Recently in Legislation Category

EU Data Breach update

EU Commission Regulation No 611/2013 (PDF) outlines measures applicable to data breach notification under the amended 2009 EU e-Privacy Directive 2002/58/EC (PDF) of the European Parliament and of the Council on privacy and electronic communications.



Brian Owsley, former United States Magistrate Judge for the Southern District of Texas and current professor at Texas Tech University School of Law, published an article in the University of Pennsylvania Journal of Constitutional Law, Vol. 16, 2013 titled "The Fourth Amendment Implications of the Government's Use of Cell Tower Dumps in its Electronic Surveillance (PDF)". The paper addresses novel issues about electronic surveillance using cell tower dumps. 

Abstract:      
Privacy concerns resonate with the American people. Although the right to privacy is not explicitly protected in the United States Constitution, the Supreme Court has found the right to privacy rooted within the Constitution based on various amendments. In the modern era, with rapid advances in technology, threats to privacy abound including new surveillance methods by law enforcement. There is a growing tension between an individual's right to privacy and our collective right to public safety. This latter right is often protected by law enforcement's use of electronic surveillance as an investigative tool, but may be done at times inconsistent with constitutional rights. 

Recently, the American Civil Liberties Union brought to light the popular use of government surveillance of cell phones, including the gathering of all cell phone numbers utilizing a specific cell site location. Known as a "cell tower dump," such procedures essentially obtain all of the telephone number records from a particular cell site tower for a given time period: "A tower dump allows police to request the phone numbers of all phones that connected to a specific tower within a given period of time." State and federal courts have barely addressed cell tower dumps. However, the actions by most of the largest cell phone providers, as well as personal experience and conversations with other magistrate judges, strongly suggest "that it has become a relatively routine investigative technique" for law enforcement officials. 

No federal statute directly addresses whether and how law enforcement officers may seek a cell tower dump from cellular telephone providers. Assistant United States Attorneys, with the encouragement of the United States Department of Justice, apply for court orders authorizing cell tower dumps pursuant to a provision in the Electronic Communications Privacy Act of 1986. The pertinent provision poses a procedural hurdle less stringent than a warrant based on probable cause, which in turn raises significant constitutional concerns. 

This article provides a brief description of cellular telephone and cell-site technology in Part I. Next, Part II addresses the evolution of Fourth Amendment jurisprudence and argues that the reasonable expectation of privacy standard applies to electronic surveillance such as cell tower dumps. In Part III, the discussion follows the development of statutes addressing electronic surveillance and argues that cell tower dumps request more information than simply just telephone numbers. Part IV analyzes records from both cellular service providers and the federal government to conclude that cell tower dumps routinely occur. Part V assesses the few decisions that even discuss cell tower dumps and argues that the analysis is either non-existent or flawed regarding the use of the Stored Communications Act to permit cell tower dumps. Next, Part VI asserts that cell tower dumps cannot be analyzed pursuant to the Stored Communications Act because the language of the statute is inapplicable and the amount of information sought requires a warrant based on probable cause and concludes by proposing some protocols to safeguard individual privacy rights.


SOPA Progress Slowed

It appears the anti-SOPA/PROTECTIP grassroots movement and lobbyists have struck a blow to the forward progress of the two bills. Over the weekend many Senators, Congressman, and the White House publicly announced their opposition to the bills or the DNS provisions.

Ars has a great write up by Timothy Lee: http://arstechnica.com/tech-policy/news/2012/01/under-voter-pressure-members-of-congress-backpedal-on-sopa.ars

MSNBC's "Up with Chris Hayes" hosted a debate about SOPA with NBCUniversal Executive Vice President and General Counsel Richard Cotton and Reddit.com co-founder Alexis Ohanian, as well as former Rep. Joe Sestak (D-PA) and former lobbyist Jack Abramoff. Rick Cotton and Alexis Ohanian dominated most of debate.




I found Richard Cotton's tactic in this debate to be hysterical and typical of the debate thus far: state your position loudly, frequently, and do not yield any ground to other arguments. Cotton spent the entire debate vehemently insisting that SOPA will not effect any U.S. websites/companies and frequently trying to talk over Alexis and Chris. He said some variation of "wholesale devoted to theft/illegal activity/thievery" 10 times, "devoted to foreign sites only" 6 times, and told someone their interpretation of the bill was flat out wrong twice within the roughly 18-minute long debate. Alexis and Chris made some good points.

Interesting debate -- especially seeing an NBC show host challenge and spar with an NBC VP over the stance the company has taken. Kudos to NBC for their openness...now just stop supporting this bill.

SOPA Hearing Transcript

The transcript (PDF) from the December 15, 2011 House Judiciary Committee markup of H.R. 3261, Stop Online Piracy Act (SOPA). This was one of the most infuriating sessions to watch live and reviewing the testimony and comments, in writing, a month later still boils my blood. There is a PrivacyWonk hosted copy available (PDF) in case the House moves the copy that is hosted there.

The markup session produced 495 pages of text, including the following gems:

Mr. Watt.  I thank the gentleman for yielding, and I just want to make a couple of points.  First of all, I want to go back to what my friend, Ms. Lofgren's comments she made and discourage any of us from talking about who has been bought off or even experts.  There has been a lot of money floating around in a lot of different places on this issue, and I just don't think it is worthy of us to be talking about who got bought off and who got hired by whom, especially when we start identifying the people.

Mr. Chaffetz.  Thank you, Mr. Chairman.  I have the greatest respect for you and for Ranking Member Conyers.  I do appreciate the manager's amendment.  I do think it is certainly better.   There is clearly a problem.  I understand that there is a problem, but I worry that this is the wrong remedy.  I was trying to think of a way to try to describe my concerns with this bill, but basically we are going to do surgery on the Internet, and we haven't had a doctor in the room tell us how we going to change these organs.  We are basically going to reconfigure the Internet and how it is going to work without bringing in the nerds, without bringing in the doctors.

Ms. Jackson Lee. ... And then, Mr. Chairman, if I might have a moment of personal privilege and just cite for my colleagues, because I do think that we should be respectful of each other, I am reading a tweet that has gone out from "GOP Rep King, Bored by the dialogue of Representative Jackson Lee."  I have no reason to think that anybody cares about my words, but I would offer to say that Mr. King owes the committee an apology, said that we are debating the Stop Online Piracy Act and that he is killing time by surfing the Internet.  I have never known Mr. King to have a multi-task capacity, but if that is his ability, I do think it is inappropriate while we are talking about serious issues, to have a member of the Judiciary Committee be so offensive.  So I am putting on the record, he is not here -- I -- 
Mr. Sensenbrenner.  Chairman, I demand the gentlewoman's words be taken down.  
Ms. Jackson Lee.  Well, I am not taking them down, so you can break this hearing because I am not.  I would ask Mr. --  ...

There is much more contained within the transcript. It is an almost 500 page demonstration of special interest lobbying, willful ignorance of the outside-the-beltway world and the internet.

For more on SOPA, please see the opposition letter. Please use this letter and send to your representatives to add your voice to the debate.


My SOPA Opposition Letter

I like participating and love what the Center for Democracy and Technology and others are doing at the American Censorship Project. However, this is an issue I feel very strongly about and decided to sit down and compose my own letter & e-mail to my representative. There are two versions of the letter -- one for you to read and interact with on this blog and one for you to copy and paste and send to your representative. The second version removes formatting to ensure sources (URLs) transition through the "Write your Representative" pages.

To the Honorable <<Representative>>,

I am writing to express my staunch disapproval to H.R. 3261: Stop Online Piracy Act (SOPA) and S. 968: Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 (PROTECTIP). There is no substantial disagreement with the goal of combating the online infringement of copyrights and trademarks; that is a valid and important aim. However, these bills are incredibly dangerous to the country. Some of the specific provisions are far more controversial and would do far more damage than the authors (the MPAA and other lobbying arms of the entertainment industry) of the bill or the "expert" testimony would suggest. A Politico article by Jennifer Martinez titled "Shootout at the digital corral" published on November 16, 2011, provides excellent detail on the bills and the simple fact that the entertainment lobby has outspent the technology lobby for the past two years. The entertainment lobby has bought and paid for these bills, spending over $200M in 2010 and 2011, that will substantially harm the still growing and increasingly important digital economy: making it impossible to innovate, killing start-ups, and any jobs associated with them.

The public reaction to these bills in the United States has been visceral. Opponents of the bill include: Google, Yahoo!, Facebook, Twitter, AOL, LinkedIn, eBay, Mozilla Corporation, the Brookings Institution and human rights organizations such as Reporters Without Borders, the Electronic Frontier Foundation, the ACLU, Human Rights Watch, and the Center for Democracy and Technology.

Sandia National Laboratories, a part of the U.S. Department of Energy, concluded that the SOPA legislation would "negatively impact U.S. and global cybersecurity and Internet functionality." Sandia joins Republican Representative Dan Lungren, who also worried that SOPA would undercut efforts to secure the internet with DNSSEC.

Harvard Business Review blogger James Allworth wrote, "Is this really what we want to do to the internet? Shut it down every time it doesn't fit someone's business model?" concluding that the bill would "give America its very own version of the Great Firewall of China." I do not believe this quote is hyperbole. The bill will significantly impair the freedom of the internet that we as a country have advocated very publicly. See Hillary Clinton's speech on Internet Freedom at GW University.

There has also been international outcry to the bills. The European Parliament passed (by a large majority) a resolution criticizing SOPA. The resolution emphasizes "the need to protect the integrity of the global Internet and freedom of communication by refraining from unilateral measures to revoke IP addresses or domain names." The United States has great allies in Europe and we would not be doing ourselves any favors by passing a bill that does *nothing* to protect us and everything to antagonize Europeans.

We cannot legislate an internet that protects everyone, everywhere, at every second. But we also cannot take the interests of a few companies' antiquated business models over the interest and rights of our citizens. SOPA and PROTECTIP are bad pieces of legislation. This fact is highlighted in the poor grasp of internet technology the bills put forward; the entertainment industry spent millions of dollars to produce pieces of legislation that *break* the internet. These bills represent the last throes of an industry failing to adapt to a new marketplace. These companies would have done better to take their $200M+ of lobbying and invest it in innovation, research and development, and job creation around that R&D.

Please help stop this bill.

Thank you,
<<Name>>

ECPA Reform -- Keeping the momentum

Reforming government takes a long time, it rarely happens overnight. It can often takes years of negotiation, grassroots campaigning, and lobbying to effect change. That's our system, for better or worse. Right now, one such issue working its way through the process is reforming the 25-year old, and very stale, Electronic Communications Privacy Act (ECPA) of 1986. Over the past year, there has been substantial activity around the issue. Big companies and advocacy groups from both the left and right have come together to demand updates to the electronic surveillance laws. The laws no longer work with our current technological environment and offer very little privacy protection to individuals. It also puts companies who handle  information in difficult positions: protecting consumer data or disclosing information to government without clear guidelines. Center for Democracy and Technology (CDT) has put together a great primer on the history of ECPA, the privacy concerns, the technological changes that have occurred since 1986, and why reform is needed.

Over a year ago, there was a a lot of activity around ECPA reform, including a hearing held by the Senate Judiciary Committee and Google helping form the Digital Due Process Coalition. The coalition is comprised of many big tech companies and advocacy groups "[t]o simplify, clarify, and unify the ECPA standards, providing stronger privacy protections for communications and associated data in response to changes in technology and new services and usage patterns, while preserving the legal tools necessary for government agencies to enforce the laws, respond to emergency circumstances and protect the public." Additional background from Alex Howard at O'Reilly Radar.

ECPA reform has made its way into the Congressional records with draft legislation put forward. On May 17, 2011 Senator Patrick Leahy (D-VT) introduced a bill to modernize and update the ECPA titled Electronic Communications Privacy Act Amendments Act of 2011 (PDF) (S. 1011).

CDT has recently formed a group of both left and right organizations to support a petition for privacy law reform, specifically targeting ECPA. The site, "Not Without A Warrant" allows individuals to electronically sign the petition and add their voice to the reform movement.

PrivacyWonk has signed the Not Without A Warrant petition. Will you?

112th Privacy Legislation

| 1 Comment
Updated September 27, 2011.
Updated November 8, 2011.
Updated January 31, 2012.
Updated February 7, 2012. Please see changes below.


The post below details the current pieces of draft/for discussion bills proposed by Representatives and Senators of the 112th Congressional Session. This will be a living post as it is expected there will be hearings happening before the July 4th recess.  For your reading pleasure and enjoyment (because what privacy-focused person doesn't love reading policy?) the items detail the sponsors, bill name and number, and provide links to PDF copies of the bill and to Thomas for official bill statuses.  Enjoy.  Sometime soon, expect a post from PrivacyWonk comparing all of these bills (where applicable/appropriate).

9/27/2011: Three Senate bills have moved far ahead of the pack being passed out of the Senate Judiciary Committe. Senators Blumenthal, Leahy, and Feinstein all have bills (see below) that will now appear on the legislative calendar. CDT's Harley Geiger has great write up on them here.

1/31/2012: While SOPA/PIPA dominated much of December 2011 and January 2012, a privacy issue arose around CarrierIQ -- tracking software installed in millions of smart phones on multiple carriers -- in early December. Senator Al Franken demanded answers to questions, CarrierIQ put out a press release, and other Congress members have asked for a formal investigation. Coming out of all this, Representative Edward Markey (D-MA) published a draft cellphone privacy bill. Lastly, two bills have seen an increase in support. H.R. 1895, Do Not Track Kids Online and H.R. 1981, Protecting Children From Internet Pornographers Act of 2011. Details below.

Quick Stats
Pieces of Legislation: 19 introduced, 1 discussion draft
Representatives: 9
Senators: 9

Representative Bobby L. Rush (D-IL) reintroduced his privacy focused legislation from last year on Thursday, February 10th, 2011.  Building Effective Strategies To Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act (PDF). (H.R. 611).
Status: Referred to the House Subcommittee on Commerce, Manufacturing, and Trade, no cosponsors have signed on.

Representative Jackie Speier (D-CA) introduced two pieces of legislation on Friday, February 11th, 2011, aimed at protecting personal information.  The Do Not Track Me Online Act of 2011 (H.R. 654) would give consumers the ability to prevent the collection and use of data on their online activities.  The Financial Information Privacy Act of 2011 (H.R. 653) would give consumers control of their own financial information.
H.R. 654 Status: Referred to the House Subcommittee on Commerce, Manufacturing, and Trade. 22 cosponsors have signed on.
H.R. 653 Status: Referred to the House Subcommittee on Financial Institutions and Consumer Credit. Seven cosponsors have signed on.

Senators John Kerry (D-MA) and John McCain (R-AZ) introduced the Commercial Privacy Bill of Rights Act of 2011 (PDF) (S. 799) on April 12, 2011. This bill aims to establish a baseline code of conduct for how personally identifiable information and information that can uniquely identify an individual or networked device are used, stored, and distributed.
Status: Referred to Committee on Commerce, Science, and Transportation. Two cosponsors have signed on.

Representative Cliff Stearns (R-FL) introduced the Consumer Privacy Protection Act of 2011 (H.R. 1528) on April 13, 2011, which seeks to "protect and enhance consumer privacy" both online and offline by imposing certain notice and choice requirements with respect to the collection and use of personal information. 
Status
: Referred to the Committee on Commerce, Science, and Transportation. Five cosponsors have signed on.

Representative Bobby L. Rush (D-IL) reintroduced the Data Accountability and Trust Act (PDF) (H.R. 1701) (formerly H.R. 2221 from the 111th) on May 4, 2011, which directs companies to establish policies on the use (collection, storage, sale, disposition, etc) of consumer personal information.  It also has a 60-day breach notification requirement.  Minimal changes to the original, the only substantial update was the definition of service provider.
Status: Referred to the House Committee on Energy and Commerce. Four cosponsors have signed on.

Senator Jay Rockefeller (D-WV), the Chairman of the Senate Committee on Commerce, Science and Transportation, introduced the "Do-Not-Track Online Act of 2011" (S. 913) on May 9, 2011. The bill requires the Federal Trade Commission to prescribe regulations regarding the collection and use of personal information obtained by tracking the online activity of an individual, and for other purposes (Do Not Track).
Status: Referred to the Committee on Commerce, Science, and Transportation. Two cosponsors have signed on.

Representative Cliff Stearns (R-FL) and Representative Jim Matheson (D-UT) introduced the Data Accountability and Trust Act of 2011 (H.R. 1841) on May 11, 2011, which seeks to protect consumers by requiring reasonable security policies and procedures to protect computerized data containing personal information, and to provide for nationwide notice in the event of a security breach. This bill is built on Representative Bobby Rush's original DATAct from the 111th.
Status: Referred to the House Subcommittee on Commerce, Manufacturing, and Trade. One cosponsor has signed on.

Representatives Ed Markey (D-MA) and Joe Barton (R-TX) introduced the Do Not Track Kids Act of 2011 (PDF) (H.R. 1895) on May 13, 2011. The bill amends the historic Children's Online Privacy Protection Act of 1998 (COPPA), will extend, enhance and update the provisions relating to the collection, use and disclosure of children's personal information and establishes new protections for personal information of children and teens.
Status: Referred to the House Subcommittee on Commerce, Manufacturing, and Trade. 18 cosponsors have signed on.

Senator Patrick Leahy (D-VT) introduced two Senate Bills to address both consumer privacy and citizen privacy. The first, introduced on May 17, 2011 to modernize and update the Electronic Communications Privacy Act titled Electronic Communications Privacy Act Amendments Act of 2011 (PDF) (S. 1011).  The second bill, introduced on June 6, 2011, titled Personal Data Privacy and Security Act of 2011 (PDF) (S.1151). This is an update and reintroduction of Leahy's 2009 bill of the same title.
S. 1011 Status: Read twice and referred to Committee on the Judiciary, no cosponsors have signed on.
S. 1151 Status: Placed on Senate Legislative Calendar under General Orders. Calendar No. 181. Four cosponsors have signed on. On 11/7/2011, Senator Leahy filed Additional/Minority views in Senate Report 112-091, the DHS Appropriations Bill of 2012.

Sen. Ron Wyden (D-OR) and Rep. Jason Chaffetz (R-Utah) introduced Geolocation Privacy and Surveillance ("GPS") Act (PDF). (S. 1212) and (H.R.2168) on June 15, 2011 that creates a legal framework designed to give government agencies, commercial entities and private citizens clear guidelines for when and how geolocation information can be accessed and used.
S.1212 Status: Referred to the Senate Committee on the Judiciary, one cosponsor has signed onto the bill.
H.R. 2168 Status: Referred to the Subcommittee on Crime, Terrorism, and Homeland Security. 10 cosponsors have signed on.

Senators Mark Pyyor (D-AR) and Senator Jay Rockefeller (D-WV) introduced the Data Security and Breach Notification Act (PDF) (S. 1207) on June 15, 2011.  This is a reintroduction of a bill originally proposed by Senator Pryor in 2010.  The bill aims to require businesses and nonprofit organizations that store consumers' personal information to put in place strong security features to safeguard sensitive data, alert consumers when this data has been breached, and provide affected individuals with the tools they need to protect their credit and finances. 
Status: Referred to the Committee on Commerce, Science, and Transportation. One cosponsor has signed on.
NB: Politico featured a story with S. 1207 as the center piece, describing the Senator's efforts to arrive a consensus and expressing their hopes to hit the December markup.

Senators Al Franken (D-MN) and Richard Blumenthal (D-CT) introduced the Location Privacy Protection Act of 2011 (PDF),  one-page overview (PDF) (S. 1223) on June 16, 2011 that would require companies/app developers to receive express consent from users of mobile devices like smartphones and tablets before sharing information about those users' location with third parties. Will update this post as more information becomes available. Franken gets the best headline out of this: Congress to Device Makers: Don't Track Me, Bro
Status: Read twice and referred to the House Committee on the Judiciary. Six cosponsors has signed on.

Representative Mary Bono Mack (R-CA) introduced the Secure and Fortify (SAFE) Data Act  (PDF) (H.R. 2577) on July 18, 2011.  The bill aims to establish standards of breach notification and would require organizations to notify people affected by a data breach and the Federal Trade Commission (FTC) within 48 hours. This bill was previously discussed during a House Energy and Commerce Committee panel/mark-up session held on June 15, 2011.
Status: Referred to House Commerce Subcommittee on Commerce, Manufacturing and Trade. No cosponsors have signed on.

Senator Dianne Feinstein (D-CA) introduced the Data Breach Notification Act of 2011 (PDF) (S. 1408) on July 22, 2011.  This is the same legislation Senator Feinstein has introduced in the 111th session (see: S. 139). The legislation is focused only on breach notification and does not introduce security requirements. It mandates multiple notifications depending on the severity of the breach (i.e., individual, secret service, FTC, etc) and gives States AGs power to bring civil suits and does not offer any private right of action.
Status: Committee on the Judiciary. Ordered to be reported with an amendment in the nature of a substitute favorably. No cosponsors have signed on. 2/6/2012: Placed on Senate Legislative Calendar under General Orders. Calendar No. 310.

The Congressional Budget Office (CBO) has scored S. 1408. The report, released October 31, 2011, "estimates that implementing S. 1408 would cost about $3 million annually for the FTC and federal law enforcement agencies to specify how the required notification procedures would work. CBO expects that most government agencies would incur negligible costs to implement the legislation."

Representative Lamar Smith (R-TX) introduced the Protecting Children From Internet Pornographers Act of 2011 (PDF) (H.R. 1981) on May 25, 2011. This bill mandates that Internet Service Providers keep incredibly detailed logs, for up to 18 months, on all customers to facilitate the prosecution of child pornography, including internet protocol addresses (i.e. all IP addresses assigned), customer names, addresses, phone records, type and length of service, and credit card numbers, and more.  Status: On July 28, 2011 the House Judiciary Committee conducted a final roll call vote (PDF) and approved the bill, 19-10 to move before the entire House for a vote. 39 cosponsors have signed on. On November 10, 2011 house report 112-281 Part 1 discussing the bill was published. On December 16, 2011 the bill was placed on the Union Calendar, Calendar No. 224.

Senator Richard Blumenthal (D-CT) introduced the Personal Data Protection and Breach Accountability Act of 2011 (PDF) (S.1535) on September 8, 2011. The 100-page bill aims to regulate companies that store information for more than 10,000 people. The bill aims to deter preventable breaches, minimize consumer harm, promote a robust security platform, and uses a very big stick for compliance. Individuals found to consistently violating these provisions face a maximum sentence of five years in prison and/or a $1 million fine. This is one the most severe penalties put forward in a privacy focused bill. Further, the bill requests coordination between the FBI and Secret Service to produce reports on enforcement actions, breach trends, and the efficacy of post-breach notifications.
Status: Placed on Senate Legislative Calendar under General Orders. Calendar No. 182. One cosponsor has signed on.

Representative Ed Markey (D-MA) released a discussion draft of Mobile Device Privacy Act (PDF) on January 30, 2012. The bill would require companies to disclose if they are using tracking software (i.e. CarrierIQ), what information the software collects, and whom it shares the information with. Consumers would have to provide express consent to any data collection or transmission, and third parties would have to have documented policies in place to secure the data they collect. Companies that want to transfer data to third parties would have to file applications with the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC). Enforcement falls under FTC Unfair and Deceptive trade practices.
Status: Discussion Draft, not officially introduced.


If you would like to voice concern or support for any of the bills, you can easily find you Representative and/or Senator through http://www.opencongress.org/people/representatives.


Special thanks to:
Hunton and Williams privacy blog for providing some quick source material -- http://www.huntonprivacyblog.com/
ThreatLevel -- http://www.wired.com/threatlevel/2011/06/gps-warrant-proposal/
Cecilia Kang -- http://www.washingtonpost.com/blogs/post-tech/post/franken-blumenthal-introduce-mobile-privacy-bill/2011/06/15/AGjZqCWH_blog.html
PrivacyLives for the draft of the Franken bill -- http://www.privacylives.com/senators-introduce-the-location-privacy-protection-act-of-2011/2011/06/15/
Privacy Insider - http://www.insideprivacy.com/united-states/feinstein-introduces-breach-notice-bill-senate-committee-may-consider-breach-notice-proposals-shortl/
CDT/ABC News Opinion: http://abcnews.go.com/Technology/tech-agenda-bills-carry-enormous-implications-technology/story?id=14522085


UPDATE 6/15/2011:
  • House hearing to discuss draft of Rep. Mary Bono Mack's data security bill starting now. Watch livestream at:http://www.ustream.tv/channel-popup/energyandcommerce2322
  • Senator Wyden and Representative Chaffetz dropped their bipartisan geolocation bill
  • Senators Franken and Blumenthal release a one-page overview of their legislation...
  • Senators Pryor and Rockefeller reintroduced data breach legislation
  • Fixed broken Thomas links above
UPDATE 6/16/2011:
  • Received final version of Al Franken's bill that was introduced on June 16, 2011.
UPDATE 6/29/2011:
  • Updated with Rep. Rush and Stearns/Matheson's versions of the Data Accountability and Trust Act of 2011
  • Updated cosponsor stats for all bills
  • Chairman of the U.S. Senate Committee on Commerce, Science, and Transportation, John D. Rockefeller, held a full committee hearing on privacy and data security. Archived webcast available: Privacy and Data Security: Protecting Consumers in the Modern World
UPDATE 8/2/2011:
  • Added H.R. 2577, S. 139, and H.R. 1981
UPDATE 9/27/2011:
  • Updated Status and cosponsors for all bills.
  • Added S.1535
UPDATE 11/7/2011:
  • Updated sponsor count on H.R. 654 (19 to 20)
  • Updated sponsor count on H.R. 1528 (4 to 5)
  • Added link to S. 1151, Senator Leahy's additional/minority views on DHS Appropriations bill
  • Updated sponsor count on S.1212 (0 to 1)
  • Updated sponsor count on H.R. 2168 (6 to 8)
  • Added Politico link on S.1207
  • Added CBO Score on S.1408
UPDATE 01/31/2012:
  • Added Rep. Markey's Discussion Draft
  • Updated sponsor count on H.R. 654 (20 to 22)
  • Updated sponsor count on H.R. 1707 (3 to 4)
  • Updated sponsor count on H.R. 1895 (6 to 18)
  • Updated sponsor count on H.R. 2168 (8 to 10)
  • Updated sponsor count on S. 1223 (5 to 6)
  • Updated sponsor count on H.R. 2168 (25 to 39)
UPDATE 02/07/2012:
  • Updated status of S. 1408, placed on Senate Legislative Calendar under General Orders. Calendar No. 310 as of 2/6/2012.

On April 8, 2011 Congress voted to over turn controversial FTC Net Neutrality orders/regulations (PDF).

PrivacyWonk discussed this vote previously in March when it first became a topic of conversation on the hill: http://www.privacywonk.net/2011/03/netneutrality-vote.php. This vote was held while party leaders tried to reach an agreement to keep the government from shutting down.

"While the Resolution seeks to overturn the FCC's new anti-blocking, network management transparency, and traffic discrimination rules, it faces an uphill battle to become law. The Resolution would need to get passed by the Democrat-controlled Senate and get signed by the President. The White House recently said it plans to veto any measure overturning the FCC's Net Neutrality Order." ~TMT Law Watch

The 235-181 vote passed along a party line vote.  More information can be found here: http://www.govtrack.us/congress/vote.xpd?vote=h2011-251&sort=party

NetNeutrality debate back again

This post is a bit off topic from the normal discourse here on PrivacyWonk; however, given that we frequently discuss topics related directly to the internet in some way, shape, or form I believe it is not too far off topic. 

Speaker of the House John Boehner (R-OH) vowed Monday to eliminate net neutrality rules recently (PDF) enacted by the Federal Communications Commission (FCC), referring to the regulations as a "government takeover of the Internet." Rep. Boehner speech came amid a push by House Republicans to overturn the new rules. The Energy and Commerce Subcommittee on Communications and Technology announced Sunday that it would hold a vote on Wednesday, March 2nd, 2011, on a resolution of disapproval to reverse the FCC's Internet regulations.  That vote was postponed and the new vote date will be is TBD. 

The joint resolution (H. J. RES. 37) states

"JOINT RESOLUTION
Disapproving the rule submitted by the Federal Communications Commission with respect to regulating the Internet and broadband industry practices.

Resolved by the Senate and House of Representatives of the United States of America in Congress assembled, That Congress disapproves the rule submitted by the Federal Communications Commission relating to the matter of preserving the open Internet and broadband industry practices (Report and Order FCC 10-201, adopted by the Commission on December 21, 2010), and such rule shall have no force or effect."

The rules passed by the FCC are far from perfect; however, they stopped a large lobbying push against network neutrality.  That is a good thing.  Al Franken (D-Minnesota) was recently interviewed by Ars Technica on the subject and does a great job explaining the issues.  Repealing those FCC rules would allow this debate to start all over again.  It would be a giant step backward and it could have lasting consequences.

As the vote as been delayed, there is time to contact representatives on the House Energy Committee to voice your concern over the vote.  Membership of the full committee can be found here: http://energycommerce.house.gov/about/members.shtml. Membership of the Subcommittee on Communication and Technology can be found here: http://energycommerce.house.gov/subcomms/subcommittees.shtml (scroll to bottom). If you believe this issue is important, please take the time to write a letter, send an e-mail, or make a phone call.

To explain network neutrality, I turn to a noted PrivacyWonk friend, @oogali, who offered the following succinct explanation:

"Net neutrality started as a strictly economical issue (i.e. Google who buys IP connectivity from Level3, should not have to pay AT&T extra money when Level3 and AT&T already have an existing non-discriminatory traffic exchange agreement in place).

But now the term is being applied to damn near everything, and becoming highly political.

It is strictly a carrier issue. CARRIER. The entity who owns and operates the 'tubes' your IP packets move through.

If the carrier does anything to or based on those packets (blocking, rate limiting, charging extra), then it is an issue as their network is no longer neutral -- the "net" in "net neutrality" stands for network, not Internet." (Source: http://pseudonym.tumblr.com/post/1406407050/net-neutrality).