Voices for Innovation provides a weekly roundup of technology policy news:
House lawmakers late Wednesday advanced a provision that would require the Pentagon to report attempts by Russian actors to hack its systems. The amendment was introduced by Rep. Lou Correa (D-Calif.) to annual defense policy legislation and approved by the full House Wednesday night. Lawmakers’ decision to sign off on the provision comes amid heightened concerns over the Russian government’s use of cyberattacks in what the U.S. intelligence community has concluded was a campaign to influence the outcome of the United States’ 2016 presidential election.
FCW reported on FBI Director nominee Christopher Wray’s confirmation hearing comments, including his assertion that cybersecurity threats pose an even greater risk to national security than what’s being reported or addressed today. Wray expressed a strong desire to help Congress and industry find a balanced solution to encryption issues, and to strengthen and enhance Section 702’s surveillance powers. New York Magazine published an opinion piece criticizing Wray for suggesting that a compromise on encryption and law enforcement’s access to data could be reached between the federal government and tech companies, as well as noting his inexperience and lack of technical understanding of the issues.
Washington Post To battle hackers, IBM wants to encrypt the world
There are only two types of companies, it is commonly said: those that have been hacked, and those that just don’t know it yet. IBM, the computing giant, wants to get rid of both. The company said Monday that it has achieved a breakthrough in security technology that will allow every business, from banks to retailers to travel-booking companies, to encrypt their customer data on a massive scale — turning most, if not all, of their digital information into gibberish that is illegible to thieves with its new mainframe. “The last generation of mainframes did encryption very well and very fast, but not in bulk,” Ross Mauri, general manager of IBM’s mainframe business, said in an interview. Mauri estimates that only 4 percent of data stolen since 2013 was ever encrypted.
The Hill EU, US cyber talks
The Hill reported that an EU delegation will visit Washington this week to discuss numerous lawful access issues, including the EU-U.S. Privacy Shield agreement, encryption, and cross-border data access. The article notes that cross-border data access will be a top priority for the delegation, given the status of U.S. court cases with Microsoft and Google over warrants for data stored extraterritorially.
New York Times Digital Privacy to Come Under Supreme Court’s Scrutiny
The New York Times published a “White Collar Watch” column by Professor Peter Henning highlighting Microsoft’s warrant case as one of two potential Supreme Court cases involving the Stored Communications Act that could help redefine the concept of privacy in the digital age. Henning predicts that the Supreme Court will inevitably hear Microsoft’s case due to conflicting lower court rulings involving Google and Yahoo and the fact that the Supreme Court relies on the solicitor general’s office to identify cases with significant impacts on law enforcement.
MINNESOTA REPRESENTATIVE AND Deputy Chair of the DNC Keith Ellison recently called on Twitter to ban Donald Trump once and for all, joining countless publications who have made the same demand. And currently, nearly 72,000 people have signed an online petition asking for the same. Unfortunately for all those dreaming of a Trump-free Twitter, it is almost certainly never going to happen. The case for banning Trump from Twitter goes something like this: He consistently violates the site’s terms of service, up to and including the incitement of violence. Simple enough. The case for letting Trump keep his account gets a bit murkier. “He’s having a real-time conversation with the world,” Twitter CEO Jack Dorsey told CNN. “And I think that’s something we should learn from.” Twitter has also asserted that having Trump on Twitter is “good” and that “the more that happens, the better we are going to be at showing what’s going on in the world.” None of which means very much, and doesn’t address the actual issues that Trump’s Twitter behavior raises.
The Hill FTC names new acting technologist
The Federal Trade Commission has announced a new acting chief technologist. Neil Alan Chilson, an advisor to acting Chairman Maureen Ohlhausen, will fill the role on an acting basis. “Much of the FTC’s work occurs at the intersection of rapidly changing technology and consumer experiences, implicating complex legal and policy issues,” Ohlhausen said. “Neil has spent his career at this intersection and has been a valuable contributor to the FTC’s technology-related work. I am pleased to have his technical expertise and policy experience available to the Commission in this new role.” According to the FTC’s announcement, Chilson has been advising Ohlhausen on technology issues like data security and privacy. Ohlhausen has been serving as the acting chair since January. President Trump has not yet nominated a permanent replacement.
Forbes reported that an Alabama magistrate judge denied 15 separate applications for search warrants directed at Microsoft, Google, Yahoo, and 1&1 media. The judge argued that the government’s request was overly broad, seeking access to search much more than supported by their showing of probable cause and therefore violated the Fourth Amendment.
Ars Technica reported on the Ninth Circuit Court of Appeals decision which held that the nondisclosure requirements attached to National Security Letters do not violate the First Amendment. Coverage positioned the ruling as a loss for privacy advocates. The EFF, which represented the companies in the case, made no immediate decision about whether to appeal the ruling the Supreme Court.
The Washington Post Facebook says it shouldn’t have to stay mum when government seeks user data
The Washington Post reported on Facebook’s recent move to challenge a gag order issued by a District of Columbia Superior Court judge and connected to search warrants for customer data. The Washington Post noted that Facebook’s case ”is similar to challenges percolating throughout the country from technology companies objecting to how the government seeks access to Internet data in emails or social media accounts during criminal investigations.”
Washington Post Travelers just won back a bit of their privacy at the border
Travelers worried about having their smartphones or other electronic devices searched when they enter the United States can breathe a small sigh of relief: U.S. customs agents may be more limited than previously thought in their ability to browse the contents of your phone. Border officials can only look through the portions of your phone in which data has been kept locally on the device’s physical storage, according to a letter from Customs and Border Protection to Sen. Ron Wyden (D-Ore.), a privacy advocate. The letter was first reported by NBC News. Under the policy, a border search can legally include any downloaded text messages, contacts or notes on a device. But it forbids any search that would require a border official to request data from a remote server — that is, social media accounts, online storage services or other cloud-based applications.
IT’S THE SIMPLE bargain that made companies like Google and Facebook into giants: in exchange for the convenience of running your life from a smartphone, you hand over gobs of data on your every activity. It zips up into the cloud where algorithms do…well it’s hard to be exactly sure, but everyone’s at it. Oh, except Apple. Tim Cook has aggressively positioned the company as uninterested in collecting user data, and boasts that it sets Apple apart. “They’re gobbling up everything they can learn about you and trying to monetize it,” he said in a 2015 speech. “We think that’s wrong.” “They,” of course, refers mostly to Google and Facebook, which rely heavily on cloud computing for search and recommendations and other features. Apple, on the other hand, promises to do its machine learning-powered stuff like photo searching and predicting what emoji you want right there on your smartphone or tablet.
Still reeling from Donald Trump’s election, a prominent technologist is taking a page from powerful donors the Koch brothers, who remade state politics by recruiting and funding a new generation of GOP candidates. Sam Altman, president of the Silicon Valley start-up incubator Y Combinator, announced Wednesday that he would spend from his personal fortune to enlist candidates who want to run for statewide office in California on a platform of “technology, economic fairness, and maintaining personal liberty.” The next races will be in 2018. Altman, whose fund has helped launch companies such as Dropbox and Airbnb, is part of a wave of tech elites who are now looking to extend their influence beyond Silicon Valley into the wider political spectrum.
A startup incubator launched by some of former President Barack Obama’s top tech aides is ramping up its efforts to raise money and invest in new, cutting-edge digital tools meant to help Democrats win more races in 2018 and beyond. The group, called Higher Ground Labs, plans to announce on Thursday that it has tapped Ron Klain, the executive vice president and general counsel of Revolution, to serve as chair of the nascent organization’s advisory board. Like others involved in the effort, first reported by Recode in May, Klain had been a major aide to Obama, at one point serving as the former president’s top adviser handling the global Ebola crisis.
Major technology companies are pooling together to launch a new alliance in the hopes of spurring patent reform. The group, called the High Tech Inventors Alliance (HTIA), is composed of eight high-profile tech companies: Adobe, Amazon, Cisco, Dell, Google, Intel, Oracle and Salesforce, who collectively hold 115,000 patents. HTIA says that it aims to pursue regulatory and legislative reforms aimed at curbing what it sees as nuisance lawsuits over patent litigation. They contend that such cases inhibit them from being productive with the results of their research and development, which the HTIA’s members collectively spend $62.9 billion on annually. “When the patent system does not function well, it undermines rather than supports innovation, to the detriment of all Americans — inventors, employees, investors in productive businesses and ultimately, consumers,” said John Thorne, the Alliance’s general counsel and spokesperson.
The Trump administration said it would delay, and probably eliminate down the line, a federal rule that would have let foreign entrepreneurs come to the United States to start companies. The decision, announced by the federal government on Monday ahead of its official publication on Tuesday, was quickly slammed by business leaders and organizations, especially from the technology sector, which has benefited heavily from start-ups founded by immigrants. “Today’s announcement is extremely disappointing and represents a fundamental misunderstanding of the critical role immigrant entrepreneurs play in growing the next generation of American companies,” Bobby Franklin, the president and chief executive of the National Venture Capital Association, a trade association for start-up investors, said in a statement.
The Trump administration is mulling whether to bar all federal agencies from using security software developed by a prominent cybersecurity firm based in Russia. ABC News reported on Tuesday that a final decision could come in a matter of days. Such a move would remove Kaspersky Lab, a global company headquartered in Russia, from the General Services Administration’s (GSA) list of approved outside vendors. Kaspersky Lab has been the subject of media attention in recent years for alleged ties to Russian intelligence agencies. Eugene Kaspersky, the firm’s founder, was trained at a KBG-sponsored school and worked for a scientific institute run by the Soviet military.
The Presidential Advisory Commission on Election Integrity made headlines on June 28 when it requested that states hand over registered voters’ full names, political affiliations, addresses, dates of birth, criminal records, the last four digits of their Social Security numbers, and other personal identifying information. The government wants to make all of the data public. Many of the states deem varying parts of the data private—meaning state law forbids them from divulging it. So far, Arkansas is the only state that has complied with the commission’s demands. But the commission, put together by President Donald Trump amid allegations of voter fraud on a massive scale during the 2016 election, said it has erased Arkansas’ data. And now the commission, which (among other topics) wants to investigate whether dead people voted in elections the past decade, is telling the rest of the states they don’t need to comply—at least for now.
“Thus, because the Government seeks at the outset to access and search potentially so much more than its specific showing of probable cause would support, the undersigned is left with the abiding conviction that what the Government actually seeks is “a general, exploratory rummaging,”… through the contents of the account users’ email. The Fourth Amendment must require a stronger showing by the Government to permit intrusion of that magnitude.”
“Our position, in general, is when an ISP gets an NSL, they should tell the user so that they can contest that request.”
“Certain recipients of these NSLs claim that the nondisclosure requirement violates their First Amendment rights. We hold that the nondisclosure requirement in 18 U.S.C. § 2709(c) is a content-based restriction on speech that is subject to strict scrutiny, and that the nondisclosure requirement withstands such scrutiny. Accordingly, we affirm.”
“There’s a balance that has to be struck between the importance of encryption, which I think we can all respect when there are so many threats to our systems, and the importance of giving law enforcement the tools that they need to keep us all safe.”
“I have no reason to doubt what I hear in the intelligence community’s assessment about the importance of 702 as a vital tool in our efforts to protect America…Everything I’ve heard suggests to me that that’s a tool that needs to be a high priority for the country to make sure it gets renewed appropriately.”
“Rather it is saying to Silicon Valley and its emulators — the ball is in your court. You have created messaging applications which are encrypted end to end, they are being used by terrorists and criminals to hide their murderous plans. This will be a difficult conversation in many places, and especially in the USA, where there is a strong, anti government libertarian tradition on both the left and the right. But here is the bottom line — the best defence against terrorists’ plans is good intelligence.”
“The warrants’ broad sweep would enable the government to review the targets’ communications with third-parties, their political and social affiliations, their reading habits, and their views on a plethora of political, social, religious and personal issues.”
“In this digital age, CPB must… conduct limited and targeted inspections of electronic devices to determine whether they contain contraband (such as child pornography), information indicating inadmissibility, or information that could present a threat to national security.”
“It is important that a future reauthorization [of Section 702] does not lower these protections recognized to non-U.S. citizens.”
“We need to ensure that the internet is not used as a dark place for bad people to hide their criminal activities from the law.”
“The problem is that there isn’t really a legal balance to be struck when it comes to encryption. American tech companies already comply with lawful orders for user information that isn’t fully encrypted, and shy of building backdoors into their products, there isn’t a lot more they can do.”
“Devices connected to the internet, from cellphones to watches to personal training trackers that facilitate our personal habits and communications, are a fact of daily life, and the Supreme Court will have to start drawing clear lines around what types of electronic information are – and are not – protected by the Fourth Amendment. Simple asserting that there is a right to privacy does not provide much help in determining how far that protection should extend in a digital world.”
“The tech industry as a whole has moved toward providing its users with more transparency, but telecommunications companies — which serve as the pipeline for communications and internet service for millions of Americans — are failing to publicly push back against government overreach.Both legacy telcos and the giants of Silicon Valley can and must do better. We expect companies to protect, not exploit, the data we have entrusted them with.”
- @benghancock: Ninth Circuit rules against tech and telcos on non-disclosure of “national security letters”
- @ftbrussels:UK lacks detail on post-Brexit data transfers with EU, say Lords
- @jacobgershman:U.S. judge denies 15 email search warrants…refuses to sign off on “general, exploratory rummaging”
- @OrinKerr:Alabama Mag J pushes back on DOJ’s 2-stage e-mail warrant protocol. (But others have been reversed doing so.)
- @admliptak: Gag orders in national security letters are content-based restrictions on speech subject to strict scrutiny — which court says they satisfy
- @cfarivar: Tech/Legal Twitter: I’m reading the new DHS letter to Wyden. What does “solely on remote servers” mean?
- @KenRoth: Australia threatens to force internet companies to keep backdoor key for encryption, endangering all of our security
- @MikeScarcella: Facebook says it shouldn’t have to stay mum when government seeks user data
- @ractack:I concur. The “cloud” really means someone else owns your data. #PrivacyShield #GDPR #EUdataP #dataprotection
- @schneierblog: Australia Considering New Law Weakening Encryption ht
- @SophieinVeld: WH releases personal data of voters. Do we trust Trump gvt with data EU citizens?
- @JHaggrid: @arthurrizer and I are rollin! How many Americans are swept up in the NSA’s snooping programs? #702
- @SkyNews:@RitaPanahi on why she agrees with @TurnbullMalcolm on his government’s new proposed encryption laws #PoliticsHQ
- @ZDNet: Australia believes it is ‘technically possible’ to crack end-to-end encryption http://zd.net/2uXoSxh by @dobes
- @accessnow: #US: The #Encryption ‘Balance’ Trump’s FBI Nominee Wants Is Impossible via @nymag
- @kevincollier:My first in NY Mag/Select All: FBI director-to-be joins long tradition of hoping for an impossible crypto compromise
- @accessnow: Letter to #US lawmakers on #Section702: when spy powers are open to abuse, the most vulnerable among us suffer
- @AdrienneLaF:“There’s a degree of sanitization around the language… a search without a warrant is cast as a visit.”
- @DRUDGE_REPORT:Digital Privacy to Get Supreme Scrutiny…
- @EFF:When the government comes knocking, which companies stand by users? Our new report rates 26 tech companies.
- @peterjhenning:The Supreme Court hits the digital age by dealing with Fourth Amendment protections for email and cellphone data.