Over the last few weeks, numerous state Attorneys General (and the Cook County Sheriff) have been tossing around threats against Craigslist, the online classified ad forum. The AGs were claiming that Craigslist is responsible for “erotic services� ads placed by Craigslist users. The AGs were demanding that Craigslist shut down parts of its service and/or censor postings made by its users. At least one AG – in South Carolina – said that he will bring criminal charges against Craigslist if it fails to eliminate any content to which that AG objects.

These threatened charges both violate the U.S. Constitution and directly conflict with federal law. Federal law is crystal clear that Craigslist has no liability under state law for content posted by users. If a prostitute advertises illegal services on Craigslist and then commits a crime, the prostitute may be guilty, but Craigslist is not. In 1996, Congress passed a law – known as “Section 230� – for the very reason that it wanted to leave sites like Craigslist free to adopt remedial measures against unsavory content – as Craigslist has done – without fear of becoming liable as the publisher of the content posted by users.
(more…)

In the last six months, two of the most popular social networking platforms -Facebook and Twitter – announced policy changes, only to be forced to do an about-face less than 24 hours later due to an overwhelming backlash from users unhappy with the “behind closed doors” style of policy changes.

In February, Facebook attempted to change its terms of service overnight without broadly notifying users.  A blog post on The Consumerist drew attention to the changes and urged account users to express their disappointment in the lack of disclosure and transparency demonstrated by the social network in crafting and ultimately implementing these major privacy changes.  User frustration spread in the form of Twitter hashtags like #TOS, blog posts, and, ironically, Facebook groups where users voiced their opinion and held the company accountable.  Within 72 hours of this backlash, Facebook had made a statement saying they would revert to the old terms of service and announced they would solicit public comments and third party opinions in crafting a new Terms of Service.  They even allowed users to vote on which set of policies would be enacted; those crafted by Facebook alone or those that included third-party opinion.

Twitter dealt with a similar situation yesterday when a “tweak” to its @replyname policy was made which many advanced users argued drastically limited their ability to network and meet new people with shared interests.  Immediately, users began a barrage of “tweets” voicing objections by using the hashtag #fixreplies until Twitter management reversed itself and announced it would look into developing a better solution to the problem, and that while technical issues prevent the Twitter platform from going back to the old system of @replyname, they could restore some of the old functionalities that users had requested.
(more…)

CDT released a report yesterday examining how federal government agencies can acquire important usage data from users of their websites while still respecting privacy rights.  In conjunction with the release of that report, CDT hosted a panel of privacy policy experts in a moderated discussion of the report’s findings.  The panel fielded questions from in-person attendees as well as those following the event via our live Twitter feed and UStream.tv channel.

One of the stated goals in the report was “to stimulate public comment and debate” on these issues and solicit feedback on the recommendations from both the public and private sector.  What better way to stimulate discussion in a Web 2.0 world than through live Twitter feeds and Web streams, where users can submit questions and comments.  The Twitter feed discussion (under the hashtag #govmeas) and live Web stream allowed us to engage new audiences and solicit feedback in the discussion about privacy rights in a Gov 2.0 world.  If you were unable to view the discussion live, the feed can be read in its entirety by searching the hashtag on Twitter.

Here’s a sample of the comments and questions posed to the panel via Twitter :

“Learning alot about gov. & privacy via chat #govmeas Thanks to @CenDemTech.” -@tracysherman
“Would web measurement be the same for all agencies? would DHS and EPA would track the same way? #govmeas.” -@DCBadger
“Explain the importance of analytics, and why a greater emphasis on it over changes to the overall system #p2 #govmeas #gov20.” -@timryan
“Would be interested if privacy issues in #gov20 collaboration are discussed-Both Govt. worker privacy and authenticated citizens.” -@noeldickover
“So will OMB policy shift? from no persistent cookys 2 persist. cookys w/user acceptance?” -@joyrenee

Even the panelists and moderators got involved:

“Moderating at @CenDemTech, @EFF, at 3 PM. Submit questions, follow #govmeas, watch it live http://bit.ly/v5sKz” -@GregElin
“‘Analytics allow user experience to be optimized by analyzes how site is used’- A.Cooper #govmeas.” -@emd5005

If this feedback is any indication, it is clear that the report will continue to raise discussion and awareness concerning Web measurement and privacy rights as more of these technologies are implemented in the new open government space.

The Cybersecurity Act of 2009, S. 773, introduced by Senators Rockefeller (D-WV) and Snowe (R-ME), has kicked off what promises to be an intense debate over the federal government’s cybersecurity policy.  There’s broad consensus about the goal – better security for both governmental and private sector critical infrastructure information systems – but not much agreement about how to achieve it.

The Rockefeller/Snowe bill includes some especially troubling provisions.  For starters, it would give the President the authority to limit or shut down Internet traffic to federal government and private critical infrastructure systems.  It would give the Secretary of Commerce the power to override any law, regulation, or policy – including privacy laws and laws protecting trade secrets – to obtain access to information held by private parties that might be relevant to cybersecurity threats and vulnerabilities.  Broadly read, the provision would authorize the Secretary of Commerce to override the Wiretap Act and the Electronic Communications Privacy Act to gain access to communications content. Finally, it includes provisions that would allow the government to dictate software design standards for the private sector.

CDT has prepared a detailed analysis of the Rockefeller-Snowe bill here.

Fortunately, the Rockefeller/Snowe bill isn’t the only game in town.

Senator Carper’s (D-DE) U.S. Information and Communications Enhancement (ICE) Act (S. 921) takes an entirely different, and much more appropriate, approach.  It focuses primarily on strengthening the security of governmental information systems by amending the Federal Information Security Management Act.  In contrast, many provisions of the Rockefeller-Snowe bill would apply the same measures and authorities without distinction to both private and public systems.

(more…)

The health IT movement is fast and furious.  Paper-based health records are quickly moving online where health information can be collected, stored, and shared electronically.
Policymakers are aware of the movement – the federal government just committed $19 billion in the economic recovery legislation for health IT efforts.   Providers for the most part are also in the know – they’ve either already embraced the technology, or will likely do so in the near future.  But how clued in are consumers about health IT?  Do they know what an electronic health record (EHR) is, or how their health information is used or disclosed?  Likewise, do consumers understand health privacy laws and their protections under the law in the event their health information is misused?  These are important questions to consider as we move forward; educating and engaging consumers about health IT and privacy is integral to building trust and, ultimately, the success of health IT.

(more…)

Congress committed billions to health IT as part of the American Recovery and Reinvestment Act of 2009 (ARRA), and the U.S. Department of Health and Human Services (HHS) has officially entered rulemaking season on the health IT provisions.   Just two weeks ago, the agency posted guidance listing the technologies and methodologies that qualify as making protected health information “unusable, unreadable, or indecipherable to unauthorized individuals,” which is a critical component of the new breach notification provisions.

However, the talk lately has focused on defining the term “meaningful use.â€? What’s the significance of “meaningful useâ€??  Well, it triggers $17 billion in Medicare and Medicaid incentives for the adoption of electronic health record (EHR) systems by eligible professionals (clinicians) and hospitals to improve the quality of health care and patient outcomes.  While “meaningful useâ€? is currently defined by ARRA in a loose manner (full text of the bill is available here, with criteria listed under Subtitle-A Medicare Incentives), it’s the core criteria (along with the other loosely defined term “certified EHRâ€?) for determining whether or not clinicians and hospitals can collect these incentive payments.  These payouts don’t begin until 2011, but with so many dollars at stake, it’s clear that these words need to be, well, more meaningfully, defined.

(more…)

As expected, the Obama Administration has been encouraging federal agencies to adopt Web 2.0 strategies in an effort to create an environment that fosters a more transparent and participatory government.

With this new level of open government comes heightened awareness of ramifications that a true “Government 2.0″ could have on personal privacy. For example, a recent blog post by Saul Hansell in the New York Times Bits Blog draws attention to the concern some groups have expressed with the new reality of being able to “friendâ€? the Department of Homeland Security on Facebook or other social networks.  Through this “friending” process, what kinds of personal data will DHS and other agencies have access to and how will this data be used, stored and analyzed?

CDT and the Electronic Frontier Foundation (EFF) will release a joint report on federal agency web sites’ use of analytics tools. Additionally, CDT will host a moderated discussion on the use of analytics tools on government Web sites. The discussion will focus on the analysis of existing policy and recommendations made in the report, in addition to other trends in open government, such as the increased use of social networks.

Panel members will include representatives from privacy and civil liberties groups.

The event will be covered live via our Twitter feed (@CenDemTech); questions from Twitter users following the event’s hashtag (#govmeas) will be incorporated into the panel discussions.

We also will be streaming the discussion LIVE via UStream.tv channel: http://blog.cdt.org/2009/05/07/cdt-to-host-discussion-on-web-measurement-on-government-web-sites/

Full text of the report is available here.

To RSVP, email Brock Meeks (brock@cdt.org).

What: Panel Discussion: Privacy and Analytics on Government Web Sites
Where: CDT – 1634 Eye St., NW, Washington DC – 11th floor
When: May 12, 3:00 to 5:00 p.m.

In another exciting development for congressional transparency and openness, the Senate Rules Committee has decided to publish Senate roll call votes in a public XML feed. This XML data from the Senate will allow the public, the press, and advocates to find and analyze roll call votes [http://www.politico.com/news/stories/0509/21985.html]. Public access to Senate voting records- in their complete form- is an important tool to help citizens track their representation in Washington, D.C.

Making votes available to the public through XML feeds may not sound very exciting. After all, the Senate already releases voting information, but not in a format that allows users to search for their lawmaker or filter votes by member. Voting data is also available from third parties compiling the data, but often have incomplete or inaccurate information.

XML is a structured data format, allowing the data to be used in many ways. Indeed, the release of government information should always be in a standard format that is easily accessible and re-usable by the public; well structured XML certainly qualifies.
(more…)

This month’s issue of Washingtonian magazine makes the observation that: “[T]hough Washington has none of the strong engineering universities, such as MIT or Stanford, that have been instrumental in the development of a vibrant tech communities elsewhere,” the DC-metro area thrives with top notch tech talent in business and politics.

With the most tech savvy President in U.S. history now in the White House, this abundance of tech prowess becomes more than just an interesting factoid; it becomes a powerful force that will shape the technology policy landscape for years to come.
(more…)