In this issue
Upcoming Events of Note
For more information about CDT, or to receive CDT's Tech Policy Download, click here.
CDT’s Tech Policy Download
Healthcare reform may be the top issue in Washington, but that hasn’t stopped policymakers from moving forward on other issues with serious implications for the Internet. From the recent proposal by regulators to establish Internet neutrality rules (covered in the previous issue of the Download) to a growing concern about online privacy, the technology policy framework is being debated and reshaped – not only in the US, but internationally as well.
Last week, the privacy officials of over three-dozen countries meeting in Madrid approved a resolution on international privacy standards. The detailed recommendations are based largely on the EU Data Protection Directive but also incorporate exceptions intended to accommodate modern business practices. Proponents of the resolution apparently intend it to serve as the basis for a binding treaty on data privacy, but it seems hard to see how that can happen. While the twin goals of the project seem unassailable -- to define a set of principles and rights that would guarantee the effective and internationally uniform protection of privacy, and to facilitate the international flows of personal data needed in a globalized world –concerns with the proposal include that it is too Euro-centric. CDT's President and CEO Leslie Harris was in Madrid and blogged her impressions of the privacy debate as viewed from Europe.
Creating, authenticating and protecting identity online are among the Internet’s hardest challenges, with implications for privacy, security and free expression. One set of approaches, known as “user-centric federated identity,” has great promise to make online interactions easier and more secure, while also giving users greater control over the elements of their identity. “User-centric” means that users control the disclosure of their credentials. Federated identities can be used on multiple sites across the Internet, avoiding the need for a complex set of logins, passwords and trust relationships with different Web sites and services. Done right, such an approach could improve the functionality and security of online interactions while minimizing the collection and transfer of identity information. Done poorly, however, user centric identity could harm both privacy and security. The federal government is now moving to test user centric identity in a series of pilot programs. Seeing both the potential and the risks in user centric identity, CDT has issued a new paper describing the fundamentals of the concept and setting forth a series of policy and governance questions – ranging from contract obligations to liability to privacy -- that we believe must be answered before development and deployment goes too far. CDT is eager to work with developers and other stakeholders to answer these questions and build the trust framework for the identity systems of the future.
In votes over the last two weeks, Senate and House Judiciary Committees rejected efforts to effectively rein in government powers expanded after 9/11. The Committees’ renewal of expiring PATRIOT Act provisions with only minor changes shows how little things have changed under the Obama Administration in the area of national security surveillance. CDT agrees that the government should have ample tools to prevent terrorism, but after 9/11 the pendulum swung too far and CDT has been working to restore checks and balances on government powers. We are focusing on National Security Letters, which are demands that FBI officials can issue, without judicial approval, to banks, telephone companies, ISPs and many others, demanding disclosure of financial and communications records. The numbers of NSLs swelled after the PATRIOT Act, to over 50,000 a year. The Justice Department’s own Inspector General found that the FBI was abusing the power. Yet the Obama Administration opposed proposals to limit the authorities, and the two Committees rejected limits that were even looser than those that Senator Obama had supported. You can get the details at our blog by clicking here.