Innovation Policy Post

For those who don’t keep as close an eye on privacy, the past week has seen a flurry of activity on a number of privacy related fronts from the US Congress. Topics have included cybersecurity, government surveillance, and the Do Not Track process. Most of these conversation are obviously still ongoing, but a summary after this intense week and a half of proceedings seemed appropriate.

The Cybersecurity Intelligence Sharing and Protection Act (CISPA) passed out of the House with a few small changes last Thursday, April 18. One of the amendments that was agreed to before it passed aimed to address some privacy questions that had been raised by giving the Department of Homeland Security a greater role in the exchange of cyber-threat indicators, and limiting that of the National Security Agency, but some groups were still not impressed. In short, the amendments did not address the questions of liability protections for companies that share data, nor the protection of that data itself once it is shared. For primarily those reasons, staffers for the pertinent Senators indicated yesterday that the Senate would not be taking up CISPA, instead writing their own legislation on cybersecurity. If the Senate is successful in that effort, some sort of deal would have to be struck on how to merge the two approaches.

Also yesterday, the Senate Judiciary Committee again passed out an update to the 26-year-old Electronic Communications Privacy Act that would require law enforcement to obtain a warrant before it could demand user’s content stored with third parties online. The current law permits access to some content with lesser process. The Judiciary Committee had passed an almost identical bill out in December of 2012, but no floor action could be taken on it before the end of the year. The conversation about government surveillance now moves to the full Senate floor, where there may be efforts to include amendments that would water down the privacy protections, and to the House Judiciary Committee, which is conducting its own investigations into these questions. In fact, while the Senate Judiciary Committee was voting on ECPA reform, the House counterpart was holding a hearing on law enforcement access to location information. These issues are intertwined, and we’re very likely to see a lot of movement on both in the weeks and months to come.

Finally, consumer privacy didn’t escape the week without any attention. A hearing in the Senate Commerce Committee on Wednesday focused on the progress being made on the Do Not Track standard and featured some high tempers from both the Senators and the panel. Most of the discussion circled around who was responsible for the delay in finishing the standard with stones cast at the advertisers, the browser makers, the W3C itself, and everyone in between. Senator Rockefeller is clearly looking for the ammunition he needs to move his own Do Not Track bill but its not obvious that the self-regulatory approach has completely failed.