Voices for Innovation provides a weekly roundup of technology policy news:
For those who are attending Microsoft Inspire, here is where you can find VFI.
- Booth in Microsoft Central—Please stop by and say hello. We have fun VFI branded items for our community and you can take action to support modernizing outdated digital privacy laws!
- Community Hub—We have several things happening in the Community Hub! Please join us and bring along a colleague to learn more about VFI and the important technology issues impacting our industry. For those who want to learn how to deepen your partner experience through VFI, I encourage you to attend the Monday session at 4:00PM.
- Cloud Trust—Presentation: Monday 1:30-2:00PM, Hot Topic Roundtable: Monday 2:00-3:00PM
- Partnering Through VFI—Hot Topic Roundtable: Monday 4:00-5:00PM
- Compliance—Presentation: Tuesday 12:00-12:30PM
- Fixing the Skills Gap—Hot Topic Roundtable: Tuesday 12:00-1:00PM
- IAMCP Executive Roundtables—VFI is helping sponsor the IAMCP Executive Roundtables at our Microsoft Policy and Innovation Center located at 901 K. Street (a block away from the Convention Center). You can register here. If you are not an IAMCP member and would like to attend any of the sessions, please email me directly and let me know which session(s) you are interested in attending. Space is limited so I cannot guarantee a spot.
- Brad Smith
- Gavriella Schuster
- Toby Richards
- Ann Johnson
- Chris Weber
- Didier Ongena
The Hill, reported on the Senate House Judiciary Committee hearing on Section 702 reauthorization. Politico reported on a letter sent to Director of National Intelligence, Dan Coats by Senators Bob Goodlatte and John Conyers requesting Coats provide by July 7 “all methodologies and statistical analysis his office and NSA considered to complete the project as well as results from any attempts to implement the number-crunching schemes.”
Rep. Katherine Clark (D-MA) has proposed legislation to specifically outlaw internet harassment-based crimes like swatting and devote $24 million a year to stopping them. The Online Safety Modernization Act of 2017 collects several of Clark’s earlier bills, with sponsorship from Rep. Susan Brooks (R-IN) and Patrick Meehan (R-PA). It imposes penalties on several relatively new forms of abuse that may be only indirectly covered under other laws while funding research and investigation into internet safety issues. The bill includes six sections, all addressing “cybercrimes against individuals” — as opposed to attacks on businesses or government infrastructure, which are a higher priority in most cybercrime policy. Three of the sections outline punishments for “sextorting” sexual imagery from people through blackmail, falsely reporting an emergency to provoke a swat team response, and “doxxing” people by disclosing personal information to cause harm.
On June 23, the U.S. Justice Department asked the Supreme Court to reconsider a legal decision, in a case brought by Microsoft, which found that U.S. warrants cannot be unilaterally applied to email in other countries. There was extensive coverage of this DOJ action—including a blog by Microsoft President and Chief Legal Officer Brad Smith where he argues for the need for a legislative solution for “new laws is better than arguing over old laws.” In Brad’s view “The need for legislation will exist regardless of who wins the case, and we’ve seen encouraging progress. We hope today’s filing does not derail work toward a modern fix that improves law enforcement’s capabilities while protecting people’s rights.”
Coverage and notable quotes are below.
ARTICLE SUMMARY: Microsoft Warrants Case
Bloomberg BNA reported on the Justice Department’s request for the Supreme Court to review Microsoft’s warrant case, highlighting Brad Smith’s recent blog and a comment in support of the ideas in Google’s legislative framework. The piece notes statements by Jennifer Daskal, American University assistant professor of law, and Chris Calabrese, Center for Democracy vice president for policy, that the issue is best resolved by Congress through legislation, not through litigation.
The Justice Department on Friday filed a motion to take a landmark case about the limits of U.S. warrants in the information age to the Supreme Court. The case, U.S. v. Microsoft, concerns whether data stored in a foreign server is under the jurisdiction of a U.S. warrant. A lower court had ruled that it was not – that law enforcement agencies would have to follow the same rules to obtain extraterritorial data as it would with physical evidence and seek the cooperation of a foreign government. “The panel reached that unprecedented holding by reasoning that such a disclosure would be an extraterritorial application of the Act—even though the warrant requires disclosure in the United States of information that the provider can access domestically with the click of a computer mouse,” the DOJ argued in its filing.
The Hill reported that business leaders are surprised the DOJ filed for Supreme Court review in Microsoft’s warrant case, noting comments from the National Association of Manufacturers and BSA that a legislative fix is in the best interest of businesses. Sen. Orrin Hatch also expressed disappointment in the DOJ’s decision to seek Supreme Court review and urged Congress to modernize data privacy laws.
The US Department of Justice is attempting to take its long-running legal battle with Microsoft over access to emails stored on foreign servers to the Supreme Court. After several delays, the Justice Department tonight filed a petition asking the Supreme Court to take its case. An appeals court previously ruled in favor of Microsoft, finding the the Justice Department couldn’t use a warrant to obtain messages from one of the company’s overseas data centers and would have to request the data through an international treaty process instead. If the Supreme Court agrees to hear the case, its decision will have wide-ranging affects on the way the tech industry stores user data and the way law enforcement accesses it, both in the US and abroad. But if the Supreme Court doesn’t take the case, the appeals court ruling will stand, and the tech industry’s lobbying effort to get Congress to change a 31-year-old law will accelerate.
The Justice Department on Friday petitioned the US Supreme Court to step into an international legal thicket, one that asks whether US search warrants extend to data stored on foreign servers. The US government says it has the legal right, with a valid court warrant, to reach into the world’s servers with the assistance of the tech sector, no matter where the data is stored. The request for Supreme Court intervention concerns a 4-year-old legal battle between Microsoft and the US government over data stored on Dublin, Ireland servers. The US government has a valid warrant for the e-mail as part of a drug investigation. Microsoft balked at the warrant, and convinced a federal appeals court that US law does not apply to foreign data. The government on Friday told the justices that US law allows it to get overseas data, and national security was at risk.
The Irish Times published an article by columnist Karlin Lillington analyzing the Department of Justice’s decision to request Supreme Court review of Microsoft’s warrant case. Lillington contends that having the Supreme Court hear this case would be “a pointless waste of time” since U.S. legislators have already agreed a legislative solution is needed. She also notes that a reversal of the case in favor of the U.S. government’s arguments would undermine the whole concept of cloud computing.
NOTABLE QUOTES- Microsoft Warrants Case
“I’m disappointed by the Department’s decision to seek Supreme Court review of the Microsoft warrant case. As I’ve said all along, courts should respect the time-honored principle that warrants stop at the water’s edge. Nevertheless, Congress can and should modernize data privacy laws to ensure that law enforcement can access evidence in a timely manner.”
“All five of our companies compete vigorously with each other the marketplace but have common ground on policy and regulatory issues. In prior years, the market competition bled into more regulatory tension—in more recent years, we have recognized that we have common interests on a global basis on important regulatory and policy issues.”
“As Microsoft president and chief counsel Brad Smith argued in a blog post last week, if the US government has the right to directly seize internationally-held data, then other countries will of course, expect the same right to in effect conduct international digital raids for American or other nations’ data, in the US or around the world, with near-impunity… This raises obvious data-protection, data-privacy, and surveillance concerns. It also completely undermines the whole concept of cloud computing.”
“We’ve been vocal supporters for the ideas in Google’s framework. Their proposal makes an important and positive contribution and shows strong consensus on the urgency for new law and what that law should look like.”
The Federal Communications Commission’s empty slots are about to be filled. President Donald Trump will nominate Republican Brendan Carr to the FCC’s fifth and final commissioner position, the White House announced last night. Carr served as FCC Commissioner Ajit Pai’s Wireless, Public Safety, and International Legal Advisor for three years. After Trump elevated Pai to the chairmanship in January, Pai appointed Carr to become the FCC’s general counsel. “Brendan has a distinguished record of public service, having worked at the agency for over five years, including most recently as the FCC’s General Counsel,” Pai said after the White House announcement. “In particular, Brendan’s expertise on wireless policy and public safety will be a tremendous asset to the Commission.”
Computerworld reported on a joint communique released by the Five Eyes nations, stating they have “committed to develop [their] engagement with communications and technology companies to explore shared solutions” regarding lawfully accessing encrypted communications during criminal and terrorism investigations. The Five Eyes nations include Canada, the U.S., Britain, Australia and New Zealand.
Google is making a change to its advertising practices that will affect millions of Gmail users around the globe. Starting later this year, the company will stop reading your emails to refine its ads. If you’re just learning that Gmail scans your messages, this is an issue that dates back for years. Google’s automated systems routinely scanned Gmail users’ incoming and outgoing emails to help refine the company’s massive data-gathering operation, which in turn supported its enormous targeted-advertising business. Google’s ad business is what keeps the entire company chugging along. Last year, 88 percent of all revenue at Alphabet, Google’s parent company, came from Google advertising, according to its annual report.
Tuesday’s massive outbreak of malware that shut down computers around the world has been almost universally blamed on ransomware, which by definition seeks to make money by unlocking data held hostage only if victims pay a hefty fee. Now, some researchers are drawing an even bleaker assessment—that the malware was a wiper with the objective of permanently destroying data. Initially, researchers said the malware was a new version of the Petya ransomware that first struck in early 2016. Later, researchers said it was a new, never-before-seen ransomware package that mimicked some of Petya’s behaviors. With more time to analyze the malware, researchers on Wednesday are highlighting some curious behavior for a piece of malware that was nearly perfect in almost all other respects: its code is so aggressive that it’s impossible for victims to recover their data. In other words, the researchers said, the payload delivered in Tuesday’s outbreak wasn’t ransomware at all.
Should Google remove content from its search results all around the world on the orders of a single foreign government? That’s the thorny question with broad free speech implications for Americans and political dissidents raised by a Supreme Court decision in Canada. On Wednesday, Canada’s top court ruled that Google can be forced to delist search results worldwide to enforce the decisions of Canadian courts. The ruling stemmed from a case involving an intellectual-property dispute, with Canadian manufacturer Equustek Solutions claiming that another Canadian business, Datalink, was using Google to sell impostor products. Google removed hundreds of Datalink hyperlinks from its search results in Canada. But Equustek obtained a court order to compel Google to delete these listings not just from Canadian search results but from Google search everywhere in the world.
New York Times Google Fined Record $2.7 Billion in E.U. Antitrust Ruling
Google suffered a major blow on Tuesday after European antitrust officials fined the search giant a record $2.7 billion for unfairly favoring some of its own services over those of rivals. The penalty, of 2.4 billion euros, highlights the aggressive stance that European officials have taken in regulating many of the world’s largest technology companies, going significantly further than their American counterparts. By levying the fine against Google — more than double the previous largest penalty in this type of antitrust case — Margrethe Vestager, the European Union’s antitrust chief, also laid claim to being the Western world’s most active regulator of digital services, an industry still dominated by Silicon Valley.
Bloomberg reported on the joint efforts from Brad Smith, and the senior leadership of four other major tech companies, to shape policy and challenge the government together, when necessary, on a range of issues, including surveillance reform, tax policy, immigration, and cybersecurity. The piece notes several instances of combined efforts by the companies in recent years, including in 2014 when Amazon and Apple backed Microsoft’s lawsuit against the DOJ over the privacy of data stored overseas.
New York Times How Silicon Valley Pushed Coding Into American Classrooms
At a White House gathering of tech titans last week, Timothy D. Cook, the chief executive of Apple, delivered a blunt message to President Trump on how public schools could better serve the nation’s needs. To help solve a “huge deficit in the skills that we need today,” Mr. Cook said, the government should do its part to make sure students learn computer programming. “Coding,” Mr. Cook told the president, “should be a requirement in every public school.” The Apple chief’s education mandate was just the latest tech company push for coding courses in schools. But even without Mr. Trump’s support, Silicon Valley is already advancing that agenda — thanks largely to the marketing prowess of Code.org, an industry-backed nonprofit group.
Wall Street Journal Silicon Valley, Not Willing to Wait, Forges Ahead on Boosting Minimum Wage (subscription required)
SAN FRANCISCO—Proponents of a $15 minimum wage have found fertile territory in Silicon Valley, where the region’s booming technology industry is credited for helping drive soaring housing prices and a sizable income gap. California is on track for a $15 minimum wage by 2022, but some Silicon Valley cities are opting to hit that target faster, prodded by a campaign aimed at organizing low-wage workers in the region. The city of Santa Clara is the latest to propose an accelerated $15 minimum wage, following the lead of San Jose and six other Santa Clara County cities. The City Council plans to vote on a measure that would raise base pay to $15 by 2019 next month. Mountain View, where Alphabet Inc.’s Google is based, will have a $15 minimum wage next year, as will Sunnyvale. The $15 target will be reached in 2019 by San Jose, the region’s largest city, and home to companies such as PayPal and eBay. Cupertino, hometown to Apple Inc., also will hit the $15 target in 2019, as will Palo Alto, Milpitas and Los Altos.
The United States patent system has become so uncertain and unstable that many innovators are consciously choosing to keep their innovations as trade secrets, depriving the public of the most fundamental and important benefit of any patent system. Indeed, the steady demise of the U.S. patent system is what lead several concerned lawmakers like Senator Chris Coons (D-DE) to push hard for federal trade secret legislation — so at least innovators would have some kind of federal protection for their inventions as patents have become in many technological areas nothing more than an illusory promise. Once upon a time those who avoided obtaining U.S. patents were irrational actors that largely didn’t understand the consequences of their decisions.
“Ministers and Attorneys-General also noted that encryption can severely undermine public safety efforts by impeding lawful access to the content of communications during investigations into serious crimes, including terrorism. To address these issues, we committed to develop our engagement with communications and technology companies to explore shared solutions while upholding cybersecurity and individual rights and freedoms.”
“Some important policy issues, like surveillance reform and immigration, transcend business rivalries. On those issues, we make a stronger and more informed case when we speak with one voice.”
“If the Five Eyes countries force tech companies to build encryption back doors, it would set a troubling global precedent that will be followed by authoritarian regimes seeking the same. These governments should promote strong encryption instead of trying to punch holes in it, which would lead to a race to the bottom for global cybersecurity and privacy.”
“The weakening of encryption in all messengers will lead to undermining the national security of the country as a whole, since in this case foreign special services will inevitably also have access to the correspondence of Russian citizens. At the same time, the risk of terrorist attacks will not disappear – as the events in Paris have shown, there are enough disposable phones [to help] carry out terrorist attacks without any encryption… If you want to defeat terrorism by blocking stuff, you’ll have to block the Internet.”
“Society changes, the world changes, technology and communications change. And a sunset allows us to review and revise such as may be necessary due to technology changes that happen at such a rapid pace.”
“A mandated back door – essentially a built-in vulnerability – is dangerous because there is no way to ensure that only the good guys will exploit it… Technology companies are in a feverish race to enhance privacy and security protections. The last thing they need is to introduce a deliberate vulnerability. Few would want to return to an era when encryption was not the norm.”
“The mere fact that the Supreme Court agreed to hear the Carpenter case was a small victory for civil liberties groups. The third party doctrine is a blunt instrument that, in our connected world, permits too many low-value ‘fishing expeditions’ by law enforcement.”
- @dnvolz: NSA backtracks on sharing number of Americans caught under warrantless spying … tip @Techmeme
- @EFF: It took NSA 4 years to say that it doesn’t know how many Americans it has monitored.
- @FedSoc: [BLOG] Old Law, New Technology, and the Congressional Need To Update ECPA By Viet Dinh
- @FinancialTimes: John Thornhill: Why breaking encryption to combat terrorism carries risks
- @TechCrunch: Europe eyeing direct access to cloud services for police data requests by @riptari
- @thehill: “Why US surveillance bothers me — and should bother you”
- @20Committee: “The privacy of a terrorist can never be more important than public safety – never”
- @business: What a murder in Arkansas means for your digital privacy
- @EFF: Thanks to our lawsuit, the Justice Department is supposed to release secret court rulings on surveillance tomorrow.
- @ericgeller: Here is Rosenstein’s full comment on encryption.
- @lawfareblog: Stewart Baker: Steptoe Cyberlaw Podcast: In Which Ben Wittes Gets to the Right of Stewart Baker
- @OrinKerr: The 180 day rule exists only on paper, b/c no providers follow it. It is trumped by the 4th Amendment under Warshak. It’s not important.
- @Reuters: ‘Five Eyes’ talks to focus on encryption: Australian PM
- @victoriaespinel: Ahead of @HouseJudiciary’s hearing tmrw on #data stored abroad, @BSAnews’ op-ed in @thehill on need for legislation:
- @RosenzweigP: Digital Security and Due Process: Modernizing Cross-Border Surveillance Law for the Cloud Era
- @actonline: .@Microsoft’s @BradSmi outlines vital importance of balancing law enforcement needs w/ data privacy. #ICPA
- @BradSmi: We need modern laws that balance law enforcement needs with privacy. The US-UK agreement is a good place to start.
- @dnvolz: House Freedom Caucus opposes Senate GOP’s push to permanently reauthorize FISA Section 702 without changes.