Online privacy

Apparently, Sens Patrick Leahy (D-VT) and Mike Lee (R-UT) are expected to unveil legislation that will force the government to obtain warrants to look at American citizen’s e-mails. Sens Leahy and Lee’s bill, titled the ECPA Modernization Act of 2017, aims to update the Email Communications Privacy Act of 1986. The bill will initially be released without any cosponsors.

Currently, law enforcement can obtain Americans’ e-mail correspondence with a written statement saying that the e-mails are necessary to an investigation, a process that does not require judicial review. The new bill would change this and require law enforcement agencies to get warrants through a court to gain access to citizens’ e-mails. Apparently, the reforms would cover areas beyond email privacy like protections on metadata, and improvements to the current gag rules which allow the government to keep e-mail service providers from notifying users that their e-mails have been obtained. The bill has been extremely popular in the House, passing with an overwhelming, bipartisan majority the last two times it was introduced.

Where smart technologies are concerned, the expectation of privacy extends only from the consumer to machine. Once the machine communicates with an outside server – even where data is sent to a server controlled by the product's manufacturer – privacy is violated. Currently, law enforcement can obtain a search warrant compelling a third party to turn over data recorded by the smart device if the company can control or access the information.

The Supreme Court has yet to consider a case that specifically addresses whether, in an era of modern technology where we regularly choose to give personal data to third parties, a person should have an expectation of privacy in the information. As the law stands, once information is voluntarily disclosed to a third party, he does not. One case currently pending at the Supreme Court may tee up the issue of the Third Party Doctrine in the digital age, but until the Court takes on such a case, this premise holds true. It seems the one thing technologists and lawyers alike agree on is that the "right" to privacy could be overcome by technology very soon. The danger is that the new standard will become: You have the right to remain silent, but your smart home does not.

The European Union’s top court is set to decide whether the bloc’s “right to be forgotten” policy stretches beyond Europe’s borders, a test of how far national laws can—or should—stretch when regulating cyberspace. The case stems from France, where the highest administrative court on July 19 asked the EU’s Court of Justice to weigh in on a dispute between Alphabet's Google and France’s privacy regulator over how broadly to apply the right, which allows EU residents to ask search engines to remove some links from searches for their own names.

At issue: Can France force Google to apply it not just to searches in Europe, but anywhere in the world? The case will set a precedent for how far EU regulators can go in enforcing the bloc’s strict new privacy law. It will also help define Europe’s position on clashes between governments over how to regulate everything that happens on the internet—from political debate to online commerce. France’s regulator says enforcement of some fundamental rights—like personal privacy—is too easily circumvented on the borderless internet, and so must be implemented everywhere. Google argues that allowing any one country to apply its rules globally risks upsetting international law and, when it comes to content, creates a global censorship race among autocrats.

Sealed law enforcement requests to track Americans without a warrant through cellphone location records or Internet activity grew sevenfold in the past three years in the District, new information released by a federal judge shows. Details about the growth come as the US Supreme Court weighs whether to rein in such rapidly expanding demands. Legal experts said the disclosure appears to mark a first, and that neither the Justice Department nor private companies have previously made public such specific data about how often law enforcement agencies seek those court orders. The summary data gave counts of requests by year from 2008 through 2016 made in criminal cases handled by the Justice Department or US attorney’s office for the District. Details about each individual case, such as the name of a suspect or what records were sought, were not disclosed.

The requests were made under a 1986 statute that enables law enforcement agencies to obtain court orders requiring ­communication service providers to turn over records about individual customers. The orders do not apply to information about telephone calls, such as the time, date, duration and numbers dialed, which can be obtained in other ways. Instead, the requests seek individuals’ Internet connection records or cellphone tower records. Those records exclude the content of communications but can be highly valuable to investigators seeking to establish a history or pattern of movement, conduct or relationships. The information requests can include Internet browsing logs and activity; the time, date, size, sender and recipient of email, instant or social media messages, or other transaction records; as well as computer identification numbers and information about websites that a user accessed.

Apparently, Facebook, Alphabet's Google, Apple, and other major technology firms are largely absent from a debate over the renewal of a broad US internet surveillance law, weakening prospects for privacy reforms that would further protect customer data. While tech companies often lobby Washington on privacy issues, the major firms have been hesitant to enter a fray over a controversial portion of the Foreign Intelligence Surveillance Act (FISA), industry lobbyists, congressional aides and civil liberties advocates said. Among their concerns is that doing so could jeopardize a trans-Atlantic data transfer pact underpinning billions of dollars in trade in digital services, apparently.

Technology companies and privacy groups have for years complained about the part of FISA known as Section 702 that allows the US National Security Agency (NSA) to collect and analyze e-mails and other digital communications of foreigners living overseas. Though targeted at foreigners, the surveillance also collects data on an unknown number of Americans - some privacy advocates have suggested it could be millions - without a search warrant. Section 702 will expire at the end of 2017 unless the Republican-controlled Congress votes to reauthorize it. The White House, U.S. intelligence agencies and many Republican senators want to renew the law, which they consider vital to national security, without changes and make it permanent. A coalition of Democrats and libertarian-leaning conservatives prefer, however, to amend the law with more privacy safeguards.

States across the country are trying to figure how out to regulate consumer privacy in the digital ad space, but the battlefield to watch is Sacramento (CA). There, lawmakers are vetting a bill today that would require internet service providers like Verizon and Comcast to get permission from customers before sharing their data with marketers.

As the lines between media, tech and telecom companies blur, Internet providers and the web companies that use their pipes have a rare alliance in opposing the bill. They all have a stake in the fight as telecommunications companies buy media companies (think Verizon buying Yahoo and AOL) and web companies are, in some cases, working on their own connectivity initiatives (think Google Fiber). A new privacy law in California would be a threat to ISPs trying to break into the digital advertising market and the start of a slippery slope for the Facebook-Google duopoly.

[Commentary] Despite its name, the California Broadband Internet Privacy Act, awaiting votes in the state Senate, won’t do anything meaningful to protect consumer privacy on line. Instead, it will curb innovation and reduce competition, hurting consumers whose interests it purports to protect.

The measure, AB 375 by Assemblyman Ed Chau (D-Monterey Park), is intended to crack down on internet service providers that are allegedly selling sensitive personal web browsing information without consumers’ consent. Its backers argue that it will fill a supposed “privacy gap” left when Congress repealed Federal Communications Commission draft rules adopted during Barack Obama’s administration. Here’s why they’re wrong. First, the proposal attacks a nonexistent problem. Internet service providers have committed that they will seek permission from consumers before using sensitive personal information, such as health and financial data. Customers will have to affirmatively “opt in” before any such transaction could take place. So no one’s personal data is being sold. Second, even if a problem exists, there are legal tools to combat it. In short, there is no legislative privacy gap. Third, the state bill is based on a flawed proposal by the FCC. Don’t take my word for it. Ask America’s top privacy cop, the FTC.

[Jon Leibowitz, a partner at Davis Polk & Wardwell, was Federal Trade Commission chair from 2009-2013. He is co-chair of the 21st Century Privacy Coalition, a trade group of broadband providers.]

Personality quizzes have some sort of perennial appeal. Facebook newsfeeds are filled with BuzzFeed quizzes and other oddball questionnaires that tell you which city you should actually live in, which ousted Arab Spring ruler you are, and which Hogwarts house you belong in. But these new online quizzes have a dark edge that their analog predecessors didn’t.

In the wake of the US election, a secretive data firm hired by Donald Trump’s campaign boasted that it has been using quizzes for years to gather personal information about millions of voters. Its goal: the creation of digital profiles that can predict—and possibly exploit—Americans’ values, anxieties, and political leanings. Whether this firm, Cambridge Analytica, has actually used predictive profiles to influence people isn’t certain; reports suggest it hasn’t, at least not directly. But the company’s methods nonetheless expose the growing scale of personality analysis online—and the dangers that come with it. On the internet, anything you do is like taking a personality quiz: Everywhere you click reveals something about you. And you’re not the only one who sees the results.

A communication breakdown and a vacationing employee were the reasons it took more than a week to close a leak that contained data belonging to 6 million Verizon customers, according to Chris Vickery, the cybersecurity researcher who discovered the breach. Verizon said recently that an employee at one of its vendors, NICE Systems, had accidentally made the data available to anyone who had the public link to the cloud.

[Commentary] Americans’ information independence is under attack, whether it’s the repeal of network neutrality or the repeal of broadband privacy protections. The Federal Communications Commission needs to listen and serve the American people, not special interests. I am committed to protecting both your privacy and the internet as we know it. A free and open internet is essential to our democracy, economy and modern way of life.