The Congressional Research Service is a $100 million a year think tank that researches and writes informative and non-partisan reports on topics suggested by members of Congress. The catch–and the reason you might not have read their work–is that CRS reports are only made easily available to members of Congress. Citizens can request these reports from lawmakers, but without a public index, they can’t request something they don’t know exists. The CRS Reports currently rank first on CDT’s Most Wanted Government Documents. In an ongoing effort liberate these documents, CDT runs Open CRS, an online repository of public CRS Reports. To spotlight these reports, I will be writing “CRS Report of the Week�? posts and feature a relevant report each week. These reports are informative in both that they serve as excellent primers to political issues and that they offer a degree of insight into what information is circulating around Congress.

Privacy Law and Online Advertising: Legal Analysis of Data Gathering By Online Advertising Such As Double Click and NebuAd
Report number: RL34693
Date: January 16, 2009
(more…)

Last week, the Senate Intelligence Committee reported a bill that would require the government to disclose information about the intrusion detection system for government computers that has been dubbed, “Einstein.�? Section 340 of the Intelligence Committee’s Intelligence Authorization Act for FY 2010 (S. 1494) would require the government to report to Congress about privacy impact of Einstein, the legal authority supporting it, and about any audits that have been conducted on its operations. The bill, and recent press accounts, prompt CDT to ask the Administration to reveal more about Einstein.

There’s no doubt that the government needs better cybersecurity immediately. Malicious code has been found in the computers that run the electric power grid, and terabytes of data about the Pentagon’s $300 billion F-35 Joint Strike Fighter jet were recently stolen by computer spies.

Einstein is designed to partially meet this need for civilian government computer networks. It operates to detect malicious code in communications with the government. The latest iteration – Einstein 3 – reportedly can scan the content of such communications and, using technology based on a National Security Agency system called “Tutelage,�? can intercept the malicious computer code before it even reaches the government system.

But the Einstein intrusion detection system raises a whole host of questions: what is the scope of the NSA’s role? What is done with the intrusion reports Einstein generates and shares with law enforcement and intelligence agencies? How are people notified that their communications with government officials, and their surfing of government websites, are being monitored for threatening code? CDT poses these and other questions about Einstein in a new report released today.

The Department of Homeland Security did a Privacy Impact Assessment on the first two versions of the Einstein intrusion detection systems, and they reveal a lot of information. But, critical pieces to the puzzle are still missing, and a new version of the system that ups the privacy stakes is being developed.

Secrecy can undermine the effectiveness of a cybersecurity program, particularly one that relies, as Einstein 3 does, on the cooperation of private sector communications service providers. It’s time for the Obama Administration to chart a new course by being more open about Einstein.

CDT and the ACLU have joined a “friend of the courtâ€? brief filed in the Supreme Court by the DKT Liberty Project in what is a very ugly case. As the adage goes, “bad cases make bad law,â€? and this is especially true in First Amendment cases involving unseemly (or worse) speech. There is a great risk that this case – U.S. v. Stevens — will yield some very bad law.

Stevens was convicted and sentenced to prison for distributing over the Internet videos depicting cruelty to animals. The videos including depictions, for example, of dog fights in Japan (where, as it happens, such activities are legal). Dog fights and other acts of cruelty to animals are (and should be) illegal in all fifty states, but this case raises the question of whether depictions of such dogfights should be wholly unprotected by the First Amendment.

Although the videos in the case were distributed online, there aren’t really Internet-specific issues in the case. CDT joined this brief not because of any Internet angle, but because of two broader, and extremely troublesome, arguments that the Obama Administration’s Department of Justice has made to the Supreme Court. CDT’s brief specifically focuses on the two arguments:
(more…)

CDT has released our analysis of the privacy implications of the settlement in the Google Book Search lawsuit, which includes a detailed set of privacy recommendations for Google to consider as the service is developed.

As David Sohn initially wrote in October, CDT believes the settlement has a lot to offer the reading public, namely dramatically expanding access to the millions of books Google has scanned and indexed. Such a shift, though, does not come without concerns, particularly with respect to traditional the library values of patron privacy and intellectual freedom. With the release of today’s report, CDT joins our colleagues at the EFF, the ACLU, and UC–Berkeley’s Samuelson Law, Technology, and Public Policy Clinic, in calling for strong privacy protections in the expanded service.

At CDT, we believe that since privacy was (understandably) not a central consideration of the parties to the settlement, it is incumbent upon Google, with court supervision, to ensure that privacy is adequately protected. Critically, we think this can be accomplished without disrupting or delaying the approval of the settlement itself. The report calls for Google to make as specific a commitment as it can at this early stage to protecting reader privacy, and for the judge overseeing the settlement to exercise his authority to ensure that Google’s commitments effectively guide policies and practices as the service is fully implemented. To Google’s credit, the Book Search team is clearly thinking about privacy, and addressed some of CDT’s concerns in a blog post late last week. This should be the beginning, though, and not the end of the privacy discussion, and we look forward to working with Google and the court to preserve reader privacy as the library moves online.

The Congressional Research Service is a $100 million a year think tank that researches and writes informative and non-partisan reports on topics suggested by members of Congress. The catch–and the reason you might not have read their work–is that CRS reports are only made easily available to members of Congress. Citizens can request these reports from lawmakers, but without a public index, they can’t request something they don’t know exists. The CRS Reports currently rank first on CDT’s Most Wanted Government Documents. In an ongoing effort liberate these documents, CDT runs Open CRS, an online repository of public CRS Reports. To spotlight these reports, I will be writing “CRS Report of the Week” posts and feature a relevant report each week. These reports are informative in both that they serve as excellent primers to political issues and that they offer a degree of insight into what information is circulating around Congress.

Access to Broadband Networks: The Net Neutrality Debate
R40616
June 1, 2009

July 21st has passed, which means just one thing: Reply Comments to the Federal Communications Commission (FCC) Broadband Plan are in! Anyone interested in digging in and reading the Reply Comments can do so by searching the FCC’s website using the parameters Proceeding 09-51 and Document Type RC (CDT’s Reply Comments can be found here). This CRS Report on the Net Neutrality Debate might come in handy before you dive in. It was written very recently, which makes it even more useful.
(more…)

Since Jim Harper at CATO continues to blatantly mischaracterize CDT’s position on the PASS ID bill. Let me state it as clearly as I have to him in email:

PASS ID would create a driver’s license system that has no greater impact on privacy than the system that existed before REAL ID and is better than what would exist if REAL ID isn’t amended; PASS ID also adds protections on the commercial use of the card.

Before REAL ID, the state driver’s license was being used as a default national ID card that had standards set national by the American Association of Motor Vehicle Administrators. The National Academy of Sciences made this point clear in their excellent report “Who Goes There,” writing: State-issued driver’s licenses are a de facto nationwide identity system.” CDT agrees with this analysis (thus we are not the only ones who believe this). AAMVA’s standards, under development by every state and jurisdiction, are no different than the minimum standards for issuance set forth in PASS ID. Therefore, any difference is completely semantic.

This does not mean that CDT supports a National ID as Harper once suggested. CDT is opposed to a National ID.
(more…)

The Congressional Research Service is a $100 million a year think tank that researches and writes informative and non-partisan reports on topics suggested by members of Congress. The catch–and the reason you might not have read their work–is that CRS reports are only made easily available to members of Congress. Citizens can request these reports from lawmakers, but without a public index, they can’t request something they don’t know exists. The CRS Reports currently rank first on CDT’s Most Wanted Government Documents. In an ongoing effort liberate these documents, CDT runs Open CRS, an online repository of public CRS Reports. To spotlight these reports, I will be writing “CRS Report of the Week” posts and feature a relevant report each week. These reports are informative in both that they serve as excellent primers to political issues and that they offer a degree of insight into what information is circulating around Congress.

The REAL ID Act of 2005: Legal, Regulatory, and Implementation Issues
RL34430
April 1, 2008

REAL ID is an issue that, if you have not been following from the beginning, can be daunting to understand. With the introduction of the PASS ID Act, the debate becomes even more confusing to a newcomer. This CRS Report provides an overview of REAL ID, covering its history, a few provisions, relevant constitutional questions, debates, and selected regulatory requirements. However, the Report does not highlight many of the implications on the privacy and security side, so take a look at CDT’s REAL ID Primer to get filled in on that. However, this Report’s analysis of the potential constitutional objections (pgs 6 – 14) to REAL ID are worth a look and the cases mentioned read like a greatest hits list of important Supreme Court cases. The section explaining selected regulatory requirements of REAL ID (pgs 20-28) is also informative.
(more…)

Check out the guest blog post written by CDT’s Leslie Harris and John Morris for IndexonCensorship.org discussing the recent Nokia boycott in Iran and telecommunications companies doing business with oppressive international regimes:

Some Nokia customers in Iran are attempting to organise a boycott of the wake of charges that the company assisted the government in tapping cell phones and interfering with text messages during the recent political protests.

While a boycott may encourage Nokia to rethink how it does business in difficult markets, switching cell phone providers is unlikely to provide Iranians with more protection against government snooping. Indeed, wiretapping capability is not unique to Nokia Siemens Network, the independent joint venture providing equipment and service in Iran. Those capabilities date back to a governmental mandate imposed by none other than the US Government itself. Fifteen years ago, the US Congress — at the request of the FBI — mandated that telephone networks, and the equipment manufacturers that build their equipment, MUST build flexible wiretapping capability into the equipment. That law, the “Communications Assistance for Law Enforcement Act� (CALEA), led to similar mandates around the world. A few years ago, the FBI came back and successfully demanded the CALEA wiretapping mandates be extended to some Internet services.

To read post in it’s entirety, click here.

You can also let Leslie know what you think about the post by sending her a message on her brand new Twitter feed by following @Leslie_Harris.

Thought this wrap up from our softball team’s victory over ACLU from yesterday would be a good change of pace for Friday. Enjoy!

In a striking, improbable, spectacular turn of events, the “Fleeting Expletives” defeated the ACLU’s “F’n A’s” on the Mall last night in moonlit game, long after the last fans had exited the stadium!

Things had been looking bleak for the Expletives! Lacking a field-of-play at game time and well into the evening, it was looking like a night of libations and chips, but no softball! Probes sent to the far ends of the Mall had turned up no place to play! Key players had departed for the showers, including Brock “The Franchise” Meeks and Austin “Pulled Something” Randazzo, heads hung low, muttering … fleeting expletives.

Suddenly, a nearby game ended. A field had opened up! And the Fleeting Expletives and ACLU rallied their remaining troops to PLAY BALL!

ACLU scored three runs in their first ups, and eight more in their next, but were held back by incredible fielding from the Fleeting Expletives, including a tag out at Second base base by Jennifer “Run ‘em down” Chen, a tag out at Third by Reuben “Body Imager” Rodriguez and force outs at First base, manned by Harley “Stretch” Geiger.

The ACLU put its most wily pitcher on the mound, but the F.E.s’ bats were sizzling! The pitches rolled in, bounced in, scraped the sky and threatened distant monuments. But, nothing could stop the Expletives from their appointment with Fame!

The cool calm of B.J. “Mr. Determination” Ard rattled the pitcher into serving up an occasional hittable ball. Towering slugs by Matt “The Deputy” Allee and a three-run homer by Aziz “The Puma” Ahmad had the F’n’s cowering in fear. That, and a strategic, measured swing by Cynthia “Bunter” Wong, and sly, aggressive base running by Liz “Sneaky Pete” Banaszak and Tsoghig “The Armenian Beserker” Hekimian sealed the fate of the hapless ACLU!

Final score, 12-11!!! With the game ended “early” on account of darkness, the F’n A’s demanded a rematch with their nemesis, the Fleeting Expletives. Stay tuned for Second Game of this series!

The jury is very much still out on how the Obama Administration will approach intellectual property issues in the online environment. That’s not a complaint — I understand it has a few other things on its plate, like, say, health care reform, Afghanistan, the economy, and so forth. But CDT and some allies sent two letters this week aimed at getting things off on the right track.

The first concerns ACTA, the Anti-Counterfeiting Trade Agreement. It urges USTR to recognize that the Internet and information technology portion of the treaty — rumored to be weighing such hot-button topics as ISPs’ responsibility for controlling or supervising their users’ activities — is simply too controversial and affects the interests of too many parties that haven’t been privy to the talks. It just isn’t suitable for prompt resolution, and its inclusion in an agreement that may move quickly would only risk ill-conceived provisions that would harm technology companies and users. The letter also asks for USTR to stop treating the specifics of the negotiations as state secrets (it’s hard for CDT or anyone else to provide meaningful feedback when we’re not allowed to know what proposals are even on the table) and to include Internet companies and public interest groups in the trade advisory committee system.

The second letter, going out today, concerns the proper relationship between intellectual property and cybersecurity. It’s actually a simple relationship: while one can conjure up a few narrow scenarios with some overlap, the two are fundamentally separate issues. That might seem like a straightforward proposition, but the report of the Administration’s cybersecurity review team contained just enough references to “intellectual property” to raise the potential specter of the eventual White House cybersecurity advisor wading into i.p. issues under the guise of cybersecurity. Our letter warns against that: there’s going to be both an I.P. enforcement coordinator and a cybersecurity advisor in the White House, and there is no reason to start confusing or conflating their respective roles.