August 9 - National Harbor, MD - Deven McGraw will participate on a panel entitled "The Barriers and Challenges to Using Secondary EHR Data"
August 13 - Washington, DC - Deven McGraw will speak at a briefing entitled "A Different Way of Thinking About Health Information"
The cybersecurity legislative rollercoaster came to an abrupt halt last week when negotiations in the Senate failed to reach agreement on how to structure and limit debate on the pending bill. CDT supported several amendments that would have bolstered privacy. Although legislative action on cybersecurity is halted for now, elements of the Senate bill may be brought up again in September. Below are some highlights of CDT's analysis of the legislative issues, which will be useful as the issues recycle.
Updating the Standards for Electronic Surveillance
Two Senators sought to use the Senate cybersecurity bill to advance amendments to the Electronic Communications Privacy Act (ECPA), the 25-year old law setting rules for government access to our electronic communications and other private data. One amendment, proposed by Senator Patrick Leahy, would require investigators to get a warrant to compel a service provider to disclose a person's email or private documents stored in the "cloud." The second, by Senator Ron Wyden, would require a warrant for tracking people through their mobile phones. (Both allowed exceptions for emergency circumstances.) The amendments would implement reforms recommended by a diverse coalition of tech companies, trade associations, think tanks and advocacy groups from across the political spectrum. Neither amendment was voted on; both remain pending, and both concepts are also embodied in freestanding legislation before the House and Senate Judiciary Committees.
Sharing Information and Protecting Privacy
Information sharing is a key issue in the cybersecurity debate. There is widespread agreement that some changes in the law are justified to allow private network operators to share threat information with each other and with the government. However, there are competing visions of how to achieve that goal. Senate Republicans, led by Senator John McCain, intended to push their SECURE IT Act as an amendment to the Cybersecurity Act. CDT and other privacy advocates opposed to the information sharing provisions of the SECURE IT Act for three reasons: The proposal's definition of cyber threat information is too broad; it would allow information disclosed to the government to be used for purposes unrelated to cybersecurity; and it would permit the information to be shared directly with the National Security Agency (NSA), a military spy agency. We prefer the information sharing language in the Cybersecurity Act sponsored by Senators Lieberman and Collins.
Fake Your Name, Go to Jail?
The Computer Fraud and Abuse Act (CFAA) is an important tool for fighting cybercrime. However, the statute is over broad and has been read to make it illegal to use an online service in violation of its Terms of Service. Under this theory, which the Justice Department has sought to defend, it is a federal crime, for example, for a 12 year old to lie about her age in creating a Gmail account. Separate amendments offered to the cybersecurity legislation by Senators Leahy and Charles Grassley would have increased the already severe penalties of the CFAA but also would have made it clear that violating a terms of service agreement was not a crime.
While the Senate failed to move on cybersecurity legislation, CDT's Alissa Cooper explained that defending networks from malicious hacking exploits depends in large part on the voluntary, cooperative efforts of network operators, device makers, and Internet users. The Broadband Internet Technical Advisory Group (BITAG) -- a group of technical experts dedicated to building consensus about broadband network management -- has released a series of targeted, balanced recommendations to help stifle at least one emerging type of network attack.
In order to support NTIA's multistakeholder convening around mobile privacy, CDT has set up an online forum for people to present and discuss ideas related to that effort: www.privacymsh.org.
Click to view this email in a browser
If you no longer wish to receive these emails, please reply to this message with "Unsubscribe" in the subject line or simply click on the following link: Unsubscribe
Center for Democracy & Technology
1634 I St.
Washington, District of Columbia 20006
Read the VerticalResponse marketing policy.