Digital Discourse / Policy / Policy - Privacy

SIIA Makes Policy Recommendations to Realize the Economic and Social Value of the Internet of Things

October 1, 2013 By

We are at a key inflection point in the history of information technology (IT).  The last decade has brought about significant advances in IT, representing an evolution for IT from a specialized tool into a pervasive influence on nearly every aspect of everyday life.

This new Internet-enabled environment, often referred to as the “Internet of Things,” presents tremendous economic and social value, and is capable of transforming the way we work, communicate, learn and live our lives. Consumers, citizens and society as a whole stand to benefit greatly from innovative uses of data to improve health outcomes, streamlining and enhancing financial services, enhancing education and learning, and improving and maximizing our physical infrastructure.

SIIA proposes the following five recommendations for policymakers to maximize the beneficial outcomes of the Internet of Things:

  1. Policymakers should promote technology neutrality and avoid technology mandates.
  2. De-identification often provides an opportunity way to balance the needs of DDI and privacy protection.
  3. Uniform rules cannot be applied broadly to the role of notice and choice.
  4. The principle of data minimization should be re-interpreted.
  5. The Internet of Things requires a policy framework that provides for an evolving view of privacy rights based on risk and societal benefits.

I will participate in a panel discussion at the National Press Club today about building trust and confidence with regard to the Internet of Things.  The 2013 M2M & Internet of Things Global Summit, hosted by Forum Europe, will take place in Washington DC today and tomorrow.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPubPolicy.

Share|
Filed Under: Content, Policy, Policy - Privacy, Software Tagged With: , ,

SIIA Joins Tech Companies, Civil Rights Groups in Support of Surveillance Transparency Legislation

September 30, 2013 By

SIIA today joined tech companies and civil rights groups including Google, Apple, Twitter and the ACLU in support of legislation that would improve transparency around government surveillance of the Internet.

In a letter to Senate and House Judiciary Committee leaders, SIIA joined dozens of tech companies and civil rights and technology groups in support of Sen. Al Franken’s (D-MN) Surveillance Transparency Act of 2013, and Rep. Zoe Lofgren’s (D-CA)Surveillance Order Reporting Act of 2013. The bills would clarify that companies have the right to publish basic statistics about government demands for user data that they receive.

The letter states:

“Such transparency is important not only for the American people, who are entitled to have an informed public debate about the appropriateness of that surveillance, but also for international users of U.S.-based service providers who are concerned about privacy and security.”

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPubPolicy.

Share|
Filed Under: Policy, Policy - Privacy

How NSA Revelations are Affecting the Tech Industry

September 24, 2013 By

Revelations about the National Security Agency’s (NSA) surveillance efforts are continuing to pose serious business challenges for the tech sector. SIIA is tracking the repercussions closely. Here are a few important developments to note:

Market Backlash: Studies and surveys have suggested a possible backlash against cloud providers and technology companies generally.  Here’s a summary of some of them:

  • CSA Survey: In July a survey from the Cloud Security Alliance reported  that  “10% of 207 officials at non-U.S. companies have canceled contracts with U.S. service providers following the revelation of the NSA spy program last month…the survey also found that 56% of non-U.S. respondents are now hesitant to work with any U.S.-based cloud service providers.”
  • ITIF Study: By comparing projected growth of US cloud computing sales with a variety of hypothetical sales losses, ITIF suggests that US cloud companies could miss out on as much as $35 billion in additional overseas sales over the next three years.
  • Forrester Study: Forrester thinks the potential impact could be as high as $180 billion by 2016, taking into account the reactions of U.S. and non-US companies, the impact on non-US cloud providers and the effects on the rest of the hosting and outsourcing market.

Repercussions for Tech: The NSA revelations continue to have larger repercussions for tech companies in the form of localization requirements and new challenges to the multi-stakeholder form of Internet governance.  Here are updates on several of these challenges:

  • Brazil’s controversial new internet plans, calling for server and data localization, a local encrypted email service and a separate transatlantic cable connection to Europe that bypasses the US.
  • UN General Assembly Address: After canceling a US state visit over NSA spying, Brazil’s Dilma Rousseff issued an announcement called the interception of Brazilian communications “illegal” and said such a “grave fact” was an “assault” on sovereignty and “incompatible with a democratic coexistence between friendly countries.”  She then delivered the opening speech at the UN General Assembly today, rejecting U.S. government surveillance programs as inconsistent with human rights and a violation of national sovereignty, and calling for “multilateral mechanisms for the worldwide network that are capable of ensuring principles such as:
  1. Freedom of expression, privacy of the individual and respect for human rights.
  2. Open, multilateral and democratic governance, carried out with transparency by stimulating collective creativity and the participation of society, Governments and the private sector
  3. Universality that ensures the social and human development and the construction of inclusive and non-discriminatory societies
  4. Cultural diversity, without the imposition of beliefs, customs and values.
  5. Neutrality of the network, guided only by technical and ethical criteria, rendering it inadmissible to restrict it for political, commercial, religious or any other purposes.

She concludes: “Harnessing the full potential of the Internet requires, therefore, responsible regulation, which ensures at the same time freedom of expression, security and respect for human rights.”

Civil Society Calls for Principles: International civil society groups have issued a call for government surveillance principles consistent with human rights.

EU Response: Viviane Reding’s address in Brussels last week held up the Data Protection regulation as the EU’s response to the fear of US government surveillance, explicitly took privacy issues off the table for discussion in TTIP, and suggested the formation of an EU-area cloud that would compete globally on the basis of better privacy rules and streamlined government regulation.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow Mark on Twitter at @Mark_MacCarthy

 

 

Share|
Filed Under: Policy, Policy - Privacy, Software Tagged With: , ,

Do Not Track is on Track at W3C

September 18, 2013 By

The W3C Tracking Protection Working Group announced today that it would appoint Carl Cargill, from Adobe, and Justin Brookman, from the Center for Democracy and Technology (CDT), to join Intel’s Matthias Schunter as co-chairs of the group’s effort to forge a multi-stakeholder consensus on creating a standard to address Tracking Protection.  The group’s standard setting activity will continue, despite the withdrawal of the Digital Advertising Alliance earlier this week, under the leadership of these three well-qualified experts.

SIIA welcomes this development.  Internet users, the industry, and policymakers here and around the world are looking for a workable standard to address Tracking Protection that can be easily and effectively implemented.  All parties share the goal of creating an effective framework to enable users to express their tracking preferences in a transparent and meaningful fashion with the understanding that these preferences will be respected by the relevant Internet participants. The continuation of this W3C process and the momentum created by the naming of additional co-chairs provide the opportunity to adopt a workable standard that is broadly acceptable to all stakeholders.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow Mark on Twitter at @Mark_MacCarthy

Share|
Filed Under: Policy, Policy - Privacy Tagged With: ,

Saving the Safe Harbor: Commissioner Julie Brill to the Rescue!

September 17, 2013 By

At the EU Data Protection and Privacy Conference today in Brussels, FTC Commissioner Julie Brill delivered a powerful speech about the way the U.S. protects consumer privacy. Along the way she offered a strong defense of the U.S. Safe Harbor Framework for European privacy:

“In the commercial space, the Safe Harbor Framework facilitates the FTC’s ability to protect the privacy of EU consumers. Without the Safe Harbor, my job to protect EU consumers’ privacy, where appropriate, would be much harder. In an era where we face many threats to privacy, Safe Harbor has been an effective solution, not the problem.”

In the face of so many challenges to the Safe Harbor Framework coming from European public officials, this speech from a prominent U.S. consumer protection official is a crucial reminder of the importance of this cross-border framework for international privacy protection.

Her remarks are also notable for the clear distinction she makes between government surveillance and commercial privacy:

“The issue of the proper scope of government surveillance is a conversation that should happen – and will happen – on both sides of the Atlantic. But it is a conversation that should proceed outside out of the commercial privacy context.”

As I’ve noted in previous blogs, the conflation of the two is damaging to both the need to protect citizens from intrusive government surveillance and in finding the right sort of fair information practices that provides for commercial enterprise, innovation and the preservation of consumer privacy.  Commissioner Brill is exactly right when she insists on keeping these issues separate.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow Mark on Twitter at @Mark_MacCarthy

Share|
Filed Under: Policy, Policy - Privacy Tagged With: , ,

How to Keep the World Safe for Data Driven Innovation and Cross Border Data Flows

August 29, 2013 By

In a major address to the German Marshall Fund yesterday, outgoing Commerce Department General Counsel Cameron Kerry brought some refreshing clarity to the current discussions of privacy and government surveillance.

He started in the right place with a ringing endorsement of the progressive use of big data as a tool for economic and social improvement.  He referred favorably to “breakthroughs in medical research from aggregated health care records that can produce information far more robust than the limited populations of medical trials,” and cited a recent example:    

“The drug Herceptin was developed through identification of the HER-2 oncogene from records of 9,000 breast cancer patients. IBM is working with hospitals and the IBM-WATSON natural language system to collect anonymized medical records in ways that protect privacy and analyze unstructured data applying the power of new analytic technologies across many different text-based medical records previously unintelligible to computers.”

As SIIA noted in a recent whitepaper, the seamless flow of data across borders is important to the growth of data-driven innovation and the global economy. Kerry underscored the economic importance of cross-border data flow:

 “Trans-border trade – and especially transatlantic trade – now relies on the continued open flow of data, and cutting off these flows would cause significant and immediate economic damage. Moreover, it would lead to loss of competitiveness on both sides as other economies around the world that embrace open Internet architectures and freedom to experiment with data analytics offer havens for innovators. Our economic future is at stake in our international engagement.”

Then he noted the importance to transatlantic trade of the Safe Harbor arrangement that has governed transfers of information from the European Union to the United States for well over a decade. He warned of the dangers a weakening of this framework would pose to transatlantic trade:

“Today, more than 4,000 companies have subscribed to the Safe Harbor Framework. Many of these are U.S. subsidiaries of EU companies that also rely on the framework…Safe Harbor is a fundamental building block of the trade relationship between the United States and Europe…Any step back from Safe Harbor would send the trading relationship between the U.S. and the EU backward.”

This worry about a threat to the Safe Harbor Framework is not idle. On July 19, 2013 Viviane Reding, European Commission Vice President, issued a statement  saying, “The Safe Harbour agreement may not be so safe after all.” On July 24, 2013, a statement from the Conference of German Data Protection Commissioners indicated that it would examine whether transatlantic data transfers “should be suspended on the basis of the Safe Harbour framework.” 

The basis for this threat to the Safe Harbor in both cases is the NSA revelations regarding government surveillance–but this is mixing up apples and oranges.

The EU Data Protection Directive and the Safe Harbor both provide an exception for national security purposes.  In the US and EU regime, the law, regulation, and policy considerations that relate to protecting consumer privacy in a commercial context are completely different from the law and policy and constitutional considerations that govern government surveillance. 

Moreover, putting onerous burdens on the commercial transfer of information as a backdoor way to control government surveillance is self-defeating and counterproductive.  It distracts from real measures that might protect citizens from overly intrusive government surveillance and it puts an unnecessary burden on commerce that is not justified by the need to preserve and protect consumer privacy in a commercial context.

Kerry’s remarks yesterday show he grasps these issues clearly.  It might have been his last public statement before leaving his current post at the Commerce Department, but it sets a promising roadmap for Obama administration policy in this area.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow the SIIA Public Policy team on Twitter at @Mark_MacCarthy

Share|
Filed Under: Data-Driven Innovation, Policy, Policy - Privacy

SIIA Op-Ed: New Mobile App Transparency Efforts Give Hope for Privacy Progress without Regulatory Mandates

August 28, 2013 By

In a TheHill.com op/ed today, Ken Wasch praised the multi-stakeholder process that led to a voluntary code of conduct for mobile app transparency. The tech industry worked with the Department of Commerce to meet the public need for privacy protection–without the need for draconian legislation or regulation.

The code of conduct will make privacy policies for mobile apps simpler and easier to understand. Ken says:

“[We] live in a world where privacy policies are long and complex; they are documents written by lawyers for lawyers.  The new Code, which will lead to clearer, simpler notices, represents a fundamental shift in the paradigm of privacy transparency.”

The companies that sign on to the code will help their users make informed decisions about which apps they want to use by:

  • Providing a list of key data elements collected by apps
  • Offering a notice about relevant third party sharing

These enhanced privacy tools will be a selling point for companies competing in the mobile app arena. Beyond that, they are an important step toward a win-win approach to privacy protection that protects consumers while leaving room for new ideas and apps. The code of conduct shows we can move forward on privacy protection without burdensome, costly regulation that stifles innovative growth.

Laura Greenback is Communications Director at SIIA. Follow the SIIA Public Policy Team at @SIIAPolicy

Share|
Filed Under: Policy, Policy - Privacy
« Older Posts