Online privacy

When the Obama administration was designing Deferred Action for Childhood Arrivals (DACA), privacy was a chief concern for immigration advocates, who worried about having undocumented immigrants identify themselves to the government. So US Citizenship and Immigration Services (USCIS) vowed it would wall off that data, protecting it from other agencies, including Immigration and Customs Enforcement (ICE), that wanted to use it for deportation purposes. But because DACA was merely a policy, not a law, even the framers of this process knew full well that that promise to Dreamers was not binding. Even if the Dreamer data remains confidential, however, immigration advocates fear that ICE already has all the information it needs to target Dreamers where they work.

One reason many Dreamers applied for the program, after all, is to receive a work permit. Many employers use a system called e-verify to keep tabs on their employees’ immigration statuses. If President Donald Trump reverses DACA protections and stops renewing those permits, there’s not much stopping ICE from showing up at an employer's office the day after an employee's DACA permit expires.

Travis LeBlanc, former Federal Communications Commission Enforcement Bureau chief under Democratic Chairman Tom Wheeler, has been tapped to help oversee compliance with the European Union-U.S. Privacy Shield Framework. That is the agreement between the EU and the US over protecting the privacy of cross-border information flows. He will be one of 20 arbitrators—16 have been chosen with four more to come—who will decide claims of violations of the framework obligations. They are a court of last resort if parties fail to resolve issues with the relevant data protection authorities. They are being chosen from a list supplied by both the EU and Commerce.

LeBlanc is a partner in the DC and Palo Alto (CA) offices of law firm Boies Schiller Flexner. The privacy shield replaces the safe harbor agreement that a European Union court invalidated in October 2015 over concerns about the US being able to hold up its end of the agreement given the government surveillance revealed by the Edward Snowden leaks. The framework requires companies to provide notice of what personal information is being collected and stored, the purposes it is used for, and an "opt out" mechanism.

After a data breach exposes sensitive information, agencies usually offer victims credit monitoring as a catch-all solution to prevent fraud. But a group of lawmakers isn't convinced that strategy always gets the job done. “We are concerned that the popular response may reflect factors unrelated to the actual protection of breach victims,” House Energy and Finance Committee Reps Frank Pallone, Jr., (D-NJ), Diana DeGette (D-CO), and Jan Schakowsky (D-IL) wrote in a letter to the Government Accountability Office. “Reliance on these products after the breach may result in consumers being lulled into a false sense of security.” They requested GAO examine how effective current strategies work for various types of breaches, the extent of the protection each one offers, and the factors agencies weigh in choosing a response to a breach. Lawmakers also would like GAO to see if there are better solutions not currently being offered.

The internet has always been a swamp of ambiguity, especially where doxing is concerned. But as doxing continues to evolve as the preferred tactic of both far right and left wing internet factions, it’s important to take a hard look at what each side is trying to accomplish. While the two sides use different logic to justify their actions, the true result is the same and even cumulative—leading to an arms race of financially incentivized, shame-slinging vigilantes.

House Communications Subcommittee Chairman Marsha Blackburn (R-TN) has been critical of Silicon Valley's default position on network neutrality and its privacy practices. But she says she found common ground during a recent visit to tech companies on the West Coast: "I think with a broad brush that it is fair to say that when it comes to broadband expansion they are all incredibly interested about how we're going to do and what we're going to do," she said. Here's what else she had to say:

On net neutrality: She said that companies want "to have their say and to do something on where there is agreement." It remains to be seen, however, whether there'll be enough agreement for all the parties involved to hammer out a deal.

On her privacy proposal: Blackburn has introduced a bill that would require web firms like Facebook and Google (as well as ISPs) to get permission before letting marketers use customers' data to target ads. "I am positive," she said of her outlook on the proposal. "I'm optimistic." She said a "real win would be to have an aggressive discussion" about the issue in the fall.

On free speech on the internet: We also asked her about her views on internet companies removing hate speech from their platforms or systems, which some say raise questions of free speech in a world where private companies have a lot of control over who sees what points of view. She said it's "something that will come up in discussion" down the road about the responsibility that web companies have.

Is the data you share publicly on social networking sites like an announcement in a public place, where speech and information gathering are protected under the First Amendment? Or is it more like something uttered on private real estate, where the owner can prohibit trespassers as they wish? That quandary recently emerged in a California courtroom, where two of the country’s most eminent constitutional lawyers squared off in a high-stakes battle between a data giant and a tiny startup.

The Federal Communications Commission plan to repeal network neutrality rules depends partly on the argument that antitrust rules can protect consumers and websites from bad behavior by Internet service providers. FCC Chairman Ajit Pai's Notice of Proposed Rulemaking that proposes overturning the rules seeks comment on whether "the existence of antitrust regulations aimed at curbing various forms of anticompetitive conduct" makes the current net neutrality rules unnecessary. But even a prominent opponent of the current net neutrality rules that Chairman Pai wants to overturn says that antitrust isn't robust enough to protect consumers and websites from ISPs.

This anti-antitrust argument comes from economist Hal Singer, who opposed the FCC's 2015 decision under then-Chairman Tom Wheeler to impose net neutrality rules by reclassifying ISPs as common carriers under Title II of the Communications Act. Chairman Pai has repeatedly said that Singer's research on alleged network investment declines proves that the net neutrality rules have been harmful. Singer has derisively called the current net neutrality framework, "the Wheeler tax." But on the question of whether antitrust rules can protect consumers from net neutrality violations, Pai and Singer do not agree.

A District of Columbia judge ruled that a Web host provider must provide the government with digital data from a website widely used to help organize protests against President Donald Trump’s inauguration in January. The ruling by District of Columbia Superior Court Chief Judge Robert E. Morin marked a win for the government, although Judge Morin said he would supervise the government’s use of the data it collects from Web host DreamHost. Chris Ghazarian, general counsel for DreamHost, said the company needed to review the ruling before deciding whether to appeal.

In a 90-minute hearing Aug 24, Judge Morin ruled from the bench that DreamHost must provide the government with all other data from disruptj20.org that it sought under the search warrant. But Judge Morin put restrictions on what they could do with the material. He ruled that the government must disclose how they plan to review the data, identify those involved in the process, and explain how they will avoid collecting protected information about "innocent visitors" to the website. Judge Morin also limited the scope of the search from when the website domain was created in October 2016 to Inauguration Day on Jan. 20. He also said Justice cannot distribute or publicize the data it collects, including to any other government agency.

[Commentary] Silicon Valley is an extractive industry. Its resource isn’t oil or copper, but data. Companies harvest this data by observing as much of our online activity as they can. This activity might take the form of a Facebook like, a Google search, or even how long your mouse hovers in a particular part of your screen. Alone, these traces may not be particularly meaningful. By pairing them with those of millions of others, however, companies can discover patterns that help determine what kind of person you are – and what kind of things you might buy.

These patterns are highly profitable. Silicon Valley uses them to sell you products or to sell you to advertisers. But feeding the algorithms that produce these patterns requires a steady stream of data. And while that data is certainly abundant, it’s not infinite. To increase profits, Silicon Valley must extract more data. One method is to get people to spend more time online: build new apps, and make them as addictive as possible. Another is to get more people online. This is the motivation for Facebook’s Free Basics program, which provides a limited set of internet services for free in underdeveloped regions across the globe, in the hopes of harvesting data from the world’s poor.

After controversy over a broad search warrant that could have identified visitors to an anti-Trump website, the Justice Department says it’s scaling back a demand for information from hosting service DreamHost. Recently, DreamHost disclosed that it was involved in a legal dispute with the department over access to records on the website “disruptj20.org,” which organized protests tied to Donald Trump’s inauguration.

In a legal filing Aug 22, the Justice Department argues that the warrant was proper, but also says DreamHost has since brought up information that was previously “unknown.” In light of that, it has offered to carve out information demanded in the warrant, specifically pledging to not request information like HTTP logs tied to IP addresses. The DOJ says it is only looking for information related to criminal activity on the site, and says that “the government is focused on the use of the Website to organize, to plan, and to effect a criminal act — that is, a riot.” Peaceful protestors, the government argues, are not the targets of the warrant.