Executive Briefing September 15, 2017

HILL UPDATE

Politico House Gets ICPA Companion

Rep. Doug Collins (R-Ga.) has introduced the International Communications Privacy Act (H.R. 3718 (115)), which provides a framework for how law enforcement can access electronic information that’s stored abroad. The bill stalled in the previous Congress but has re-emerged once more, with Sen. Orrin Hatch (R-Utah) introducing the Senate version (S. 2986 (114)) earlier this year. “The International Communications Privacy Act will increase the effectiveness of American law enforcement and the privacy protections of U.S. citizens by correcting the legal ambiguity that has threatened both in recent years,” Collins said, in a statement. Microsoft President Brad Smith has endorsed the need for such legislation.

Washington Post This Lawmaker Wants Apple to Explain How IPhone X Will Protect the Privacy of Your Face

Sen. Al Franken (D-Minn.) on Wednesday called on Apple to more fully explain how the facial-recognition system on its new iPhone X will protect the privacy of its users and whether the data will be shared with law enforcement. The request, in a letter sent to Apple chief executive Tim Cook, echoes concerns that privacy advocates raised following the announcement of the new system on Tuesday. The technology uses several sensors to map the faces of users and stores the resulting data on the device itself, allowing users to later unlock the device or use the Apple Pay app my merely glancing at it.

ARTICLE SUMMARY

The Recorder DOJ: Google Won’t Fight New Warrants for Overseas Data

The Recorder reported on the recently filed DOJ reply brief in Microsoft’s warrant case, which revealed that Google will no longer challenge Stored Communications Act (SCA) warrants for overseas data so long as the warrants are issued outside of the Second Circuit. The piece notes that this “marks a reversal of the company’s legal strategy on the issue of law enforcement access to data stored abroad.” Politico reported on a recently unsealed district filing disclosing that U.S. District Court Chief Judge Beryl Howell of D.C. rejected Google’s challenge of a warrant requesting foreign-stored data. Howell also agreed to hold Google in contempt, fining the company $100,000 a day over the warrant.

Bloomberg Microsoft Adds Cloud Security to Keep Out Hackers — and Government Snoops

Bloomberg reported on Microsoft’s new cloud-security technology offering, called Azure confidential computing and created in partnership with Intel, which uses “powerful encryption” to secure customer data. The piece alleges that under this new technology, “Microsoft won’t have the capability to turn over data in response to government warrants and subpoenas,” noting this is the issue under consideration in Microsoft’s current legal battles over customer data.

Lawfare EU Judges US Surveillance Law

The Irish High Court is considering a potential landmark case on the legality of transferring personal data from the European Union to the United States. A large portion of E.U. data transfers operates under “Standard Contract Clauses” (SCCs), boilerplate language widely adopted in written agreements. A central issue in Schrems v. Facebook is whether U.S. surveillance, when conducted within the U.S., is so pervasive that data transferred to the U.S. via SCCs lack “adequate” protection of privacy.

TechCrunch Google Files to Appeal $2.73BN EU Antitrust Fine

Google has filed a legal appeal against a record-breaking fine handed down by the European Commission this summer for anti-competitive behavior relating to the operation of its product search comparison service, currently known as Google Shopping. The news was reported earlier by Reuters and separately confirmed by us. In June the EC judged that Google had given the service “an illegal advantage by abusing its dominance in general Internet search” — accusing it of promoting Google Shopping in organic search results while simultaneously demoting rival services — issuing a record-breaking €2.42 billion (~$2.73BN) fine for the antitrust violations.

Talking Points Memo The Growing Backlash Against Big Tech

Ben Smith has a piece up looking at what we might call the ground swelling backlash against Big Tech. It’s not tech per se of course. It’s the big platform monopolies (Google, Facebook, Amazon, Apple and Microsoft) and a few associated companies with similar characteristics. Ben is largely pulling together several threads that we’ve seen over recent weeks and months. It was punctuated by the ham-handed expulsion of Barry Lynn’s anti-monopoly group a couple weeks ago at the New America Foundation. But it’s been growing on numerous fronts: new policy research, new books, new political coalitions that are, if not bipartisan, at least cutting across established political factions and tribalism.

The Atlantic Can Cops Force You to Unlock Your Phone With Your Face?

The Atlantic, reported on Face ID, the facial recognition unlock feature for iPhone X unveiled by Apple, examining how the feature will impact law enforcement access to iPhones.  Several news outlets noted concerns raised by several legal and privacy scholars regarding the potential ramifications of law enforcement being able to unlock a phone by holding it up a suspect’s face, as well as questions around the need for law enforcement to obtain search warrants prior to unlocking devices with this technology.

AP Wisconsin Legislature Approves $3B Incentive for Foxconn

MADISON, Wis. (AP) — The Wisconsin Assembly sent a $3 billion incentive package for Taiwan-based Foxconn to Gov. Scott Walker on Thursday, signing off on a deal to lure the electronics giant to the state with the biggest subsidy to a foreign company in U.S. history. The bill approved on a bipartisan 64-31 vote would make $2.85 billion available to Foxconn Technology Group in cash payments if it invests $10 billion and hires 13,000 workers. The Senate approved the proposal Tuesday. The Republican governor was in South Korea on a trade mission at the time of the vote but pledged to sign the incentives package into law soon.

The Verge Google’s New Privacy Dashboard Makes It Easier to See What Google Knows About You

Google will soon be rolling out design changes to its user-facing privacy and security dashboard, in an attempt to make it more touchscreen-friendly and more clear to users which Google products are storing their data. In other words, Google is giving you a new spoon with which to scoop up the ocean of data that exists out there in the Google-sphere. But, hey: it’s the little things. In a blog post published this morning, Google said that its main user dashboard, which launched in 2009, has been “redesigned from the ground up.” This dashboard includes tools like My Account and My Activity — which, if you haven’t used them before, I recommend using. These are the portals through which you can see all of your Google activity, delete search activity, and manage your activity across various Google products like search, Maps, and YouTube.

The Verge Why We Can’t Trust Facebook’s Story About Russian Ads

Some have called Facebook “brave” for disclosing the ad buys. “They probably could have buried this, and they did the right thing by coming forward,” Clint Watts, a senior fellow at the Foreign Policy Research Institute, told The Washington Post. But beyond a blog post yesterday and some tersely worded statements to reporters, Facebook has done little to put Russia’s purchase of political advertising in perspective. A foreign country’s use of Facebook’s vaunted targeting capabilities in an effort to sway a close election is deeply disturbing. And yet Facebook, in its public statements so far, has been coy about sharing details.

Bloomberg Union Power Is Putting Pressure on Silicon Valley’s Tech Giants

Organized labor doesn’t rack up a lot of wins these days, and Silicon Valley isn’t most people’s idea of a union hotbed. Nonetheless, in the past three years unions have organized 5,000 people who work on Valley campuses. Among others, they’ve unionized shuttle drivers at Apple, Tesla, Twitter, LinkedIn, EBay, Salesforce.com, Yahoo!, Cisco, and Facebook; security guards at Adobe, IBM, Cisco, and Facebook; and cafeteria workers at Cisco, Intel, and, earlier this summer, Facebook. The workers aren’t technically employed by any of those companies. Like many businesses, Valley giants hire contractors that typically offer much less in the way of pay and benefits than the tech companies’ direct employees get. Among other things, such arrangements help companies distance themselves from the way their cafeteria workers and security guards are treated, because somebody else is cutting the checks. Silicon Valley Rising, a coalition of unions and civil rights, community, and clergy groups heading the organizing campaign, says its successes have come largely from puncturing that veneer of plausible deniability.

The Daily Beast Exclusive: Facebook Won’t Reveal if Russia Targeted You During the Election

Federal investigators believe Facebook’s servers contain a wealth of hard data that could shed light on the central question of American politics in 2017: Did Donald Trump’s campaign collude with the Russian government? But Facebook told The Daily Beast on Wednesday that “we aren’t well placed to know if something like coordination occurred” between the Trump campaign and Russia. The social media giant then declined to commit to releasing information about Russian government-backed Facebook posts, groups, and paid advertisements to the users who encountered them.

THINK TANK/TECH TRADE ASSOCIATION HIGHLIGHTS

American Enterprise Institute (AEI): Blog post on jobs/workforce development: Research fellow of poverty studies Angela Rachidi outlined findings from the US Census Bureau’s official and supplemental poverty rates from 2016. Rachidi highlighted how the report shows that increasing work is a “critical component” for reducing poverty. “Along with a strong economy, public policy efforts to increase the share of Americans that work full-time, full-year are needed.” (AEI BLOG – Poverty report highlights the importance of work, Angela Rachidi, September 12, 2017)

Brookings: Signs of digital distress study: Brookings released an interesting new study this week on the digital divide that includes some helpful data on rural access. The report uses census data to provide a neighborhood by neighborhood view of broadband conditions.  (Signs of digital distress, Adie Tomer, Elizabeth Kneebone and Ranjitha Shivaram, September 12, 2017)

BSA | The Software Alliance: Press release on Privacy Shield: Commenting on Privacy Shield’s first annual review next week, Thomas Boué, BSA Director General, Policy – EMEA, encouraged “the EU and the US to hold fruitful and constructive discussions to further solidify the success of the one year-old EU-US data transfer framework.” (BSA PRESS RELEASE – BSA Looks Forward to Positive Outcome of Privacy Shield Annual Review, September 14, 2017)

Freedom Works: Blog post on the International Communications Privacy Act (ICPA): FreedomWorks President Adam Brandon wrote a blog post in support of ICPA, arguing that the legislation “is a welcome update to our privacy laws for electronic communications, which are woefully out of date. The bill helps protect the privacy of individuals online, while providing updated guidelines for law enforcement officials seeking access to data stored abroad.” (FREEDOMWORKS BLOG – Support the International Communications Privacy Act, H.R. 3718, By Adam Brandon, September 13, 2017)

New America: Blog post on broadband privacy protections: Eric Null, the policy counsel at the Open Technology Institute, called for California Assembly member Ed Chau’s broadband privacy bill, A.B. 375., to move forward in the California Senate. Shortly after the blog post went up, “the California Senate Rules Committee voted 3-2 to allow the bill to move forward.” However, Null said that “the bill still has to go through several procedural requirements, and ultimately must be voted on by the full Senate and Assembly on Friday.” (NEW AMERICA BLOG – The California Legislature is Trying to Run Out the Clock on Protecting Broadband Privacy, By Eric Null, September 12, 2017)

TechNet: Op-ed on STEM: Andrea Deveau, vice president for state policy and politics, and Maria Klawe, the president of Harvey Mudd College, voiced their support for the proposed California State STEM School. “[It] would add an outstanding public school option for communities that need them, and embody all that California stands for: innovation and inclusion, dynamism and diversity,” they wrote. (SACREMENTO BEE – Here’s a way to add diversity to sciences in California, By Maria Klawe and Andrea Deveau, September 13, 2017)

Information Technology Industry Council (ITI): Podcast on tech policy: Mehlman Castagnetti Principal CR Wooters spoke with President and CEO Dean Garfield “about the future of tech policy, taking note of both topical issues like tax reform and longer term issues like potential regulations of drones and autonomous vehicles.” (14TH & G – Podcast with Dean Garfield, President and CEO of ITI, September 11, 2017)

NOTABLE QUOTES

  • “ICPA would set clear guidelines for international data-privacy issues, absolving the courts from having to solve this multifaceted issue on a case-by-case basis… To ensure law enforcement has the necessary tools to work within an international framework, while respecting privacy rights, Congress should pass ICPA and make long overdue updates to ECPA.”

Christina Delgado, policy manager, R Street Institute

  • “For the first time, a company will have a facial recognition system with millions of profiles, and the hardware to scan and identify faces throughout the world. And this could in theory make Apple an irresistible target for a new type of mass surveillance order. The government could issue an order to Apple with a set of targets and instructions to scan iPhones, iPads, and Macs to search for specific targets based on FaceID, and then provide the government with those targets’ location based on the GPS data of devices’ that receive a match.”

Jake Laperruque, senior counsel, The Constitution Project

  • “iPhones are now the first consumer products in American history that are beyond the reach of Fourth Amendment warrants…. default device encryption cripples even the most basic steps of a criminal investigation.”

testimony by Cyrus Vance Jr., Manhattan District Attorney

  • “We’re continuing to follow the Second Circuit Court of Appeals’ decision and will decline to produce data stored overseas in courts that fall within that circuit. To seek consistency in the law, we are appealing some of the cases where lower courts have decided not to follow the ruling of the Second Circuit Court of Appeals. This discrepancy in court decisions is yet another reminder that data surveillance laws need to be modernized to safeguard users’ privacy, protect law enforcement’s legitimate need to collect digital evidence, and provide clarity. We are pleased that both houses of Congress have introduced bills that address these issues.”

Statement from Google regarding compliance with SCA warrants for data stored abroad

  • “In the wake of those decisions, Google has reversed its previous stance and informed the government that it will comply with new Section 2703 warrants outside the Second Circuit (while suggesting that it will appeal the adverse decisions in one or more existing cases)… Consequently, the government’s ability to use Section 2703 warrants to obtain communications stored abroad—which may contain evidence critical to criminal or national-security investigations—now varies depending on the jurisdiction and the identity of the provider.”

Supreme Court reply brief from the Department of Justice

  • “The government says it can search our devices for no reason at all, without a warrant or any suspicion whatsoever that a person has violated immigration or customs laws…In carrying out device searches, border officials take advantage of the fact that travelers have no meaningful way to resist or contest the searches… The Fourth Amendment protects us against unreasonable searches and seizures — including at the border. To be sure, border officers can stop travelers and search their belongings even if they don’t suspect the travelers of wrongdoing, but mobile electronic devices differ fundamentally from luggage.”

Hugh Handeyside, staff attorney & Esha Bhandari, staff attorney, ACLU

  • “There’s an urgent need for this legislation since the law in this area has not been updated in 31 years, and it’s now ill-suited to address modern electronic data storage… Courts have struggled to apply these outdated statutes to modern data storage scenarios and have called on Congress to update the law to provide clear legal guidelines for both law enforcement and the companies that host data.”

Microsoft President and Chief Legal Officer Brad Smith

  • “The government cannot use the border as a dragnet to search through our private data… electronic devices contain massive amounts of information that can paint a detailed picture of our personal lives, including emails, texts, contact lists, photos, work documents, and medical or financial records. The Fourth Amendment requires that the government get a warrant before it can search the contents of smartphones and laptops at the border.”

Esha Bhandari, staff attorney, ACLU

  • “Right now, police can’t force you to reveal your password to unlock your phone and search it without a warrant—similar to the same way police need a warrant to search your house. But some courts have ruled that law enforcement can force you to use your fingerprint to unlock a phone. And so there’s a real concern about what will happen when cops can simply hold your phone in front of you to get inside.”

April Glaser, reporter, Slate

  • “Interestingly enough, while the case went for Microsoft and they didn’t have to turn over data files that were stored in Ireland, in the instance of the appeal and the request … [to the U.S. Court of Appeals for the Second Circuit], the Second Circuit denied that, which is why it’s being appealed to the U.S. Supreme Court… Many states are on board with this, and a lot of states are deciding for turning over the data, and they’re using the dissent in what scholars are calling Microsoft II… There are certainly arguments out there that data should be unterritorial, meaning that data is [legally considered to be] everywhere and nowhere in the cloud. When the federal laws were originally written, they did not consider the cloud.”

Jeannette Eicks, professor, Vermont Law School

SOCIAL MEDIA HIGHLIGHTS