A coalition of 20 civil liberties organizations, including the Center for Democracy & Technology, released a letter today endorsing H.R. 3845, the USA Patriot Amendments Act. The bill was introduced by the Chairman of the House Judiciary Committee, Rep. John Conyers (D-MI) and Subcommittee Chairs Rep. Jerrold Nadler (D-NY) and Rep. Bobby Scott (D-VA). The Senate version of the legislation, the PATRIOT Act Sunset Extension Act, S. 1692, has not drawn a similar level of support in the civil liberties community, largely because of the different ways the bills deal with National Security Letters. CDT has prepared a chart that compares the two bills.

An NSL is a simple form document issued by the FBI and other intelligence agencies that requires Internet Service Providers, banks and other financial institutions, and credit agencies to turn over records about their customers. There is no judicial authorization; the letters are issued when the agency seeking the records decides that they are relevant to its own investigation. The letters are usually accompanied by a “gag” order that, with limited exceptions, bars anyone from disclosing that information was sought or obtained with an NSL. Two Inspector General reports have found widespread abuse and misuse of NSLs.

The bill the groups endorsed would require that NSLs issue only when a government official has prepared a statement of specific and articulable facts showing reasonable grounds to believe that records sought with an NSL pertain to a spy, terrorist or other agent of a foreign power. It also retains the requirement in current law that information sought with an NSL also be relevant to an investigation. The Senate version, in contrast, retains the relevance standard, which permits the government to issue the letters to get records about everyone, including those who have no relationship whatsoever to a terrorist or a spy. Under the Senate bill, the issuing agency merely has to satisfy itself that specific facts indicate that the records sought are relevant to an investigation. The requirement in both bills of specific facts showing relevance is new, and marks a slight improvement in the NSL standard. But the real reform is in the House bill, because it requires that the records pertain to a terrorist or spy.
(more…)

Recently, CDT’s Adam Rosenberg authored a guest blog post for Wired.com’s GeekDad blog, a parenting blog for tech-savvy parents. The post is the first in what will be a series of “how-tos” on raising an Internet savvy child and discusses some of the issues parents confront when setting up a child’s first email address. CDT has been outspoken about the importance of child safety online and it’s clear that the tips for keeping children safe could apply to adults as well. The blog post is a timely, informative read and comes a few days after a great New York Times piece on guarding your kids online. Thanks to WIRED for the opportunity.

In the wake of the major decision by the FCC to open up serious and substantial discussion on rule making on Internet neutrality, CDT’s Leslie Harris wrote a guest column for ABC News where she answers the simple question: “Why should you care about Net Neutrality?”

The article offers informative discussion on the basics around the net neutrality debate and is a must-read. Check it out.

Last month, we blogged about how Humana (and maybe some other health plans) sent warnings through letters to its Medicare beneficiaries that they could lose their health care benefits and services due to health care reform legislation pending in Congress. In response, the Centers for Medicare and Medicaid Services (CMS) issued an order to all health plans serving Medicare beneficiaries to stop sending letters. Some reacted to this order by accusing CMS of attempting to censor “free speech.”

Free speech, however, is not the only issue implicated by Humana’s activity. Humana arguably violated the HIPAA Privacy Rule (the federal health privacy Rule that limits how health plans (and other covered entities) can use and disclose personal health data (including mere demographic information)) when it used beneficiaries’ names and addresses to send the letters. Yet, everyone continues to ignore the privacy issue!

Health care entities do not have unfettered use of individuals’ health data. Should health plans like Humana be able to use this data for whatever reason they find important? The answer is no — and the HIPAA Privacy Rule makes this clear. The Privacy Rule requires Humana and other health plans in general to be good stewards of personal data — the same data that individuals entrust to them to manage their health care. After they share their data, individuals expect the data will be protected, kept confidential, and only used for legitimate purposes — not misused as Humana (and potentially others) have in this case. Now Humana may try to legitimize its action by arguing that sending letters to beneficiaries is permitted under the Privacy Rule as a “health care operation” — a laundry list of business and administrative activities under the Rule for which personal data can be used without needing to get the consent of the individual. However, such an interpretation would only underscore the need to narrow this overly broad category — a recommendation CDT has made in the past.

Regrettably, The Office of Civil Rights (OCR) within the U.S. Dept. of Health and Human Services (HHS), which has the authority to enforce the HIPAA Privacy Rule, has yet to speak up on this issue. As far as we can tell, no further inquiry will be done on this issue. CDT continues to urge OCR (and HHS) to prioritize enforcement of HIPAA rules and make clear that ensuring protections for personal health data is a high priority.

We just got back from an open meeting at the Federal Communications Commission where the Chairman announced a new rulemaking on Internet neutrality. It is too early to know whether we were witnesses to a historic moment in the evolution of the Internet; only time will tell. But we were surely witnesses to the beginning of a serious and substantive drill-down on the issue that is long overdue. After close to a decade of uncertainty, we are finally at the beginning of a process that promises to preserve the core characteristics of the open Internet and give certainty to all of the Internet’s stakeholders.

We applaud FCC Chairman Genachowski for launching a thoughtful and substantive process that will encourage everyone with a stake in the outcome to get past the heated rhetoric, roll up their sleeves, and put facts and technical details on the table. Immediately striking for those of us in the room was the cooperative tone among the Commissioners, the collegiality, and the obvious amount of effort that the Chairman expended in reaching out to his fellow Commissioners. And contrary to the strident efforts by some on the Hill to derail the FCC proceeding before it started, it was striking that all five Commissioners – including the two Republicans – agreed that it was a valuable step to conduct a careful rulemaking that focuses on concrete issues and concerns of both neutrality advocates and network operators.

That doesn’t mean that all of the Commissioners now believe that neutrality rules are appropriate. But it may mean that a more productive tone will finally render a more productive proceeding.

It is not just the FCC that is encouraging dialing down the heat and turning up the light. Last night, Google and Verizon Wireless posted a joint blog post setting out where they found common ground on Internet Neutrality. It’s worth a read. They agree, for example, that “it makes sense for the Commission to establish that these existing principles are enforceable, and implement them on a case-by-case basis.” Although those two companies – as well as the five FCC Commissioners – will not agree on all of the details about neutrality, it is great to see this debate move to a more constructive level.
(more…)

CDT and TRUSTe recently hosted “Social Networking: The Challenges of Privacy and Openness,” a discussion in their continuing Internet Policy Series. A five-minute video recapping the highlights of the event can be found here.

Held on the Google Campus in Mountain View, CA, on Oct. 7, the discussion was moderated by Fred Vogelstein of Wired Magazine and included a potent lineup of speakers: Chris Conley, Technology and Civil Liberties Fellow at ACLU Northern California; David Glazer, Engineering Director at Google and Board member of OpenSocial Foundation; and Tim Sparapani, Director of Public Policy at Facebook.

The speakers discussed the tensions that exist between privacy and openness in a social networking environment that is primarily intended for people to share information.

The discussion touched on trust between users and social networking sites, new definitions of privacy in the social networking world, the continuing evolution of users’ privacy expectations, and the limitations of giving users granular control of their personal information.

I had the honor of participating in my first Oxford-style debate at The Economist’s Media Convergence Forum in New York City on Wednesday. The proposition before us was: Consumers have more to gain than lose from sharing personal information. Dave Morgan, Chief Executive Officer of Simulmedia joined me on the ‘Con’ side of the debate. Matthew Wise, President and CEO of Q Interactive and Jeff Jarvis, author of “What would Google do?’ and the Buzz Machine Blog led the pro side.

Before the debate started the audience was polled and voted 75% to 25% in favor of the proposition. I was not surprised considering that many attendees of the conference were new media marketers. Clearly, Dave and I had our work cut out for us.

Jeff and Matt gave a spirited argument that sharing information was good for business and good for those consumers who willingly chose to share their data. Dave and I responded that we agree that, if users did control their data today, they might be better off choosing to share it, unfortunately, law, technology and corporate policy are often at odds today with providing users anything resembling control. Obviously, I’m vastly summarizing all arguments here, but this gives you a taste.

In the end, there was a revote that went 42% to 58% opposed to the proposition.

A lot of things account for the change of heart of the crowd. First and foremost, Dave Morgan was clearly a good partner as a veteran and well-respected leader in the online behavioral targeting industry who believes that we can have both targeted ads and privacy. Second, I believe that most industry players understand that the Web 2.0 world demands that individuals be granted greater control be given over their information. They know that we have simply outgrown of the 1980s direct marketing world that says that the company owns the consumer’s data.

When presented a coherent argument that is pro-advertising and pro-privacy, even those who earn their money as advertisers but don’t represent the industry in policy debates are willing to support it.

Last week, the Guardian lauded users on Twitter and other user-generated content sites for the role they played in breaking through an extraordinary gag order imposed on the Guardian by a British court. The editor of the Guardian and the Twitterati claimed a remarkable victory for free speech and the free press.

At issue were documents obtained by the Guardian associated with a major class-action settlement involving a multinational corporation and the 400 tons of petrochemical waste its contractor dumped in the Ivory Coast, sickening thousands. Last month, a British court enjoined the Guardian not only from releasing the document, but also, in a Kafkaesque twist, from reporting that it had been gagged at all. Things came to a head when a member of Parliament asked a question about the documents, bringing into play a longstanding tradition that whatever is said in Parliament is fair game for public reporting. The Guardian tauntingly alluded to the Member’s question and the press gag, setting off a firestorm of activity on Twitter, blogs, SideWiki, Wikileaks, and Wikipedia that uncovered the documents and the gag order in under an hour.

This story from across the pond is just the latest in a growing number of examples of how web 2.0 platforms can enable the exercise of rights vital to a healthy democracy and a free society: This summer we saw how protesters and journalists in Iran and Xinjiang used Twitter and other web 2.0 platforms to get their message out to the rest of the world. And earlier this month, Leslie Harris wrote about the use of Twitter during the G20 protests in Pittsburgh—an unmistakable exercise of the right to speak, assemble, and petition—and the trampling of the First Amendment and core civil liberties that followed.

It is undeniable that free speech and human rights advocates have found one more tool to help their cause. To echo Leslie’s warning about the G20 protester’s arrest, however, the west must be vigilant in ensuring these tools continue to expand free expression within our borders, or else risk losing our moral footing when the next “Twitter revolution” comes.

CDT and a large group of public interest advocates today sent a letter to FCC Chairman Julius Genachowski commending him and the Commission for launching a proceeding later this week to closely examine the issue of Internet neutrality. The proceeding is aimed at ensuring that broadband service providers cannot act as gatekeepers over Internet websites and services, and that the Internet retains its open and innovative character. The letter doesn’t get into specifics of what rules might look like, but affirms that safeguards in this area would strongly serve the public interest. The letter urges the agency to move forward with the policy process and not to be dissuaded by dire and overwrought “predictions of doom” from opponents who want to halt the dialog before it even starts. At this point in the debate on Internet “neutrality,” we think that a proceeding at the FCC would be a constructive step.

CDT does believe that any action on neutrality must be carefully framed so as to not give the FCC broad regulatory power over Internet content and applications. It is vital that the Internet remain free from both gatekeeping by broadband providers, as well as burdensome governmental regulations on what types of content, websites and tools that you can reach online.

Did Yahoo! turn over user data from 200,000 Yahoo! Iran email accounts to Iranian authorities in exchange for the unblocking of Yahoo.com? Not likely.

Last week, Richard Koman over at ZDNet reported this exact allegation; ZDNet quickly retracted the post in full within the day, given the unreliability of the source and the alarming disregard of basic journalistic best practices. A quick inquiry with Yahoo! (or even a simple search of Yahoo!’s website) would have revealed critical factual errors in the underlying report, which should have raised red flags as to its reliability. (To start, Yahoo! has no Iranian website or base of operations in Malaysia.) And these steps should have been taken before such a serious accusation was lobbed into the public sphere, to be reposted and prejudged.

Commentary on the state of online journalism aside, such wildly false accusations distract from the many real challenges to Internet freedom emerging all over the world: censorship and intimidation are on the rise and Internet freedom advocates are fighting off filtering mandates left and right. Questions of ethical corporate behavior in the ICT space can be thorny and complex. Exhortations directed at tech companies to “do the right thing” are only as effective as our collective understanding of the human rights challenges they actually face. At risk of stating the obvious, we must take care to understand the exact nature of government demands and how companies are responding in order to develop appropriate and effective strategies to address both.
(more…)