Newer posts are loading.
You are at the newest post.
Click here to check if anything new just came in.

November 27 2012

U.S. Senate to consider long overdue reforms on electronic privacy

In 2010, electronic privacy needed digital due process. In 2012, it’s worth defending your vanishing rights online.

This week, there’s an important issue before Washington that affects everyone who sends email, stores files in Dropbox or sends private messages on social media. In January, O’Reilly Media went dark in opposition to anti-piracy bills. Personally, I believe our right to digital due process for government to access private electronic are just as important.

Why? Here’s the context for my interest. The silver lining in the way former CIA Director David Petraeus’ affair was discovered may be its effect on the national debate around email and electronic privacy, and our rights in a surveillance state. The courts and Congress have failed to fully address the constitutionality of warrantless wiretapping of cellphones and the location of “persons of interest.” Phones themselves, however, are a red herring. What’s at stake is the Fourth Amendment in the 21st century, with respect to the personal user data that telecommunications and technology firms hold that government is requesting without digital due process.

On Thursday, the Senate Judiciary Committee will consider an update to the Electronic Communications Privacy Act (ECPA), the landmark 1986 legislation that governs the protections citizens have when they communicate using the Internet or cellphones. (It’s the small item on the bottom of this meeting page.)

If you somehow missed the uproar online last week, the tech policy world went a bit nutty when CNET’s Declan McCullagh broke a story about Senator Patrick Leahy (D-VT) rewriting the text of his ECPA amendment.

By the end of the day, Senator Leahy said he would not support that proposal, but what the draft reflected is pressure from law enforcement and federal regulatory agencies to not only keep warrantless access open but to enshrine it in law.

Today, Senator Leahy’s office posted a manager’s amendment and summary of changes for the committee’s consideration.

“The manager’s amendment is vastly improved, as compared to the controversial one last week,” said Greg Nojeim, senior counsel at the Center for Democracy & Technology and the director of its Project on Freedom, Security & Technology, in a phone interview.

“We support the manager’s amendment, and will support the bill,” he said. “It will establish a clear, consistent standard for law enforcement access to content. It will require a warrant going forward. This is a huge improvement over current law and will bring ECPA into the modern age.”

In a post on the amendment at CDT.org, Nojeim reiterated CDT’s support. “It will protect consumer privacy, remove the uncertainty law enforcement currently faces, and foster the growth of U.S. cloud computing companies, which will be able to promise their clients that the information they store in cloud will be as secure against government access as information stored locally,” he wrote.

Verify, then trust

This week, the senators on the Judiciary Committee are likely to continue be under some pressure to suggest changes to this amendment that would weaken the protections in it. The manager’s amendment already contains some concessions to law enforcement, with respect to extending the time periods after which the federal government must notify an individual that government has obtained electronic communications, or that a service provider must wait to inform that individual that those records have been obtained.

There’s also clarity that the search warrant requirement in this amendment does not apply to federal anti-terrorism laws, specifically the Foreign Intelligence Surveillance Act (FISA).

“We believe that they’ve kept the central protection in the manager’s amendment, that law enforcement must obtain a warrant to read private communications or digital content, such as documents stored in the cloud,” said Chris Calabrese, legislative counsel for the ACLU, in a phone interview. “That’s a huge privacy win, and we’re glad to see that that’s stayed in.”

Senator Leahy’s statement, however, does leave room for debate:

“I welcome the upcoming Senate Judiciary Committee debate on updating the Electronic Communications Privacy Act (ECPA) to better protect Americans’ digital privacy rights. Today, this critical privacy law is significantly outdated and out-paced by rapid changes in technology and the changing mission of our law enforcement agencies.

“When I led the effort to write the ECPA more than 25 years ago, no one could have imagined that emails would be stored electronically for years or envisioned the many new threats to privacy in cyberspace. That is why I am working to update this law to reflect the realities of our time and to better protect privacy in the digital age. I join the many privacy advocates, technology leaders, legal scholars and other stakeholders who support reforming ECPA to improve privacy rights in cyberspace. I hope that all members of the Committee will join me in supporting the effort in Congress to update this law to protect Americans’ privacy.”

The other side of the issue is represented by a diverse coalition of digital rights advocates that spans traditional ideological labels. Notably, Americans for Tax Reform and the American Civil Liberties Union (ACLU) agreed that electronic privacy deserves a bipartisan upgrade.

The coalition is urging people to go to VanishingRights.com to tell their senators to support warrants for personal electronic communication.

I think they’re on the right side of history.

September 23 2010

ECPA reform: Why digital due process matters

Yesterday, the Senate held a hearing on proposed updates to the Electronic Communications Privacy Act, the landmark 1986 legislation that governs the protections citizens have when they communicate using the Internet or cellphones. Today, the House held a hearing on ECPA reform and the revolution in cloud computing.

While the vagaries of online privacy and tech policy are far out in the geeky stratosphere, the matter before Congress should be earning more attention from citizens, media and technologists alike.

"Just as the electric grid paved the way for industrial economy, cloud computing paves the way for a digital economy," testified David Shellhuse of Rackspace.

So to take it one step further: updates to the ECPA have the potential to improve the privacy protections for every connected citizen, cloud computing provider or government employee. "Advances in technology depend not just on smart engineers but on smart laws," testified Richard Delgado of Google. Salgado highlighted Digital Due Process, in concert with a new post on ECPA reform at the Google Public Privacy blog.

After the hearing yesterday, I interviewed digital privacy and security researcher Chris Soghoian about what's at stake. Soghoian, until recently the resident geek at the Federal Trade Commission, explained why the Digital Due Process coalition is pushing for an ECPA update for online privacy in the cloud computing age.

“From the perspective of industry and definitely the public interest groups, people shouldn’t have to consider government access as one of the issues when they embrace cloud computing,” said Soghoian. “It should be about cost, about efficiency, about green energy, about reliability, about backups, but government access shouldn’t be an issue.”

Members of the coalition include Google, Microsoft, AT&T, AOL, Intel, the ACLU and the Electronic Frontier Foundation. "Users of cloud services must have confidence that their data will have privacy protections from government and from providers," testified Mike Hintz of Microsoft, who said that his company "regularly hears from enterprises that moving data to the cloud affects privacy."

Below, ACLU legislative counsel Chris Calabrese talks about email, cloud computing and what's at stake with proposed updates to the Electronic Communications Privacy Act.

In the next video, Indiana University professor Fred Cate talks about electronic privacy protections for email under the current laws and and what updates to the Electronic Communications Privacy Act could mean. [Testimony]

Below, Princeton computer science professor Ed Felten talks about proposed updates to the Electronic Communications Privacy Act in the context of the shift to cloud computing. "In an ideal world, people would be deciding to use on the cloud based on efficiency and cost," testified Felten. Privacy concern alter the choices of businesses and consumers. When ECPA was first written, he said, "the founder of Facebook was 2 years old." To say much has changed in technology since 1986 would be a considerable understatement. [Testimony]

Finally, Wharton professor Kevin Werbach talks about why the Electronic Communications Privacy Act is important to reducing friction and uncertainty for cloud providers and their customers. "A drop in trust in online intermediaries will add more friction to the Internet economy," he said. [Testimony]

Older posts are this way If this message doesn't go away, click anywhere on the page to continue loading posts.
Could not load more posts
Maybe Soup is currently being updated? I'll try again automatically in a few seconds...
Just a second, loading more posts...
You've reached the end.

Don't be the product, buy the product!

Schweinderl