A Funny Thing Happened on the Way to the State of the Union
President Barack Obama will deliver the State of the Union address on Tuesday, January 20. But a funny thing happened in the run up to the speech: the President delivered all the punchlines. Well, maybe not all the punchlines and, for thems that watch telecommunications policy, it wasn’t all that funny. You see, as the New York Times pointed out, presidents typically keep State of the Union proposals secret until the last minute, hoping to maximize the political power of the speech. But the White House decided to reverse that strategy, rolling out proposals in the hope of building momentum for the address. And, as it turned out, a key issue the White House decided to focus on this week is the future of the Internet.
Back in November we shared with you President Obama’s network neutrality plan and, for public interest advocates, that’s about as much presidential attention you could hope for in a year. OK, some hoped net neutrality could appear in the State of the Union, pretty please. But on January 10, White House officials let the media know that the President would deliver a series of speeches this week calling for better safeguards against identity theft, improved privacy protection, enhanced cybersecurity for the government and private companies, and increased access to high-speed broadband connections across the country. Boom.
Privacy and Security in the Information
On Monday, January 12, President Obama became the first sitting president since, we think, Franklin Delano Roosevelt to visit the Federal Trade Commission which is celebrating its 100th anniversary. The focus of this speech was protecting values, prosperity and security in the Information Age. “I’m focusing on how we can better protect American consumers from identity theft and ensure our privacy, including for our children at school,” the President announced. “If we’re going to be connected, then we need to be protected.”
The President outlined four steps to protect identities and privacy:
- New legislation to create a single, national standard protecting Americans from identity theft. The Personal Data Notification & Protection Act clarifies and strengthens the obligations companies have to notify customers when their personal information has been exposed, including establishing a 30-day notification requirement from the discovery of a breach, while providing companies with the certainty of a single, national standard. The proposal also criminalizes illicit overseas trade in identities.
- Giving customers free access to their credit scores. Through this effort over half of all adult Americans with credit scores will now have access to this tool to help spot identity theft, through their banks, card issuers, or lenders.
- A new Consumer Privacy Bill of Rights. The Department of Commerce has completed public consultation on revised draft legislation enshrining principles from the Administration’s 2012 Consumer Privacy Bill of Rights. Within 45 days, the Administration will release this revised legislative proposal.
- Proposing the Student Digital Privacy Act, a bill to protect students’ personal information and privacy online. This bill, modeled on a landmark California statute, would prevent companies from selling student data to third parties for purposes unrelated to the educational mission and from engaging in targeted advertising to students based on data collected in school – while still permitting important research initiatives to improve student learning outcomes, and efforts by companies to continuously improve the effectiveness of their learning technology products.
- In addition, 75 companies signed a pledge to provide parents, teachers, and kids themselves with important protections against misuse of their data.
The President concluded his address saying, “We pioneered the Internet, but we also pioneered the Bill of Rights, and a sense that each of us as individuals have a sphere of privacy around us that should not be breached, whether by our government, but also by commercial interests. And since we’re pioneers in both these areas, I'm confident that we can be pioneers in crafting the kind of architecture that will allow us to both grow, innovate, and preserve those values that are so precious to us as Americans.”
Obama’s announcement met with some criticism. Writing for Politico, Katy Bachman noted that a privacy legislation agenda in the Republican-controlled Congress is a “long shot.” And voluntary initiatives, Bachman said, lack enforcement teeth. Some privacy advocates worry that the proposals will get little push after the State of the Union. “An unannounced but intended audience for the administration’s plan is to remove a serious obstacle to its plans for a U.S.-EU trade deal, known as TTIP,” or the Transatlantic Trade and Investment Partnership, said Jeff Chester, Executive Director of the Center for Digital Democracy. Consumer privacy has been one of the sticking points with EU officials who worry that the U.S. doesn’t have a comprehensive privacy framework.
And even privacy advocates are leery of a national data breach standard. “The Personal Data Notification and Protection Act would preempt stronger state laws and contains no private right of action,” said Marc Rotenberg, Executive Director of the Electronic Privacy Information Center. There are an awful lot of state level security breach notification laws -- 47 to be exact, plus separate ones by the District of Columbia, Guam, Puerto Rico and the Virgin Islands as of September, according to the National Conference of State Legislatures. But what the President calls a patchwork, many consumer privacy advocates see as a vital part of developing stronger protections. The state level, some experts say, is where the strongest protections currently exist and where new ones are now being created. The worry is that a national standard might include language to overrule stronger state level regulations, explained Edmund Mierzwinski, the Consumer Program Director at U.S. PIRG -- effectively turning it into a sort of "Trojan Horse" for industry interests.
Student and children's privacy advocates cheered the fact that the President had addressed their issue at all. Privacy advocates have raised concerns about technology in the classroom, saying that while adding software does have benefits for students, there's also a worry that using high-tech teaching tools is building a data profile that will be impossible for kids to escape down the line. The Washington Post noted that some big companies did not take the pledge to protect students’ data. Notably not on the list? Major education data players such as Amazon and Google, which both provide data, e-mail and other services to schools.
The Wall Street Journal noted that Google has its own privacy policies on its Google for Education website. Google says it does not offer, or plan to offer, ads in its Google Apps for Education services. Other Google student-privacy policies are more nuanced than the pledge President Obama endorsed January 12. The company says it doesn’t sell Google Apps for Education data to third parties and it only shares personal information with third parties in “exceptional circumstances,” such as student requests or when it is required by law. Google has previously been tripped up by signing industry pledges, which are legally binding in the U.S.
It would be troubling if companies "have a record of what you do in 1st grade, 3rd grade, high school and college," said Bradley Shear, an attorney who specializes in education and technology issues. Having such comprehensive data on children, he said, could lead to discrimination down the line when those students enter the workforce. "We want to see kids use the newest, latest and greatest technology," Shear said. "But absent strong federal law and privacy protections, how can we trust that our kids are not going to be discriminated against for what they're doing today?"
And keep in mind that some parents, educators, technologists and education privacy law scholars say there is little evidence to back up the marketing hype over personalized learning technology. While welcoming efforts to curb the use of educational data for advertising purposes, they contend that neither the industry pledge nor the California law that President Obama invoked as a model for federal student digital privacy legislation places any meaningful requirements on companies regarding the accuracy, efficacy or fairness of their novel digital learning products.
These advocates would like President Obama to push for legislation requiring companies to directly provide parents with comprehensive lists of the details they are collecting about students; to disclose how they use those details to categorize or rank students; and to describe the different treatment students might receive based on those rankings or categorizations. Currently parents don’t know which vendors have their kids’ data and what they are doing with it. “There’s this veil of secrecy. Parents would really appreciate that opportunity to know what is going on,” Rachael Stickland, a co-chairwoman of the Parent Coalition for Student Privacy.
Protecting our Digital Infrastructure
On Tuesday, the President was in Arlington, Virginia at the National Cybersecurity Communications Integration Center to speak about protecting American companies against cyber threats. He reiterated that protecting our digital infrastructure is a national security priority and a national economic priority. “The problem is that government and the private sector are still not always working as closely together as we should. Sometimes it’s still too hard for government to share threat information with companies. Sometimes it’s still too hard for companies to share information about cyber threats with the government. There are legal issues involved and liability issues. Sometimes, companies are reluctant to reveal their vulnerabilities or admit publicly that they have been hacked. At the same time, the American people have a legitimate interest in making sure that government is not potentially abusing information that it's received from the private sector,” the President said.
President Obama offered three steps to improve cybersecurity:
- Cybersecurity legislation that promotes greater information sharing between government and the private sector: It includes liability protections for companies that share information on cyber threats. Specifically, the proposal encourages the private sector to share appropriate cyber threat information with the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC), which will then share it in as close to real-time as practicable with relevant federal agencies and with private sector-developed and operated Information Sharing and Analysis Organizations (ISAOs) by providing targeted liability protection for companies that share information with these entities. And the proposed legislation includes essential safeguards to ensure that government protects privacy and civil liberties while safeguarding America’s critical information networks. Private entities would be required to comply with certain privacy restrictions such as removing unnecessary personal information and taking measures to protect any personal information that must be shared in order to qualify for liability protection. The proposal further requires the Department of Homeland Security and the Attorney General, in consultation with the Privacy and Civil Liberties Oversight Board and others, to develop receipt, retention, use, and disclosure guidelines for the federal government.
- An update for the authorities that law enforcement uses to go after cyber criminals: “We want to be able to better prosecute those who are involved in cyberattacks, those who are involved in the sale of cyber weapons like botnets and spyware. We want to ensure that we’re able to prosecute insiders who steal corporate secrets or individuals’ private information. And we want to expand the authority of courts to shut down botnets and other malware. The bottom line, we want cyber criminals to feel the full force of American justice, because they are doing as much damage, if not more, these days as folks who are involved in more conventional crime.”
- A White House summit on cybersecurity and consumer protection at Stanford University: The Summit will bring together major stakeholders on cybersecurity and consumer financial protection issues -- including senior leaders from the White House and across the federal government, CEOs from a wide range of industries including the financial services industry, technology and communications companies, computer security companies and the retail industry, as well as state government leaders, law enforcement officials, consumer advocates, technical experts, and students. Topics at the Summit will include increasing public-private partnerships and cybersecurity information sharing, creating and promoting improved cybersecurity practices and technologies, and improving adoption and use of more secure payment technologies.
Also this week, Vice President Joe Biden, Secretary of Energy Ernest Moniz, and White House Science Advisor John Holdren traveled to Norfolk State University in Norfolk, Virginia to announce that the Department of Energy will provide a $25 million grant over the next five years to support cybersecurity education. The new grant will support the creation of the Cybersecurity Workforce Pipeline Consortium, a new cybersecurity consortium consisting of 13 Historically Black Colleges and Universities (HBCUs), two national labs, and a K-12 school district.
Michael Daniel, Special Assistant to the President and Cybersecurity Coordinator, said of the actions announced at both the FTC and NCCIC, “Collectively, this week’s announcements kick off a new year in which we intend to make real progress in improving the nation’s cybersecurity. These actions demonstrate that we are taking steps to mobilize every element of our nation to rise to the challenge.”
Senate Commerce Committee Ranking member Bill Nelson (D-FL) responded to the President’s announcement by releasing a draft summary of the Data Security and Breach Notification Act of 2015, a bill he’s currently writing. The bill would make companies, under most circumstances, notify consumers of data breaches within 30 days. It also would direct the FTC to develop security standards to help businesses protect consumers' personal and financial data. Additionally, the legislation would provide incentives to businesses who adopt new technologies to make consumer data unusable or unreadable if stolen during a breach.
The Commerce Committee’s new chairman, Sen John Thune (R-SD), responded to the President’s announcement with, well, a bit of snark. He welcomed the President’s comments but accused him of being late to the game. “This level of personal engagement on legislation by the President certainly would have helped advance the bipartisan cybersecurity information sharing bill. President Obama’s engaged support for similar legislation this Congress would help address cyber threats, improve privacy protections, and would also begin to address concerns over the President’s go-it-alone approach of unilateral executive actions on cyber and other issues.”
House Commerce Committee Chairman Fred Upton (R-MI) and Commerce, Manufacturing, and Trade Subcommittee Michael Burgess (R-TX) said, “We welcome the president’s focus on this critical issue and look forward to working with the White House this year to enact meaningful legislation that will limit online threats and give consumers better peace of mind.”
Most industry players were giving the President props while taking the opportunity to argue, if subtly, that they were already addressing the concerns or that new federal mandates might not be the answer.
Faster, More Affordable Broadband
On Wednesday, President Obama traveled to Cedar Falls, Iowa to propose new ways to ensure that more communities have access to affordable, high-speed Internet. He highlighted that about 45 million Americans cannot purchase next-generation broadband. And, for those who do have access to high-speed broadband, most have only one provider to choose from. “And what happens when there’s no competition?” the President asked, “You’re stuck on hold. You’re watching the loading icon spin. You’re waiting, and waiting, and waiting. And meanwhile, you’re wondering why your rates keep on getting jacked up when the service doesn’t seem to improve.”
President Obama did not pick Cedar Falls by accident. Longtime Benton readers may recall our 2008 Action Plan for America, which highlighted the decision by local leaders there to deploy a citywide municipal high-speed fiber network around that town. In nearby Waterloo, local leaders chose to rely only on broadband provided by the private local phone and cable companies, which was slower and not as universally available as the fiber deployed in Cedar Falls. The result was that numerous companies and businesses relocated from Waterloo to Cedar Falls, creating new jobs, raising property values, and providing other economic benefits that were not enjoyed by Waterloo.
With more local investment and some federal support, Cedar Falls is now Iowa’s first Gigabit City. Subscribers to the Cedar Falls network enjoy speeds that are about 100 times faster than the U.S. average and pay “about the same price as some folks pay for a fully loaded cable bundle,” the President noted. The network, run by Cedar Falls Utilities, competes with options offered by Mediacom and CenturyLink: “You can pick the company that offers the best service at the lowest cost for your family’s needs. That’s how free markets and capitalism are supposed to work.”
But, the President cautioned, in 19 states there are laws that make it difficult or impossible for municipalities to replicate the successful investments Cedar Falls has. And, following up on his November call for strong net neutrality, the President said, “Today, I’m making my administration’s position clear on community broadband. I’m saying I’m on the side of competition. And I’m on the side of small business owners ... I’m on the side of students and schools. I believe that a community has the right to make its own choice and to provide its own broadband if it wants to. Nobody is going to force you to do it, but if you want to do it, if the community decides this is something that we want to do to give ourselves a competitive edge and to help our young people and our businesses, they should be able to do it.”
President Obama asked the Federal Communications Commission to “push back on those old laws” that restrict community broadband. The President’s call was followed up by a letter from the National Telecommunications and Information Administration, the Executive Branch agency that is principally responsible by law for advising the President on telecommunications and information policy issues, calling on the FCC to “ensure that communities have the tools necessary to satisfy their citizens' demand for broadband.”
In addition, the President:
- Directed the federal government to remove all unnecessary regulatory and policy barriers to broadband build-out and competition, and is establishing a new Broadband Opportunity Council of over a dozen government agencies with the singular goal of speeding up broadband deployment and promoting adoption for our citizens. The Council will also solicit public comment on unnecessary regulatory barriers and opportunities to promote greater coordination with the aim of addressing those within its scope.
- Will convene in June 2015 a Community Broadband Summit of mayors and county commissioners from around the nation.
- Announced that the Department of Commerce is launching a new initiative, BroadbandUSA, to promote broadband deployment and adoption. Building on expertise gained from overseeing the $4.7 billion Broadband Technology Opportunities Program funded through the Recovery Act, BroadbandUSA will offer online and in-person technical assistance to communities; host a series of regional workshops around the country; and publish guides and tools that provide communities with proven solutions to address problems in broadband infrastructure planning, financing, construction, and operations across many types of business models.
- Highlighted that the Department of Agriculture is accepting applications to its Community Connect broadband grant program and will reopen a revamped broadband loan program, which offers financing to eligible rural carriers that invest in bringing high-speed broadband to unserved and underserved rural areas.
“We're going to clear away red tape. We're going to foster competition. We're going to help communities connect, and help communities succeed in our digital economy,” the President said.
The President’s proposals met immediate resistance, especially from cable companies, the biggest providers of broadband service. “While government run networks may be appropriate in rare cases, many such enterprises have ended up in failure, saddling taxpayers with significant long-term financial liabilities and diverting scarce resources from other pressing local needs,” said Michael Powell, the head of the National Cable and Telecommunications Association. Powell also touted cable company investment, saying, “[t]he cable industry has invested over $230 billion to build robust broadband networks that reach 93 percent of U.S. homes.”
But, as Public Knowledge pointed out, "Without high-speed internet, communities cannot attract the same businesses and jobs as those with high-speed access can. It is unusual that state lawmakers would prohibit localities from creating economic development projects that bring high-speed internet to communities that don't have it. However, many of these state-level prohibitions were crafted to satisfy the demands of the big cable and telecommunications companies that have monopoly style control as the only provider in town."
FCC Commissioners Ajit Pai and Michael O’Rielly were broth critical of Obama, stressing that the FCC is an independent agency. But FCC Chairman Tom Wheeler noted that the FCC has been working diligently to expand broadband deployment and increase consumer choice and competition nationwide, including reviewing complaints from cities that have been prohibited from providing competitive high-speed alternatives.” Multichannel News reported this week that the FCC will vote on those complaints at its February 26 open meeting.
Putting the Week in Perspective
As the President made his announcements early this week, Brian Fung of the Washington Post noted that how Congress handles these proposals will tell us a great deal about what we can expect from Obama's remaining years in office. A national standard for data breaches, keeping students' electronic data out of the hands of some commercial entities, heck, even municipal broadband, are all popular, bipartisan ideas.
"Republicans are clearly acknowledging they need to find areas they need to legislate," said Chris Calabrese, a policy analyst at the Center for Democracy and Technology. "I think privacy is bipartisan; student privacy is something that ... people have always embraced privacy for kids." Privacy and cybersecurity, in other words, should be low-hanging fruit, said David Vladeck, a Georgetown University law professor. "Both houses of Congress have at various times passed various pieces of legislation on data security," he said. "By and large, these are not contentious issues along partisan lines."
But can the GOP-controlled Congress deliver? Can it govern? If Obama and Congress fail to make much progress together on these issues, it would be a foreboding sign. Just because the issues attract bipartisan support doesn't mean it'll be easy to strike a bargain: a number of factors could make reaching a deal surprisingly more difficult than some realize. Expect an intense lobbying effort by industry to defeat any new rules that impose burdensome requirements.
Past the substance of this week’s announcements, we may, Politico suggests, have just witnessed the creation of a new model for the State of the Union -- not just for this year and next but for the next couple of presidents at least. Most of what’s in the speech the Administration already announced as part of Obama’s lead-up tour. White House aides say that may be it — they’re not interested in making big legislative asks for the GOP to reflexively shoot down. The rest of what the Administration will spend the year doing, White House aides say, they’ll parcel out in announcements over the rest of the year. That includes a budget proposal to be released soon.
Jennifer Palmieri, the White House communications director who’s done 11 State of the Unions between Clinton and Obama, argued to other senior staffers that the idea of building everything into one speech, in one hour of one night didn’t really make sense in 2015. Instead the Administration is betting it can get more attention for these proposals if it spaces them out. But when the President of the United States declares that privacy and identify protection, cybersecurity and municipal broadband are national priorities, as a public interest advocate, you’re off to a good year.
Benton’s coverage will continue day-by-day as the year unfolds – and we’ll see you in the Headlines.