Conscious Manifestations

In comments filed with the Department of Homeland Security today, CDT highlighted privacy concerns implicated by DHS' new system of databases to record personal information and border crossing history. CDT called on DHS to reduce the 15-year period for retaining records of the date, time and place an American re-enters the United States at the land borders, and to limit the vast array of "routine uses" for which that data can be shared with other government agencies, foreign governments, and the public. In related comments, CDT urged DHS to work with states and other issuers of new "enhanced drivers licenses" to provide the department with access only to personal information about drivers crossing the border rather than information about all those holding EDLs, and to ensure that states do not create their own records of drivers' border crossing activities.

President Bush today announced his intention to nominate CDT Vice President for Public Policy James X. Dempsey to serve a five year term on the Privacy and Civil Liberties Oversight Board, an independent agency within the executive branch that will review the civil liberties impact of anti-terrorism policies and programs, providing advice on policy development and implementation and oversight of government actions relating to terrorism. In legislation adopted last year, Congress reconstituted the Board and made it independent of the White House. The position, which is subject to Senate confirmation, is part-time, so Dempsey, if confirmed, will continue in his position with CDT.

CDT filed comments with the Federal Communications Commission -- on behalf of more than twenty public interest and industry groups -- against the FCC's proposal to require censorship of a free nationwide wireless Internet access network. Although CDT supports the broad goal of deploying broadband nationwide, the comments argued that such government-mandated censorship would violate the First Amendment and would create an effectively unusable service due to the large amount of content and online services that would be blocked.

State attorneys general received thousands of complaints about online fraud and abuse in 2006 and 2007. Yet, with the exception of several notable standouts, few states brought significant cases in response to those complaints, according to a report released today from the Center for American Progress and the Center for Democracy and Technology. The study finds online fraud and abuse aren't given a high priority by most attorneys general. The report recommends several steps state attorneys general can take to protect online consumers, such as: assess the applicability and adequacy of state laws; develop computer forensic capabilities; train investigators and prosecutors to identify Internet fraud; and devote greater resources to enforcement efforts.

Today CDT and the Progress & Freedom Foundation jointly filed a "friend of the court" brief in the U.S. Supreme Court against the FCC's regulation of "fleeting expletives," arguing that the Commission's new policy of censoring one-off curse words violates both the Constitution and administrative law. CDT also called into question the FCC's overall authority to regulate speech on broadcast, noting that dramatic changes in media and technology over the past 30 years no longer make broadcast a "unique" medium deserving less than full First Amendment protection. The brief also argues that the convergence of broadcast with the Internet and other new media, and the rise of technological tools that allow families to control what media content enters the home, eliminates the need for continued government regulation of broadcast.

In a July 31 amicus brief filed in a federal court in Pennsylvania, the Electronic Frontier Foundation, joined by CDT, ACLU and the ACLU of Pennsylvania, argued that cell phone location information is protected by the Fourth Amendment. The brief argues that a court should require the government to obtain a warrant based on probable cause in order to gain access to cell site location information stored by a cell phone company.

The Second Circuit Court of Appeals today reversed a lower court decision that, as CDT and a number of others argued in a 2007 amicus brief, had the potential to chill innovation in products that use the Internet to provide storage and computing functions from remote locations. The lower court ruling had blocked Cablevision from rolling out a digital video recorder (DVR) system that stores recorded television programs on remote servers instead of in set top devices in the customers' homes. CDT applauds today's decision, which finds that providing such a remote DVR does not constitute direct copyright infringement. CDT also welcomes the court's finding that transitory data held in buffers for a mere 1.2 seconds do not constitute "copies" for purposes of the Copyright Act.

CDT on Friday joined the Electronic Frontier Foundation, Public Citizen, and a group of 14 law professors in an "friend of the court" brief arguing that violating an online service's Terms of Service agreement isn't a criminal offense under the Computer Fraud and Abuse Act. The brief, submitted in the case of United States v. Lori Drew, explains that the legal theory behind the Government's indictment of Ms. Drew would effectively criminalize the actions of millions of Internet users and raise significant due process and constitutional concerns.

The FCC today voted 3-2 to reprimand Comcast for interfering with some of its subscribers' BitTorrent uploads and failing to disclose the action. The ruling is a major development in the long-running debate over "Internet neutrality" and "network management." CDT agrees with the ruling's apparent premise that broadband providers should not target specific applications for inferior treatment and should be much more transparent about network management practices. CDT has serious concerns, however, about the potential breadth of the Commission's assertion of authority and the risk that it could open the door to greater FCC regulatory involvement in Internet issues. The full impact of the ruling will depend on the actual text of the order, which is not yet available.

Newly released documents confirm that U.S. government border officials assert authority to rifle through the contents of laptop computers, cell phones and flash drives that travelers bring into the United States, even when officials have no suspicion that a device contains evidence of a crime. Devices can be taken from travelers, removed to a remote location, examined by officials unknown to the travelers, and returned days, weeks, or even months later.

CDT issued a policy post today on the emerging practice of online behavioral advertising. Behavioral advertising involves the compilation of detailed information about an Internet user’s online activities. That data, when collected, can be turned into detailed consumer profiles including articles read, web sites visited, and items purchased. Ad networks contract with web sites to determine what type of advertising shows up on a consumer's web browser based on those profiles. In efforts to obtain more complete consumer profiles, some ad networks are now contracting with ISPs to buy the full web streams of the ISP's subscribers. That ad network-ISP model raises privacy concerns discussed in this policy post.

Telecommuting and the virtual office put sensitive corporate data, including the personal information of customers, at risk of compromise, according to a report released today by the Center for Democracy & Technology and Ernst & Young. The report is based on a survey of 73 organizations and recommends that companies with a telecommuting workforce need to pay more attention to the unique privacy and security risks posed by remote access. The report offers practical advice to companies on securing data accessed by employees working from home or other remote locations.

CDT issued a policy post today addressing security and privacy issues associated with federal RFID-enabled border crossing documents. CDT traces the troubling history of the U.S. government's adoption of this flawed technology despite warnings from internal government watchdogs. DHS response to security and privacy concerns has been inadequate, CDT said. RFID-enabled border crossing documents could fall victim to "mission creep," like the Social Security Number before them, and become a target for identity thieves, CDT said, noting there is still time for the Congress and public to act, forcing the State Department and DHS to reconsider the using this flawed technology.

CDT's Health Privacy Project Director Deven McGraw testified today before the House Health Subcommittee during a hearing on promoting the adoption and use of health information technology. McGraw said that enhanced privacy and security built into health IT systems will bolster consumer trust and confidence; that move will help spur a more rapid adoption of health IT and the realization of its potential benefits. In her testimony, McGraw outlined a comprehensive privacy and security framework that would set clear parameters for access, use and disclosure of personal health information for all entities engaged in e-health.

The House Energy and Commerce Committee today approved a bill intended to boost adoption of electronic health records nationwide while strengthening federal privacy laws. CDT supports the measure and will testify tomorrow on the importance of protecting privacy in electronic health records at a hearing of the Ways and Means Health Subcommittee.

The 3rd U.S. Circuit Court of Appeals today upheld a lower court ruling striking down the controversial Child Online Protection Act (COPA) that required Web operators to restrict access to large amounts of constitutionally protected speech. COPA placed severe restrictions on a wide range of legal, socially valuable speech, including content relating to sexual identity, health and art. CDT, which has filed friend-of-the-court briefs opposing COPA and supporting parental empowerment technology, applauds the ruling.

CDT today testified before the House Telecom Subcommittee regarding the privacy implications of "deep packet inspection," a technology underlying some online behavioral advertising models. CDT warned that consumers are increasingly concerned about the growing amount of personal data being collected by online advertising practices, but that they are ill-equipped to take steps to protect their privacy. CDT also said that the emerging advertising model partnering ISPs with ad networks brings new legal complexities and privacy risks to the e-commerce equation. CDT urged Congress to take a comprehensive look at online advertising practices and made several recommendations for designing policies and laws that insure consumer privacy and instill trust in the electronic marketplace.

CDT told the Senate Judiciary Committee today that the illegal browsing of passport information by State Department employees indicates a lack of adequate internal controls to protect personal information and shows a disregard for basic privacy laws. CDT said that the department's overall privacy program has lacked vision, direction, and resources for several years. However, the department is not alone in its failure to protect information; as government studies show, privacy procedures at many large agencies are weak. CDT called on Congress and the Administration to work together on closing well-known gaps in the aging Privacy Act and made several recommendations consistent with those outlined in GAO reports issued earlier regarding government privacy policies.

After beating back three amendments, the Senate voted 69-28 to pass the FISA Amendments Act and send it to the President to be signed into law. The rejected amendments would have stripped out or limited provisions in the bill granting immunity to telecommunications carriers that assisted with illegal warrantless surveillance for more than five years after September 11. CDT opposed the legislation because it grants immunity and fails to give the FISA court adequate authority to ensure that Americans are protected against unjustified surveillance of their communications. CDT calls on Congress to vigorously exercise its authority to oversee the government's implementation of the new authority.

CDT today testified before the Senate Commerce Committee regarding the privacy implications of online advertising. CDT noted that consumers are increasingly concerned about the growing amount of personal data being collected by online advertising practices, but that they are ill-equipped to take steps to protect their privacy. CDT also said that the emerging advertising model partnering ISPs with ad networks brings new legal complexities and privacy risks to the e-commerce equation. CDT urged Congress to take a comprehensive look at online advertising practices and made several recommendations for designing policies and laws that insure consumer privacy and instill trust in the electronic marketplace.