Recently in News Category

SOPA Progress Slowed

It appears the anti-SOPA/PROTECTIP grassroots movement and lobbyists have struck a blow to the forward progress of the two bills. Over the weekend many Senators, Congressman, and the White House publicly announced their opposition to the bills or the DNS provisions.

Ars has a great write up by Timothy Lee: http://arstechnica.com/tech-policy/news/2012/01/under-voter-pressure-members-of-congress-backpedal-on-sopa.ars

MSNBC's "Up with Chris Hayes" hosted a debate about SOPA with NBCUniversal Executive Vice President and General Counsel Richard Cotton and Reddit.com co-founder Alexis Ohanian, as well as former Rep. Joe Sestak (D-PA) and former lobbyist Jack Abramoff. Rick Cotton and Alexis Ohanian dominated most of debate.




I found Richard Cotton's tactic in this debate to be hysterical and typical of the debate thus far: state your position loudly, frequently, and do not yield any ground to other arguments. Cotton spent the entire debate vehemently insisting that SOPA will not effect any U.S. websites/companies and frequently trying to talk over Alexis and Chris. He said some variation of "wholesale devoted to theft/illegal activity/thievery" 10 times, "devoted to foreign sites only" 6 times, and told someone their interpretation of the bill was flat out wrong twice within the roughly 18-minute long debate. Alexis and Chris made some good points.

Interesting debate -- especially seeing an NBC show host challenge and spar with an NBC VP over the stance the company has taken. Kudos to NBC for their openness...now just stop supporting this bill.

SOPA Hearing Transcript

The transcript (PDF) from the December 15, 2011 House Judiciary Committee markup of H.R. 3261, Stop Online Piracy Act (SOPA). This was one of the most infuriating sessions to watch live and reviewing the testimony and comments, in writing, a month later still boils my blood. There is a PrivacyWonk hosted copy available (PDF) in case the House moves the copy that is hosted there.

The markup session produced 495 pages of text, including the following gems:

Mr. Watt.  I thank the gentleman for yielding, and I just want to make a couple of points.  First of all, I want to go back to what my friend, Ms. Lofgren's comments she made and discourage any of us from talking about who has been bought off or even experts.  There has been a lot of money floating around in a lot of different places on this issue, and I just don't think it is worthy of us to be talking about who got bought off and who got hired by whom, especially when we start identifying the people.

Mr. Chaffetz.  Thank you, Mr. Chairman.  I have the greatest respect for you and for Ranking Member Conyers.  I do appreciate the manager's amendment.  I do think it is certainly better.   There is clearly a problem.  I understand that there is a problem, but I worry that this is the wrong remedy.  I was trying to think of a way to try to describe my concerns with this bill, but basically we are going to do surgery on the Internet, and we haven't had a doctor in the room tell us how we going to change these organs.  We are basically going to reconfigure the Internet and how it is going to work without bringing in the nerds, without bringing in the doctors.

Ms. Jackson Lee. ... And then, Mr. Chairman, if I might have a moment of personal privilege and just cite for my colleagues, because I do think that we should be respectful of each other, I am reading a tweet that has gone out from "GOP Rep King, Bored by the dialogue of Representative Jackson Lee."  I have no reason to think that anybody cares about my words, but I would offer to say that Mr. King owes the committee an apology, said that we are debating the Stop Online Piracy Act and that he is killing time by surfing the Internet.  I have never known Mr. King to have a multi-task capacity, but if that is his ability, I do think it is inappropriate while we are talking about serious issues, to have a member of the Judiciary Committee be so offensive.  So I am putting on the record, he is not here -- I -- 
Mr. Sensenbrenner.  Chairman, I demand the gentlewoman's words be taken down.  
Ms. Jackson Lee.  Well, I am not taking them down, so you can break this hearing because I am not.  I would ask Mr. --  ...

There is much more contained within the transcript. It is an almost 500 page demonstration of special interest lobbying, willful ignorance of the outside-the-beltway world and the internet.

For more on SOPA, please see the opposition letter. Please use this letter and send to your representatives to add your voice to the debate.


My SOPA Opposition Letter

I like participating and love what the Center for Democracy and Technology and others are doing at the American Censorship Project. However, this is an issue I feel very strongly about and decided to sit down and compose my own letter & e-mail to my representative. There are two versions of the letter -- one for you to read and interact with on this blog and one for you to copy and paste and send to your representative. The second version removes formatting to ensure sources (URLs) transition through the "Write your Representative" pages.

To the Honorable <<Representative>>,

I am writing to express my staunch disapproval to H.R. 3261: Stop Online Piracy Act (SOPA) and S. 968: Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011 (PROTECTIP). There is no substantial disagreement with the goal of combating the online infringement of copyrights and trademarks; that is a valid and important aim. However, these bills are incredibly dangerous to the country. Some of the specific provisions are far more controversial and would do far more damage than the authors (the MPAA and other lobbying arms of the entertainment industry) of the bill or the "expert" testimony would suggest. A Politico article by Jennifer Martinez titled "Shootout at the digital corral" published on November 16, 2011, provides excellent detail on the bills and the simple fact that the entertainment lobby has outspent the technology lobby for the past two years. The entertainment lobby has bought and paid for these bills, spending over $200M in 2010 and 2011, that will substantially harm the still growing and increasingly important digital economy: making it impossible to innovate, killing start-ups, and any jobs associated with them.

The public reaction to these bills in the United States has been visceral. Opponents of the bill include: Google, Yahoo!, Facebook, Twitter, AOL, LinkedIn, eBay, Mozilla Corporation, the Brookings Institution and human rights organizations such as Reporters Without Borders, the Electronic Frontier Foundation, the ACLU, Human Rights Watch, and the Center for Democracy and Technology.

Sandia National Laboratories, a part of the U.S. Department of Energy, concluded that the SOPA legislation would "negatively impact U.S. and global cybersecurity and Internet functionality." Sandia joins Republican Representative Dan Lungren, who also worried that SOPA would undercut efforts to secure the internet with DNSSEC.

Harvard Business Review blogger James Allworth wrote, "Is this really what we want to do to the internet? Shut it down every time it doesn't fit someone's business model?" concluding that the bill would "give America its very own version of the Great Firewall of China." I do not believe this quote is hyperbole. The bill will significantly impair the freedom of the internet that we as a country have advocated very publicly. See Hillary Clinton's speech on Internet Freedom at GW University.

There has also been international outcry to the bills. The European Parliament passed (by a large majority) a resolution criticizing SOPA. The resolution emphasizes "the need to protect the integrity of the global Internet and freedom of communication by refraining from unilateral measures to revoke IP addresses or domain names." The United States has great allies in Europe and we would not be doing ourselves any favors by passing a bill that does *nothing* to protect us and everything to antagonize Europeans.

We cannot legislate an internet that protects everyone, everywhere, at every second. But we also cannot take the interests of a few companies' antiquated business models over the interest and rights of our citizens. SOPA and PROTECTIP are bad pieces of legislation. This fact is highlighted in the poor grasp of internet technology the bills put forward; the entertainment industry spent millions of dollars to produce pieces of legislation that *break* the internet. These bills represent the last throes of an industry failing to adapt to a new marketplace. These companies would have done better to take their $200M+ of lobbying and invest it in innovation, research and development, and job creation around that R&D.

Please help stop this bill.

Thank you,
<<Name>>

Akamai and Evidon Privacy Notice delivery

Content Delivery Network (CDN) giant Akamai and advertising-industry self-regulation platform provider Evidon (nee Better Advertising) have teemed up to provide more robust privacy notices to individuals. Akamai will provide the distribution network -- most likely using Edge Side Includes (ESI) (wikipedia, Akamai) -- for "Evidon's privacy and compliance services for the management of the Industry Self-Regulatory Program in the US, the European ePrivacy Directive, and its corollary self-regulatory effort for Online Behavioral Advertising."

I can't wait to see this in action and I hope Evidon pushes out in new directions for privacy notice/choice. I'd love to see Evidon build on Aza Raskin's privacy icon project. Evidon and its partners will reach a large audience and can use their bully pulpit to advance changes in the standard idea of notice and consent (choice). More granular control over opting-in/opting-out or programs? Something even more radical? This is a big technological step forward for providing smart notice/choice, why not try out more new ideas?

I would also like to see Evidon and its partners use this platform for testing new approaches to advertising, information collection, notice, and choice. For example:

Testing the impact of a truly opt-in model on ad impressions: "Would you like to see ads on this site?"
Testing the impact of opt-in information collection: "Advertising network XYZ would like to collect browsing habits: Yes/No."

We've only been able to speculate on the outcome of this type of granular control, perhaps Evidon could give us some proof.

Time-zone database

Stephen Colebourne has a great write-up about the closure of the time-zone database.On October 6th, a lawsuit filed against the time-zone database by Astrolabe, Inc forced the closure of the FTP server and mailing list supporting the time-zone database. For those unaware of what the time-zone database is, Stephen provides a great summary: "The time-zone database (sometimes referred to as the Olson database) is the computing world's principle source of time-zone data. It is embedded in every Unix and Java for starters, and will be used by many websites and probably by your iPhone. You may know it via the IDs, such as "Europe/London" or "America/New_York"."

The particulars of the case deal with copyright infringement and all the drama that goes along with that claim. However, the real impact of the lawsuit is the closure of the one (1) global source of time-zone data.

Scary to think the one source of time-zone data can be shuttered by a copyright lawsuit, perhaps it's time for the data to be taken up by a standards body (ISO, perhaps) and protected. No real privacy issues here but there is a potential impact to anyone who processes time-zone sensitive data.

Further reading:
http://www.thedailyparker.com/PermaLink,guid,c5f28bae-4b9c-41ea-b7b7-8891ad63c938.aspx

Google+ Social Identity?

| 2 Comments
Business Insider has an article highlighting recent comments made by Eric Schmidt regarding Google+'s real name policy. Andy Carvin of NPR had a chance to ask Eric Schdmidt how Google justifies the policy given that real identities could put people at risk. Eric's response was a rather frank admission that Google sees G+ not as a social service but as an identity service.

I can't help but wonder if this was the original intention of G+ or a strategic shift that happened after the announcement of the National Strategy for Trusted Identities in Cyberspace (NSTIC) in April, 2011.

Eric also said that G+ use is completely optional. Users are not required to join the service and users who dislike the policy can easily walk away**.

Will Eric Schmidt's comments impact your use of G+? Do you believe anonymous/pseudonymous access should be allowed?



**Google has made it very easy to close out your Plus account. Access https://plus.google.com/u/0/settings/general and look under the "Services" section. Follow the "Delete profile and remove associated social features."

112th Privacy Legislation

| 1 Comment
Updated September 27, 2011.
Updated November 8, 2011.
Updated January 31, 2012.
Updated February 7, 2012. Please see changes below.


The post below details the current pieces of draft/for discussion bills proposed by Representatives and Senators of the 112th Congressional Session. This will be a living post as it is expected there will be hearings happening before the July 4th recess.  For your reading pleasure and enjoyment (because what privacy-focused person doesn't love reading policy?) the items detail the sponsors, bill name and number, and provide links to PDF copies of the bill and to Thomas for official bill statuses.  Enjoy.  Sometime soon, expect a post from PrivacyWonk comparing all of these bills (where applicable/appropriate).

9/27/2011: Three Senate bills have moved far ahead of the pack being passed out of the Senate Judiciary Committe. Senators Blumenthal, Leahy, and Feinstein all have bills (see below) that will now appear on the legislative calendar. CDT's Harley Geiger has great write up on them here.

1/31/2012: While SOPA/PIPA dominated much of December 2011 and January 2012, a privacy issue arose around CarrierIQ -- tracking software installed in millions of smart phones on multiple carriers -- in early December. Senator Al Franken demanded answers to questions, CarrierIQ put out a press release, and other Congress members have asked for a formal investigation. Coming out of all this, Representative Edward Markey (D-MA) published a draft cellphone privacy bill. Lastly, two bills have seen an increase in support. H.R. 1895, Do Not Track Kids Online and H.R. 1981, Protecting Children From Internet Pornographers Act of 2011. Details below.

Quick Stats
Pieces of Legislation: 19 introduced, 1 discussion draft
Representatives: 9
Senators: 9

Representative Bobby L. Rush (D-IL) reintroduced his privacy focused legislation from last year on Thursday, February 10th, 2011.  Building Effective Strategies To Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act (PDF). (H.R. 611).
Status: Referred to the House Subcommittee on Commerce, Manufacturing, and Trade, no cosponsors have signed on.

Representative Jackie Speier (D-CA) introduced two pieces of legislation on Friday, February 11th, 2011, aimed at protecting personal information.  The Do Not Track Me Online Act of 2011 (H.R. 654) would give consumers the ability to prevent the collection and use of data on their online activities.  The Financial Information Privacy Act of 2011 (H.R. 653) would give consumers control of their own financial information.
H.R. 654 Status: Referred to the House Subcommittee on Commerce, Manufacturing, and Trade. 22 cosponsors have signed on.
H.R. 653 Status: Referred to the House Subcommittee on Financial Institutions and Consumer Credit. Seven cosponsors have signed on.

Senators John Kerry (D-MA) and John McCain (R-AZ) introduced the Commercial Privacy Bill of Rights Act of 2011 (PDF) (S. 799) on April 12, 2011. This bill aims to establish a baseline code of conduct for how personally identifiable information and information that can uniquely identify an individual or networked device are used, stored, and distributed.
Status: Referred to Committee on Commerce, Science, and Transportation. Two cosponsors have signed on.

Representative Cliff Stearns (R-FL) introduced the Consumer Privacy Protection Act of 2011 (H.R. 1528) on April 13, 2011, which seeks to "protect and enhance consumer privacy" both online and offline by imposing certain notice and choice requirements with respect to the collection and use of personal information. 
Status
: Referred to the Committee on Commerce, Science, and Transportation. Five cosponsors have signed on.

Representative Bobby L. Rush (D-IL) reintroduced the Data Accountability and Trust Act (PDF) (H.R. 1701) (formerly H.R. 2221 from the 111th) on May 4, 2011, which directs companies to establish policies on the use (collection, storage, sale, disposition, etc) of consumer personal information.  It also has a 60-day breach notification requirement.  Minimal changes to the original, the only substantial update was the definition of service provider.
Status: Referred to the House Committee on Energy and Commerce. Four cosponsors have signed on.

Senator Jay Rockefeller (D-WV), the Chairman of the Senate Committee on Commerce, Science and Transportation, introduced the "Do-Not-Track Online Act of 2011" (S. 913) on May 9, 2011. The bill requires the Federal Trade Commission to prescribe regulations regarding the collection and use of personal information obtained by tracking the online activity of an individual, and for other purposes (Do Not Track).
Status: Referred to the Committee on Commerce, Science, and Transportation. Two cosponsors have signed on.

Representative Cliff Stearns (R-FL) and Representative Jim Matheson (D-UT) introduced the Data Accountability and Trust Act of 2011 (H.R. 1841) on May 11, 2011, which seeks to protect consumers by requiring reasonable security policies and procedures to protect computerized data containing personal information, and to provide for nationwide notice in the event of a security breach. This bill is built on Representative Bobby Rush's original DATAct from the 111th.
Status: Referred to the House Subcommittee on Commerce, Manufacturing, and Trade. One cosponsor has signed on.

Representatives Ed Markey (D-MA) and Joe Barton (R-TX) introduced the Do Not Track Kids Act of 2011 (PDF) (H.R. 1895) on May 13, 2011. The bill amends the historic Children's Online Privacy Protection Act of 1998 (COPPA), will extend, enhance and update the provisions relating to the collection, use and disclosure of children's personal information and establishes new protections for personal information of children and teens.
Status: Referred to the House Subcommittee on Commerce, Manufacturing, and Trade. 18 cosponsors have signed on.

Senator Patrick Leahy (D-VT) introduced two Senate Bills to address both consumer privacy and citizen privacy. The first, introduced on May 17, 2011 to modernize and update the Electronic Communications Privacy Act titled Electronic Communications Privacy Act Amendments Act of 2011 (PDF) (S. 1011).  The second bill, introduced on June 6, 2011, titled Personal Data Privacy and Security Act of 2011 (PDF) (S.1151). This is an update and reintroduction of Leahy's 2009 bill of the same title.
S. 1011 Status: Read twice and referred to Committee on the Judiciary, no cosponsors have signed on.
S. 1151 Status: Placed on Senate Legislative Calendar under General Orders. Calendar No. 181. Four cosponsors have signed on. On 11/7/2011, Senator Leahy filed Additional/Minority views in Senate Report 112-091, the DHS Appropriations Bill of 2012.

Sen. Ron Wyden (D-OR) and Rep. Jason Chaffetz (R-Utah) introduced Geolocation Privacy and Surveillance ("GPS") Act (PDF). (S. 1212) and (H.R.2168) on June 15, 2011 that creates a legal framework designed to give government agencies, commercial entities and private citizens clear guidelines for when and how geolocation information can be accessed and used.
S.1212 Status: Referred to the Senate Committee on the Judiciary, one cosponsor has signed onto the bill.
H.R. 2168 Status: Referred to the Subcommittee on Crime, Terrorism, and Homeland Security. 10 cosponsors have signed on.

Senators Mark Pyyor (D-AR) and Senator Jay Rockefeller (D-WV) introduced the Data Security and Breach Notification Act (PDF) (S. 1207) on June 15, 2011.  This is a reintroduction of a bill originally proposed by Senator Pryor in 2010.  The bill aims to require businesses and nonprofit organizations that store consumers' personal information to put in place strong security features to safeguard sensitive data, alert consumers when this data has been breached, and provide affected individuals with the tools they need to protect their credit and finances. 
Status: Referred to the Committee on Commerce, Science, and Transportation. One cosponsor has signed on.
NB: Politico featured a story with S. 1207 as the center piece, describing the Senator's efforts to arrive a consensus and expressing their hopes to hit the December markup.

Senators Al Franken (D-MN) and Richard Blumenthal (D-CT) introduced the Location Privacy Protection Act of 2011 (PDF),  one-page overview (PDF) (S. 1223) on June 16, 2011 that would require companies/app developers to receive express consent from users of mobile devices like smartphones and tablets before sharing information about those users' location with third parties. Will update this post as more information becomes available. Franken gets the best headline out of this: Congress to Device Makers: Don't Track Me, Bro
Status: Read twice and referred to the House Committee on the Judiciary. Six cosponsors has signed on.

Representative Mary Bono Mack (R-CA) introduced the Secure and Fortify (SAFE) Data Act  (PDF) (H.R. 2577) on July 18, 2011.  The bill aims to establish standards of breach notification and would require organizations to notify people affected by a data breach and the Federal Trade Commission (FTC) within 48 hours. This bill was previously discussed during a House Energy and Commerce Committee panel/mark-up session held on June 15, 2011.
Status: Referred to House Commerce Subcommittee on Commerce, Manufacturing and Trade. No cosponsors have signed on.

Senator Dianne Feinstein (D-CA) introduced the Data Breach Notification Act of 2011 (PDF) (S. 1408) on July 22, 2011.  This is the same legislation Senator Feinstein has introduced in the 111th session (see: S. 139). The legislation is focused only on breach notification and does not introduce security requirements. It mandates multiple notifications depending on the severity of the breach (i.e., individual, secret service, FTC, etc) and gives States AGs power to bring civil suits and does not offer any private right of action.
Status: Committee on the Judiciary. Ordered to be reported with an amendment in the nature of a substitute favorably. No cosponsors have signed on. 2/6/2012: Placed on Senate Legislative Calendar under General Orders. Calendar No. 310.

The Congressional Budget Office (CBO) has scored S. 1408. The report, released October 31, 2011, "estimates that implementing S. 1408 would cost about $3 million annually for the FTC and federal law enforcement agencies to specify how the required notification procedures would work. CBO expects that most government agencies would incur negligible costs to implement the legislation."

Representative Lamar Smith (R-TX) introduced the Protecting Children From Internet Pornographers Act of 2011 (PDF) (H.R. 1981) on May 25, 2011. This bill mandates that Internet Service Providers keep incredibly detailed logs, for up to 18 months, on all customers to facilitate the prosecution of child pornography, including internet protocol addresses (i.e. all IP addresses assigned), customer names, addresses, phone records, type and length of service, and credit card numbers, and more.  Status: On July 28, 2011 the House Judiciary Committee conducted a final roll call vote (PDF) and approved the bill, 19-10 to move before the entire House for a vote. 39 cosponsors have signed on. On November 10, 2011 house report 112-281 Part 1 discussing the bill was published. On December 16, 2011 the bill was placed on the Union Calendar, Calendar No. 224.

Senator Richard Blumenthal (D-CT) introduced the Personal Data Protection and Breach Accountability Act of 2011 (PDF) (S.1535) on September 8, 2011. The 100-page bill aims to regulate companies that store information for more than 10,000 people. The bill aims to deter preventable breaches, minimize consumer harm, promote a robust security platform, and uses a very big stick for compliance. Individuals found to consistently violating these provisions face a maximum sentence of five years in prison and/or a $1 million fine. This is one the most severe penalties put forward in a privacy focused bill. Further, the bill requests coordination between the FBI and Secret Service to produce reports on enforcement actions, breach trends, and the efficacy of post-breach notifications.
Status: Placed on Senate Legislative Calendar under General Orders. Calendar No. 182. One cosponsor has signed on.

Representative Ed Markey (D-MA) released a discussion draft of Mobile Device Privacy Act (PDF) on January 30, 2012. The bill would require companies to disclose if they are using tracking software (i.e. CarrierIQ), what information the software collects, and whom it shares the information with. Consumers would have to provide express consent to any data collection or transmission, and third parties would have to have documented policies in place to secure the data they collect. Companies that want to transfer data to third parties would have to file applications with the Federal Trade Commission (FTC) and the Federal Communications Commission (FCC). Enforcement falls under FTC Unfair and Deceptive trade practices.
Status: Discussion Draft, not officially introduced.


If you would like to voice concern or support for any of the bills, you can easily find you Representative and/or Senator through http://www.opencongress.org/people/representatives.


Special thanks to:
Hunton and Williams privacy blog for providing some quick source material -- http://www.huntonprivacyblog.com/
ThreatLevel -- http://www.wired.com/threatlevel/2011/06/gps-warrant-proposal/
Cecilia Kang -- http://www.washingtonpost.com/blogs/post-tech/post/franken-blumenthal-introduce-mobile-privacy-bill/2011/06/15/AGjZqCWH_blog.html
PrivacyLives for the draft of the Franken bill -- http://www.privacylives.com/senators-introduce-the-location-privacy-protection-act-of-2011/2011/06/15/
Privacy Insider - http://www.insideprivacy.com/united-states/feinstein-introduces-breach-notice-bill-senate-committee-may-consider-breach-notice-proposals-shortl/
CDT/ABC News Opinion: http://abcnews.go.com/Technology/tech-agenda-bills-carry-enormous-implications-technology/story?id=14522085


UPDATE 6/15/2011:
  • House hearing to discuss draft of Rep. Mary Bono Mack's data security bill starting now. Watch livestream at:http://www.ustream.tv/channel-popup/energyandcommerce2322
  • Senator Wyden and Representative Chaffetz dropped their bipartisan geolocation bill
  • Senators Franken and Blumenthal release a one-page overview of their legislation...
  • Senators Pryor and Rockefeller reintroduced data breach legislation
  • Fixed broken Thomas links above
UPDATE 6/16/2011:
  • Received final version of Al Franken's bill that was introduced on June 16, 2011.
UPDATE 6/29/2011:
  • Updated with Rep. Rush and Stearns/Matheson's versions of the Data Accountability and Trust Act of 2011
  • Updated cosponsor stats for all bills
  • Chairman of the U.S. Senate Committee on Commerce, Science, and Transportation, John D. Rockefeller, held a full committee hearing on privacy and data security. Archived webcast available: Privacy and Data Security: Protecting Consumers in the Modern World
UPDATE 8/2/2011:
  • Added H.R. 2577, S. 139, and H.R. 1981
UPDATE 9/27/2011:
  • Updated Status and cosponsors for all bills.
  • Added S.1535
UPDATE 11/7/2011:
  • Updated sponsor count on H.R. 654 (19 to 20)
  • Updated sponsor count on H.R. 1528 (4 to 5)
  • Added link to S. 1151, Senator Leahy's additional/minority views on DHS Appropriations bill
  • Updated sponsor count on S.1212 (0 to 1)
  • Updated sponsor count on H.R. 2168 (6 to 8)
  • Added Politico link on S.1207
  • Added CBO Score on S.1408
UPDATE 01/31/2012:
  • Added Rep. Markey's Discussion Draft
  • Updated sponsor count on H.R. 654 (20 to 22)
  • Updated sponsor count on H.R. 1707 (3 to 4)
  • Updated sponsor count on H.R. 1895 (6 to 18)
  • Updated sponsor count on H.R. 2168 (8 to 10)
  • Updated sponsor count on S. 1223 (5 to 6)
  • Updated sponsor count on H.R. 2168 (25 to 39)
UPDATE 02/07/2012:
  • Updated status of S. 1408, placed on Senate Legislative Calendar under General Orders. Calendar No. 310 as of 2/6/2012.

DoD to remove SSNs from ID Cards

A big win for DoD service members and families, beginning June 1, Social Security Numbers on military ID cards will start to disappear.  Currently, SSNs are printed on the back of common access cards (CAC), and on the front of cards issued to dependents and retirees.  The DoD switched from the original serial number, later called the service number, to the SSN in 1968. At the time, the SSN was not as sensitive a piece of information as it is today.  However, today, losing a DoD issued ID card could easily lead to identity theft. Most of the information needed to easily steal someones identity is printed right on the card: name, date of birth, SSN, and more.

The DoD will replace the SSN with a new unique 10-digit number for individuals with a direct association with the department, returning to the pre-1968 serial number/service number. The new number will also be the service member's Geneva Convention identification number.

The switch to the new cards will take place over four years.  Service members, dependents, and retirees will receive the new card when their current one expires.

Sources:
DoD to drop social security numbers from ID cards:
http://www.army.mil/-news/2011/04/04/54310-dod-to-drop-social-security-numbers-from-id-cards/

Department of Defense Privacy Board Advisory Opinion on Disclosure of the Original, pre-1968, Serial Number:  http://privacy.defense.gov/opinions/op0045.shtml


NetNeutrality debate back again

This post is a bit off topic from the normal discourse here on PrivacyWonk; however, given that we frequently discuss topics related directly to the internet in some way, shape, or form I believe it is not too far off topic. 

Speaker of the House John Boehner (R-OH) vowed Monday to eliminate net neutrality rules recently (PDF) enacted by the Federal Communications Commission (FCC), referring to the regulations as a "government takeover of the Internet." Rep. Boehner speech came amid a push by House Republicans to overturn the new rules. The Energy and Commerce Subcommittee on Communications and Technology announced Sunday that it would hold a vote on Wednesday, March 2nd, 2011, on a resolution of disapproval to reverse the FCC's Internet regulations.  That vote was postponed and the new vote date will be is TBD. 

The joint resolution (H. J. RES. 37) states

"JOINT RESOLUTION
Disapproving the rule submitted by the Federal Communications Commission with respect to regulating the Internet and broadband industry practices.

Resolved by the Senate and House of Representatives of the United States of America in Congress assembled, That Congress disapproves the rule submitted by the Federal Communications Commission relating to the matter of preserving the open Internet and broadband industry practices (Report and Order FCC 10-201, adopted by the Commission on December 21, 2010), and such rule shall have no force or effect."

The rules passed by the FCC are far from perfect; however, they stopped a large lobbying push against network neutrality.  That is a good thing.  Al Franken (D-Minnesota) was recently interviewed by Ars Technica on the subject and does a great job explaining the issues.  Repealing those FCC rules would allow this debate to start all over again.  It would be a giant step backward and it could have lasting consequences.

As the vote as been delayed, there is time to contact representatives on the House Energy Committee to voice your concern over the vote.  Membership of the full committee can be found here: http://energycommerce.house.gov/about/members.shtml. Membership of the Subcommittee on Communication and Technology can be found here: http://energycommerce.house.gov/subcomms/subcommittees.shtml (scroll to bottom). If you believe this issue is important, please take the time to write a letter, send an e-mail, or make a phone call.

To explain network neutrality, I turn to a noted PrivacyWonk friend, @oogali, who offered the following succinct explanation:

"Net neutrality started as a strictly economical issue (i.e. Google who buys IP connectivity from Level3, should not have to pay AT&T extra money when Level3 and AT&T already have an existing non-discriminatory traffic exchange agreement in place).

But now the term is being applied to damn near everything, and becoming highly political.

It is strictly a carrier issue. CARRIER. The entity who owns and operates the 'tubes' your IP packets move through.

If the carrier does anything to or based on those packets (blocking, rate limiting, charging extra), then it is an issue as their network is no longer neutral -- the "net" in "net neutrality" stands for network, not Internet." (Source: http://pseudonym.tumblr.com/post/1406407050/net-neutrality).

Congresswoman Jackie Speier (D-CA) introduced two pieces of legislation on Friday, February 11th, 2011, aimed at protecting personal information.  The Do Not Track Me Online Act of 2011 (H.R. 654) would give consumers the ability to prevent the collection and use of data on their online activities. The Financial Information Privacy Act of 2011 (H.R. 653) would give consumers control of their own financial information.

Congressman Bobby L. Rush (D-IL) reintroduced his privacy focused legislation from last year on Thursday, February 10th, 2011.  Building Effective Strategies To Promote Responsibility Accountability Choice Transparency Innovation Consumer Expectations and Safeguards Act. (H.R. 611).

On Monday, February 14th, Senator Al Franken (D-MN) was named chairman of a new Judiciary subcommittee for Privacy, Technology and the Law.  The Committee's jurisdiction and membership goes to a vote on February 17th, 2011.  Until then all details below should be considered pending.

The Committee's jurisdiction will include: (1) Oversight of laws and policies governing the collection, protection, use and dissemination of commercial information by the private sector, including online behavioral advertising, privacy within social networking websites and other online privacy issues; (2) Enforcement and implementation of commercial information privacy laws and policies; (3) Use of technology by the private sector to protect privacy, enhance transparency and encourage innovation; (4) Privacy standards for the collection, retention, use and dissemination of personally identifiable commercial information; and (5) Privacy implications of new or emerging technologies.

Committee Membership includes:
Democratic Members
Al Franken, Minnesota (Chairman)
Chuck Schumer, New York
Sheldon Whitehouse, Rhode Island
Richard Blumenthal, Connecticut

Republican Members
Tom Coburn, Oklahoma (Ranking Member)
Orrin Hatch, Utah
Lindsey Graham, South Carolina