Forward this to a friend
Click to view this message in a browser

In this issue

Tech Policy Outside the Beltway

Hiroshima, Japan
CDT Chief Computer Scientist Alissa Cooper will speak about location privacy at the 76th IETF meeting on November 12.
Link to event.

Upcoming Events of Note
CDT Senior Counsel Greg Nojeim will testify on computer security before a Senate Judiciary subcommittee on November 17.
Link to event.


For more information about CDT, or to receive CDT's Tech Policy Download, click here.


CDT’s Tech Policy Download

Healthcare reform may be the top issue in Washington, but that hasn’t stopped policymakers from moving forward on other issues with serious implications for the Internet. From the recent proposal by regulators to establish Internet neutrality rules (covered in the previous issue of the Download) to a growing concern about online privacy, the technology policy framework is being debated and reshaped – not only in the US, but internationally as well.

Taking the Next Step on Consumer Privacy

On December 7, the Federal Trade Commission begins a series of roundtable discussions exploring the privacy challenges posed by the vast array of 21st century technologies and business practices that collect and use consumer data. Last Friday, in anticipation of the FTC sessions, CDT filed comments calling on Congress and the FTC to play a larger role in ensuring that consumer interests are fully protected. Leading Internet companies have long agreed in principle that baseline federal privacy legislation would be good for both consumers and business, but agreement on the details of such legislation so far proven elusive. CDT’s comments, drawing on the concept of Fair Information Practices, provide a blueprint for a comprehensive, balanced and effective law that would reinforce industry self-regulatory efforts. CDT has been invited to outline its recommendations at the December 7 session.

Meanwhile, In Europe...

Last week, the privacy officials of over three-dozen countries meeting in Madrid approved a resolution on international privacy standards. The detailed recommendations are based largely on the EU Data Protection Directive but also incorporate exceptions intended to accommodate modern business practices. Proponents of the resolution apparently intend it to serve as the basis for a binding treaty on data privacy, but it seems hard to see how that can happen. While the twin goals of the project seem unassailable -- to define a set of principles and rights that would guarantee the effective and internationally uniform protection of privacy, and to facilitate the international flows of personal data needed in a globalized world –concerns with the proposal include that it is too Euro-centric. CDT's President and CEO Leslie Harris was in Madrid and blogged her impressions of the privacy debate as viewed from Europe.

Shaping the Future of Identity Online

Creating, authenticating and protecting identity online are among the Internet’s hardest challenges, with implications for privacy, security and free expression. One set of approaches, known as “user-centric federated identity,” has great promise to make online interactions easier and more secure, while also giving users greater control over the elements of their identity. “User-centric” means that users control the disclosure of their credentials. Federated identities can be used on multiple sites across the Internet, avoiding the need for a complex set of logins, passwords and trust relationships with different Web sites and services. Done right, such an approach could improve the functionality and security of online interactions while minimizing the collection and transfer of identity information. Done poorly, however, user centric identity could harm both privacy and security. The federal government is now moving to test user centric identity in a series of pilot programs. Seeing both the potential and the risks in user centric identity, CDT has issued a new paper describing the fundamentals of the concept and setting forth a series of policy and governance questions – ranging from contract obligations to liability to privacy -- that we believe must be answered before development and deployment goes too far. CDT is eager to work with developers and other stakeholders to answer these questions and build the trust framework for the identity systems of the future.

Reining in Government Surveillance Powers? Not Yet

In votes over the last two weeks, Senate and House Judiciary Committees rejected efforts to effectively rein in government powers expanded after 9/11. The Committees’ renewal of expiring PATRIOT Act provisions with only minor changes shows how little things have changed under the Obama Administration in the area of national security surveillance. CDT agrees that the government should have ample tools to prevent terrorism, but after 9/11 the pendulum swung too far and CDT has been working to restore checks and balances on government powers. We are focusing on National Security Letters, which are demands that FBI officials can issue, without judicial approval, to banks, telephone companies, ISPs and many others, demanding disclosure of financial and communications records. The numbers of NSLs swelled after the PATRIOT Act, to over 50,000 a year. The Justice Department’s own Inspector General found that the FBI was abusing the power. Yet the Obama Administration opposed proposals to limit the authorities, and the two Committees rejected limits that were even looser than those that Senator Obama had supported. You can get the details at our blog by clicking here.

If you no longer wish to receive this twice-monthly e-mail, please reply with "Unsubscribe" in the subject line or simply click on the following link: Unsubscribe

1634 I Street, NW
Suite 1100
Washington, DC 20006

Read the VerticalResponse marketing policy.

Try Email Marketing with VerticalResponse!