In what has come to be a bit of a tradition, Senator Lieberman has
introduced a resolution in the Senate to put non-confidential Congressional Research Service (CRS) reports online. A good bi-partisan group including Senators McCain (R-AZ), Leahy (D-VT), Feingold (D-WI), Harkin (D-IA), Collins (R-ME), and Lugar (R-IN) have co-sponsored the resolution, and we commend each of them; in particular, Senators McCain and Leahy have long histories of trying to free CRS reports. Since this is a Senate resolution, it would only have to be approved by the Senate Rules Committee and the Senate at large- and once passed, the public would have access to CRS reports through Senators’ Websites.

CRS, housed in the Library of Congress, uses taxpayer dollars to produce reports on public policy issues ranging from foreign affairs to agriculture to health care. CRS reports represent some of the best policy research conducted by the federal government. All of the reports are posted online, but access is available only to Congressional offices through an intranet system. Citizens can ask for copies of the reports through their Member of Congress, only if they already know that the report exists. Moreover, the general public cannot search through past reports, and a comprehensive index of the reports is not available online, so citizens basically have to guess when they ask for relevant reports.
(more…)

Developing a set of rules that will reliably distinguish between activities that are legitimate and those that are true threats continues to vex domestic intelligence policy. In the past week, this fundamental issue cropped up in media discussion of a leaked DHS intelligence report and also during a Senate hearing on information sharing. In thinking about the problem, and recognizing that the following certainly is nowhere near a complete solution, I suggest three potential improvements:

1) intelligence reports and threat assessments that deal with ideological motivation should expressly address the need to distinguish between ideas and illegality;

2) Congressional oversight committees should review samples of domestic intelligence reports from different stages of the information collection, analysis and sharing process, and;

3) frontline law enforcement civil liberties training material should be made openly available.

Last week, Department of Homeland Security (DHS) Secretary Napolitano issued a response to the public outcry over the intelligence report that leaked earlier this month. DHS’ “Rightwing Extremism� threat assessment had identified opposition to controversial government policies such as immigration and the election of President Barack Obama as factors that may stimulate terrorism.

(To read more about the DHS intelligence report and other reports like it, please see my earlier post.)
(more…)

Americans are accustomed to flat-rate, all-you-can eat pricing plans for Internet service. The appeal is obvious; nobody wants to feel that the meter is running with each moment spent online, or that he or she has directly wasted money each time a Web site or YouTube video turns out to be sillier or more pointless than expected.  Earlier this month, popular backlash forced Time Warner Cable to abandon its test of pricing plans that would have given customers monthly usage volume allotments and imposed surcharges for exceeding them.  Opponents of the usage fees organized online, Congressman Eric Massa promised legislation to ban such usage fees, Senator Charles Schumer got involved, and this week Free Press wrote a letter to the House Commerce Committee urging congressional scrutiny.  Clearly, usage caps are controversial.

But it would be a big mistake to jump to the conclusion that usage-based pricing for Internet service is automatically harmful and should not be allowed.  It all depends on where the volume thresholds are set and what the price is.  Certainly usage caps that are set artificially low could be a tactic to protect a cable company’s core video offerings from competition from online video.  And yes, surcharges could be designed to impose overall rate hikes; a New York Times article on the subject this week was headlined “As Costs Fall, Companies Push to Raise Internet Prices,” and arsTechnica noted that Time Warner Cable’s offering of 100 GB per month was a “textbook overreach” given that Comcast offers 250 GB per month for $42.95. 
(more…)

It’s troubling that the Internet and the wonderfully innovative service known as Craigslist have been cast as major players in the recent tragedy of a young woman’s death. Just because the alleged killer found his victim by trolling the adult ads section of Craigslist, the media has hung the nickname “the Craigslist Killer” on him. The clever alliteration aside, the brutal truth is that neither the Internet nor Craigslist have anything substantive to do with this case.

As CDT President Leslie Harris’ Huffington Post column, titled “Because ‘Classified Ad Killer’ Doesn’t Have the Same Ring,’” points out today:

The danger of this alarmist, tabloid response to all-things-Internet, is not only that it needlessly frightens people away from using safe, effective Internet tools, but that it undermines the tremendous social and economic value that innovative Internet communities like Craigslist, MySpace and Facebook have created for users around the world.

One day soon, we can only hope, we’ll stop treating the Internet like it’s anything other than the incredibly open, innovative and collaborative productivity tool that it really is.

It’s significant that of all the major desktop advertising players (the others being Claria, WhenU and DirectRevenue), Zango was the last one standing.

With those words, Ken Smith the CEO of adware company Zango/180solutions signaled the end of an industry that consumers never wanted and the end of a company that CDT found to be engaging in unfair and deceptive practices, a claim substantiated by the company’s record $3 million settlement with the FTC 10 months later.

At the CDT Gala last month, FTC Chairman Leibowitz foreshadowed this development suggesting that this “iniquitous business model has been mostly eradicated.”
(more…)

UPDATE: At the RSA conference in San Francisco today, NSA Director Keith Alexander disavowed any interest by his agency in directing cybersecurity efforts outside of national security systems. Whether Alexander was engaging in damage control or whether his remarks truly represent a shift in Administration policy remains to be seen. Alexander also spoke of the need for a team approach to cybersecurity, leaving open the question of exactly what position NSA will play on the team. Let’s hope the pendulum is swinging back towards the center

While we are eagerly awaiting the results of the Obama Administration’s review of cybersecurity policy, the latest Wall Street Journal story on a computer hack of systems containing national security information highlights several points on which to judge the direction being taken by the Administration.

Tomorrow (Wednesday, April 22), Melissa Hathaway will speak at the RSA Conference in San Francisco and is likely to give some indication of the conclusions and findings of her 60 day review of U.S. cybersecurity policy. Her report to the President, completed last week, probably focuses more on organizing the White House and the Executive Branch for cybersecurity than on substantive questions of mandates, standards, and incentives, but even the allocation of responsibilities within the federal government has major implications.
(more…)

There has been considerable discussion lately about whether the new privacy provisions in the economic stimulus legislation (the American Recovery and Reinvestment Act or ARRA) extend the coverage of the HIPAA privacy and security regulations to commercial vendors of personal health records (PHRs) any time they contract with a HIPAA covered entity. In a blog post today we argue that PHR vendors should be covered under HIPAA only under certain circumstances, such as when they are performing a function or activity on behalf of a hospital or physician. PHRs should be governed by a comprehensive framework of privacy and security protections, but HIPAA – which was designed to regulate the flow of information among entities in the traditional health care system – would provide inadequate privacy protection for records kept by or for individuals.

The blog post explains why the HIPAA privacy regulations, at least as they are currently structured, are inappropriate for protecting PHRs in most circumstances. The post also looks at other factors that should be taken into consideration in deciding when vendors of PHRs could (and perhaps should) be covered by HIPAA.

The post is part of a three-party series co-authored by Vince Kuraitis, J.D., M.B.A., Principal and Founder of Better Health Technologies LLC and David C. Kibbe, M.D., M.B.A., Principal, The Kibbe Group LLC.

Now that U.S. telecom companies seem poised to gain access to Cuba, the big question is whether those companies can help to change the island nation’s repressive Internet censorship regime.

President Obama’s plan to allow U.S. telecoms to do business in Cuba is the right thing to do. Gaining access to the Internet and new communications technologies is a huge benefit for people living in restrictive regimes like Cuba and hold the promise of advancing freedom for millions of Cubans.

But overlooked in the understandably favorable news coverage of the White House plan has been Cuba’s troubling history of monitoring and censoring its citizens’ previously limited electronic communications.
(more…)

A Department of Homeland Security (DHS) intelligence assessment was published to the Internet this week, warning that opposition to federal government policies could foment a resurgence of “rightwing extremism.� The DHS report is the latest indication that many law enforcement agencies regard advocacy groups as intelligence targets and lawful political dissent as a potential sign of terrorism.

In addition to the recession and the election of Barack Obama, the DHS report identified opposition to illegal immigration, expanded social programs, abortion and gun control as factors galvanizing radicalization. No specific groups are listed; instead, the DHS report broadly characterizes these potential terrorists as either “primarily hate-oriented� or “mainly anti-government.� Some conservatives and libertarians take the report as an indictment of their values. However, this is not a left-versus-right issue, and those blogs framing it that way are missing the point. Rather, the real problem is figuring out how lawful dissent squares with efforts to fight terrorism and the persistent inability of domestic intelligence agencies to adequately draw the distinction.
(more…)

It’s been awhile since we last blogged about Phorm, the UK company proposing to partner with ISPs to create behavioral profiles of their subscribers for use in targeted advertising. Over the past several months, the European Commission and the UK government have been enagaged in a policy ping-pong of sorts, with the EU continuing to press the UK on the government’s conclusion that the Phorm system passes muster with EU privacy law, and the UK continuing to express its approval of the company’s practices.

The Commission opened a new chapter today by opening a formal legal proceeding against the UK government. PC World has the details:

The European Commission began legal action against the U.K. Tuesday over its failure to protect Internet users from Phorm — a covert behavioral advertising technology tested by the U.K.’s biggest fixed line operator, BT, in 2006 and 2007.

The move signals growing concern in Brussels over the way new Internet-based technologies are using people’s personal data. In addition to taking legal action against the U.K., the Commission also issued a general warning to all 27 E.U. countries to uphold privacy laws, especially regarding social-networking Web sites and users of RFID (radio frequency identification) technologies.

The Commission, the executive body of the European Union responsible for upholding laws, said the U.K. had failed to enforce E.U. data protection and privacy rules, because broadband Internet subscribers were not informed that their browsing was being tracked.

“We have been following the Phorm case for some time and have concluded that there are problems in the way the U.K. has implemented parts of E.U. rules on the confidentiality of communications,” said Viviane Reding, the E.U.’s telecom commissioner.

She called on the U.K. to change its national laws and ensure that its national privacy authority is given greater powers to tackle privacy threats from emerging technologies. “This should allow the U.K. to respond more vigorously to new challenges to eprivacy and personal data protection such as those that have arisen in the Phorm case. It should also help reassure U.K. consumers about their privacy and data protection while surfing the Internet,” Reding said.