Tag Archives: privacy

Al Gore, Vint Cerf and Tim Berners-Lee on Internet freedom and democracy [VIDEO]

Posted on by

1

Last month, Cory Doctorow talked with Al Gore, Vint Cerf and Tim Berners-Lee in Mexico City about privacy, freedom, neutrality and democracy in the context of the Internet and the Web. Shaky handheld video is embedded below — the audio is worth tuning in, however, even if the video is a bit jumpy.

Hat tip to Cory Doctorow at BoingBoing, who writes:

We had a wide-ranging discussion, but kept circling back to the threats and promises for the net — copyright wars, privacy wars, government and grassroots. It was a lot of fun, and quite an honor, and I’m happy to see they’ve got the video online.

G8: the Internet has become the public arena for our time

Posted on by

2

President Barack Obama and other world leaders walk to the first working session at the G8 summit in Deauville, France, May 26, 2011. Pictured, from left are: European Commission President Jose Manuel Barroso; President Obama; French President Nicolas Sarkozy; Canadian Prime Minister Stephen Harper; Japanese Prime Minister Naoto Kan; German Chancellor Angela Merkel; and British Prime Minister David Cameron. May 26, 2011. (Official White House Photo by Official White House Photo by Lawrence Jackson)

President Barack Obama and other world leaders walk to the first working session at the G8 summit in Deauville, France, May 26, 2011. Pictured, from left are: European Commission President Jose Manuel Barroso; President Obama; French President Nicolas Sarkozy; Canadian Prime Minister Stephen Harper; Japanese Prime Minister Naoto Kan; German Chancellor Angela Merkel; and British Prime Minister David Cameron. May 26, 2011. (Official White House Photo by Official White House Photo by Lawrence Jackson)

At this year’s meeting of the “Group of 8” (G8) nations in France, a declaration about the Arab Spring included a “Deauville Partnership” with the people of the Middle East to support the growth of “democratic, open societies and inclusive economic modernisation.”

For the first time, the 2011 G-8 Summit included discussion of the Internet as a top-level issue, alongside the ongoing conflict in Libya, economic growth, nuclear safety, climate change, foreign aid and national security.

The G8 released an official communique that pledging renewed commitment for freedom and democracy that included a substantial section on the Internet. The communique included this summary of the principles discussed:

We discussed new issues such as the Internet which are essential to our societies, economies and growth. For citizens, the Internet is a unique information and education tool, and thus helps to promote freedom, democracy and human rights. The Internet facilitates new forms of business and promotes efficiency, competitiveness, and economic growth. Governments, the private sector, users, and other stakeholders all have a role to play in creating an environment in which the Internet can flourish in a balanced manner. In Deauville in 2011, for the first time at Leaders’ level, we agreed, in the presence of some leaders of the Internet economy, on a number of key principles, including freedom, respect for privacy and intellectual property, multi-stakeholder governance, cyber-security, and protection from crime, that underpin a strong and flourishing Internet. The “e-G8” event held in Paris on 24 and 25 May was a useful contribution to these debates.

That eG8 showed that online innovation and freedom of expression still need strong defenders. Some of the concerns will be assuaged in this communique.

While the body of the communique is comprised of high level principles and does not contain specific prescriptions, it does not specifically reference to international human rights laws or a “freedom to connect,” an exception that supporters of free expression like Article 19 have criticized as unsufficient. In addition, paragraph 15, below, renews a “commitment to ensuring effective action against violations of intellectual property rights in the digital arena, including action that addresses present and future infringements” that may obliquely refer to the Anti-Counterfeiting Trade Agreement, or “ACTA,” that the Electronic Frontier Foundation and others have expressed concerns about as it has moved through drafting stages.

That said, there is much in the official communique about the Internet that celebrates its power and choices that have driven its growth, including:

  • “The openness, transparency and freedom of the Internet have been key to its development and success. These principles, together with those of non-discrimination and fair competition, must continue to be an essential force behind its development.”
  • “The Internet has become the public arena for our time, a lever of economic development and an instrument for political liberty and emancipation. Freedom of opinion, expression, information, assembly and association must be safeguarded on the Internet as elsewhere. Arbitrary or indiscriminate censorship or restrictions on access to the Internet are inconsistent with States’ international obligations and are clearly unacceptable. Furthermore, they impede economic and social growth.

Coming on a week when Iran vowed to unplug the Internet, disconnecting Iranian citizens from the rest of the world, holding up those principles is both timely and notable. The full section of the communique regarding the Internet follows.

II. INTERNET

4. All over the world, the Internet has become essential to our societies, economies and their growth.

5. For citizens, the Internet is a unique information and education resource and thus can be a helpful tool to promote freedom, democracy and human rights.

6. For business, the Internet has become an essential and irreplaceable tool for the conduct of commerce and development of relations with consumers. The Internet is a driver of innovation, improves efficiency, and thus contributes to growth and employment.

7. For governments, the Internet is a tool for a more efficient administration, for the provision of services to the public and businesses, and for enhancing their relations with citizens and ensuring respect for and promotion of human rights.

8. The Internet has become a major driver for the global economy, its growth and innovation.

9. The openness, transparency and freedom of the Internet have been key to its development and success. These principles, together with those of non-discrimination and fair competition, must continue to be an essential force behind its development.

10. Their implementation must be included in a broader framework: that of respect for the rule of law, human rights and fundamental freedoms, the protection of intellectual property rights, which inspire life in every democratic society for the benefit of all citizens. We strongly believe that freedom and security, transparency and respect for confidentiality, as well as the exercise of individual rights and responsibility have to be achieved simultaneously. Both the framework and principles must receive the same protection, with the same guarantees, on the Internet as everywhere else.

11. The Internet has become the public arena for our time, a lever of economic development and an instrument for political liberty and emancipation. Freedom of opinion, expression, information, assembly and association must be safeguarded on the Internet as elsewhere. Arbitrary or indiscriminate censorship or restrictions on access to the Internet are inconsistent with States’ international obligations and are clearly unacceptable. Furthermore, they impede economic and social growth.

12. The Internet and its future development, fostered by private sector initiatives and investments, require a favourable, transparent, stable and predictable environment, based on the framework and principles referred to above. In this respect, action from all governments is needed through national policies, but also through the promotion of international cooperation.

13. We commit to encourage the use of the Internet as a tool to advance human rights and democratic participation throughout the world.

14. The global digital economy has served as a powerful economic driver and engine of growth and innovation. Broadband Internet access is an essential infrastructure for participation in today’s economy. In order for our countries to benefit fully from the digital economy, we need to seize emerging opportunities, such as cloud computing, social networking and citizen publications, which are driving innovation and enabling growth in our societies. As we adopt more innovative Internet-based services, we face challenges in promoting interoperability and convergence among our public policies on issues such as the protection of personal data, net neutrality, transborder data flow, ICT security, and intellectual property.

15. With regard to the protection of intellectual property, in particular copyright, trademarks, trade secrets and patents, we recognize the need to have national laws and frameworks for improved enforcement. We are thus renewing our commitment to ensuring effective action against violations of intellectual property rights in the digital arena, including action that addresses present and future infringements. We recognize that the effective implementation of intellectual property rules requires suitable international cooperation of relevant stakeholders, including with the private sector. We are committed to identifying ways of facilitating greater access and openness to knowledge, education and culture, including by encouraging continued innovation in legal on line trade in goods and content, that are respectful of intellectual property rights.

16. The effective protection of personal data and individual privacy on the Internet is essential to earn users’ trust. It is a matter for all stakeholders: the users who need to be better aware of their responsibility when placing personal data on the Internet, the service providers who store and process this data, and governments and regulators who must ensure the effectiveness of this protection. We encourage the development of common approaches taking into account national legal frameworks, based on fundamental rights and that protect personal data, whilst allowing the legal transfer of data.

17. The security of networks and services on the Internet is a multi-stakeholder issue. It requires coordination between governments, regional and international organizations, the private sector, civil society and the G8’s own work in the Roma-Lyon group, to prevent, deter and punish the use of ICTs for terrorist and criminal purposes. Special attention must be paid to all forms of attacks against the integrity of infrastructure, networks and services, including attacks caused by the proliferation of malware and the activities of botnets through the Internet. In this regard, we recognize that promoting users’ awareness is of crucial importance and that enhanced international cooperation is needed in order to protect critical resources, ICTs and other related infrastructure. The fact that the Internet can potentially be used for purposes that are inconsistent with the objectives of peace and security, and may adversely affect the integrity of critical systems, remains a matter of concern. Governments have a role to play, informed by a full range of stakeholders, in helping to develop norms of behaviour and common approaches in the use of cyberspace. On all these issues, we are determined to provide the appropriate follow-up in all relevant fora.

18. We call upon all stakeholders to combat the use of Internet for trafficking in children and for their sexual exploitation. We will also work towards developing an environment in which children can safely use the Internet by improving children’s Internet literacy including risk awareness, and encouraging adequate parental controls consistent with the freedom of expression.

19. We recognize the importance of enhanced access to the Internet for developing countries. Important progress has been achieved since the Okinawa Summit and we pay tribute to the efforts made by developing countries in this regard as well as the various stakeholders, governments, the private sector and NGOs, which provide resources, expertise and innovation. We encourage initiatives, in partnership with the private sector, on the use of the Internet with a development purpose, particularly for education and healthcare.

20. As we support the multi-stakeholder model of Internet governance, we call upon all stakeholders to contribute to enhanced cooperation within and between all international fora dealing with the governance of the Internet. In this regard, flexibility and transparency have to be maintained in order to adapt to the fast pace of technological and business developments and uses. Governments have a key role to play in this model.

21. We welcome the meeting of the e-G8 Forum which took place in Paris on 24 and 25 May, on the eve of our Summit and reaffirm our commitment to the kinds of multi-stakeholder efforts that have been essential to the evolution of the Internet economy to date. The innovative format of the e-G8 Forum allowed participation of a number of stakeholders of the Internet in a discussion on fundamental goals and issues for citizens, business, and governments. Its free and fruitful debate is a contribution for all relevant fora on current and future challenges.

22. We look forward to the forthcoming opportunities to strengthen international cooperation in all these areas, including the Internet Governance Forum scheduled next September in Nairobi and other relevant UN events, the OECD High Level Meeting on “The Internet Economy: Generating Innovation and Growth” scheduled next June in Paris, the London International Cyber Conference scheduled next November, and the Avignon Conference on Copyright scheduled next November, as positive steps in taking this important issue forward.

The consequences of connectivity in an information age

Posted on by

1

win 7 devicesLast night, author Sean Power (@seanpower) was able to recover his lost laptop and belongings using the tracking software (@preyproject), Twitter and some brave, helpful human beings. It’s a fascinating outcome. As Power tweeted afterwards, this is “a great story, and brings up many implications re: vigilantism, crime in the era of realtime, and findability.”

In many ways, this story of loss and recovery serves as a fascinating insight into the century ahead in an increasingly networked society. There’s Orwell’s Big Brother, created by a growing number of cameras, satellite photos, wiretaps and intercepts, and there’s Little Brother, made up of citizens toting mobile phones. When the TSA patted down a baby this week at an airport, a pastor (@JacobJester) in line saw it, snapped a picture and tweeted it.

This is, to be fair, a leading edge case. Power is more connected online than many of his fellow citizens, technically proficient enough to install open source tracking software and sufficiently deft to leverage his distributed network of friends in real-time.

That said, it’s a reasonable expectation that we’ll be seeing variants of these kinds of stories in the years ahead. They’ll often end with the same moral: <a href="don’t steal computers from people who know how to use computers. Freelance journalist Branden Ballenger (@btballenger) used Storify to document Power’s story, which I’ve embedded below.

http://storify.com/btballenger/man-tracks-stolen-laptop-thousands-of-miles-away.js[View the story “Man tracks stolen laptop hundreds of miles away, calls thief” on Storify]

Google reaches agreement with FTC on Buzz privacy concerns

Posted on by

1

Google has agreed to an independent review of its privacy procedures once every two years and to ask it users to give “affirmative consent” before it changes how it shares their personal information. The agreement raises the bar for the way that companies handle user privacy in the digital age.

Alma Whitten, director of privacy, product and engineering, announced that that Google had reached the agreement with the United States Federal Commission in an update in Buzz posted to Google’s official blog this morning.

“The terms of this agreement are strong medicine for Google and will have a far-reaching effect on how industry develops and implements new technologies and services that make personal information public,” said Leslie Harris, president of the Center for Democracy and Technology.  “We expect industry to quickly adopt the new requirement for opt-in consent before launching any new service that will publicly disclose personal information,” Harris said.

In a statement posted to FTC.gov, the FTC charged deceptive privacy practices in Google’s rollout of its buzz social network. (Emphasis is mine):

The agency alleges the practices violate the FTC Act. The proposed settlement bars the company from future privacy misrepresentations, requires it to implement a comprehensive privacy program, and calls for regular, independent privacy audits for the next 20 years. This is the first time an FTC settlement order has required a company to implement a comprehensive privacy program to protect the privacy of consumers’ information. In addition, this is the first time the FTC has alleged violations of the substantive privacy requirements of the U.S.-EU Safe Harbor Framework, which provides a method for U.S. companies to transfer personal data lawfully from the European Union to the United States.

“When companies make privacy pledges, they need to honor them,” said Jon Leibowitz, Chairman of the FTC. “This is a tough settlement that ensures that Google will honor its commitments to consumers and build strong privacy protections into all of its operations.”

The FTC turned to Twitter for a live Q&A with the Web. Here’s a recap of the conversation:

http://storify.com/digiphile/ftc-hosted-privacy-chat-around-google-buzz-settlem.js

In her post, Whitten highlighted the efforts that the search engine has made in this intersection of Google, government and privacy:

For example, Google Dashboard lets you view the data that’s stored in your Google Account and manage your privacy settings for different services. With our Ads Preferences Manager, you can see and edit the data Google uses to tailor ads on our partner websites—or opt out of them entirely. And the Data Liberation Front makes it easy to move your data in and out of Google products. We also recently improved our internal privacy and security procedures.

Looking back at SXSWi and a “Social Networking Bills of Rights”

Posted on by

0

Posts and thoughts on the 2011 South by Southwest Interactive Festival are still making their way out of my hard drive. On the first day of the conference, I moderated a panel on “Social Network Users’ Bill of Rights” that has received continued interest in the press.This correspondent moderated a panel on a “social networking bill of rights” which has continued to receive attention in the days since the festival, including at MSNBC, Mainstreet.com, and PC World, focusing on the responsibility data stewardship. At MemeBurn.com, Alistair Fairweather highlighted a key question to consider for the technology industry to consider in the months ahead: “Why is user data always vested within the networks themselves? Why don’t we host our own data as independent “nodes”, and then allow networks access to it?”

Good questions, and ones that a few startups I talked to at the festival are working hard to answer. Stay tuned. For now, Jon Pincus captured the online conversation about the panel using Storify, below.

http://storify.com/jdp23/snubor-at-sxswi.js[View the story “#snubor at #sxswi” on Storify]

Daniel Weitzner is the new White House deputy CTO for Internet policy

Posted on by

1

DSC_5476

Image by Elon University via Flickr

There’s a new deputy chief technology officer in the White House Office of Science and Technology Policy: Danny Weitzner. He’ll be taking over the policy portfolio that Andrew McLaughlin held. The appointment appears to have been reported first by Julia Angwin in her story on a proposed bill for an online privacy bill of rights drafted by Senator John McCain (R-AZ) and Senator John Kerry (D-MA). Rick Weiss, director of communications at OSTP confirmed the appointment and said that they anticipate that Weitzner will start work “very soon.”

With the appointment, the OSTP staff has three deputy CTOs again working under federal CTO Aneesh Chopra: Chris Vein for innovation, Weitzner for Internet policy and Scott Deutchman for telecommunications policy.

Weitzner has a deep and interesting background when it comes to Internet policy. He was serving as associate administrator for policy at the United States Commerce Department’s National Telecommunications and Information Administration (NTIA), the principal adviser to the President on telecommunications and information policy. Prior to joining the Obama administration, Weitzner created the MIT CSAIL Decentralized Information Group and was used to be the policy director for the World Wide Web Consortium (W3C) before he joined . Here’s his bio from his time there:

Daniel Weitzner is Policy Director of the World Wide Web Consortium’s Technology and Society activities. As such, he is responsible for development of technology standards that enable the web to address social, legal, and public policy concerns such as privacy, free speech, security, protection of minors, authentication, intellectual property and identification. Weitzner holds an appointment as Principal Research Scientist at MIT’s Computer Science and Artificial Intelligence Laboratory, co-directs MIT’s Decentralized Information Group with Tim Berners-Lee, and teaches Internet public policy at MIT.

As one of the leading figures in the Internet public policy community, he was the first to advocate user control technologies such as content filtering and rating to protect children and avoid government censorship of the Intenet. These arguments played a critical role in the 1997 US Supreme Court case, Reno v. ACLU, awarding the highest free speech protections to the Internet. He successfully advocated for adoption of amendments to the Electronic Communications Privacy Act creating new privacy protections for online transactional information such as Web site access logs.

Before joining the W3C, Mr. Weitzner was co-founder and Deputy Director of the Center for Democracy and Technology, a leading Internet civil liberties organization in Washington, DC. He was also Deputy Policy Director of the Electronic Frontier Foundation. He serves on the Boards of Directors of the Center for Democracy and Technology, the Software Freedom Law Center, the Web Science Research Initiative. and the Internet Education Foundation.

His publications on technical and public policy aspects of the Internet have appeared in the Yale Law Review, Science magazine, Communications of the ACM, Computerworld, Wired Magazine, and The Whole Earth Review. He is also a commentator for NPR’s Marketplace Radio.

Mr. Weitzner has a degree in law from Buffalo Law School, and a B.A. in Philosophy from Swarthmore College.

As Angwin reported, Weitzner pushed for creation of the Commerce Department new privacy office while he was at NTIA. In his new role, he’s likely to be working closely with the FTC, Congress and a new privacy office at the Commerce that, according to Angwin, is likely to be run by Jules Polonetsky, currently head of the Future of Privacy Forum.

Weitzner’s appointment is good news for those who believe that ECPA reform matters and for advocates of free speech online. Given the recent role of the Internet as a platform for collective action, that support is worth acknowledging.

For those interested, Weitzner can be found on Twitter at @djweitzner. While he has not sent out a tweet since last November, his link to open government in the United Kingdom last July bodes well for his support for open data and Gov 2.0: “Proposed Government Data Transparency principles from UK gov’t via Shadbolt & Berners-Lee http://bit.ly/b1WyYs #opendata #gov20.”

 

Related articles
Enhanced by Zemanta

San Francisco integrates city services, 311 and Facebook

Posted on by

0

The city of San Francisco now has a Facebook application that integrates with SF 311 service requests. The Facebook application appears to work in a similar fashion as the “Tweet my 311” service that integrates 311 with Twitter, albeit with additional privacy concerns because of the data that Facebook profiles contain.

The page links to help page on Facebook and SF311 that provides more details about San Francisco’s policies. The city appears to have though through some of the privacy issues that the integration with Facebook could create.

Specifically, a citizen does not have to share her information with the city to submit a 311 request. A citizen may remain anonymous while using the application and still submit a service request to SF311.

Here’s the rundown:

  • You can disable sharing in your profile’s privacy settings.
  • You can be anonymous by logging out of your Facebook account (or not logging in).
  • On the Facebook Login page click the “Cancel” button to go directly to the application (app). You will then have the option of manually adding your contact information to the Eform prior to submitting it, if desired.
  • You can be anonymous by allowing access, then removing your contact information populated by the application.
    If you don’t have a Facebook account.

    • That said, the city also states that “in some cases, contact information is mandatory based on the nature of the request or report,” so anonymity isn’t going to be possible in all situations. Additionally, “in other cases, it is essential to assist agencies in obtaining any follow up information required in order to service or address the problem.”

    Depending upon how implementation and adoption moves forward, this integration of Facebook and San Francisco’s 311 system may provide a template for other cities to follow.

    More on the story at SFGate.com: Facebook app speeds access to city services.

    Podcast: IT Security, Internet Freedom and Open Government at Threatpost

    Posted on by

    0

    This morning, I was privileged to join Dennis Fisher on the Digital Underground podcast to talk about IT security, open government, Internet freedom and open data movements, including how they’re affecting IT security.

    ListenIT Security, Internet Freedom and Open Government [MP3]

    Fisher is a founding editor of the Threatpost blog and is one of the best information security journalists in the industry and a former colleague from TechTarget.

    Over the course of the podcast, we discussed the different ways in which Internet freedom and privacy play into the current climate online. (We also talked a bit about Twitter and journalism.) As 2011 matures, legitimate concerns about national security will continue to be balanced with the spirit of open government expressed by the Obama administration.

    The issues created between Wikileaks and open government policies are substantial. Open data may be used for accountability, citizen utility and economic opportunity. But as federal CIO Vivek Kundra said to Harvard Business School students studying Data.gov last year, the transparency facet in the Obama administration’s open government initiative has multiple layers of complexity.

    Fisher and I explore these issues, along with a number of the complexities involved with improving information sharing between the public and private sector when it comes to vulnerabilities and threats. Currently, over 80% of the nation’s critical infrastructure is in the private sector.

    Related stories:

    Clinton: There is no silver bullet in the struggle against Internet repression. There’s no “app” for that

    Posted on by

    0

    Today in Washington, Secretary of State Clinton reiterated the State Department’s commitment to an Internet freedom policy in a speech at George Washington University. Rebecca MacKinnon, journalist, free speech activist, and expert on Chinese Internet censorship, provided some on the spot analysis immediately following Clinton’s words. MacKinnon made an interesting, and timely, point: there are limits to directly funding certain groups. “I think one of the reasons that the Egyptian and Tunisian revolutions were successful was that they were really home grown, grass roots. At the end of the day, the people in the countries concerned need to really want change and drive that change.”

    MacKinnon parsed the considerable complexity of advocating for Internet freedom in the context of Wikileaks and electronic surveillance in other areas of the federal government. For those interested, she elaborated on the issues inherent in this nexus of government and technology in her Senate testimony last year. At some point this winter, there will be a hearing on “CALEA 2″ in the United States Congress that’s going to be worth paying close attention to for anyone tracking Internet freedom closer to home, so to speak.

    Should the U.S. support Internet freedom through technology, whether it’s an “app” or other means? To date, so far the State Department has allocated only $20 million of the total funding it has received from Congress, according to a report on Internet censorship from the Senate Foreign Relations Committee obtained by the AFP. (Hat tip to Nick Kristof on that one).

    Clinton defended the slow rollout of funding today in her speech (emphasis is added):

    “The United States continues to help people in oppressive Internet environments get around filters, stay one step ahead of the censors, the hackers, and the thugs who beat them up or imprison them for what they say online. While the rights we seek to protect are clear, the various ways that these rights are violated are increasingly complex. Some have criticized us for not pouring funding into a single technology—but there is no silver bullet in the struggle against Internet repression. There’s no “app” for that. And accordingly, we are taking a comprehensive and innovative approach—one that matches our diplomacy with technology, secure distribution networks for tools, and direct support for those on the front lines.”

    The caution in spending may well also be driven by the issues that the State Department encountered with Haystack, a much celebrated technology for Internet freedom tool that turned out to be closer to a fraud than a phenomenon.

    There may be no silver bullet to deliver Internet freedom to the disconnected or filtered masses, per se, but there are more options beyond the Tor Project that people in repressive regimes can leverage. Today, MIT’s Technology Review reported on an app for dissidents that encrypts phone and text communications:

    Two new applications for Android devices, called RedPhone and TextSecure, were released last week by Whisper Systems, a startup created by security researchers Moxie Marlinspike and Stuart Anderson. The apps are offered free of charge to users in Egypt, where protesters opposing ex-president Hosni Mubarak have clashed with police for weeks. The apps use end-to-end encryption and a private proxy server to obfuscate who is communicating with whom, and to secure the contents of messages or phone conversations. “We literally have been working night and day for the last two weeks to get an international server infrastructure set up,” says Anderson.

    No word on whether they’ve received funding from State yet. For more on today’s speech, read the full report on the State department’s Internet freedom policy at the Huffington Post, Ethan Zuckerman or the ever sharp Nancy Scola on #NetFreedom, which does, in fact, now look like a “big deal.”

    Senate considers update to Electronic Communications Privacy Act

    Posted on by

    3

    Today in Washington, the Senate Judiciary Committee held a hearing on updating the Electronic Communications Privacy Act (ECPA), the landmark 1986 legislation that governs the protections citizens have when they communicate using the Internet or cellphones.

    The statements of the witnesses before the Senate from the Commerce Department, Justice Department and witnesses are embedded in ths post. Below, find an exclusive interview with digital privacy and security researcher Chris Soghoian, who until recently was the resident geek at the Federal Trade Commission, and some context on “Digital Due Process,” the coalition of industry and privacy advocates advocating for an ECPA update.

    “From the perspective of industry and definitely the public interest groups, people shouldn’t have to consider government access as one of the issues when they embrace cloud computing,” said Soghoian. “It should be about cost, about efficiency, about green energy, about reliability, about backups, but government access shouldn’t be an issue.”

    While the tech blogosphere may be focused on Twitter, Facebook and inside baseball among the venture capitalists of Silicon Valley’s today, the matter before Congress should be earning more attention from citizens, media and technologists alike. Over at Forbes, Kashmir Hill made the case that industry will benefit from a clearer Electronic Communications Privacy Law. Take it one step further: updates to the ECPA have the potential to improve the privacy protections for every connected citizen, cloud computing provider or government employee. As she pointed out there:

    One of the most egregious ECPA issues is how it treats the protection of email. “Why should email in someone’s inbox be treated different from something in someone’s sent folder?” asked Smith [Microsoft’s general counsel]. “Why is something unread in my junk folder subjected to greater privacy than something read in my inbox? Why does an email I sent in April have fewer privacy protections than one I sent in September?”

    Smith discussed security and privacy concerns with respect to cloud computing after the hearing: Get Microsoft Silverlight

    DCSIMG

    It’s important to be clear: Congress is unlikely to move on updating ECPA before the mid-term elections or in the lame duck session. That said, the hearing in the Senate today and the hearing on ECPA reform and the revolution in cloud computing in the House of Representatives tomorrow will inform any legislative action in the next Congress.

    Chairman Patrick Leahy was clear in his opening statement today: American innovation has outpaced digital privacy laws.

    When Congress enacted ECPA in 1986, we wanted to ensure that all Americans would enjoy the same privacy protections in their online communications as they did in the offline world, while ensuring that law enforcement had access to information needed to combat crime. The result was a careful, bipartisan law designed in part to protect electronic communications from real-time monitoring or interception by the Government, as emails were being delivered and from searches when these communications were stored electronically. At the time, ECPA was a cutting-edge piece of legislation. But, the many advances in communication technologies since have outpaced the privacy protections that Congress put in place.

    Today, ECPA is a law that is often hampered by conflicting privacy standards that create uncertainty and confusion for law enforcement, the business community and American consumers.

    For example, the content of a single e-mail could be subject to as many as four different levels of privacy protections under ECPA, depending on where it is stored, and when it is sent. There are also no clear standards under that law for how and under what circumstances the Government can access cell phone, or other mobile location information when investigating crime or national security matters. In addition, the growing popularity of social networking sites, such as Facebook and MySpace, present new privacy challenges that were not envisioned when ECPA was passed.

    Simply put, the times have changed, and so ECPA must be updated to keep up with the times. Today’s hearing is an opportunity for this Committee to begin to examine this important issue.

    “There does seem to be wide agreement that current ECPA standards are a muddled mess,” said Julian Sanchez, a research fellow at the libertarian Cato Institute, and contributing editor for Reason Magazine. “The fear about “uncertainty” expressed by Baker is ridiculous when you consider the scholarly consensus and the evident confusion in the courts trying to apply it. In reality, DOJ finds the ambiguity convenient, since they can jurisidiction-shop for magistrates whose interpretations they find congenial.”

    Jim Dempsey of the Center for Democracy and Technology made the following statement on ECPA, promoting security and protecting privacy:

    Justice Brandeis famously called privacy “the most comprehensive of rights, and the right most valued by a free people.” The Fourth Amendment embodies this right, requiring a judicial warrant for most searches or seizures, and Congress has enacted numerous laws affording privacy protections going beyond those mandated by the Constitution.

    In setting rules for electronic surveillance, the courts and Congress have sought to balance two critical interests: the individual’s right to privacy and the government’s need to obtain evidence to prevent and investigate crimes, respond to emergency circumstances and protect the public. More recently, as technological developments have opened vast new opportunities for communication and commerce, Congress has added a third goal: providing a sound trust framework for communications technology and affording companies the clarity and certainty they need to invest in the development of innovative new services.

    Today, it is clear that the balance among these three interests – the individual’s right to privacy, the government’s need for tools to conduct investigations, and the interest of service providers in clarity and customer trust – has been lost as powerful new technologies create and store more and more information about our daily lives. The protections provided by judicial precedent and statute have failed to keep pace, and important information is falling outside the traditional warrant standard.

    The personal and economic benefits of technological development should not come at the price of privacy. In the absence of judicial protections, it is time for Congress to respond, as it has in the past, to afford adequate privacy protections, while preserving law enforcement tools and providing clarity to service providers.

    Dempsey’s full testimony is embedded below:
    Jim Dempsey Testimony on ECPA Update http://d1.scribdassets.com/ScribdViewer.swf

    The American Civil Liberties Union also had specific recommendations for Congress on ECPA reform. “The Electronic Communications Privacy Act was written in 1986 before the Web was even invented and is in desperate need of an upgrade,” said Laura W. Murphy, Director of the ACLU Washington Legislative Office. “While Americans have embraced technology as an essential part of everyday life, they have not surrendered their fundamental right to privacy. Congress must ensure that our privacy laws reflect the technology Americans use every day.”

    The testimony of the ACLU on ECPA reform is embedded below:

    ACLU statement on update to ECPA http://d1.scribdassets.com/ScribdViewer.swf

    The written testimony of Microsoft general counsel Brad Smith is embedded below:

    Microsoft counsel Brad Smith’s Testimony before Senate http://d1.scribdassets.com/ScribdViewer.swf

    The written testimony of he Honorable James A. Baker, Esq., Associate Deputy Attorney General, United States Department of Justice, is embedded below:

    Baker Testimony on ECPA Updates http://d1.scribdassets.com/ScribdViewer.swf

    The written testimony of the Honorable Cameron F. Kerry, Esq., General Counsel of the United States Department of Commerce is embedded below:

    Cameron Kerry Testimony before the Senate http://d1.scribdassets.com/ScribdViewer.swf

    The written testimony of attorney Jamil Jaffer Testimony is below:

    Jamil Jaffer Testimony before the Senate Judiciary Comittee http://d1.scribdassets.com/ScribdViewer.swf

    Digital Due Process

    Earlier this year, I reported on the launch of DigitalDueProcess.org, a coalition pushing for an ECPA update for online privacy in cloud computing age. A powerful collection of organizations has been pushing for an update to ECPA. Members of the coalition include Google, Microsoft, AT&T, AOL, Intel, the ACLU and the Electronic Frontier Foundation. The guidance from the coalition would enshrine principles for “digital due process,” online privacy and data protection in the age of cloud computing within an updated ECPA.

    The coalition set up a website, DigitalDueProcess.orgcontaining its proposals for updating ECPA in the face of new cloud computing security and online privacy challenges. Google Public Policy released a video, embedded below, describing the concept of “digital due process,”