race for economic growth, business development and job creation.  Our system of protecting the individual privacy in the business context shows that this can be done while maintaining strong and effective protections for consumer privacy. This system also respects the rights of non-U.S. consumers established in other privacy regimes.

None of this means that the U.S. system is perfect.  We think that steps can be taken to improve the consumer privacy system for mobile app notifications and are actively working with the U.S. Commerce Department and other stakeholders on a voluntary code of conduct and an effective system of screen notices.  We have joined with others in the Digital Due Process Coalition to modernize the 1986 U.S. Electronic Communications Privacy Act, which needs updating to fit the realities of email and document storage in the cloud.

But the need for these reforms does not suggest that the current U.S. system is a threat to privacy or justifies a move away from cloud computing as a way to avoid government scrutiny.  Ambassador Kennard is to be commended for his strong defense of the U.S. approach to privacy in the cloud.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow the SIIA Public Policy team on Twitter at @SIIAPolicy

Share|
Filed Under: Policy, Policy - Cloud Computing, Policy - Privacy Tagged With: , ,

SIIA Opposes Internet Resolution at World Conference of International Telecommunications

December 13, 2012 By

SIIA is troubled by reports out of the World Conference of International Telecommunications (WCIT) in Dubai indicating that a resolution apparently bringing the Internet under the jurisdiction of the International Telecommunications Union (ITU) has made some progress. We oppose any measure that would allow the ITU to move beyond its historic role in telecommunications to take on an active role in regulating the Internet. We urge all member states to oppose inclusion of any such measure in the language of the final treaty.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow the SIIA Public Policy team on Twitter at @SIIAPolicy

Share|
Filed Under: International Policy, Policy Tagged With: ,

SIIA Welcomes Signing of U.S. Safe Web Act

December 5, 2012 By

Yesterday President Obama signed into law a bill that would reauthorize the Federal Trade Commission’s authority to clamp down on cross-border fraud, providing greater assurances for US customers and business who want to shop, transact and earn a living on the Internet. The measure was spearheaded by Commerce, Manufacturing, and Trade Subcommittee Chairman Mary Bono Mack (R-CA), who is retiring. The bill, the U.S. Safe Web Act, allows the FTC to share information about cross-border online fraud with foreign law enforcement authorities and cooperate with them in tracking down and eliminating Internet scam artists.

At a time when many lament that partisan gridlock seems to prevent the enactment of good public policy, this bi-partisan reaffirmation of the FTC’s authority to go after cross-border crooks is a welcome sign that our policymaking institutions can still produce sensible policies that protect the public.

This law was first adopted in 2006 and has been an effective tool to combat cross-border spam, spyware and fraud. Fraudsters do not recognize national borders, and law enforcement efforts must be similarly global. Effective international cooperation on law enforcement investigations is crucial for providing consumers and businesses with the trust and confidence with each other online.
Hugh Stevenson, Deputy Director for International Consumer Protection at the Federal Trade Commission, has been leading FTC efforts to use the authority in this law to combat Internet scams, fraudulent telemarketing, spam, spyware, and other cross-border misconduct that harms US consumers. In his testimony in front of the Energy and Commerce Committee in July, he made it clear that reauthorization was needed to allow the FTC “to continue its current cross-border enforcement efforts and deal with new threats to U.S. consumers emanating from a growing number of jurisdictions.”

The Congress agreed and the legislation received bi-partisan support all the way through the process. The House approved the measure by voice vote on September 11 and the Senate followed suit and passed the measure on November 14. The President signed it on December 4.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.

 

Share|
Filed Under: Policy, Policy - Intellectual Property

Don’t Tear Down the ITU

December 3, 2012 By

The idea of tearing down the International Telecommunications Union is a bad idea.  It is not the position of the US government or international civil society or the global businesses community.  And it isn’t going to happen.

At a recent New America Foundation forum on Internet governance and the upcoming World Conference on International Telecommunications (WCIT), Andrew McLaughlin, the former U.S. Deputy Chief Technology Officer, said that the U.S. should aim to “dismantle” the International Telecommunications Union. “In the case of the ITU,” he said, “I think it’s very much the case that its day is gone.”

This is not the view of the global software and information companies in SIIA.  These companies emphatically do not have an agenda of dismantling the ITU. The ITU has been in the telecommunications standard setting business for 150 years and has well-developed and well understood policymaking processes in which all countries have an equal voice. It continues to play an important standard setting, spectrum allocation, and telecommunications coordination role.  Without it, the task of making telecommunications and satellite systems interoperate throughout the world would be vastly more complicated than it is today.  So much so, that if the ITU were dismantled, it would be necessary to recreate it.

Moreover, the ITU has a crucial development role. If we are to take seriously the task of making the Internet affordable to the billions of people who do not have access to it today, the ITU is an indispensable organization.

Fortunately, civil society immediately rejected the idea of dismantling the ITU. At the same New America Foundation forum, Ellery Biddle, a policy analyst with the Center for Democracy and Technology said, “I’m not sold,” she said. “I worry that governments will be even more angry at the U.S. than they already are if something like that happened, and that ultimately leads to worse results for the people.”

Terry Kramer, the head of the US delegation to WCIT, and articulating US policy in the area, also rejected the idea.  “I don’t think, per se, the ITU is the problem,” he said. “The ITU does some very important work on best practice sharing, on some development activities in developing markets.”

The US government is pretty adept at influencing outcomes in the ITU, but the US does not control the ITU, and so cannot control whether or not it is dismantled.  In effect, this idea is really advocating isolation from the rest of the world, a sure recipe for futility and an abandonment of our responsibility for leadership in the global technology and telecommunications policymaking space.  A US pull-back from the ITU would only hurt the global companies that SIIA represents.

SIIA has been critical of some of the ideas set for consideration at the upcoming WCIT meeting in Dubai.  In particular, proposals for bringing cybersecurity mandates and information technology generally within its regulatory jurisdiction seem to us to be mistaken and harmful.

But these disagreements do not suggest that we seek to undermine the institution. The software and information industries that bring their products and services to billions of people around the world support the good work of the ITU and look forward to it continuing this work into the indefinite future.  We urge the US government, civil society and all members of the Internet policymaking community to do the same.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow the SIIA Public Policy team on Twitter at @SIIAPolicy

Share|
Filed Under: Policy Tagged With: ,

Maintain Cybersecurity Spending

October 2, 2012 By

A recent article in Politico warned that cybersecurity could be a casualty of a sequester ax.  The problem is that without a change in course, the federal budget is headed for a uniform across the board reduction and that would include the multiple programs that carry out our nation’s responsibilities for protecting federal networks, staving off foreign cyber attacks and researching new technologies. As Politico put it: “Many of those initiatives would be hit hard by deep cuts beginning in 2013 unless Congress pushes back the target date for its legally mandated cuts, exempts some categories of spending or does away entirely with its fallback, deficit-reduction plans.”

And then the news hit that the White House itself had been the target of a cyber attack. Fortunately, this time, no classified systems were compromised and no data was extracted.  This time.

It is not often that events illustrate so vividly the risks to the nation in continuing an unacceptable compromise policy.  No one really wants a sequester, and no one really wants the consequences that would flow from one. Policymakers need to do what it takes to avoid it.

But failing that, the Administration should find a way to prioritize cyber security spending.  Congress did not agree on all aspects of the stalled cybersecurity legislation, but they did agree that more Federal funding for cyber security programs and research was an urgent national priority. Sequester planning should maintain that priority.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow the SIIA Public Policy team on Twitter at @SIIAPolicy

Share|
Filed Under: Policy, Policy - Cybersecurity Tagged With:

Do Not Track: Time for DAA to Move Forward

October 2, 2012 By

It is increasingly likely that the W3C process for Do Not Track will reach an impasse.  In a recent note to Federal Trade Commission Chairman Jon Leibowitz several consumer groups described their sense that the process is deadlocked, and asked the Chairman to intervene.  FTC officials are usually at the discussion, which are set to resume in Amsterdam this week, but in his letter to Congress last week Chairman Leibowitz made it clear that it is the private sector group not the government that will adopt any Do Not Track standard.  Even with more direct FTC intervention, however, it is unlikely that parties will act contrary to their perceived fundamental interests.

The key disagreement is an understanding of what the Do Not Track flag means and what actions users can expect from websites and service providers if they turn it on.  Without this, the Do Not Track standard is incompletely specified, and provides less than comprehensive guidance for browser providers, websites and their service providers, and the general public.

If the W3C cannot reach a common understanding, perhaps the industry can.  The Digital Advertising Alliance has been looking at this issue for some time.  Indeed, back in February it indicated to the White House that it was going to address it:

“…the DAA intends to begin work immediately with browser providers to develop the consistent language across browsers regarding the browser based header signal uniform consumer choice mechanism that is simple to use and in a clear manner that describes to consumers the effect of exercising such choice.”

Mozilla proposed an easy-to-understand focused definition of Do Not Track back at the beginning of 2011:  “Tracking is the accumulation and use of a profile by advertising networks through invisible or subtle noting of which sites an individual visits, and the use of the profile data to customize advertisements displayed.”  Or, more succinctly, DNT means “a way for people to opt-out of online behavioral advertising (OBA).”

These definitions make sense.  They focus on the issue that appears to be of most concern to the public and policymakers: cross-site tracking for the purpose of advertising profiling and targeting.  We need to give consumers another mechanism to say no to OBA if they wish.  Of course, the DAA definition should incorporate the current W3C consensus that DNT “on” imposes no obligation on first parties, except that first parties may not help third parties circumvent DNT.

Other uses of tracking should be permitted.  For example, if a website is doing standard analytics, such as keeping track of where their visitors come from and where they go, market research, product debugging and improvements, investigating possible fraud or intellectual property violations or security risks.

DAA is doing great work on OBA. Its AdChoices program already gives consumers a cookie-based mechanism to opt out of OBA.  With DNT, DAA can do the industry and the public a service by bridging the browser DNT flag with the existing AdChoices program.

Customers should be told clearly that they can decline online behavioral advertising and how to do it.  DAA is in a unique position to move forward and break the logjam that is threatening to derail the promising initiative that is DNT.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow the SIIA Public Policy team on Twitter at @SIIAPolicy

Share|
Filed Under: Policy, Policy - Privacy Tagged With: , ,

The European Cloud Computing Strategy: A Promising Step

September 27, 2012 By

Today, the European Commission announced the release of its long-awaited cloud strategy in a communication entitled “Unleashing the Potential of Cloud Computing in Europe.” The Commission clearly recognizes cloud computing’s capacity to allow people, businesses and governments to rent services and data storage for much cheaper than buying new equipment and software. Indeed, combined with the emergence of big data analytics, cloud computing represents a sea-change in the business and technical opportunities for the information technology industry and its myriad customers, business and consumer, large and small. The Commission’s strategy report is a major step forward by policymakers in coming to grips with the policy thinking needed to foster this new development and to deal with its many challenges in Europe and around the world.

SIIA particularly welcomes the Commission’s focus on the use of cloud computing in government. The Commission’s encouragement of the use of cloud computing is the counterpart of the US government’s Cloud First approach.

Unfortunately, some parts of the Commission’s communication go in a direction SIIA warned against in its report to policy makers last year. In places, the communication treats cloud computing as a discrete entity that is potentially subject to specific government regulation. In reality, cloud computing is a variety of evolving business and technical developments that share only a rough similarity. NIST has described three different service models for cloud computing (Software as a Service, Platform as a Service, and Infrastructure as a Service); and four different deployment models (private, community, public and hybrid). There is also the enormous difference between consumer uses of cloud computing and its business uses, and within the latter, still further important differences between uses by large organizations and by small and medium sized businesses. Cloud computing is used in industries ranging from financial services, to energy to telecommunications.

The European Commission’s cloud strategy document recognizes this issue, noting that cloud computing has a “range of defining features (which make a general definition elusive)…” Despite this it goes on to propose a series of government regulations that can be effectively implemented only if there is a reasonably precise legal definition of cloud computing.

Privacy rules, security rules, intellectual property, and consumer protection rules apply when cloud computing is used, but there is no need for special privacy, security, intellectual property or consumer protection rules that apply just to cloud computing. Generalized rules, indeed, globally interoperable rules, are best suited to the global, borderless nature of cloud computing.

Some of the specific suggestions in the report are good in themselves. This is the case for example in the idea that security guidelines should be developed that take into account the special characteristics of cloud computing. But again there is no need for European regulations that mandate specific security requirements just for cloud computing. Security standards should be market-driven and global, not just European, in character

Another concern is the possible development of privacy rules just for the cloud. The Commission and the Parliament are working on a new data protection regulation that would apply across the board, but the cloud strategy suggests the development of alternative or competing privacy rules just for cloud computing.

The Commission also seems to be interested in mandating specific consumer protections such as data portability, interoperability and reversibility in standardized service level agreements. But it is a leap to jump from a concern for consumer protection to the conclusion that specific European consumer protection rules need to be incorporated into standardized terms of service. Industry groups, not European-wide regulators, are best situated to fill any perceived need for optional model contracts.

SIIA welcomes the Commission’s strategy and intends to engage in the process of working with the Commission to see that the benefits of cloud computing are fully realized in the European single market and throughout the world.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow the SIIA Public Policy team on Twitter at @SIIAPolicy

Share|
Filed Under: Cloud Computing, Cloud Computing: Education, Government, Policy, Policy - Cloud Computing, Software Tagged With: ,
« Older Posts