Forward this message to a friend
Click to view this email in a browser

Data Breach, Security Bills Clear Senate Judiciary

The Dilemma of Deactivation

Petitioning Congress for ECPA Reform

Featured on Policy Beta

October 21, Paris, France - Leslie Harris will participate in discussions at New World 2.0 held by Eric Besson, French Minister for Industry, Energy, and the Digital Economy


The Senate Judiciary Committee has cleared three data breach bills, renewing efforts to establish federal standards for breach notification and data security. CDT issued principles and practices to guide companies deciding whether to deactivate a user's account or delete user generated content. And a remarkable left/right coalition, led by CDT, launched a petition campaign urging Congress to update the Electronic Communications Privacy Act.

Data Breach, Security Bills Clear Senate Judiciary

The Senate Judiciary Committee on September 22 reported three bills that would replace existing state data breach notification laws with a uniform federal rule. Under all three bills, if a covered entity concludes there is no significant risk of harm arising from a breach, it need only share the results of its risk assessment with the Federal Trade Commission. CDT believes that the "notify unless there is no harm" standard in these bills is superior to a "notify only if there is harm" model.

One of the reported bills, sponsored by Sen. Leahy, includes amendments to the Computer Fraud and Abuse Act. A welcome and important addition during markup was a provision designed to ensure that the CFAA is not used against people who merely violate contractual terms of service.

The Dilemma of Deactivation

As social media services struggle to preserve their reputations and serve their users' desires for a safe online environment, often there arises the difficult and complex decision about when and how to remove content and disable user accounts. Last year, CDT began working with Harvard's Berkman Center on Internet & Society to develop a set of guidelines that could help companies think through these issues. Building on a process initiated by the Global Network Initiative, and consulting with a wide range of social media companies, advocates, and academics, we crafted a set of practices for companies that host, and users who create, user-generated content. Our final report, titled "Account Deactivation and Content Removal: Guiding Principles and Practices for Companies and Users," lays out some of the steps that platform providers can take to reduce violations of their terms of service, minimize the harm to users whose content is removed or whose accounts are deactivated, and help users understand their own responsibilities with respect to the content they create.

Petitioning Congress for ECPA Reform

A CDT-led campaign urging Congress to update ECPA kicked off last week with the support of organizations spanning the political spectrum. ECPA, which passed in 1986, currently allows the government to read private email and track individuals through their mobile phones without a warrant. The petition urges Congress to update the law to require the government to get a warrant from a judge before conducting electronic surveillance, just as it needs a warrant to tap ordinary phone calls or search our homes. In addition to CDT, those promoting the petition include the ACLU, Americans for Tax Reform, the Electronic Frontier Foundation, the Competitive Enterprise Institute, the Computer and Communications Industry Association, TechFreedom, and the Bill of Rights Defense Committee.

CDT Urges Supreme Court to Extend Fourth Amendment to Police Use of GPS

Exploring just how different GPS technology is from the "bumper beepers" of old, CDT argued that the precision, persistence and comprehensiveness of GPS infringes on the average person's reasonable expectation of privacy, making the technology's use by law enforcement a "search" under the Fourth Amendment requiring the prior approval of a judge.

CDT, EFF, Public Knowledge File Brief in Domain Name Seizure Case

As a Spanish website appealed a US federal court decision refusing to order the prompt return of seized domain names, CDT joined EFF and Public Knowledge in an amicus brief telling the appeals court that the seizure of domain names constitutes a prior restraint requiring careful First Amendment scrutiny--something entirely absent from the lower court's cursory analysis.

Click to view this email in a browser

If you no longer wish to receive these emails, please reply to this message with "Unsubscribe" in the subject line or simply click on the following link: Unsubscribe

Center for Democracy & Technology
1634 I St.
Suite 1100
Washington, District of Columbia 20006

Read the VerticalResponse marketing policy.

Non-Profits Email Free with VerticalResponse!