It seems that the controversy about legislators using Twitter, YouTube, and other third party Web services may have come to a close. Both branches of Congress have recently revised their rules for how legislators can use Web services, and whether they can maintain content on third-party Web services and embed it onto their official Web sites. This is an important step in clearing up the earlier confusion and ensuring that clear standards are set. This is also a clear victory for the Let Our Congress Tweet campaign, which encouraged the committees to open the rules up for legislators to use third-party Web services.

Last week, the Senate Rules and Administration Committee changed its rules on how Senators can host content. Regulations now allow Senators to embed a video hosted by YouTube, link to a Flickr album, and make use of other third-party Web services as long as they abide by Franking rules: no product endorsement, no partisan material, and no personal (as opposed to official) material. Similarly, the Committee on House Administration has announced their new regulations, which will permit Members to use Web services in official capacities as well. The Representatives can post content to outside Web sites as long as the material is for “official purposes” and not personal or commercially related.

The now-defunct rules prohibiting the use of third-party services online was meant to preserve the non-commercial and non-partisan communications of Congress to constituents. There were already many members of Congress on Twitter, Youtube, Facebook, Flickr; all services allowing them to reach out to constituents where the constituents already are. While these members by and large defied the old regulations, legislators can now use services that don’t live at house.gov.

It’s a good thing that the government doesn’t jump headfirst into every trendy online service, but it’s also good that Congress is taking a look at how its members interact with the public in light of new tools and services on the Internet. Federal agencies have also been using Twitter, and there are many new media users (like me!) that are excited to see whether legislators will use these new tools to communicate with us more effectively.

Of course, I’m most familiar with Twitter, so thats the exciting part this announcement for me. In fact,CDT has just launched our Twitter account, to complement our discussion on the Presidential transition. But legislators now have a plethora of options for their media, be it video, audio, or microblogs- and maybe we’ll give the House servers a break, too. Welcome to the 21st century, Congress!

Congress couldn’t get its act together in time to pass a proper appropriations bill for the 2009 fiscal year. Instead, last weekend it passed a continuing resolution (CR) to fund the federal government – for homeland security purposes at least – until March.

Perhaps not surprisingly, there was an allocation of $100 million to fund REAL ID, the federal effort that puts us closer to a national ID card by standardizing driver’s licenses. CDT hopes Congress will repeal the exceedingly bad law, especially in light of the 21 states that have come out against REAL ID.

But what was surprising in the CR was the limitation placed on spending for REAL ID. The Act provides that individuals can only be licensed in one state at a time, thus states are required to share information with every other state to ensure that a driver’s license (or state ID card) applicant doesn’t already have a REAL ID card from somewhere else. Referencing this requirement, Section 547 of the CR states that [emphasis added]:

“[N]one of the funds provided in this section for development of the information sharing and verification system shall be available to create any new system of records from the data accessible by such information technology system, or to create any means of access by Federal agencies to such information technology system other than to fulfill responsibilities pursuant to the REAL ID Act of 2005.”

Read the rest of this entry »

Consumer Reports has released a new video, as part of their WebWatch project, with a song and good advice about phishing and Internet scams. I’m not sure that ‘if you suspect deceit, just hit delete!’ will ever catch on as a widespread slogan, but it’s certainly fun. What is phishing? Phishing is when scammers send out lots of email pretending to be from someone else- like your bank- hoping that you will give them your information. They’re ‘fishing’ for your personal information.

Phishing is still a looming threat to consumers. One person in a hundred lost money to phishing scams last year, resulting in more than 2 billion dollars in damage. While that’s not going to bail out anyone in the financial sector, it’s still a lot of money that’s being lost. The incidence of phishing is still rising as other threats online fall, according to Consumer Reports’ 2008 State of the Net. Often, a consumer can’t tell whether an email is legitimate or part of a scam. That’s one reason why education in this area can be a huge boon to consumers, protecting their privacy and shielding them from identity theft.

I’ll be forwarding this video on to people with questions about phishing, and why their new found friends in impoverished countries want to wire them large sums of money. Unfortunately, it’s pretty easy to create a convincing phishing email; it’s often hard to tell which emails are really from your bank and which are scams. Here are a couple simple tips that will pay off immediately: type in URLs for links instead of clicking them and never giving anyone your password. More tips can be found at the FTC OnGuard Online website and at the Anti-Phishing Working Group.

As the news focuses on negotiations over financial bailout legislation, congressional staff and Members who aren’t neck-deep in that issue are working behind the scenes to see if they can push other bills over the finish line before Congress leaves town to campaign. One bill that is now on its way to the President, after passing the Senate on Friday and the House on Sunday, is an intellectual property enforcement package called the “PRO IP Act” (S. 3325, sponsored by Sen. Patrick Leahy). The final bill represents an improvement over prior versions of I.P. enforcement legislation, but CDT still has some concerns about how certain provisions could play out in practice.

As passed, the bill contains measures aiming to beef up certain remedies for intellectual property violations, including by providing a harmonized approach to civil forfeiture of property connected to violations; to reform the federal government’s coordination structure for intellectual property enforcement; and to provide additional resources for intellectual property law enforcement efforts.

CDT believes that vigorous enforcement of existing copyright law (as well as other intellectual property law) is necessary and appropriate. And there is no question that computer technology and the Internet have created major new enforcement challenges.
Read the rest of this entry »

[Ed. Note: this is the first in a series of blog posts addressing a range of technology and civil liberties issues we believe America's next President and Congress will have the chance to take a fresh look at, and the opportunity to set a policy course for the Internet that will keep it open, innovative and free.]

One of the biggest mistakes a new administration might make in its first 100 days would be to ignore the impact technology has had on the privacy of our communications and the striking need to update the law accordingly. If the President fails to act early in his first term he will miss a window of opportunity that won’t soon reopen, and it will be to the detriment of the Internet economy and to privacy rights.

The next President will have to resolve big-ticket items, like an economic meltdown, an unpopular war and an energy crisis. But when it comes to putting in place policies that will protect and promote Internet commerce, investing in timely solutions now will reap significant dividends for years to come.

Hi-Tech Discrimination
The revolutionary growth of digital storage capacity and online communications services means that more and more of our lives are spent online. We send email through web-based services and have growing opportunities to store our calendars, address books and the like with online service providers. Increasingly, sensitive information that used to reside on in our desks, on our desktops or stored on our home computers is shared with or stored by third parties who then convey it to others.

And when it does reside with third parties, our information loses much of the Fourth Amendment protection that it enjoyed when it was stored in your home digitally or on paper. For example, the government can easily require your web-based service provider to turn over an email message that you’ve saved for more than six months on your Gmail or Hotmail account—any web-based email account for that matter. The government does not have to prove to a judge that it has strong evidence – probable cause – that the message is relevant to criminal activity. To get that very same message saved on your desktop computer, the government would have to make that probable cause showing.
Read the rest of this entry »

War, financial crisis and the fate of a nation hanging in the balance. It sounds like a back-of-the-envelope outline for a spy novel, but it’s actually the current political climate in the U.S. Given that, it’s no surprise that discussion of Internet and technology issues is adrift, and that civil liberties protection has been pushed to the margins during this intense political season.

And yet this election cycle provides a great window of opportunity. The President and Congress will have a chance to take a fresh look at the challenges and opportunities of the Internet and set a policy course for this vital medium that will keep it open, innovative and free.

We often take the Internet for granted. In a short time it has become a powerful engine for innovation, economic growth and democratization. The Internet has changed the way we “do” politics. Ordinary Americans are making their voices heard and organizing online. Political candidates are building online networks of supporters, raising unprecedented funds from small donors, and educating the public on their policies and visions.

A few months ago CDT started a dialogue on what we believe are the key issues impacting the digital work-a-day world where most of us are spending an increasing amount of time. The ideas and feedback flowing from that discussion will help us craft a kind of blueprint for technology policy for use by the new Administration, noting things that can be done right now while also providing a strategy for achieving longer term goals.

Starting this week and following through until the election, CDT will focus on specific issue areas and write about each of them here on our Policy Beta blog. Our President, Leslie Harris, will add another level of insight and commentary on the issue in a companion article published in her Huffington Post column. And for those that want a daily dose of policy prognostication —in 140 characters or less—you can follow our efforts via Twitter.

We encourage you to push these blog postings out to your friends, family, forums and social networks. We welcome comments, criticisms and suggestions, all of which will help us sharpen our message and hone our suggestions for the next Administration and Congress.

Earlier this week, we set out our wish list for what we hoped to hear from witnesses during today’s Senate Commerce Committee hearing on behavioral advertising as this emerging online marketing practice comes under congressional scrutiny.

We are pleased that the telecom companies testifying today, AT&T and Verizon, appear headed in the right direction.

Both companies strongly embraced setting a high bar for engaging in behavioral advertising and challenged the rest of the industry to do the same. Dorothy Attwood, senior vice president of Public Policy and Chief Privacy Officer for AT&T, said her company was committing to a policy of “advance, affirmative consumer consent,” noting that the phrase is “generically referred to as “opt-in.”

Meanwhile, Tom Tauke, Verizon’s executive vice president for Public Affairs, Policy and Communications, said that any kind of consumer protection practices must include “meaningful consent” from the consumer. Tauke went on to explain that “meaningful consent” requires transparency, affirmative choice and consumer control.

Moreover, Attwood made clear that a “consumer’s failure to act will not result in any collection and use by default of the consumer’s information for online behavioral advertising.”
Read the rest of this entry »

Back in January I wrote an op-ed criticizing the Department of Homeland Security for flirting with the idea of creating a national ID database to implement the REAL ID Act. While CDT has been supporting the repeal of REAL ID or its major amendment, we believe that, should the law stand, it must be implemented responsibly.

The American Association of Motor Vehicle Administrators (AAMVA), a private organization representing the interests of state DMVs, has been a key proponent of creating a national ID database, which would hold highly sensitive personal information on virtually all Americans, because it already manages a similar central database for commercial drivers.

Although AAMVA is clearly pushing the centralized model, it has heard the cries of privacy advocates who have warned of the significant privacy and security risks of creating a national ID database. To its credit, AAMVA is putting together a white paper, due out in the next few weeks, analyzing the different system models that could ensure that an applicant doesn’t already hold a REAL ID card from another state (which is a requirement of the Act).
Read the rest of this entry »

On September 23, the Senate Select Committee on Intelligence will conduct a hearing on new Attorney General Guidelines governing FBI investigations and the collection of domestic intelligence. The Department of Justice first issued guidelines governing FBI investigations in 1974 and has loosened them virtually every time it has re-visited those guidelines.

Now, Justice is engaged in a substantial re-write. CDT was given a peek at the new guidelines while still in draft form. The real news behind the re-write is that when the dust settles, the FBI will be permitted to engage in intrusive investigative techniques without having a tip that a crime may be committed and without having evidence of a particularized threat to national security.

Look for senators to question the witnesses about “assessments.” The new guidelines would permit FBI agents conducting an “assessment” to recruit informants to surreptitiously attend meetings and events, to misrepresent their identities while engaging people in conversation in an effort to elicit information, and to indefinitely surveil homes, offices and individuals, all without any evidence of crime. Traditionally, such intrusive investigative techniques were reserved for investigating when there was evidence of a crime or of a threat to national security; now they would be used to investigate whether to investigate.

The Committee usually conducts its hearings behind closed doors; to its credit, the Committee decided to open this important hearing to the public.

For more background on this issue, check out our resource page on Attorney General guidelines. There you will find a list of all the guidelines that are going to be re-written.

Back in March, CDT welcomed Comcast’s announcement that it would move to a “protocol agnostic” technique for managing network congestion. No technical details were provided, but the announcement certainly seemed to imply that the new technique would steer clear of singling out particular protocols, services, or content for inferior treatment. In other words, it would avoid the kind behavior that gives Internet neutrality advocates fits and that puts network operators in a position to undermine unfettered innovation. To use a potentially loaded term, the announcement seemed to imply that the new technique would be neutral.

But we also noted that we would have to wait and see how the new technique actually works. However promising the term “protocol agnostic” might sound, it doesn’t exactly have a widely accepted meaning.

Well, Comcast has now filed with the FCC a description of the new congestion management technique it is rolling out. Based on that description, it appears to be the real deal.

Simply put, the new technique appears not to hinge on what applications or content a subscriber chooses to access. All it will know or care about is the volume of data each subscriber is sending over the network. When a particular part of the network starts experiencing heavy usage, the subscribers currently generating the most traffic (relative to the size of the connection they have purchased) will end up getting assigned a lower priority. As a result, their traffic may get slowed or perhaps experience some packet drops — but only if overall usage is so high that affecting someone’s traffic in this way is inevitable, and only until the affected individuals lower their usage a bit.
Read the rest of this entry »