CYBER INTELLIGENCE SHARING AND PROTECTION ACT (CISPA)
[T]he routine and fulsome sharing of such intelligence information with . . . . the private sector is critically important to protecting the nation from advanced cyber threats.
It is critical that as much information as possible be shared at machine-speed, in real-time, and in a manner that the information–whether classified or not–is operationally usable by entities within the private sector.
FROM CISPA Is Dead. Now Let’s Do a Cybersecurity Bill Right by Julian Sanchez, Wired
Americans have grown so accustomed to hearing about the problem of “balancing privacy and security” that it sometimes feels as though the two are always and forever in conflict – that an initiative to improve security can’t possibly be very effective unless it’s invading privacy. Yet the conflict is often illusory: A cybersecurity law could easily be drafted that would accomplish all the goals of both tech companies and privacy groups without raising any serious civil liberties problems.
Few object to what technology companies and the government say they want to do in practice: pool data about the activity patterns of hacker-controlled “botnets,” or the digital signatures of new viruses and other malware. This information poses few risks to the privacy of ordinary users. Yet CISPA didn’t authorize only this kind of narrowly limited information sharing. Instead, it gave companies blanket immunity for feeding the government vaguely-defined “threat indicators” – anything from users’ online habits to the contents of private e-mails – creating a broad loophole in all federal and state privacy laws and even in private contracts and user agreements. Given that recent experience has shown companies shielded by secrecy often err on the side of oversharing with the government, that loophole was a key concern.
So why the gap between what the law permits and its supporters’ aims? It’s a principle wonks call tech neutrality. Nobody wants to write a bill that refers too specifically to the information needed to protect current networks (like “Internet Protocol addresses” or “Netflow logs”) since technological evolution would render such language obsolete over time.So why the gap between what the law permits and its supporters’ aims? It’s a principle wonks call tech neutrality.
MARKETPLACE FAIRNESS ACT (MFA)
FROM: Senate delays bill allowing online sales taxes, USA Today
The Senate moved closer Thursday to passing a bill to tax purchases made over the Internet.
But a final vote was delayed until May after senators return from a weeklong vacation.
Although opponents hope senators will hear from angry constituents in the next week, they have a steep hill to climb to defeat the bill, dubbed the Marketplace Fairness Act, in the Senate.
The Senate voted 63-30 Thursday to end debate on the bill, setting up a final Senate vote to pass the bill May 6. The final vote will require only a majority to pass the bill, so 14 supporters would have to flip to stop it.
FEDERAL PRIVACY REGULATION
A battle over the development of industry do not track rules for the internet took center stage at an April 24 hearing before the Senate Commerce, Science, and Transportation Committee.
The panel’s chairman, Sen. John D. Rockefeller IV (D-W.Va.), expressed frustration that a do not track agreement has been delayed for months due to conflicts among industry players.
“I urge everybody to take a deep breath and tone down the rhetoric,” Rockefeller said. “We all need to remember that this debate is about consumers and their choices–consumers who may be happy to have their information collected for targeted advertising in some situations, but who may want advertisers to completely leave them alone at other times.”
At the hearing, the online advertising industry was accused of holding up the do not track effort. But the Digital Advertising Alliance (DAA), a consortium of marketing industry groups, blamed leading web-browser manufacturers Microsoft Corp. and Mozilla.
Meanwhile, Microsoft IE has gone on the offensive in their new ad campaign:
FROM: Silicon Valley tries to kill privacy bill, Daily Tribune
Silicon Valley tech firms, banks and other powerful industries are mounting a quiet but forceful campaign to kill an Internet privacy bill that would give California consumers the right to know how their personal information is being used.
A recent letter signed by 15 companies and trade groups — including TechAmerica, which represents Google, Facebook, Microsoft and other technology companies — demanded that the measure’s author, Assemblywoman Bonnie Lowenthal, D-Long Beach, drop her bill. They complain it would open up businesses to an avalanche of requests from individuals as well as costly lawsuits. One early consequence of the heavy lobbying: A hearing on the bill, AB1291, scheduled for last week, has been pushed to next month.
FROM: How to find out everything that Facebook *really* knows about you, Naked Security and Max Schrems: The Austrian Thorn In Facebook‘s Side, Forbes
Max Schrems, a 24-year-old law student from Vienna, a meticulous document requester and researcher, is now sitting on a pile of 1,200 pages that comprise his personal-data Facebook dossier. He secured the data by using a European requirement that entities with data about individuals make it available to those individuals if they request it.
Schrems discovered a then little-known webpage on the Facebook site that allows European users to make this request by submitting proof of identity (a copy of a passport, for example), an e-mail address, a home address, and the link to one’s profile page. Schrems and a few of his friends made the request, and a few weeks later, received CDs from Facebook’s California office in the mail. Schrems, who has been on Facebook since 2008, had a file that was over 1,200 pages long, including everyone he had ever friended and de-friended, every event he had ever been invited to (and how he responded), a history of every “poke” he had ever received, a record of who else signed onto Facebook on the same computers as him, email addresses that he hadn’t provided for himself (but that must have been culled from his friends’ contact lists) and all of his past messages and chats, including some with the notation “deleted.”
|AMENDED IN ASSEMBLY APRIL 01, 2013|
|ASSEMBLY BILL||No. 1291|
|Introduced by Assembly Member Lowenthal
(Coauthor(s): Assembly Member Chau, Rendon)
|February 22, 2013|
LEGISLATIVE COUNSEL’S DIGEST
Vote: majority Appropriation: no Fiscal Committee: no Local Program: no
THE PEOPLE OF THE STATE OF CALIFORNIA DO ENACT AS FOLLOWS:
This act shall be known and may be cited as the Right to Know Act of 2013.
The Legislature hereby finds and declares all of the following:
SECTION 1.SEC. 3.
Section 1798.83 of the Civil Code is repealed.
SEC. 2.SEC. 4.
Section 1798.83 is added to the Civil Code, to read:
(a) (1) A business that has retains a customer’s personal information shall make available to the customer free of charge access to, or copies of, all of the customer’s personal information held retained by the business.
(d)A violation of this section by a business subject to these provisions is deemed to constitute an injury to a customer.