Forward this message to a friend
Click to view this email in a browser


Consumer Privacy

Data Retention


ECPA Reform

Location Privacy

The Computer Fraud and Abuse Act (CFAA)

Data Breach

HIPAA Privacy Rule

Internet Neutrality


With August over, Washington policymakers return to a slew of issues affecting the Internet. We devote this issue of Tech Policy Download to a quick review of what is on the agenda of Congress and the regulatory bodies, with links to recent CDT work.


PIPA targets websites that enable copyright and trademark infringement. Among the bill's problematic provisions is one that would require ISPs to block certain domain name lookup requests. CDT and others have argued that domain name blocking will not have a meaningful or lasting impact on infringement and has the potential to undermine the domain name system.

CDT, Other Groups Register Concerns with Copyright Bill

2) Consumer Privacy

The U.S. is one of only two industrialized democracies that do not have a comprehensive law providing baseline privacy protections for consumer data. However, the issue has seen recent bipartisan interest, with privacy bills introduced by Senators John Kerry and John McCain, Rep. Bobby Rush, and Rep. Cliff Stearns. Also, the FTC and Commerce Department plan to release reports on consumer privacy soon.

The FTC's review of children's online privacy is due out by the end of the year. Legislators continue to express interest in child- and teen-focused privacy legislation that could, however, negatively impact free speech rights.

Why the US needs a data privacy law—and why it might finally get one

3) Data Retention

In July, the House Judiciary Committee reported out the Protecting Children from Internet Pornographers Act. The bill, now awaiting action by the full House, would require ISPs, hotels, coffee shops and others to retain information that could be used to identify customers. This expansion of government power would impose a costly mandate and could discourage Internet access, but it has not been shown that it is necessary to serve legitimate law enforcement needs.

Amended Data Retention Bill Would Create More Problems Than It Would Solve

4) Cybersecurity

In May, the White House released its long-awaited cybersecurity legislative proposal. The proposal is largely balanced and contains some appropriate nuance, but it also includes some troubling provisions, including an overly broad information sharing provision that threatens privacy and a vague definition of "critical infrastructure" that could sweep non-critical entities into a regulatory regime. Working groups and task forces in the Senate and House respectively are attempting to work out alternative solutions to the difficult cybersecurity issues that have yet to be resolved.

Special Four-Part Analysis of the White House Cybersecurity Proposal

5) ECPA Reform

The ECPA Amendments Act, introduced by Sen. Leahy in May, is a landmark piece of legislation that would provide much needed updates to the Electronic Communications Privacy Act, a 1986 law that sets rules for government access to email and other Internet communications. The bill would require the government to obtain a warrant from a judge before reading someone's email or gaining access to private communications and other content stored in the cloud. It would also require a warrant for the government to track people in real time using their mobile phones.

Landmark Privacy Legislation Introduced in Senate

6) Location Privacy

In June, Sen. Ron Wyden and Rep. Jason Chaffetz introduced the Geolocation, Privacy, and Surveillance (GPS) Act in both houses of Congress. Meanwhile, the question of when the government can track individuals using their mobile phones or GPS devices is being litigated in the courts. The Supreme Court has agreed to hear an appeal this term in U.S. v. Jones, a case in which the Court may decide whether the 4th Amendment prohibits warrantless GPS tracking of a vehicle over an extended period.

Legislation introduced by Sen. Al Franken focuses on the commercial aspect of location privacy, and, as noted, Senator Leahy's ECPA Amendments Act sets standards for governmental access to prospective location data. The Wyden-Chaffetz GPS Act addresses both sides of the location equation.

Bill Introduced to Protect Location Privacy

7) The Computer Fraud and Abuse Act (CFAA)

The Senate Judiciary Committee is planning to hold a hearing on the CFAA on Sept. 7. The CFAA has been an important tool in fighting crime. However, revisions to the CFAA's overbroad and vague language are necessary. Because of its vagueness, the CFAA has been used to make "computer crimes" of acts that would not be considered criminal in the physical world. CDT and experts from across the political spectrum have urged Congress to amend the CFAA to focus instead on malicious hacking and identity theft.

Hacking Law Must Be Revised to Prevent Its 'Gross Misuse'

8) Data Breach

This summer saw a large number of data breaches at high-profile companies. The legal picture surrounding breaches is complex. Current federal law requires notification of consumers in the event of a breach only in limited circumstances, while nearly every state has its own version of a data breach law.

There are currently a number of data breach bills pending in Congress, including proposals from Sen. Leahy, Rep. Mary Bono Mack, Rep. Rush and Senators Mark Pryor and Jay Rockefeller. All would create an overarching federal standard for data breach notification. The White House's cybersecurity proposal also addresses data breaches.

Congressional Data Breach Bills Compared

9) HIPAA Privacy Rule

The HIPAA Privacy Rule contains provisions addressing the use of patients’ health data for marketing and research, breach of patient data, and the right of patients to access data held by care providers. While the rule was a landmark in health privacy protection, it is fast becoming obsolete in the digital age. Over the past year and a half, the U.S. Department of Health and Human Services has issued several proposals to update the HIPAA Privacy Rule and other related regulations. The final rule, expected in coming weeks, could bring significant changes to the health privacy rights of patients.

Overview of CDT Comments to HHS Proposed Rule on Health Privacy

10) Internet Neutrality

This perennial tech issue will again be in the spotlight when the FCC publishes its Internet Neutrality rules this fall.

Two Updates in Fight Over Internet Neutrality

Click to view this email in a browser

If you no longer wish to receive these emails, please reply to this message with "Unsubscribe" in the subject line or simply click on the following link: Unsubscribe

Center for Democracy & Technology
1634 I St.
Suite 1100
Washington, District of Columbia 20006

Read the VerticalResponse marketing policy.

Non-Profits Email Free with VerticalResponse!