Online privacy

On the surface, the investigation was routine. Federal agents persuaded a judge to issue a warrant for a Microsoft e-mail account they suspected was used for drug trafficking. But US-based Microsoft kept the e-mails on a server in Ireland. Microsoft said that meant the e-mails were beyond the warrant’s reach. A federal appeals court agreed. Late in June, the Trump administration asked the Supreme Court to intervene. The case is among several legal clashes that Redmond (WA)-based Microsoft and other technology companies have had with the government over questions of digital privacy and authorities’ need for information to combat crime and extremism.

Privacy law experts say the companies have been more willing to push back against the government since the leak of classified information detailing America’s surveillance programs. Another issue highlighted in the appeal is the difficulty that judges face in trying to square decades-old laws with new technological developments. In the latest case, a suspected drug trafficker used Microsoft’s email service. In 2013, federal investigators obtained a warrant under a 1986 law for the e-mails themselves as well as identifying information about the user of the e-mail account. Microsoft turned over the information, but went to court to defend its decision not to hand over the e-mails from Ireland.

A US judge has dismissed nationwide litigation accusing Facebook of tracking users' internet activity even after they logged out of the social media website. In a decision late on June 30, US District Judge Edward Davila in San Jose (CA) said the plaintiffs failed to show they had a reasonable expectation of privacy, or that they suffered any "realistic" economic harm or loss.

The plaintiffs claimed that Facebook violated federal and California privacy and wiretapping laws by storing cookies on their browsers that tracked when they visited outside websites containing Facebook "like" buttons. But the judge said the plaintiffs could have taken steps to keep their browsing histories private, and failed to show that Facebook illegally "intercepted" or eavesdropped on their communications. "The fact that a user's web browser automatically sends the same information to both parties," meaning Facebook and an outside website, "does not establish that one party intercepted the user's communication with the other," Davila wrote.

The Federal Communications Commission has adopted the order clarifying that the rules on phone privacy are back in effect and dismissing as moot challenges to the telecom broadband privacy rules Congress nullified through a Congressional Review Act resolution. The vote was unanimous but with commissioner Mignon Clyburn dissenting in part and with a lot to say about what she viewed as the remaining lack of clarity about broadband privacy protections.

FCC Chairman Ajit Pai circulated the item earlier this month, which also reminds telecoms of their annual privacy compliance certification obligations. The FCC went straight to an order rather than putting the item out for notice and comment, explaining that "because we are simply recognizing the effect of the resolution of disapproval, we find that notice and public procedure are unnecessary to reflect this action in the Code of Federal Regulations."

[Commentary] The online privacy debate belongs in the halls of Congress, with Republicans and Democrats forging a consensus on how best to protect and empower consumers. I know members on both sides genuinely share concerns about protecting Americans' privacy. The BROWSER Act's opt-in regime will give consumers greater control over how their sensitive personal information is shared and establish regulatory consistency by treating Internet service providers and "edge" providers the same. Having two cops on the beat enforcing different sets of rules isn't fair to anybody and will lead to less certainty when it comes to protecting the privacy of Americans.

Broadband privacy sparked the latest Federal Communications Commission dustup. At issue was an FCC order making it clear the 2016 broadband privacy regulations are gone from the agency rule book, as required by a congressional resolution of disapproval back in March. FCC Commissioner Mignon Clyburn used her partial dissent as an opportunity to argue the Republican majority is willing to leave broadband customers without privacy protections. FCC Chairman Pai took issue with that, saying he brought the “ministerial” item to a vote at her request, but she offered no suggested changes. “I am therefore perplexed by her decision to dissent in part,” Chairman Pai said. “When a commissioner does not share her concerns about an item until after she casts her vote, it makes it difficult to work together to find common ground.”

The Federal Communications Commission released an Order taking a necessary procedural step so that the Code of Federal Regulations contains an accurate reflection of the FCC’s current privacy rules.

Specifically, the FCC’s pre-2016 Privacy Order rules that applied to wireless and wireline telephone carriers have been reinstated following the recent resolution of disapproval of the FCC’s 2016 privacy regulations under the Congressional Review Act (CRA). The resolution of disapproval of the FCC’s privacy regulations, signed by President Trump on April 3, 2017, declared that the 2016 Privacy Order “shall have no force or effect” and “shall be treated as though [it] had never taken effect.” In addition, the June 29, 2017 Order also dismisses as moot 11 petitions for reconsideration of the Commission’s 2016 Privacy Order.

Ever since Congress repealed the Federal Communication Commission’s broadband privacy rules, consumers have expressed outrage over their lack of privacy protections when accessing broadband networks. In response to the public outcry, members of Congress have introduced legislation to enhance consumers’ online privacy protections.

Thus far, Sens Ed Markey (D-MA), Richard Blumenthal (D-CT), and Reps Jerry McNerney (D-CA), and Marsha Blackburn (R-TN) have all introduced online privacy legislation. Each bill has strong components that provide various levels of online privacy protections for consumers. However, the three bills all have limitations that must be addressed to provide Americans all the privacy protections they deserve. Fortunately, the bills at least open the door to a discussion on what true comprehensive online privacy legislation should look like and what protections consumers expect when it comes to their online privacy.

Rep Katherine Clark (D-MA) has proposed legislation to specifically outlaw internet harassment-based crimes like swatting and devote $24 million a year to stopping them. The Online Safety Modernization Act of 2017 collects several of Clark’s earlier bills, with sponsorship from Rep Susan Brooks (R-IN) and Patrick Meehan (R-PA).

It imposes penalties on several relatively new forms of abuse that may be only indirectly covered under other laws, while funding research and investigation into internet safety issues. The bill includes six sections, all addressing “cybercrimes against individuals” — as opposed to attacks on businesses or government infrastructure, which are a higher priority in most cybercrime policy. Three of the sections outline punishments for “sextorting” sexual imagery from people through blackmail, falsely reporting an emergency to provoke a swat team response, and “doxxing” people by disclosing personal information to cause harm.

[Commentary] Some partisan activists have sought to leverage the public’s privacy concerns to advance their political agenda and have resorted to spreading accusations and false information that misleads the public. Immediately after the Congressional vote, the media was flooded with stories suggesting that internet privacy had been “repealed.” Other stories made misleading claims that Congress “voted to allow your web history to be sold to the highest bidder.” None of this is true. Congress did not repeal internet privacy. They kept the FTC’s two decades of privacy rules in place while preventing the inequitable Obama mandates from going into effect.

Congress did the right thing by stopping the FCC’s power grab to protect consumer privacy and indeed protect the internet itself. It is far better public policy to leave the internet in the free market to continue to bring us innovation after innovation which has transformed our lives for the better in the past generation. Take a moment and send an email of appreciation to the members of the Iowa delegation who stood up for you, your family, and your neighbors in this cause.

[Donald P. Racheter is president of the Public Interest Institute, a public policy research institute in Muscatine]

Is privacy a relic of the past given the array of governments and corporations determined to hoover up information about all of us as fully as technology permits it? Julia Angwin doesn’t think so.

The Pro Publica journalist argues that those fighting to better protect privacy aren’t wasting their time, even as the Information Age accelerates. Consider the Industrial Revolution, she urged.vLike advances in information technology, industrialization made societies more efficient, more productive, and wealthier––but those gains came at a heavy cost, for those who lived through the period of rapid industrialization made due with dangerous factories and horrific pollution, among other ills. At the time, those ills struck many as permanent features too entrenched or perhaps even too inevitable to counter. But others fought for industrial reforms, pushing society toward measures that better protected the environment and workers. Indeed, the conditions that prevailed in the early years of the Industrial Revolution would be unthinkable in the U.S. today. Why shouldn’t the Information Age prove as malleable to reformers?