Online privacy

[Commentary] With the understandable focus on the will-they-or-won't-they of congressional tax reform, one of the most important tasks facing Congress before year's end has garnered little national attention: reauthorization of the law that governs foreign intelligence surveillance on U.S. soil.  There is a growing sense in Congress that changes are needed to better protect Americans' privacy. One of the leading reform proposals is the USA Liberty Act, a bill introduced by a bipartisan group of House Judiciary Committee members that will be marked up in committee this week.

[Commentary]  With the offshore world so expansive and so in need of transparency, it often falls to journalists and those with access to leaked data to shine light on these secret dealings. Privacy is not an absolute right when the public interest is at stake. And so, journalists must face a difficult question before seeking to publish information that comes from hackers or other unauthorized leaks: Does this information directly affect the well-being of society?

Attorneys for a group of children have agreed to withdraw a long-running privacy lawsuit against Viacom. The document withdrawing the case, filed with US District Court Judge Stanley Chesler in New Jersey, doesn't indicate whether any money changed hands.

Attorney General Jeff Sessions is taking aim at technology firms for preventing law enforcement from accessing encrypted evidence for ongoing terror investigations, warning that such actions could have “deadly consequences.”  The issue has become a point of tension between tech companies and federal investigators in high-profile cases, such as the 2016 dispute between the FBI and Apple over data stored on an iPhone belonging to a suspect in the 2015 San Bernardino terror attack.  Sessions, who delivered remarks on national security in New York City, said that over the past year the FBI was

Google Docs threw some users for a loop when the service suddenly locked them out of their documents for violating Google’s terms of service. The weird part? The documents were innocuous. The alerts were caused by a glitch, but they served as a stark reminder that not much is truly private in the cloud. A Google spokesman said that a “code push” caused a small percentage of Google Docs to be incorrectly flagged as abusive, which caused them to be automatically blocked.

Verizon has asked the Federal Communications Commission to preempt any state laws that regulate network neutrality and broadband privacy. It is possible that state governments might impose their own rules to protect consumers in their states.

Sen Ed Markey (D-MA) and Rep Ted Lieu (D-CA) have teamed up to introduce a bill to boost IoT cybersecurity by creating a voluntary self-certification program under the Department of Commerce. The Cyber Shield Act would establish a voluntary cybersecurity program for the Internet of Things things, with input from an advisory committee comprising "academia, industry, consumer advocates, and the public" on benchmarks for security for consumer devices from baby monitors, cameras and cell phones to laptops and tablets. The goal is to have manufacturers hold themselves to "industry-leading cybersecurity and data security standards, guidelines, best practices, methodologies, procedures, and processes" for the reward of branding their products as such. Manufacturers would self-certify that their products met the benchmarks, and then could display a "Cyber Shield" label, like a "Good CyberHouseprotecting" seal of approval.

The committee will advise the Secretary of Commerce, who could elect not to treat a product as certified unless it was tested and accredited by an independent laboratory. The secretary would have two years from the enactment of the legislation to establish the cybersecurity benchmarks. The program would get a going over by the Commerce inspector general every two years staring not more than four years after enactment.

[Commentary] It is this committee’s mission to protect consumers, and in the coming months, we will be taking a more expansive look at the online experience to ensure safety, security, and an unfiltered flow of information. Recently, the Equifax data breach compromised the personal information of 145 million Americans, including social security numbers, addresses, credit card numbers, and more. This committee held a hearing on the breach and will continue to deeply scrutinize the staggering amount of personal information changing hands online and the business practices surrounding those transactions.

My colleagues and I will hold a separate hearing to assess identity verification practices, and determine whether they can be improved to protect personal data on the web even after a consumer’s information has been breached. These hearings are just the start of a long-term, thoughtful, and research-focused approach to better illuminate how Americans’ data is being used online, how to ensure that data is safe, and how information is being filtered to consumers over the web. While technology is responsible for a lot of positive change in our world, malignant behavior online can have consequences that are not fully disclosed to the American people.

At this moment, AI is at the center of every business conversation. Companies, governments, and researchers are obsessed with data. Not surprisingly, so are adversarial actors.

We are currently seeing an evolution in how data is being manipulated. If we believe that data can and should be used to inform people and fuel technology, we need to start building the infrastructure necessary to limit the corruption and abuse of that data — and grapple with how biased and problematic data might work its way into technology and, through that, into the foundations of our society.

[Commentary] One of the biggest cases for the US Supreme Court’s current term could mark a watershed moment for the Fourth Amendment. In Carpenter v. United States, the court will consider whether police need probable cause to get a search warrant to access cell site location information (CSLI), data that's automatically generated whenever a mobile phone connects to a cell tower. Not only does this case offer a chance to protect privacy rights for cell phones, Carpenter also provides an opportunity to reevaluate an antiquated legal theory, called the third-party doctrine, that underpins many government surveillance programs.

If the Supreme Court rules that CSLI falls outside the Fourth Amendment, warrantless searches will inevitably lead to wrongful seizures.

[Nick Sibilla is a legislative analyst at the Institute for Justice, a libertarian-leaning public interest law firm.]