International Association of Privacy Professionals

[Commentary] Fallout from a vote to roll back the Federal Communications Commission's broadband privacy rules continues to ripple through the US. Gigi Sohn, a former FCC staffer and advisor to previous FCC Chairman Tom Wheeler, said, "I think the fervor over this is not going to die down anytime soon," adding, "I think it's going to become an election issue. This is something everybody can understand." The roll back could have broader surveillance fallout as well. At least, that's what law professor Paul Ohm contends in an op-ed for The Washington Post. Not splitting hairs whatsoever, Ohm writes, "Once Trump signs the bill, diminishing the FCC's power to police privacy online, ISPs will feel empowered — perhaps even encouraged – by Republicans (no Democrats voted for this measure) to spy on all of us as they never have before. And spy they will." It's too early to tell whether this week's rollback will ultimately cost Republicans political capital, but for now, the headlines are still humming — right or wrong.

[Commentary] I often run across the belief, expressed in print or in person, that Section 702 of the FISA Amendments Act allows for bulk collection of information and that it offers no protections whatsoever for non-US persons. Both of these are urban legends; neither of them is factually correct. 702 does not allow collection of bulk data, and 702 does not allow indiscriminate collection of non-US-person communication.

As I testified to Congress, it’s my belief, based on my personal experience and professional judgment, that Congress drew the balance of authority and restrictions in the right place when it enacted FAA 702 in 2008 and when it reauthorized it in 2012. This year provides an important opportunity to FISA Amendments Act to be carefully scrutinized once again. But as Congress continues its work, it’s worth remembering that things that aren’t broke don’t need fixing. Sometimes they just need to be extended as-is.

[April Doss is a partner and chair of the Cybersecurity and Privacy practice group at Saul Ewing. Prior to that, she spent over a decade at the National Security Agency, where she was the Associate General Counsel for Intelligence Law. ]

[Commentary] Since the 1990s, the Federal Trade Commission has established privacy and data security as a new regulatory area, through dozens of enforcement actions — which scholars have called “a new common law of privacy” — policy reports, and research workshops. Throughout this period, spanning three decades and a transition from the dawn of personal computing and the commercial internet to an age of machine-to-machine communications, smart cars, wearable devices, big data, and the cloud, Jessica Rich, who announced her departure recently as director of the Bureau of Consumer Protection, has conceived, initiated, driven, and spearheaded the agency’s emergence as the nation’s primary technology regulator. Through a long series of cautious, incremental steps, always meticulous, never flashy, and often with a wry joke and a smile, Rich built the foundation for a substantial body of law, setting the standard for technology regulators in the US and abroad.

[Omer Tene is Vice President of Research and Education at the International Association of Privacy Professionals. He is an Affiliate Scholar at the Stanford Center for Internet and Society and a Senior Fellow at the Future of Privacy Forum.]

[Commentary] Under Chairwoman Ramirez, the Federal Trade Commission has truly become the Federal Technology Commission. Despite repeated calls for privacy legislation and tighter control of the data broker industry, the FTC continues to face unregulated pockets of the data ecosystem armed by only its broad authority against unfair or deceptive trade practices, which dates back to 1914. With that, after three years in office and six years as FTC Commissioner, Ramirez leaves the agency stronger and better equipped to deal with the challenges of the next years.

[Omer Tene is an Affiliate Scholar at the Stanford Center for Internet and Society and a Senior Fellow at the Future of Privacy Forum.]

[Commentary] Though it is not yet clear how a President Trump will come down on privacy issues specifically, based on past comments and insights from thought leaders in the space, there are several trends that could emerge.

President-elect Trump has consistently referred to himself as the "law-and-order" candidate and was outspoken about giving law enforcement tools for accessing digital communications. Some worry that means a greater potential for a government-supported mandate for backdoors into encrypted communications. Together with the re-election of Sen Richard Burr (R-NC), who led efforts in the past year to draft legislation mandating law enforcement access to encrypted communications, a Trump presidency, at the very least, offers some uncertainty here. "I imagine (Trump) is going to be a guy who is probably going to mandate back doors," said Strategic Cyber Ventures Chief Operating Officer Hank Thomas. A former National Security Agency official, Thomas added, "I don't think he's ultimately going to be a friend to privacy, and the fearful side of me says he will get intelligence agencies more involved in domestic law enforcement."

[Commentary] The Federal Communications Commission recently released a Fact Sheet announcing FCC Chairman Tom Wheeler had circulated to his fellow Commissioners a proposed Order with new privacy rules for Internet service providers, along with some high-level details of his proposal. In the spirit of the election-year, five statements from the Fact Sheet and the Chairman’s blog are highlighted and evaluated below.

1) "These rules...are in harmony with other key privacy frameworks and principles -- including those outlined by the Federal Trade Commission and the Administration's Consumer Privacy Bill of Rights." -- False
2) "Your ISP has a broad view of all of your unencrypted online activity -- when you are online, the websites you visit, and the apps you use." -- False
3) "91 percent of American adults say consumers have lost control over how their personal information is collected and used by companies, according to Pew Research Center." -- Misleading
4) "There are currently no rules in place outlining how ISPs may use and share their customers' personal information." -- Misleading
5) "The Chairman' Proposed Rules 'do not regulate the privacy practices of websites or apps, like Twitter or Facebook, over which the FTC has authority." -- True

[Christin McMeley, CIPP-US, is the Chair of DWT's privacy and security practice.]