Category Archives: Privacy Regulation

Subscribe to Privacy Regulation RSS Feed

Cloudy With a Chance of Exploitation

By Jason M. Weinstein on June 13, 2013 Posted in Cloud Computing, Privacy Regulation

With all the controversy surrounding the leaks regarding the PRISM program, there is at least one constituency that is likely rejoicing — Europe-based cloud computing companies. For the past few years, cloud providers in Europe have tried to gain a competitive advantage over US-based providers in the European market by arguing that the Patriot Act… Continue Reading

“I’m shocked—shocked—to find that surveillance is going on in here.”

By Michael Vatis on June 10, 2013 Posted in Privacy Regulation

It seems we can’t go a day without another bombshell in what we can now call the “Snowden Affair.” Many people are calling Edward Snowden a “whistleblower” for leaking two classified intelligence programs. But that term is usually reserved for someone who reveals government lies, law-breaking, or malfeasance. What Snowden revealed, though, are government activities… Continue Reading

The FISA Court Order Flap: Take a Deep Breath

By Stewart Baker on June 6, 2013 Posted in Privacy Regulation

There may be a lot less to the NSA “scandal” than meets the eye. In an article for Foreign Policy, I explain why I am quite confident that the program underlying the FISA court order is lawful: [T]his is not some warrantless or extra-statutory surveillance program. The government had to persuade up to a dozen… Continue Reading

Total Information Awareness, Redux

By Michael Vatis on June 6, 2013 Posted in Privacy Regulation

There have been many critics of the Obama Administration’s aggressive pursuit of leakers. But today’s news offers a new line of attack on the Administration’s tactics: they’re apparently not working. The UK paper The Guardian was the beneficiary of a huge new leak, this one about a secret court order to a Verizon subsidiary ordering… Continue Reading

Location, Location, Location

By Jason M. Weinstein on May 29, 2013 Posted in Privacy Regulation, Security Programs & Policies

The Geolocation Privacy and Surveillance (GPS) Act is one of several pieces of legislation that would require law enforcement to obtain a warrant based on probable cause whenever it seeks location information. The term “location information” is very broadly defined, and the proposed law would make no distinctions based on the level of precision or… Continue Reading

Overreacting to the AP Subpoenas

By Jason M. Weinstein on May 23, 2013 Posted in Privacy Regulation, Security Programs & Policies

Wired recently reported that four members of Congress have introduced the Telephone Records Protection Act, which would require federal law enforcement to obtain a court order before obtaining telephone toll records – whether from reporters or anyone else – in an investigation. However well-intentioned, this bill is an extreme overreaction to the frenzy over DOJ… Continue Reading

Not-So-Shocking Privacy Surprises

By Stewart Baker on April 29, 2013 Posted in Privacy Regulation

Privacy laws are an ideal illustration of laws with unintended consequences. Take two examples plucked from last week’s front pages: On April 25, The New York Times reported on massive fraud in the billion-dollar settlement of claims that the Agriculture Department discriminated against black, Hispanic, and female farmers: “It was the craziest thing I have… Continue Reading

Amendments to CISPA a Threat to Cybersecurity?

By Stewart Baker on April 10, 2013 Posted in Cybersecurity and Cyberwar, Privacy Regulation

In response to some of the privacy criticisms of the Cyber Intelligence Sharing and Protection Act (CISPA), the House Intelligence Committee is proposing amendments to the bill. Politico’s Tony Romm reports on some of the likely amendments: Still another amendment specifies clearly that CISPA won’t allow companies to “hack back” their hackers in pursuit of… Continue Reading

The Hackback Debate Revisited

By Stewart Baker on March 4, 2013 Posted in Cybersecurity and Cyberwar, Data Breach, International, Privacy Regulation, Security Programs & Policies

Last fall, Orin Kerr and I engaged in an online debate over the Computer Fraud and Abuse Act — specifically whether it is lawful for the victim of computer crime to follow his stolen data into networks controlled by the thief. The debate spread across several posts and into the comments, but it’s been pulled… Continue Reading

A Soft Counterattack on Private Counterhacks

By Stewart Baker on February 14, 2013 Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation, Security Programs & Policies

Herb Lin of the National Research Council has launched the first, soft counterattack on those who think victims of cyberespionage should have greater leeway to respond directly to intrusions. Herb always strives for some balance in his work, but it’s clear that he’s a skeptic, concluding “It is not clear that the use of offensive… Continue Reading

They Really Don’t Know Clouds At All

By Stewart Baker on February 12, 2013 Posted in International, Privacy Regulation, Security Programs & Policies

Every new computing technology seems to bring with it a privacy flap. Right now, cloud computing is going through that phase, at least outside the US. Canadian and European elites fear that putting data in the cloud will somehow let the US government paw through it at will, a fear that usually centers on Section… Continue Reading

Anonymous Attacks Again

By Stewart Baker on January 28, 2013 Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation, Security Programs & Policies

Anonymous is claiming to have struck a blow in Aaron Swartz’s memory. It has hacked the website of the US Sentencing Commission and posted a long manifesto and a group of files named after Supreme Court Justices. The manifesto suggests that the files contain embarrassing secrets and says that the secrets will be revealed in… Continue Reading

FTC’s Online Privacy Campaign Goes into High Gear

By Michael Vatis on December 21, 2012 Posted in Privacy Regulation, Security Programs & Policies

The Federal Trade Commission is really on a roll these days. In the last few weeks alone it has: reached settlements with two companies, Compete, Inc. and Epic Marketplace, Inc., over the FTC’s charges that the two companies deceived consumers by misrepresenting their online data collection practices; released a blistering report criticizing the developers of mobile apps… Continue Reading

US Head of Delegation at WCIT Badmouths Deep Packet Inspection

By Michael Vatis on December 11, 2012 Posted in International, Privacy Regulation

It’s been a contentious meeting in Dubai at the World Conference on International Telecommunications (WCIT), where the United States and its allies have been trying to fend off efforts by Russia, China, and others to expand the writ of the International Telecommunications Union to cover the Internet. Besides that fundamental dispute, there have been some… Continue Reading

Privacy: The Latest Victim of Europe’s Privacy Regulation

By Stewart Baker on November 12, 2012 Posted in Data Breach, Privacy Regulation, Security Programs & Policies

The European Union has proposed a privacy policy that will inevitably deprive many people of their privacy. Now working its way through the tortuous Brussels process, the regulation includes a “right to data portability.” Typically, this is Commission-speak for a regulatory requirement that information services must hand over all of a subscriber’s historical data upon request,… Continue Reading

The Hackback Debate

By Steptoe on November 2, 2012 Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

The vulnerability of computer networks to hacking grows more troubling every year. No network is safe, and hacking has evolved from an obscure hobby to a major national security concern. Cybercrime has cost consumers and banks billions of dollars. Yet few cyberspies or cybercriminals have been caught and punished. Law enforcement is overwhelmed both by… Continue Reading

RSA CEO Speaks Out on Privacy

By Stewart Baker on October 12, 2012 Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

In a speech earlier this week to RSA 2012 in Europe, Art Coviello challenged privacy laws as a threat to, well, privacy: “Intelligence-based security also requires information sharing at scale,” said Coviello. But these changes are held back by a number of things, including current privacy laws. Coviello recounted a discussion he had with a… Continue Reading

A Trip Down Privacy’s Memory Lane

By Stewart Baker on August 20, 2012 Posted in Privacy Regulation

Privacy groups are known to put a lot of effort into attacking new technologies for a reason. They are concerned that, once the technology is seen in action, we won’t be scared by its hypothetical risks, while its benefits will be easier to assess. Once that happens, imposing new privacy laws gets a lot harder. To… Continue Reading

Drones: The Next Privacy Victim?

By Stewart Baker on August 14, 2012 Posted in Privacy Regulation, Security Programs & Policies

A Forbes article by Greg McNeal argues that the UAV industry is now squarely in the privacy lobby’s sights. That means that the industry must be demonized relentlessly until new legal constraints are imposed on public and private use of the technology. All the signs are there. The left-leaning privacy groups have already recruited Drudge and… Continue Reading

Europe’s ‘Right to be Forgotten’ Privacy Protection Moving to the US?

By Stewart Baker on August 9, 2012 Posted in Data Breach, International, Privacy Regulation

In his recent post, Eugene Volokh of the Volokh Conspiracy recently discussed whether it can ever be libelous to say, accurately, that someone has been arrested after the arrest has been expunged. The New Jersey Supreme Court rightly described the idea as Orwellian and rejected it. However, in Europe a version of this rule is… Continue Reading

What Happened to the Cybersecurity Bill?

By Stewart Baker on August 3, 2012 Posted in Cybersecurity and Cyberwar, Privacy Regulation, Security Programs & Policies

The cybersecurity bill is dead for this Congress, with cloture failing by a vote of 52-46. The Senate’s failure to reach any kind of compromise is particularly striking, given that roughly two-thirds of the basic ideas in the bill had been endorsed by all of the following: the Obama administration, Senator McCain and the great… Continue Reading

The Cybersecurity Act of 2012; Hacker Protection

By Stewart Baker on July 24, 2012 Posted in Cybersecurity and Cyberwar, Data Breach, Privacy Regulation, Security Programs & Policies

A revised draft of the cybersecurity bill contains information sharing provisions that were heavily negotiated between the Obama administration and privacy groups. This effort at compromise has prompted the usual ambiguous praise from privacy groups. The Electronic Frontier Foundation, though “pleased” with the progress, complained that the measure still “contains broad language around the ability… Continue Reading

California Boosts Privacy Enforcement

By Michael Vatis on July 20, 2012 Posted in Data Breach, Privacy Regulation

California Attorney General Kamala Harris announced yesterday that she is creating a Privacy Enforcement and Protection Unit in her office. The PEPU, which will consist of six prosecutors, will be responsible for prosecuting companies that violate the state’s privacy laws. California, of course, has been at the vanguard of privacy protection, enacting the nation’s first… Continue Reading

More Trouble for ZTE

By Stewart Baker on July 13, 2012 Posted in China, International, Privacy Regulation

ZTE, the huge Chinese telecom equipment manufacturer, has found themselves in a kind of perfect storm. A storm largely of their own making. First, ZTE and its larger Chinese rival, Huawei, have been the subjects of great national security concern for years. As I discussed last month the US intelligence community is worried that, if allowed to install equipment… Continue Reading