January 25, Menlo Park, CA - Jim Dempsey will participate in a panel discussion at "Washington Meets Silicon Valley: The Outlook for the Technology Industry in the New Congress" on Privacy and Cybersecurity.
January 26, Brussels, Belgium - Alissa Cooper will moderate a discussion about "Data protection and privacy in a mobile age" as part of GSMA Europe's Mobile Meeting Series.
January 26, San Francisco, CA - Jim Dempsey will speak on a panel on location privacy, sponsored by the Churchill Club, in San Francisco.
2011 is sure to bring some serious changes to the technology policy landscape, and CDT will be there every step of the way, working to keep the Internet open, innovative and free. Already this year, we filed comments in response to the European Union's reexamination of its privacy rules (part of our growing global engagement), and we brought our balanced perspective to analysis of the Administration's plan to promote better online identities.
What Do the Twitter "Subpoenas" Mean?
It was a court order, not subpoenas as some initially reported, but the federal government's demand that Twitter disclose information about a number of subscribers associated with WikiLeaks highlights several important points. First, of course, the case shows once again that subscriber identifying information, transactional logs, and all of the private content associated with our daily online activities are available to government investigators, and the government is not shy about asking service providers to disclose whatever information they hold.
Second, the case demonstrates that companies do not have to immediately comply with every government request. In this case, the court directive to Twitter came with a "gag order" prohibiting Twitter from telling the users that their data was being sought by the government. Often companies just accept such orders, turn over the data, and never tell their customers. In this case, to its great credit, Twitter asked the judge to lift the gag order; the magistrate did, allowing Twitter to notify its subscribers so that they could oppose the disclosure. Kudos to Twitter. Other companies should follow its lead.
Third, the case draws attention to the need to update the Electronic Communications Privacy Act, the main federal law setting standards for government access to Internet records. While in this case ECPA required the government to get a court order, the statute authorizes prosecutors to use a mere subpoena, issued without approval of a judge, to demand release of sensitive data, including the contents of email and documents stored in the cloud. A major priority for CDT in 2011 is to promote the recommendations of the Digital Due Process coalition, which is urging Congress to strengthen standards for access to communications and other especially sensitive data.
Last week, CDT submitted extensive comments to the European Commission in connection with its consultation on the EU Data Protection Directive and the EU's approach to data protection more generally. The Data Protection Directive is one of the world's most influential privacy frameworks. CDT's comments included suggestions for strengthening the Directive's core principles and for more rigorously implementing those principles across the European Union. The comments also emphasized the intersection of the Data Protection Directive with other fundamental interests such as innovation and free speech.
The Internet ID Scare
Fact: The Obama Administration is not planning to create a government ID for the Internet. It is proposing just the opposite: that the private sector take the lead in developing stronger, more useful identities for online tranactions. Unfortunately, there was a brief flurry of stories recently incorrectly stating that the still-in-draft National Strategy for Trusted Identities in Cyberspace would eliminate anonymity on the Web. In reality, the Administration is interested in promoting an identity ecosystem that allows individuals to have multiple identities and to engage in online activity anonymously and pseudonymously.
Online identity -- encompassing the quite different concepts of authentication, authorization, and attribution -- is one of the hardest issues in Internet policy. CDT has long supported the concept of federated, user-centric identity, which is also what the Administration supports. However, as we outlined in a 2009 paper, implementing any identity system, whether it is controlled by government or by industry providers, requires a sound policy framework that, among other elements, protects against abuse of any data about the user and her transactions as she uses a federated identity across sites.
Check out the first of a new series by our academic fellows. Jonathan Zittrain and Leslie Daigle discuss how the Internet is running out of room, and what needs to be done.
CDT's Jim Dempsey joined representatives from Google and the US Justice Department discussing standards for government surveillance on KQED's Forum program. The downloadable 1 hour recording is a great introduction to the current law and the need for reforming the Electronic Communications Privacy Act.
As online companies deny service to WikiLeaks, Leslie Harris discusses the complex benefits and risks posed by the broad discretion US law grants to Internet intermediaries to set standards for use of their services.
Click to view this email in a browser
If you no longer wish to receive these emails, please reply to this message with "Unsubscribe" in the subject line or simply click on the following link: Unsubscribe
Center for Democracy & Technology
1634 I St.
Washington, District of Columbia 20006
Read the VerticalResponse marketing policy.