Online privacy

[Commentary] Congress is about to make a major decision about privacy protection, civil liberties and national security. The 2008 Foreign Intelligence Surveillance Amendments Act, including its most controversial provision, Section 702, is set to expire on Dec. 31. The two of us — both members of the panel that President Barack Obama appointed in 2013 to review the government’s foreign intelligence programs in the wake of Edward Snowden’s disclosures — agree that FISA Section 702 should be reauthorized but with a significant reform.

The government should no longer be permitted to search the data collected under Section 702 without a warrant when seeking information about US citizens and legal permanent residents. There is, however, one aspect of the way the 702 program has evolved that we believe needs to change: the FBI’s practice of searching the data for information on Americans without first obtaining a warrant. Americans are entitled to full protection of their privacy. They should not lose that protection merely because the government has information in a foreign intelligence database that it legally acquired. Importantly, the government collected that information by using a standard that could not be legally be employed to target an American anywhere in the world.

[Geoffrey Stone is a law professor at the University of Chicago. Michael Morell was the deputy director of the CIA from 2010 to 2013 and twice served as acting director.]

In June, an Apple security engineer wrote a blog post that sent the bustling, $83 billion digital ad industry reeling. In it, he described a new feature, recently rolled out in the latest version of Apple’s Safari web browser, to limit so-called cross-site tracking, where advertising networks and other services can monitor behavior from site to site. The feature, called Intelligent Tracking Prevention (ITP), uses machine learning to spot trackers in the act and limit their reach. The feature quickly won praise from privacy advocates–the Electronic Frontier Foundation called Apple’s move “an important step to protect your privacy.” The online advertising sector has not been as supportive.

In a letter published in Sept, a group of industry groups slammed the software rollout as harmful to ad-supported sites and consumers alike. They argue that Apple’s move substitutes the company’s standards for industrywide conventions around cookies, the digital files used to record user behavior and settings online, and will lead to consumers seeing less relevant and useful ads. Safari, the letter said, “breaks those standards and replaces them with an amorphous set of shifting rules that will hurt the user experience and sabotage the economic model for the internet.”

The European Union courts will hear a case with a massive impact on Facebook and other American internet service companies. The case, which an Irish court on Oct 3 referred to the Court of Justice of the European Union, revolves around where companies can store personal information.

Max Schrems is suing Facebook under the claim that, so long as the United States allows bulk surveillance programs, the US cannot guarantee that data stored on servers located on its shores abides by the EU’s stringent personal data protections laws. Currently, Facebook and other companies use what are known as “standard contractual clauses” to assure European users that their personal information is being protected. Schrems launched a similar case against an earlier treaty between the United States and European Union to cover cross-boarder data storage known as Safe Harbor, which the European courts eventually nixed. Safe Harbor was replaced by a new treaty, Privacy Shield, which is undergoing similar challenges. If courts continue to find US protections for European Citizens data insufficient, it could result in US internet service companies being unable to do business with Europe without setting up specialized servers there.

The FBI does not have to reveal the identity of a vendor that helped it unlock the iPhone of one of the shooters in the 2015 San Bernardino terror attack, or the price it paid for the vendor’s services, a federal judge ruled.

In summary judgment issued Sept 30, US District Judge Tanya Chutkan in the District of Columbia wrote that the FBI had shown that releasing the vendor’s name “could be reasonably expected to cause harm to national security interests by limiting the FBI’s present and future ability to gain access to suspected terrorists’ phones.” She also wrote that disclosure of the vendor’s identity would “risk disclosure of a law enforcement technique and create a reasonably expected risk of circumvention of the law.” The judge also ruled that releasing the amount paid could also cause a “reasonably expected risk of harm to national security,” as the price could “logically reveal how much the FBI values gaining access to suspects’ phones, and the breadth of the tool’s capabilities.” The ruling comes in response to a lawsuit filed last year by three news organizations under the Freedom of Information Act.

Rep Ted Lieu (D-CA) is a naturalized American citizen, having emigrated from Taiwan as a young child. Earlier in Sept, under a new proposed policy, the Department of Homeland Security said it will begin collecting public social media information about immigrants—possibly also green card holders and naturalized citizens—and include them as part of their so-called "Alien File."

Because of this ambiguity, Rep Lieu—who is very active on Twitter—has a basic question in a Sept 29 letter for Acting DHS Secretary Elaine Duke: "Does your proposed rule apply to me?" Rep Lieu, who said he has lived in the United States for over four decades and who holds the rank of colonel in the United States Air Force Reserves, also raised concerns that if enacted, the rule will be ineffective. Why does he think this? Because DHS’ own inspector general report found in February 2017 that previous "social media screening" pilot programs "lack criteria for measuring performance to ensure they meet their objectives."

[Commentary] Section 702 of the Foreign Intelligence Surveillance Act illustrates the value of sunsets. Its termination date is December 31, 2017, unless reauthorized by Congress. Experience since its enactment by in 2008 shows that section 702 has created a hole in the Fourth Amendment’s protection of privacy big enough to house the Pentagon.

Chairman of the House Judiciary Committee, Robert Goodlatte (R-VA), has an opportunity to become the James Otis of digital privacy by sponsoring legislation to cure section 702’s constitutional defects revealed by experience by requiring judicial warrants based on probable cause to justify invading the communications privacy of Americans.

[Bruce Fein is a constitutional scholar]

[Commentary] Today’s privacy rules are anything but clear. Internet content providers like Google, Facebook and Amazon are regulated for privacy by the Federal Trade Commission, the historic internet-privacy protection body. Internet-service providers that link consumers to the network, such as Verizon, AT&T and Comcast, were also regulated for privacy by the FTC until 2015, when the Federal Communications Commission classified internet access as a telecommunications service, stripping the FTC of that authority. Privacy is too important to be left to the whims of regulatory agencies.

Instead, Congress should consider taking an approach akin to the Browser Act (HR 2520), sponsored by Rep Marsha Blackburn (R-TN), that would unify privacy rules across the internet under the FTC, from operating systems to browsers to ISPs to edge content providers.

[Rick Boucher was a Democratic member of the US House of Representatives from Virginia for 28 years and chaired the House Communications Subcommittee. He is honorary chairman of the Internet Innovation Alliance (IIA) and head of the government strategies practice at law firm Sidley Austin]

The co-founders of the Congressional Privacy Caucus are concerned about a new Mattel baby monitor's ability to record and transmit sensitive information, as are a bunch of privacy activists. Sen Ed Markey (D-MA) and Rep Joe Barton (R-TX) wrote the toy company Sept 29 about their new, voice-controlled, Aristotle monitor. They described the device as a Wi-Fi enabled talking device with audio and video monitoring that could be in a child's room from birth through adolescence. They want to know how the device will monitor—photos, videos, voice recognition—how the information will be stored and protected, how parents' permission will be obtained, and whether the device is compliant with the Children’s Online Privacy and Protection Act (COPPA), which Sen Markey co-authored.

“In today's connected world, it is crucial we keep an eye on privacy and data security,” said Rep Barton. “That is the exact reason Senator Markey and I founded the Bipartisan Privacy Caucus over a decade ago. Our goal in the letter to Mattel is not to stifle innovation and product development, but to ensure that parents know how their child's data will be protected.”

The DC branch of the American Civil Liberties Union (ACLU) is helping three anti-Trump activists fight what they say is an overly broad government demand for their personal Facebook data. In “motion to quash” court documents filed this month, ACLU lawyers argue that letting federal investigators comb through the contents of individual Facebook pages amounts to an unjustified and unconstitutional invasion of privacy. The motion concerns an ongoing case in which the DOJ has been seeking information related to protests and rioting during the January 20 inauguration of President Trump.

Despite the fact that the case has been going on for months, the activists only recently learned that the US is interested in their Facebook data. While Facebook typically tells users about government warrants, a gag order initially prohibited it from doing so in this case. Facebook challenged that order and the government ultimately agreed to allow it to disclose the warrants.

The Senate majority is charging forward with plans to vote to reconfirm Federal Communications Commission Chairman Ajit Pai for another five years. Rehiring Pai to head the agency that oversees US communications policies would be a boon for the phone and cable companies he eagerly serves. But it would hurt everyone else who needs this agency to put our communications rights before the profits of monopoly-minded media giants. In the coming days, senators have the opportunity to intervene on the public’s behalf and fire Pai. Here are five reasons they should do so:
1. Net Neutrality Lies
2. Widening the Digital Divide
3. Sinclair Quid Pro Quo
4. First Amendment Fail
5. Assault on Online Privacy