The Senate Commerce Committee yesterday concluded its marathon 3-day consideration of a broad package of telecommunications reform legislation with an animated debate on the question of Internet neutrality. The bill before the panel featured language to prevent broadband providers from outright blocking of content or applications, but the language does not appear to prevent discriminating among them in terms of speed or service quality. The debate focused on whether to add a nondiscrimination requirement. In the end, the vote deadlocked at 11-11, which meant the nondiscrimination amendment was not added to the bill (a majority vote is required to adopt an amendment).

The debate made several things clear. First, proponents of neutrality legislation are not likely to be satisfied with provisions that simply prevent content from being blocked. Second, neutrality proponents appear sufficiently concerned about this issue to create significant doubts about the bill’s overall prospects in the Senate. Third, the issue is growing increasingly partisan: all of the committee’s 10 Democrats voted to include nondiscrimination language, and 11 of the 12 Republicans (Senator Snowe of Maine was the only exception) voted against it.

CDT’s view, set forth in a recent paper, is that legislation should include some carefully crafted nondiscrimination requirements — but that they should be narrow in scope, leaving network operators free to experiment with a variety of arrangements on the non-Internet portions of their networks. Further serious dialogue between interested parties to this debate could help in developing appropriate language. Unfortunately, much of the public rhetoric around this issue has been misleading, and adding a politically partisan overlay is not likely to help prompt sober and substantive consideration, particularly in the midst of a highly charged election year.

The Anti-Spyware Coalition today released updates to its two public documents, the Risk Model Description and the Definitions documents. These updates reflect changes to the documents made by the group in the months since their initial release. The Coalition sought to clarify several points, add a number of new items and fix small cosmetic errors in the original documents.

The Anti-Spyware Coalition is a working group convened by the CDT in February of 2005. It is made up of a unique combination of anti-spyware vendors, consumer oriented public interest groups of many stripes and a few educational establishments. It was convened with the goal of developing new solutions to the problems of spyware and other potentially unwanted technologies.

Over the course of the past year, the ASC has released two sets of documents and conducted two Public Workshops. During both the workshops and the development of the documents, public input has been of the utmost importance to the Coalition. Each new document that is released goes through a public comment period, and the final document reflects the comments received in many ways. Similarly, the edited versions of those documents being released today are the result of comments that the ASC has received both at our Public Workshops and from our website.

Over the next few months to a year, keep an eye out for further developments from the Anti-Spyware Coalition. We’re working on a document laying out best practices for software developers, as we have intended to do since the convening of the group. In addition, we’re planning a number of panels at prominent security workshops, where we hope to deal with issues affecting corporate IT departments in their fight against spyware. Check back on our website regularly for up-to-date info.

The Internet Caucus yesterday hosted a round table discussion on Radio Frequency Identification technology (RFID). An RFID tag or transponder comprises a chip that contains a unique number that identifies an object (and perhaps other information) and is connected to an antenna. Each antenna enables the chip to communicate via radio waves to a reader, which captures the unique number or other data on the tag. That data can then be transmitted to computers that store information about the object to which the tags are attached.

Government and business see tremendous promise in the benefits that this technology may hold to streamline business processes, enhance security, deliver services, reduce error rates in health care facilities, and improve the safety of the drug supply.

That promise may prove true, but the discussion on Tuesday reflected the growing awareness on the part of business, government, and (not surprisingly) privacy advocates, that unless the privacy questions raised by the technology are addressed early, acceptance by the public will be hard to come by. Media accounts over the past year or so illustrate that when RFID is linked to personally identifiable information, this nearly invisible technology raises concerns about tracking the location of individuals and about collection of information about them without their knowledge. These issues are even more critical when RFID use is mandated by government, and individual choice about its use is limited, if it exists at all.

How to address those concerns and still reap the benefits of this emerging technology? CDT believes that fair information practices – among them providing notice about the use of RFID to collect information and about how that information is used, offering choice about information sharing and use, providing access, securing the information – are key to deploying RFID technology responsibly. While CDT believes that privacy legislation specifically targeted to RFID technology would unduly hinder the development of the technology, industry and government must step up to the plate to implement fair information practices as they deploy RFID. And government must be open and candid with the public about its plans for RFID use.

I had the privilege to lead a working group made up of some of the nations largest companies, public interest leaders, consumer advocates and RFID experts seeking to address the issues raised by RFID. In May, the working group suggested best practices for companies seeking to implement RFID in consumer applications.

Law enforcement agencies at the state and federal level have stepped up their anti-spyware efforts and are pursuing malicious software distributors using a broad range of laws, many of which predate the existence of spyware. That’s what we found in a report we published earlier today.

We’re hoping this report will encourage more states to get in on the act by bolstering their online consumer protection offerings, training investigators to sniff out illegal spyware operations and stepping up prosecutions against the worst distributors. Our own experience shows that it doesn’t require a huge investment of time or money to get involved in anti-spyware enforcement. Here at CDT, all it took was one Windows computer, an Internet connection and some diligent staff work to start identifying some of the worst sources of spyware on the Internet. Those investigations have already resulted in several complaints and have been instrumental in some key distributors being fined and ordered to stop their malicious activities.

CDT has maintained for years that enforcement has to be part of the fight against spyware. Better anti-spyware technology can protect users, and better privacy laws can limit the exposure of personal data, but only aggressive enforcement will send the message to miscreants that making a quick buck by churning out spyware carries serious consequences.

The Federal Trade Commission and Department of Justice have responded to that call at the federal level, and in the states, several attorneys general have made use of available laws to crack down on spyware distributors targeting their constituents. Here’s hoping that other agencies follow their lead and help to transform spyware distribution into a more costly and dangerous enterprise for the bad guys.

The media reported this week that AT&T is changing its privacy policy governing customer phone records. The new policy, which goes into effect next week, states that AT&T owns customers’ phone records data and will use that information “to protect its legitimate business interests, safeguard others, or respond to legal process.” The previous policy did not assert AT&T’s ownership of customer records, and it assured customers that AT&T would disclose data only in response to a subpoena, court order or other legal process as permitted and/or “required by law.” The new policy conspicuously omits the language that a response to legal process must be “required by law.”

This is bad news for consumers. First, AT&T’s claim of ownership of the information contained in customer records undermines the custodial obligation that the company has to safeguard customers’ calling and billing information. Even if this information is technically “owned” by AT&T (because it’s part of AT&T’s business records), AT&T ought to recognize customers’ continued interest in the privacy and security of such sensitive information. Second, AT&T is going to require customers to consent to the new policy as a condition of receiving service. The laws that prohibit phone companies from disclosing customer information to the government have exceptions for, among other things, customer consent. If AT&T were charged with improper disclosure of customer records to the government (sound familiar?), this change in policy would allow AT&T to claim that customers had consented to disclosure in order “to safeguard others” or to respond to “legal process.” Remember — the response to “legal process” no longer needs to be “required by law.” Would a written request from the Attorney General for access to the entire call database — absent the certification or showing of connection to terrorism required by law — suffice? Because of the tremendous consolidation in the telecommunications industry, customers have very few choices — if any, in some parts of the country — when it comes to land line telephone providers. Customers will have to choose in some instances between foregoing home phone service or foregoing strong privacy protections. (Note that this policy would only apply going forward, so AT&T could not use this as a defense to charges that it has illegally disclosed customer data to the NSA.)

One more thing: AT&T states in its new policy that it reserves the right to monitor and disclose the viewing habits of subscribers to its new video service. Cable and satellite companies are prohibited by law from doing so, but when Congress wrote the law in 1984, it did not cover telephone companies because it did not anticipate that telephone companies would provide video services.

CDT’s OpenCRS project received an interesting report this week. The Congressional Research Service (CRS) recently updated the report on … CRS itself. The report avoids all mention of the controversy over the fact that CRS’ public reports are made available on a Web site to Congressional staff, but this Web site is not made publicly available on the Internet. Therefore it also avoids any mention of OpenCRS.

However, it does provide a fascinating history of the organization, including this tidbit:

In 1914, Senator Robert LaFollette and Representative John M. Nelson, both of Wisconsin, promoted the inclusion in the legislative, executive, and judicial appropriations act of a provision directing the establishment of a special reference unit within the Library.

That’s right…. the famed Senator “Battlin’ Bob” was one of the originators of the concept that became CRS. Thanks to the anonymous donor who sent us this report!

You can join the cause and help us keep OpenCRS up-to-date by going to the site and seeing what reports we need and then requesting that they email it to you in electronic format.

Opponents of Internet neutrality legislation have some substantial arguments that need to be taken into account. But the full-page ad they are running in today’s Washington Post is a remarkable effort to obfuscate the real issues by demonizing Google and waving the banner of garage-based innovators. It gets the whole matter precisely backwards.

The ad shows a picture of the new facility Google is building in Oregon and says that Google’s massive server farms are intended to give it an edge on the competition. It goes on to ask, “what about the next Google? The guys in the garage with the next big idea for the Internet, but without billions of dollars in infrastructure?” According to the ad, “smart networks” will empower these guys in the garage to compete — if Google doesn’t succeed in convincing Congress to “declare smart networks illegal.”

In fact, concern for small innovators — the next Google, if you will — is precisely what led CDT to come out in favor of narrowly targeted neutrality legislation, in a paper released yesterday. The neutrality of the Internet has meant that anyone can start offering a service without having to ask permission of or cut a deal with the big network operators. The guys in the garage come up with their idea, buy Internet access with which to deliver their new service, and they’re up and running, with the instant ability to reach Internet users everywhere.

In short, innovators benefit from a neutral Internet. They don’t need a “smart” network, where “smart” means that the network operator treats traffic differently depending on the identity of the sender. On that kind of Internet, Google and other big players will be able to strike deals for favorable treatment, and it is the small innovators who will get left out.

Yes, Google is building server farms. Yes, it wants to be able to store and sift through huge quantities of data faster than any potential competitors. But that’s no threat to innovation. The real risk — and the real focus of the neutrality debate — is whether network operators should be allowed to abandon the neutral Internet for a model in which they act as gatekeepers.

It is not going to be easy to have a serious conversation about this crucial issue and the difficult policy questions it raises if parties are going to run ads that twist the debate beyond recognition.

Following a lengthy process that included discussions with industry and advocates on all sides of the issue, CDT today issued a major paper on the subject of Internet Neutrality. In it, we call on Congress to enact narrowly tailored legislation to preserve the essential neutrality and openness of the Internet. We believe firmly that if there is a telecom bill this year, Internet neutrality needs to be part of it.

Given the amount of energy and effort that went into crafting this document, I’ll simply suggest that you read it, rather than attempt to synopsize it here. Suffice to say, we feel our approach makes a crucial distinction between Internet neutrality and the more amorphous concept of “net neutrality,” and strikes a vital balance between preserving the essential neutral nature of the Internet, without unduly impinging on the ability of broadband companies to experiment with alternative business models on the non-Internet portion of their networks.

In the paper we also encourage all stakeholders in this process to engage in a serious dialogue about the future of the neutral Internet. We need buy-in from everyone involved in this issue to ensure that we get it right the first time.

You can also read our press release and a separate paper on the topic we commissioned from CDT board member Daniel Weitzner. The Associated Press also has a good story out on our announcement.

A group of high-profile companies today announced that they would support congressional efforts to craft robust general privacy legislation. We were extremely pleased with the statement, which sends the clearest signal yet that substantial segments of industry and privacy advocates agree on the need to enact privacy protections to meet the challenges of the digital age.

Timed to coincide with today’s House hearing on privacy, the members of the Consumer Privacy Legislative Forum (CPL) issued a statement that calls for a process to create a national privacy law that protects consumers while allowing companies to make legitimate use of information. Eastman Kodak, eBay, Eli Lilly, Google, Hewlitt and Associates, Hewlett Packard, Intel, Microsoft, Oracle, Procter & Gamble, Sun Microsystems and Symantec all signed onto the statement.

The statement is yet another reason to be optimistic about the upcoming congressional debate on consumer privacy. After half a decade of inactivity on the broad topic, Congress finally seems poised to seriously work towards creating meaningful protections for consumers.

Yesterday, John Morris wrote about proposed legislation that would force Web site operators to label all sexually explicit material or face 15-year jail terms. The bill, which makes no exemptions for artistic works, or even health information, poses a grave threat to speech online as it could frighten many Internet users into censoring themselves rather than face prosecution and imprisonment.

CDT has been at the forefront of efforts to stop government attempts at Internet censorship since we worked to defeat the Communications Decency Act in 1996, but the environment for free speech online has never been under attack on so many fronts. In addition to the labeling bill, there are a number of factors coming together to endanger free speech rights online:

1) The federal government is readying a vigorous defense of the Child Online Protection Act (COPA), the successor to the CDA. The government has served dozens of Internet companies with subpoenas as part of a misguided campaign to prove that voluntary Internet filtering tools in the hands of families doesn’t work (in legal terms that means, that voluntary measures are not the “least restrictive means” of protecting kids online) and that the censorship provisions in COPA should be enforced.

2) Despite several key defeats, state governments are moving to enact their own Internet censorship laws. CDT is fighting an effort in Utah that would force ISPs to block sexually explicit Internet content, despite the fact that such blocking would inevitably trap legitimate, non-sexual content as well.

3) Media convergence — in which content is delivered across multiple platforms on and offline — is making the lines between different media blur. Yesterday, the President signed a bill that imposes steep fines for broadcast indecency, a standard that has been rejected by the Reno Court in the Internet context. As TV content migrates to the Internet, these conflicting standards are on a collision course.

4) Support of free expression online has only a slim majority on the Supreme Court. Although our side won the CDA case 9-0, our victory in the COPA case was only 5-4. It is unclear how the two new members of the court will affect that balance.

All-in-all a sobering environment for all of us who enjoy the benefits of the open free speech environment on the Internet…