[Ed. Note: this is the third in a series of blog posts addressing a range of technology and civil liberties issues we believe America's next President and Congress will have the chance to take a fresh look at, and the opportunity to set a policy course for the Internet that will keep it open, innovative and free.]

Americans are increasingly living their lives online and taking advantage of all the benefits that the Internet has to offer. Consumers do things online today that were unthinkable even a handful of years ago: shopping for houses, maintaining personal medical records, or searching for friends sitting at nearby coffee shops. But they remain justifiably apprehensive about the privacy and security of the information they share with companies and divulge online.

It has become more and more difficult for consumers to keep track of when, where, how, and to whom their information is disclosed. That difficulty is exacerbated by the trend towards greater distribution and data-sharing (part of the “Web 2.0� revolution). Meanwhile, high-tech scammers are seizing on these trends, capitalizing on consumers’ access to more content from more sources on an increasing array of devices, to find new opportunities to commit fraud. Left unchecked, these developments may leave consumers open to privacy invasion while undermining the trust necessary for commerce to thrive online.
(more…)

A new National Research Council report cautions that government data mining programs cannot effectively identify patterns of terrorist activity. Pattern-based or predictive data mining was singled out as likely to generate huge numbers of useless leads. Because of this, the authors warned, pattern-based data mining should not be used to deny a person rights and liberties. This mirrors past conclusions that CDT and others have drawn about data mining efficacy.

The Committee that drafted the October 7th report, entitled “Protecting Individual Privacy in the Struggle Against Terrorists,� recommended that all U.S. data mining programs be re-evaluated according to criteria set forth in the 376-page document. The authors – which included former Secretary of Defense William Perry – made the case that even well-managed data mining efforts are of only limited usefulness and can infringe on Americans’ privacy.

The Committee recommended that new data mining programs that use sensitive personal information, or personally identifiable information obtained from a third party such as a data broker, should require authorization from a court or other entity designated by Congress. This recommendation is particularly striking because this would be a new role for courts, and because the Department of Homeland Security, which runs a number of such data mining programs, co-sponsored the effort to write the report.
(more…)

While the public’s attention was focused on the drama unfolding around the economic bailout, it was actually a busy time for other bills to get pushed – sometimes under the cover of the bailout darkness. Just before recess, Congress considered parts of four “child safety� bills, acted on three, and sent two to the White House. While not all the provisions in these bills raise red flags, some language gives free expression advocates plenty to worry about.

One bill that is awaiting a Presidential signature confronts child pornography head on in a constructive way is S. 1738, the “PROTECT Our Children Act of 2008. Among the important and positive steps taken in this new law are (a) a dramatic increase in funding for fighting child pornography, (b) a mandate to the Department of Justice that it develop a real strategy to fight such material, and (c) the provision of new forensic and other resources to help state law enforcement protect kids. These provisions should – if the bailout leaves any money to actually spend on law enforcement – really help in the fight against child pornography.

Congress should have stopped there; it didn’t. Some in Congress insisted that the core parts of S. 519 – the “SAFE Actâ€? – be added to S. 1738 before passage. Among the most problematic provisions in S.519 – which was never publicly debated by any committee–is the outsourcing of significant law enforcement investigative functions to the National Center for Missing & Exploited Children (NCMEC), which as a non-governmental entity operates outside of the core constitutional and legal protections that govern (or should govern) our criminal justice system (such as the 4th Amendment, the Privacy Act, the Freedom of Information Act, etc.). Although NCMEC makes valuable contributions in the child safety arena, the growing trend in Congress to outsource law enforcement functions to a nominally private group—without any serious oversight or procedural protections— takes us down a dangerous path.
(more…)

[Ed. Note: this is the second in a series of blog posts addressing a range of technology and civil liberties issues we believe America's next President and Congress will have the chance to take a fresh look at, and the opportunity to set a policy course for the Internet that will keep it open, innovative and free.]

It will be critical for the next President to do his part to uphold the Internet’s robust culture of free speech and innovation as we march further into the 21st Century. In stark contrast to the mass media of the last century, the Internet has provided, at very low cost, virtually unlimited forums for both creators and consumers of new content and technologies. This in turn has created a huge boost for participatory democracy and our economy. The next Administration must reject Congressional or agency efforts to censor content or stifle the fire of innovation on the Internet and other communications media.

All Digital Media Deserve Maximum First Amendment Protection

The Internet’s rise to national and international prominence was no accident. Two essential legal pillars have enabled the Internet to become the indispensible communications tool it is today: 1) The First Amendment as interpreted by the U.S. Supreme Court in Reno v. ACLU, and 2) Section 230 of the Telecommunications Act of 1996. These two bodies of law prohibit government interference with online speech, and equally importantly promote and protect the private creation of online venues for speech. They have together provided the policy foundation that has enabled creativity to flourish online, which in turn is fueling the transformation of politics, commerce, journalism, education, healthcare and entertainment.
(more…)

The San Francisco Chronicle recently reported on the rapid development of facial recognition technology. While the increased availability of these robust features is something to celebrate, the privacy implications loom especially large. Combined with online photo storage services and a lack of meaningful limits on government or corporate access to data, facial recognition technology raises serious privacy concerns.

Last month, Google incorporated facial recognition technology in its online photo sharing service, Picasa. The new feature spares us the tedium of hand-tagging personal photos one by one. By analyzing the facial features of the people in your photos, Picasa identifies all the people in your photos for you. No one can deny the positive social benefits of these kinds of services— dozens of digital images filling our pictures folders are begging to be organized and shared. However, policymakers need to address the power of facial recognition technology in the hands of government or corporate snoopers.

What’s to stop a zealous prosecutor from searching the state’s digital database of driver’s license photos for people under 21 whose online Flickr photos show them engaged in underage drinking? What’s to stop an employer from doing the same with a photo taken by a video camera in the lobby of the building where you went for your job interview?

Legally, not much. To its credit, Google has built some important privacy features into Picasa; for example, users can only tag photos in their own account. However, there already are millions of photos available on the public web, through services like Flickr and social networking sites that are public or quasi-public. So far, the law has no rules on who can use those photos and for what purpose. Even if photos are in password protected accounts, government investigators may be a simple subpoena away from forcing the service provider to disclose the photos. In the absence of clear laws, companies offering photo storage services may comply with such subpoenas – or even a mere request from a government official claiming an urgent need.

The courts and legislators need to catch up, starting with a rule that digital photos stored online in a private account should have the same protection as photos stored at home in your closet. Taking advantage of new storage services shouldn’t come at the price of privacy.

The legal implications of personal photos published on publicly-available sites may be harder to deal with. Unfortunately for now we need to think twice about what we post publicly. You can no longer take comfort in the belief that only your friends will recognize you.

The European Commission earlier this week released a paper identifying the following as the key challenges for the next stage of the Internet:

(1) continuing to update broadband infrastructure to improve accessibility and speeds;
(2) keeping the Internet open to new business models and innovation; and
(3) addressing privacy and security concerns.

This is a sound list. From CDT’s perspective, the emphasis on Internet openness is particularly welcome. The paper rightly notes the risk that “traffic management” could be used for anti-competitive purposes. The paper also observes that open standards are crucial. These are essential points in considering the debate over “Internet neutrality.” Innovation has thrived on the Internet precisely because anyone can design applications based on the medium’s common and open protocols. Any application that is built to those standard protocols will work across the whole Internet. An innovator need not seek cooperation or approval from network operators or anyone else; in short, there are no “gatekeepers.” But if individual network operators start departing from open standards and handling traffic differently based on its content, this openness could be significantly undermined. So it is good to see the European Commission acknowledge that this is a serious policy issue, rather than a “solution in search of a problem” (as neutrality opponents have often claimed).
(more…)

It seems that the controversy about legislators using Twitter, YouTube, and other third party Web services may have come to a close. Both branches of Congress have recently revised their rules for how legislators can use Web services, and whether they can maintain content on third-party Web services and embed it onto their official Web sites. This is an important step in clearing up the earlier confusion and ensuring that clear standards are set. This is also a clear victory for the Let Our Congress Tweet campaign, which encouraged the committees to open the rules up for legislators to use third-party Web services.

Last week, the Senate Rules and Administration Committee changed its rules on how Senators can host content. Regulations now allow Senators to embed a video hosted by YouTube, link to a Flickr album, and make use of other third-party Web services as long as they abide by Franking rules: no product endorsement, no partisan material, and no personal (as opposed to official) material. Similarly, the Committee on House Administration has announced their new regulations, which will permit Members to use Web services in official capacities as well. The Representatives can post content to outside Web sites as long as the material is for “official purposes” and not personal or commercially related.

The now-defunct rules prohibiting the use of third-party services online was meant to preserve the non-commercial and non-partisan communications of Congress to constituents. There were already many members of Congress on Twitter, Youtube, Facebook, Flickr; all services allowing them to reach out to constituents where the constituents already are. While these members by and large defied the old regulations, legislators can now use services that don’t live at house.gov.

It’s a good thing that the government doesn’t jump headfirst into every trendy online service, but it’s also good that Congress is taking a look at how its members interact with the public in light of new tools and services on the Internet. Federal agencies have also been using Twitter, and there are many new media users (like me!) that are excited to see whether legislators will use these new tools to communicate with us more effectively.

Of course, I’m most familiar with Twitter, so thats the exciting part this announcement for me. In fact,CDT has just launched our Twitter account, to complement our discussion on the Presidential transition. But legislators now have a plethora of options for their media, be it video, audio, or microblogs- and maybe we’ll give the House servers a break, too. Welcome to the 21st century, Congress!

Congress couldn’t get its act together in time to pass a proper appropriations bill for the 2009 fiscal year. Instead, last weekend it passed a continuing resolution (CR) to fund the federal government – for homeland security purposes at least – until March.

Perhaps not surprisingly, there was an allocation of $100 million to fund REAL ID, the federal effort that puts us closer to a national ID card by standardizing driver’s licenses. CDT hopes Congress will repeal the exceedingly bad law, especially in light of the 21 states that have come out against REAL ID.

But what was surprising in the CR was the limitation placed on spending for REAL ID. The Act provides that individuals can only be licensed in one state at a time, thus states are required to share information with every other state to ensure that a driver’s license (or state ID card) applicant doesn’t already have a REAL ID card from somewhere else. Referencing this requirement, Section 547 of the CR states that [emphasis added]:

“[N]one of the funds provided in this section for development of the information sharing and verification system shall be available to create any new system of records from the data accessible by such information technology system, or to create any means of access by Federal agencies to such information technology system other than to fulfill responsibilities pursuant to the REAL ID Act of 2005.�

(more…)

Consumer Reports has released a new video, as part of their WebWatch project, with a song and good advice about phishing and Internet scams. I’m not sure that ‘if you suspect deceit, just hit delete!’ will ever catch on as a widespread slogan, but it’s certainly fun. What is phishing? Phishing is when scammers send out lots of email pretending to be from someone else- like your bank- hoping that you will give them your information. They’re ‘fishing’ for your personal information.

Phishing is still a looming threat to consumers. One person in a hundred lost money to phishing scams last year, resulting in more than 2 billion dollars in damage. While that’s not going to bail out anyone in the financial sector, it’s still a lot of money that’s being lost. The incidence of phishing is still rising as other threats online fall, according to Consumer Reports’ 2008 State of the Net. Often, a consumer can’t tell whether an email is legitimate or part of a scam. That’s one reason why education in this area can be a huge boon to consumers, protecting their privacy and shielding them from identity theft.

I’ll be forwarding this video on to people with questions about phishing, and why their new found friends in impoverished countries want to wire them large sums of money. Unfortunately, it’s pretty easy to create a convincing phishing email; it’s often hard to tell which emails are really from your bank and which are scams. Here are a couple simple tips that will pay off immediately: type in URLs for links instead of clicking them and never giving anyone your password. More tips can be found at the FTC OnGuard Online website and at the Anti-Phishing Working Group.

As the news focuses on negotiations over financial bailout legislation, congressional staff and Members who aren’t neck-deep in that issue are working behind the scenes to see if they can push other bills over the finish line before Congress leaves town to campaign. One bill that is now on its way to the President, after passing the Senate on Friday and the House on Sunday, is an intellectual property enforcement package called the “PRO IP Act” (S. 3325, sponsored by Sen. Patrick Leahy). The final bill represents an improvement over prior versions of I.P. enforcement legislation, but CDT still has some concerns about how certain provisions could play out in practice.

As passed, the bill contains measures aiming to beef up certain remedies for intellectual property violations, including by providing a harmonized approach to civil forfeiture of property connected to violations; to reform the federal government’s coordination structure for intellectual property enforcement; and to provide additional resources for intellectual property law enforcement efforts.

CDT believes that vigorous enforcement of existing copyright law (as well as other intellectual property law) is necessary and appropriate. And there is no question that computer technology and the Internet have created major new enforcement challenges.
(more…)