With August over, Washington policymakers return to a slew of issues affecting the Internet. We devote this issue of Tech Policy Download to a quick review of what is on the agenda of Congress and the regulatory bodies, with links to recent CDT work.
1) The PROTECT IP Act (PIPA)
PIPA targets websites that enable copyright and trademark infringement. Among the bill's problematic provisions is one that would require ISPs to block certain domain name lookup requests. CDT and others have argued that domain name blocking will not have a meaningful or lasting impact on infringement and has the potential to undermine the domain name system.
2) Consumer Privacy
The U.S. is one of only two industrialized democracies that do not have a comprehensive law providing baseline privacy protections for consumer data. However, the issue has seen recent bipartisan interest, with privacy bills introduced by Senators John Kerry and John McCain, Rep. Bobby Rush, and Rep. Cliff Stearns. Also, the FTC and Commerce Department plan to release reports on consumer privacy soon.
3) Data Retention
In July, the House Judiciary Committee reported out the Protecting Children from Internet Pornographers Act. The bill, now awaiting action by the full House, would require ISPs, hotels, coffee shops and others to retain information that could be used to identify customers. This expansion of government power would impose a costly mandate and could discourage Internet access, but it has not been shown that it is necessary to serve legitimate law enforcement needs.
In May, the White House released its long-awaited cybersecurity legislative proposal. The proposal is largely balanced and contains some appropriate nuance, but it also includes some troubling provisions, including an overly broad information sharing provision that threatens privacy and a vague definition of "critical infrastructure" that could sweep non-critical entities into a regulatory regime. Working groups and task forces in the Senate and House respectively are attempting to work out alternative solutions to the difficult cybersecurity issues that have yet to be resolved.
5) ECPA Reform
The ECPA Amendments Act, introduced by Sen. Leahy in May, is a landmark piece of legislation that would provide much needed updates to the Electronic Communications Privacy Act, a 1986 law that sets rules for government access to email and other Internet communications. The bill would require the government to obtain a warrant from a judge before reading someone's email or gaining access to private communications and other content stored in the cloud. It would also require a warrant for the government to track people in real time using their mobile phones.
6) Location Privacy
In June, Sen. Ron Wyden and Rep. Jason Chaffetz introduced the Geolocation, Privacy, and Surveillance (GPS) Act in both houses of Congress. Meanwhile, the question of when the government can track individuals using their mobile phones or GPS devices is being litigated in the courts. The Supreme Court has agreed to hear an appeal this term in U.S. v. Jones, a case in which the Court may decide whether the 4th Amendment prohibits warrantless GPS tracking of a vehicle over an extended period.
7) The Computer Fraud and Abuse Act (CFAA)
The Senate Judiciary Committee is planning to hold a hearing on the CFAA on Sept. 7. The CFAA has been an important tool in fighting crime. However, revisions to the CFAA's overbroad and vague language are necessary. Because of its vagueness, the CFAA has been used to make "computer crimes" of acts that would not be considered criminal in the physical world. CDT and experts from across the political spectrum have urged Congress to amend the CFAA to focus instead on malicious hacking and identity theft.
8) Data Breach
This summer saw a large number of data breaches at high-profile companies. The legal picture surrounding breaches is complex. Current federal law requires notification of consumers in the event of a breach only in limited circumstances, while nearly every state has its own version of a data breach law.
9) HIPAA Privacy Rule
The HIPAA Privacy Rule contains provisions addressing the use of patients’ health data for marketing and research, breach of patient data, and the right of patients to access data held by care providers. While the rule was a landmark in health privacy protection, it is fast becoming obsolete in the digital age. Over the past year and a half, the U.S. Department of Health and Human Services has issued several proposals to update the HIPAA Privacy Rule and other related regulations. The final rule, expected in coming weeks, could bring significant changes to the health privacy rights of patients.
10) Internet Neutrality
This perennial tech issue will again be in the spotlight when the FCC publishes its Internet Neutrality rules this fall.
Click to view this email in a browser
If you no longer wish to receive these emails, please reply to this message with "Unsubscribe" in the subject line or simply click on the following link: Unsubscribe
Center for Democracy & Technology
1634 I St.
Washington, District of Columbia 20006
Read the VerticalResponse marketing policy.