Blog, US

Online Privacy, Security Action This Week

BY CCIA Staff
April 26, 2013

For those who don’t keep as close an eye on privacy, the past week has seen a flurry of activity on a number of privacy related fronts from the US Congress. Topics have included cybersecurity, government surveillance, and the Do Not Track process. Most of these conversation are obviously still ongoing, but a summary after this intense week and a half of proceedings seemed appropriate.

The Cybersecurity Intelligence Sharing and Protection Act (CISPA) passed out of the House with a few small changes last Thursday, April 18. One of the amendments that was agreed to before it passed aimed to address some privacy questions that had been raised by giving the Department of Homeland Security a greater role in the exchange of cyber-threat indicators, and limiting that of the National Security Agency, but some groups were still not impressed. In short, the amendments did not address the questions of liability protections for companies that share data, nor the protection of that data itself once it is shared. For primarily those reasons, staffers for the pertinent Senators indicated yesterday that the Senate would not be taking up CISPA, instead writing their own legislation on cybersecurity. If the Senate is successful in that effort, some sort of deal would have to be struck on how to merge the two approaches.

Also yesterday, the Senate Judiciary Committee again passed out an update to the 26-year-old Electronic Communications Privacy Act that would require law enforcement to obtain a warrant before it could demand user’s content stored with third parties online. The current law permits access to some content with lesser process. The Judiciary Committee had passed an almost identical bill out in December of 2012, but no floor action could be taken on it before the end of the year. The conversation about government surveillance now moves to the full Senate floor, where there may be efforts to include amendments that would water down the privacy protections, and to the House Judiciary Committee, which is conducting its own investigations into these questions. In fact, while the Senate Judiciary Committee was voting on ECPA reform, the House counterpart was holding a hearing on law enforcement access to location information. These issues are intertwined, and we’re very likely to see a lot of movement on both in the weeks and months to come.

Finally, consumer privacy didn’t escape the week without any attention. A hearing in the Senate Commerce Committee on Wednesday focused on the progress being made on the Do Not Track standard and featured some high tempers from both the Senators and the panel. Most of the discussion circled around who was responsible for the delay in finishing the standard with stones cast at the advertisers, the browser makers, the W3C itself, and everyone in between. Senator Rockefeller is clearly looking for the ammunition he needs to move his own Do Not Track bill but its not obvious that the self-regulatory approach has completely failed.

CCIA continues to monitor and engage on all of these topics. Anyone with questions or looking for more details should contact Ross Schulman at [email protected] or 202-783-0070.

Related Articles

CCIA Whitepaper Identifies National Security Risks Posed By House Bills Targeting U.S. Tech Companies

Sep 13, 2021

Washington — The Computer & Communications Industry Association has released a white paper on the national security implications of several House-passed bills aimed at a handful of U.S. tech companies as they compete with foreign companies. These bills were introduced in June 2021 and were marked up without legislative hearings or input from stakeholders, particularly…

House Judiciary To Markup Bills Directing Regulators To Alter Business Models Of Some Tech Companies

Jun 22, 2021

Washington – The House Judiciary Committee is scheduled to markup several bills that would be a radical departure from the way the U.S. has regulated businesses. The so-called antitrust bills cover a broad range of issues and new rules that would apply to only a few tech companies but not other competitors, including some Chinese…

New EU Cybersecurity Rules Should Promote Security Mitigation, Avoid Compliance Red Tape

Dec 16, 2020

Brussels, BELGIUM — The European Commission published today a legislative proposal to update the 2016 Network and Information Security Directive.  The proposal aims to reduce regulatory inconsistencies across the EU’s internal market and it encourages security information sharing to help companies effectively address future cybersecurity risks. But the proposal also suggests that cloud computing providers,…