Electronic Privacy Needs ICPA Update

Privacy advocates won an important victory in July when a federal appeals court ruled to limit the access of the U.S. government to individuals’ e-mail accounts.

The U.S. Court of Appeals for the Second Circuit said the federal government did not have the authority to issue search warrants for persons’ e-mails stored on servers outside the United States.  The case was brought by Microsoft Corp. in response to a warrant that would’ve compelled Microsoft to turn over customer e-mails stored on a server it maintained in Ireland.  The court affirmed that the Stored Communications Act (part of the broader Electronic Communications Privacy Act of 1986) did not give the government such powers outside U.S. territory.

This was a key judicial ruling to be sure. But it points up the increasingly urgent need for Congress to update that 1986 ECPA legislation to reflect the realities of today’s global digital environment.

Such legislative efforts have been initiated in recent years, only to languish in committee.  The most notable example was the Law Enforcement Access to Data Stored Abroad (or “LEADS”) Act, introduced in February 2015.

Writing about the LEADS Act when it was introduced, attorney Kurt Wimmer noted in an issue paper for The Media Institute that “cloud computing” as we know it today did not exist when the ECPA was enacted in 1986.  “Our current storage habits for digital records are precisely the opposite of the habits that existed in 1986, when ECPA was adopted,” he wrote.  And so it remains today.

However, there is new hope on the horizon.  On May 25, Reps. Tom Marino (R-Pa.) and Suzan DelBene (D-Wash.) introduced the International Communications Privacy Act (ICPA).  Senators Orrin Hatch (R-Utah), Chris Coons (D- Del.), and Dean Heller (R-Nev.) introduced identical legislation in the Senate.  These bills (H.R. 5323 and S. 2986) follow in the footstep of the LEADS Act in seeking to establish a rule of law for lawful access to data in the global environment.

Reps. Marino and DelBene (who had also introduced the LEADS Act) said in a statement:

“We were pleased that the LEADS Act gained such widespread support with more than 130 cosponsors in the House.  ICPA improves upon this effort by broadening industry recognition, and we believe it will earn an even greater backing from our colleagues in Congress.  This bill guarantees that users of technology have confidence that their privacy rights will be protected by due process while simultaneously ensuring law enforcement agencies have necessary access to information through a clear, legal framework to keep us safe.”

The bill stipulates that U.S. law enforcement could obtain warrants for the electronic information of U.S. persons physically located in the United States, or nationals of foreign countries that have a Law Enforcement Cooperation Agreement with the United States, provided the country does not object to the disclosure.  Thus, the ICPA would maintain the sovereignty of nations in protecting information stored within their borders.

By clarifying the rules surrounding the release of electronic information, the ICPA would not only protect individual privacy but would also improve the competitive posture of American companies doing business in the global digital economy.  Cloud computing will continue to revolutionize everything from newsgathering and financial transactions to the Internet of Things as the future of business migrates ever more rapidly to the cloud.  The rules governing privacy and the protection of information in that space need to be clear.

Updating the ECPA with the International Communications Privacy Act would reflect today’s reality of cloud computing and provide the legal framework needed to protect the privacy of individuals, support law enforcement, and promote a competitive environment for American companies.  Congress can’t afford to let this one languish.

Title II Places Global Internet Freedom in Jeopardy

By guest blogger ROBERT M. McDOWELL, partner at Wiley Rein LLP in Washington, D.C.  Former FCC commissioner McDowell is chairman of The Media Institute’s Global Internet Freedom Advisory Council.

In February, the Federal Communications Commission reversed decades of bipartisan consensus on America’s foreign policy for the Internet when it adopted new “open Internet” rules.  These sweeping new regulations undermine America’s ability to resist increased government control of the Internet internationally, thus placing global Internet freedom and prosperity in jeopardy.

Proponents of more Internet regulation argued that “the strongest possible” laws were needed to prevent Internet service providers, such as cable and phone companies, from acting in anticompetitive ways and harming consumers by, say, blocking selected Web destinations.  Their solution?  Imposing regulations designed for the Ma Bell phone monopoly on 21st-century technology by declaring the Internet a public utility under Title II of the Communications Act of 1934.  After unprecedented pressure from the White House and net neutrality activists, the FCC abandoned a more moderate approach in favor of Title II classification.

It is important to remember that this represented a stunning reversal of the policies of the Clinton and Bush administrations.  Both presidencies rejected regulating the Internet like a public utility – domestically or internationally – instead adopting a highly successful “hands-off” approach.   The result: The Internet is the greatest global deregulation success story of all time.

Despite the long-held policy against subjecting the Internet to telephone-style regulations, the FCC’s imposition of more than 1,000 new regulations under Title II – including the power to set “rates, terms, and conditions,” will serve to legitimize international efforts to expand government control of the Internet as well.  With America’s bargaining power regarding the issue of Internet freedom weakened as a result, countries like Russia and China may encounter less resistance to increased multilateral authority over the Net.

Furthermore, the FCC’s new rules could have tangible consequences for America’s existing treaty obligations.  For example, defining the Internet as a phone network may trigger expanded jurisdiction over the Web through existing treaties of the International Telecommunication Union, a regulatory arm of the United Nations.  In reaction to similar proposals in 1998, President Clinton’s FCC chairman, William Kennard, presciently said that “classifying Internet access services as telecommunications services could have significant consequences for the global development of the Internet.”

In 2012 at the World Conference on International Telecommunications (WCIT), the United States led a coalition of 55 nations that refused to sign a global treaty that would presume new authority to regulate disparate aspects of the Internet.  Now, however, with more government intrusion into this space at home, maintaining such global coalitions in the future will become increasingly more difficult.

Another potential consequence of the FCC’s rules is an unintended encouragement of intergovernmental rules to impose “sending party pays” fees for international Internet traffic that terminates on networks owned by foreign phone companies.  Such a plan was put forward in 2012 by a handful of European phone companies and ITU member states.  Fortunately, the plan was rejected, as the Unites States and others recognized it would increase costs for consumers as Internet content and app companies would have to pay fees – as a matter of international law – that would be passed on to all Internet users.

Additionally, China continues to advance a proposal to make a special committee of the U.N. General Assembly the dominant body to determine global Internet governance.  Meanwhile, Russia has joined China in sponsoring an “international code of conduct for information security” at the U.N. that would authorize Internet censorship and enshrine multilateral state control of the global network.  These countries have many client states that would support them in a one-country-one-vote treaty adoption.

This week, many of these same countries will be advocating their vision of the Internet’s future at a major international conference at U.N. headquarters in New York.  Global multilateral oversight and regulation of the Internet is their goal.  Included in the written submissions preceding the conference is a proposal by China, and members of the G-77 group of developing countries, calling on member states to reject use of the Internet for “subversive” or “political” purposes.

Also this week, China hosts the Second World Internet Conference.  With government leaders from Russia, Tajikistan, Kyrgyzstan, and Kazakhstan – among others – in attendance, the purported goal of the conference is to promote “an interconnected world shared and governed by all.”  At the conference, China will continue to push for “Internet sovereignty,” a vision for Internet governance that threatens to fundamentally transform the Internet from a truly international information sharing platform, to a compartmentalized series of intranets heavily regulated by governments.

By reversing decades of bipartisan agreement to limit Internet regulation, the FCC has created an irreconcilable contradiction between America’s domestic and foreign policies.  Unfortunately, the cause of an open and freedom-enhancing global Internet will suffer as a result.

The LEADS Act and Cloud Computing

Bipartisan legislation, introduced last month in the House and Senate, promises to reform and update the antiquated Electronic Communications Privacy Act (ECPA) and in the process push back against the practice by agencies of government to gain access to personal data stored on U.S. corporation servers abroad.

The legislation, called the LEADS Act, is co-sponsored in the Senate by Sens. Orrin Hatch (R-Utah), Chris Coons (D-Del.), and Dean Heller (R-Nev.), and in the House by Reps. Tom Marino (R-Pa.) and Suzan DelBene (D-Wash.).

Short for “Law Enforcement Access to Data Stored Abroad,” the LEADS Act’s principal improvements on ECPA are in recognizing that U.S. law enforcement may not use warrants to compel the disclosure of customer content stored outside the United States unless the account holder is a U.S. person, and by strengthening the process – called MLATs (mutual legal assistance treaties) – through which governments of one country allow the government of another to obtain evidence in criminal proceedings.

One of the better examples of the need for updating ECPA centers on a government warrant served on Microsoft for the contents of the email of an Irish citizen stored on a Microsoft server in Dublin.  >> Read More

Internet Freedom in Peril

Not for the first time, FCC Commissioner Robert McDowell has issued a clarion call to all those interested in maintaining a free and open Internet.

In testimony before the House last week, Comm. McDowell made the following points:

(1)  Proponents of multilateral intergovernmental control of the Internet are patient and persistent incrementalists who will never relent until their ends are achieved;

(2)  The recently concluded World Conference on International Telecommunications (WCIT) ended the era of an international consensus to keep intergovernmental hands off of the Internet in dramatic fashion, thus radically twisting the one-way ratchet of even more governmental regulation in this space;

(3)  Those who cherish Internet freedom must immediately redouble their efforts to prevent further expansions of government control of the Internet as the pivotal 2014 Plenipotentiary meeting of the International Telecommunications Union quickly draws near;

(4)  Merely saying “no” to any changes is – quite obviously – a losing proposition; therefore, we should work to offer alternate proposals such as improving the long-standing and highly successful, non-governmental multi-stakeholder model of Internet governance to include those who may feel disenfranchised; and

(5)  Last year’s bipartisan and unanimous congressional resolutions clearly opposing expansions of international powers over the Internet reverberated throughout the world and had a positive and constructive effect.

Once again, a cogent and persuasive presentation by the FCC’s MFC (Most Favored Commissioner). Read the whole of his testimony here.

                                               

The opinions expressed above are those of the writer and not of The Media Institute, its Board, contributors, or advisory councils.

 

The ITU and the Internet

In 1971, when China was first admitted to the United Nations, William Rusher quipped that it was "a case of loosing a China in the bullshop.”  Such is the first thought that comes to mind in reflection on the latest bit of mischief to issue from the UN, in this case courtesy of that body’s International Telecommunications Union (ITU).

The second thought is of the power of precedents in law and policymaking.  Policywise, precedents can be likened to the engine of a train, the caboose of which is incremental or galloping movement in the same direction.

So the take-away from the vote last week in Dubai by 89 countries, including such freedom-loving regimes as those of China, Russia, Iran, and Venezuela (you know, the usuals), is that it’s just a matter of time before many of those same countries claim the right, under the UN charter, to control the Internet through such things as filtering, identifying users, and surveillance.

Defenders of last week’s vote, like the head of the ITU, disingenuously claim that “The conference was not about Internet control or Internet governance….  And indeed there are no treaty provisions on the Internet.”  The key word here is “treaty,” since tucked away in the appendices, as reported by Ars Technica, is this sentence:

[WCIT-12 resolves to invite member states] to elaborate on their respective positions on international Internet-related technical, development and public-policy issues within the mandate of ITU at various ITU forums including, inter alia, the World Telecommunications/ICT Policy Forum, the Broadband Commission for Digital Development and ITU study groups. 

So for the first time, the precedent has been established that the UN is an appropriate body for the deliberation of policy issues affecting the Internet.  Never mind that this resolution is not binding on those countries, like the United States, which voted against the International Telecommunications Regulations.  The point survives: From this time forward the UN’s ITU will provide cover for those nations that wish to wall their citizens off from the open Internet.

Nor is this the only dangerous precedent to be noted in the context of the WCIT.  As warned two years ago by Ambassador Philip Verveer, the adoption by this country of so-called “net neutrality” regulations itself provides an opportunity for international mischief making.

As Robert McDowell, than whom no other FCC commissioner in memory has been right more often, put it in congressional testimony earlier this month:

Should the FCC’s regulation of Internet network management be overturned by the court, in lieu of resorting to the destructive option of classifying, for the first time, broadband Internet access services as common carriage under Title II, the FCC should revive a concept I proposed nearly five years ago – that is to use the tried and true multi-stakeholder model for resolution of allegations of anti-competitive conduct by Internet service providers….

If we are going to preach the virtues of the multi-stakeholder model at the pending World Conference on International Telecommunications (WCIT) in Dubai, we should practice what we preach.  Not only would the U.S. then harmonize its foreign policy with its domestic policy, but such a course correction would yield better results for consumers as well. 

                                               

The opinions expressed above are those of the writer and not of The Media Institute, its Board, contributors, or advisory councils.