Bloomberg BNA reported on the status of multiple national security and cybersecurity bills, including ICPA, the ECPA Modernization Act, and the Email Privacy Act, currently up for consideration by the 115th Congress. The article summarizes each bill, and briefly notes the role Microsoft’s warrant case played in bringing attention to the issue of email privacy. The piece also reports that S. 1297 would permanently reauthorize surveillance under Section 702.
The New York Times The Russian Company That Is a Danger to Our Security
The New York Times published an opinion piece by Sen. Jeanne Shaheen urging the advancement of bipartisan legislation that would prohibit the federal government from using Kaspersky Lab software due to the Moscow-based company’s “extensive ties to Russian intelligence.” Sen. Shaheen notes that Kaspersky’s servers are located in Russia, and under Russian law, the F.S.B can require that Kaspersky assist the agency its surveillance operations and require the company to install communications interception equipment that allows the F.S.B. to monitor all of the company’s data transmissions.
SPECIAL COVERAGE: MICROSOFT RESPONSE TO DACA
On Tuesday, Microsoft President and Chief Legal Officer Brad Smith authored a blog expressing Microsoft’s concerns on the Trump Administration’s decision to discontinue the Deferred Action for Childhood Arrivals (DACA) immigration program. Mr. Smith emphasized the need to prioritize legislation in Congress before tax reform because “we need to put the humanitarian needs of these 800,000 people on the legislative calendar before a tax bill.”
Microsoft has 39 employees “that we know of” impacted by the decision. If Congress fails to act “our company will exercise its legal rights properly to help protect our employees. If the government seeks to deport any one of them, we will provide and pay for their legal counsel.”
The blog and media coverage is included below.
Microsoft on the Issues Blog Urgent DACA legislation is both an economic imperative and humanitarian necessity
We are deeply disappointed by the administration’s decision today to rescind protection under the program for Deferred Action for Childhood Arrivals (DACA). As we said last week, we believe this is a big step back for our entire country. The question for individuals, employers and the country is what we do now.
Talking Points Memo Microsoft Will Protect DACA Recipient Employees in Court if Necessary
Bloomberg BNA reported that Google appealed to the Vermont Supreme Court a recent Superior Court ruling ordering the company to comply with search warrants, authorized under Vermont’s Electronic Communications Privacy Act, seeking access to data stored abroad. Google handed over all data located in the U.S. but cited the Second Circuit’s decision in Microsoft’s warrant case as justification for its refusal to comply with the warrants. The piece notes that the federal government petitioned the U.S. Supreme Court to review the ruling in Microsoft’s warrant case with the Support of Vermont, along with 31 other states.
The Conversation published an opinion piece by Dan Jerker B. Svantesson, co-director of the Centre for Commercial Law at Bond University, examining problems posed for Australian law enforcement by the inability to access data stored abroad. Svantesson notes that cross-border access to data is a “slow and cumbersome process” and “assistance of tech giants rests on uncertain legal ground,” specifically highlighting Microsoft’s warrant case as an example of the conflict of laws facing tech companies. Svantesson summarizes various solutions to the issue, noting that the U.S. is considering updates to ECPA and the Council of Europe is working on providing further guidance to address concerns regarding cross-border access to data.
Forbes published an opinion piece by Tim Edgar, former director for privacy and civil liberties in the White House Cybersecurity Office, examining Edward Snowden’s 2014 revelations regarding U.S. government spying and the importance of protecting the privacy of Americans as well as foreign users of American internet services. Edgar argues that ensuring privacy protections of foreigners “is not just good for business, it is good for everyone’s privacy.”
The European Commission wants to bolster cyber security in the EU by increasing investment in technology, setting stricter consumer safeguards and stepping up diplomacy to deter attacks by other nations, among other measures. The Commission is due to announce its proposals in a report later this month, a copy of which was obtained by Reuters on Wednesday. It also argues for greater national and law enforcement cooperation to halt incoming attacks.
Representatives of Facebook told congressional investigators Wednesday that the social network has discovered that it sold ads during the U.S. presidential campaign to a shadowy Russian company seeking to target voters, according to several people familiar with the company’s findings. Facebook officials reported that they traced the ad sales, totaling $100,000, to a Russian “troll farm” with a history of pushing pro-Kremlin propaganda, these people said.
Sandberg’s plaintive post was a response to President Donald Trump’s decision Tuesday to rescind DACA, an Obama-era program designed to protect illegal immigrants brought to the US as children from deportation. The administration’s plans could affect as many as 800,000 people. The tech industry is one of America’s great achievements. World leaders — from Indian Prime Minister Narendra Modi to Chinese President Xi Jinping — routinely stop for visits with the leaders of Google, Apple, Facebook and Intel when they travel to the US. As president, Barack Obama made frequent trips to meet with executives and even dined at their homes.
Protecting the privacy of foreign users of American internet services is not just good for business, it is good for everyone’s privacy – including Americans. The digital data, communications, and personal lives of Americans now transcend national boundaries. It turns out we are all in this together. In the digital age, the only way to protect the privacy of Americans is to protect the privacy of everyone.
The SEC’s chairman says regulators need to do more to educate retail investors on the risks created by cyber crime, Reuters reports. […] “I am not comfortable that the American investing public understands the substantial risks that we face systemically from cyber issues,” Clayton was quoted saying Tuesday during a panel discussion at New York University. “I’d like to see better disclosure around that.”
- “The Second Circuit opinion is an outlier among other rulings that have considered whether communications companies should be forced to turn over data stored overseas. Most courts haven’t been swayed by the arguments that forcing companies to turn over data stored abroad.”
- “Member States have an obligation to ensure that their laws comply with the CJEU’s jurisprudence, and EU law more generally. It is thus concerning to notice that only a limited proportion of Member States have actually annulled their pre-Digital Rights legislation and that practically no Member States’ laws currently comply with Tele-2/Watson… Very few governments have taken the lead in pushing legal reforms, and to the extent that limited positive changes at the national level have occurred, they have been the result of litigation initiated by NGOs and other small interest groups.”
- “The First Amendment interest in informed popular debate does not simply vanish at the invocation of the words ‘national security.’ … [but] Public security can thus be compromised in two ways: by attempts to choke off the information needed for democracy to function, and by leaks that imperil the environment of physical security which a functioning democracy requires. The tension between these two interests is not going to abate, and the question is how a responsible balance may be achieved. … Where matters of exquisite sensitivity are in question, we cannot invariably install, as the ultimate arbiter of disclosure, even the conscience of the well-meaning employee.”
- “ We must also consider the interests of the countries in which the data are located… Finally, the tech companies themselves have legitimate interests. Particularly in avoiding being squeezed between contradictory rules in different legal systems. The success of any new policy depends on striking an appropriate balance. Unfortunately, the chaotic situation we are faced with currently hinders the work of law enforcement, and also fails to protect privacy rights – it only benefits the criminals.”
- “Unfortunately, many individuals use the electronic communications providers to commit crimes. These include sexually exploiting children over the internet by luring children to engage in sex acts and creating and distributing child pornography. Electronic communications providers’ refusal to comply with lawfully issued search warrants unreasonably compromises law enforcement’s ability to investigate these crimes and keep children safe.”
- “A U.S. Court of Appeals for the Second Circuit decision in Microsoft v. United States brought ECPA warrant issues to the forefront this year when the court ruled that the Stored Communications Act—part of ECPA—couldn’t be used to compel Microsoft to turn over emails stored on servers in Ireland without a warrant. The Second Circuit called on Congress to update the law to better protect privacy interests and law enforcement access to data stored abroad.”
- “The [SB 21] bill leaves agencies an enormous amount of flexibility. But it would prevent them from amassing the technologies in secret. Opponents argue that the disclosure would help criminals circumvent the surveillance, but that’s not a persuasive justification for allowing law enforcement to make these hidden investments — cops and criminals have long been locked in a game of technological cat and mouse. The residents of a community should have a say in how intensively they will be monitored, and that can’t happen if they don’t know how they’re being watched.”
SOCIAL MEDIA HIGHLIGHTS
- @klillington: My column: #PrivacyShield is already coming apart at the seams – & annual review in just 10 days… via @IrishTimesBiz
- @Privacy_Lynch: #Google Fights Legal Tide, Asks Vermont to Kill Overseas Warrants @BloombergLaw
- @privacyint: EU states’ data retention laws still violating privacy rights, report warns… our full report:
- @Snowden: Ever wonder why the Oversight Committees can’t seem to control our spies? Well, they’re staffed by the same spies.
- @IBTimesUK: Australian police get new spy powers to hack smart-devices, demand encryption keys
- @OrinKerr: Last week, Microsoft filed its Brief in Opposition in the MSFT Ireland warrant case from the CA2. Read it here:
- @TheNLJ: .@DreamHost appeals warrant seeking data on @realDonaldTrump inauguration protests
- @Timothy_Edgar: Why I think Americans should care about foreign privacy:
- @realdanstoller: Returning Congress May Focus on Cybersecurity, Surveillance… via @bloombergbna #Congress #CyberSecurity #surveillance
- @LATpoliticsCA: State bill requiring California police to disclose surveillance equipment stalls in fiscal committee
- @michaeldweiss: Only newsworthy because of the election. For years, this FSB front was treated as a legit cybersecurity firm:
- @techdirt: Black Lives Matter Sues Police Department Over Illegal Surveillance Based On First Amendment Activities