A staggering amount of the data that makes up our daily lives is digitally encoded, categorized, sorted, routed and eventually stored in hundreds, if not thousands of places. And everyone wants a crack at it. CDT is at work on several fronts to make sure that this data is protected and free from compromise by pushing for comprehensive privacy legislation, to alerting lawmakers of problems with mandatory data retention laws, to advocating for a national standard for data breach notification.
Data Retention Draws Double-Barreled Opposition
Opposition is growing toward a bill that would require a broad range of businesses to store, for 18 months, every IP address that logs onto their systems. The scope of the bill is vast, affecting private companies and non-profits that give their employees Internet access, and (putting aside the wireless exception) libraries, coffee shops, airports, municipalities and other entities that offer WiFi to the public. During a recent hearing, Rep. James Sensenbrenner (R-Wis.), Chair of the Crime Subcommittee, opened with an extraordinarily strong attack on the bill. Saying the Committee should relegate mandatory data retention to the "dustbin of history," he attacked the data retention provision on economic and privacy grounds. "I believe this bill is bad policy and I will do my best to kill it." Rep. Bobby Scott (D-Va.), Ranking Member of the Crime Subcommittee, also signaled opposition. CDT released a letter to Congress expressing deep concerns over any data retention mandate as well as specific concerns about the language of the bill, which we believe is overbroad and would have a detrimental effect on Internet use in this country.
Data Breach Bills Stack Up in Congress
In Congress, data breach is a topic nearly as hot as the streets of Washington this summer. Current federal law requires notification to consumers in the event of a breach only in limited circumstances, while nearly every state has its own version of a data breach law. Congress is now looking to simplify data breach laws with a national standard, but the question is whether such a standard would be a step forward for consumers. Data breach is an issue CDT has followed closely. CDT believes a comprehensive federal data breach law would be useful to standardize existing laws, but above all, the law should do more to encourage data collection and retention practices that reduce the risk of breaches in the first place. In this blog post we survey the various bills now stacked up in Congress and provide a quick analysis of key provisions.
Privacy in Perspective
Not to be outdone by the surge of interest in data breach, Congress is working its way through a number of privacy bills, too. Justin Brookman, Director of CDT's Consumer Privacy Project, published a pithy assessment of where privacy legislation now stands on Capitol Hill in Ars Technica. Brookman notes that privacy has drawn Congressional interest because, among other things, "[T]he United States and Turkey are the only developed nations in the world without a comprehensive law protecting consumer privacy." CDT has been at the forefront of the push for a comprehensive privacy bill for more than a decade. And while there is rarely a sure thing in Congress, "with tremendous attention to privacy issues and widespread consumer support for basic consumer protections, we have the best opportunity in memory to enact basic rules to give people control of their personal information and to give them confidence in an increasingly complex data ecosystem," Brookman writes.
The FAA issued a proposed rule that would eliminate the ability of private aircraft owners to opt out of a public flight tracking system. This is a potentially troubling policy change that could expose sensitive flight plan information for thousands of private aircraft, raising issues over privacy, terrorism, stalking, and corporate espionage.
The French government caused a stir when details were leaked of a draft executive order that would have given government agencies broad authority to order the removal or blocking of certain content from the Internet. Though French officials said the order would be revised, both the scope of the initial draft and the likely process for revising it raise significant free expression, due process, and transparency concerns.
Click to view this email in a browser
If you no longer wish to receive these emails, please reply to this message with "Unsubscribe" in the subject line or simply click on the following link: Unsubscribe
Center for Democracy & Technology
1634 I St.
Washington, District of Columbia 20006
Read the VerticalResponse marketing policy.