May 25, Washington, DC - Leslie Harris will testify before the Judiciary Committee's Subcommittee on Intellectual Property, Competition and the Internet and the Subcommittee on Crime, Terrorism, and Homeland Security on a hearing entitled "Cybersecurity: Innovative Solutions to Challenging Problems".
June 6, Washington, DC - Aaron Brauer-Rieke will speak at the Knowledge Congress webcast "Understanding The Federal Trade Commission's Proposed Framework for Consumer Privacy Protection"
CDT testified at two Congressional hearings in recent weeks and we are scheduled for a third next week, as the intensity of Internet policy debates increased even further with the introduction of bills on government surveillance and intellectual property protection.
CDT Testifies on Data Security
Consumer Privacy Project Director Justin Brookman appeared before the House Commerce, Manufacturing, and Trade Subcommittee, chaired by Rep. Mary Bono Mack, to discuss data breach and data security legislation. The hearing came in the wake of two massive data breaches: the hack of Sony's PlayStation and Online Entertainment networks that compromised approximately 100 million accounts and the attack on email marketer Epsilon that exposed more than 60 million email addresses.
At the hearing, Rep. Mack called for federal legislation establishing a national standard for data security and breach notification. Brookman, while agreeing that data security was an appropriate matter for federal policymaking, noted that many states already have laws requiring some data security and notification measures. Federal legislation therefore should establish a floor of uniform standards but should not be used as a vehicle to weaken existing protections. Moreover, Brookman stressed, rules focused only on data security and breach notification would address only part of the online privacy problem. The better course would be to address security and breach notification as part of comprehensive baseline consumer privacy legislation, which could also cover issues such as data minimization.
Franken Hearing Targets Mobile Privacy
Brookman also testified before the Senate Judiciary Subcommittee on Privacy, Technology and the Law, discussing mobile privacy. The hearing, chaired by Sen. Al Franken, was called to examine how various mobile platforms and applications collect location data and to consider whether current law adequately protects that data from government and commercial misuse.
Mobile phone operating systems and apps can collect highly detailed location information, supporting innovative and useful services but also allowing inferences about who you are, where you are going (be it a hospital or a political rally), and where you have been. However, as Brookman explained, current law does not protect much of that information. Indeed, once an app has access to a user's data, there are usually no rules governing its disclosure and no controls available to consumers to regain control of it. To address the issues associated with mobile privacy, CDT is pursuing a two-pronged strategy. We are working to develop privacy guidelines for mobile platforms and app developers, and we are advocating for a comprehensive consumer privacy law that would provide a baseline of protection for all consumer data.
New Copyright Bill Introduced
Sen. Patrick Leahy introduced revised legislation last week to target websites aimed at enabling copyright and trademark infringement. Last year, when the bill came to be known by the acronym "COICA," CDT and others raised major concerns about it. The revised bill has a new acronym ("PROTECT IP") and reflects a number of more substantive changes that narrow its reach in some welcome respects. At the same time, the new bill continues to feature domain-name-blocking provisions that CDT has warned against.
The legislation would create a mechanism by which a wide variety of entities -- ISPs, credit card networks, advertising networks, and (added this year) "information location tools" including search engines -- could be ordered to block foreign websites that are serving as infringement hubs. The ISP-focused provisions, which would call on ISPs to block domain name lookup requests for identified infringement sites, are particularly problematic. They would fail to make a lasting impact on infringement (because they would be trivial to circumvent in any number of ways) while raising tricky cybersecurity questions and posing a challenge to the global nature of the Web. CDT has suggested that the better way to fight foreign infringement sites would be to drop the domain name provisions and simply "follow the money" -- that is, focus on cutting sites off from payment systems and ad networks, thus eliminating their financial lifeblood.
ECPA Reform Proposal Introduced
Sen. Leahy, chairman of the Senate judiciary Committee, also introduced landmark legislation to update the Electronic Communications Privacy Act, a 1986 law that sets rules for government access to email and other Internet communications. The bill would require the government to obtain a warrant from a judge before reading someone's email. It would also require a warrant for the government to track people in real time using their cell phones. The bill includes changes recommended by Digital Due Process, a diverse coalition of leading Internet and communications companies, think tanks, trade associations and advocacy groups across the political spectrum, which CDT helped organize.
A proposed amendment to the Children's Online Privacy Protection Act raises serious concerns.
Companies are challenging a Vermont law before the Supreme Court, claiming their use of drug prescribing data for marketing purposes is protected by the First Amendment, but the State defends its law as a privacy measure, posing a dangerous but avoidable conflict between two important values.
CDT fellow Michael Froomkin explores the evolution of Internet regulation.
Click to view this email in a browser
If you no longer wish to receive these emails, please reply to this message with "Unsubscribe" in the subject line or simply click on the following link: Unsubscribe
Center for Democracy & Technology
1634 I St.
Washington, District of Columbia 20006
Read the VerticalResponse marketing policy.