TikTok Is China’s Trojan Horse

People are easy to dupe.  Give us something for free and we will open the door to just about anything in return, including our most sensitive family, health, and financial information. 

The ancient Greeks knew something about the human psyche when they built a massive wooden horse and put it outside the enemy gates at Troy.  Unsuspecting Trojans marveled at the gift and ushered it inside unexamined.  Hidden in the horse were the Greek men of war who emerged to sack the city. 

Continue reading “TikTok Is China’s Trojan Horse”

A Third-Way Approach to Regulating Facial Recognition Systems

The use of facial recognition systems powered by algorithms and software continues to raise controversy given their potential use by law enforcement and other government agencies.  For over a decade, the Department of Commerce’s National Institute for Standards and Technology (NIST) has evaluated facial recognition to identify and report gaps in its capabilities.  Its most recent report in 2019 quantified the effect of age, race, and sex on facial recognition accuracy.

The greatest discrepancies that NIST measured were higher false-positive rates in women, African Americans, and particularly African American women.  It noted, “False positives might present a security concern to the system owner, as they may allow access to impostors.  False positives also might present privacy and civil rights and civil liberties concerns such as when matches result in additional questioning, surveillance, errors in benefit adjudication, or loss of liberty.”

Continue reading “A Third-Way Approach to Regulating Facial Recognition Systems”

Reflections on the Microsoft/Ireland Case

Last week the Supreme Court granted a review of a Second Circuit decision upholding Microsoft’s defiance of a U.S. warrant for the production of e-mail messages, stored in a server housed in Ireland, of a man suspected of drug trafficking.

At its simplest, the legal battle between Microsoft and law enforcement is a debate over the reach and intent of a law passed many years (1986) before the coming of age of the Internet.

Microsoft and its allies argue that that law, the Stored Communications Act (SCA), was written at a time when Congress knew virtually nothing about the Internet and what it would become, and that furthermore there is no indication in the language of the law or congressional intent that suggests it could be applied extraterritorially. Continue reading “Reflections on the Microsoft/Ireland Case”

Electronic Privacy Needs ICPA Update

Privacy advocates won an important victory in July when a federal appeals court ruled to limit the access of the U.S. government to individuals’ e-mail accounts.

The U.S. Court of Appeals for the Second Circuit said the federal government did not have the authority to issue search warrants for persons’ e-mails stored on servers outside the United States.  The case was brought by Microsoft Corp. in response to a warrant that would’ve compelled Microsoft to turn over customer e-mails stored on a server it maintained in Ireland.  The court affirmed that the Stored Communications Act (part of the broader Electronic Communications Privacy Act of 1986) did not give the government such powers outside U.S. territory.

This was a key judicial ruling to be sure. But it points up the increasingly urgent need for Congress to update that 1986 ECPA legislation to reflect the realities of today’s global digital environment.

Such legislative efforts have been initiated in recent years, only to languish in committee.  The most notable example was the Law Enforcement Access to Data Stored Abroad (or “LEADS”) Act, introduced in February 2015.

Writing about the LEADS Act when it was introduced, attorney Kurt Wimmer noted in an issue paper for The Media Institute that “cloud computing” as we know it today did not exist when the ECPA was enacted in 1986.  “Our current storage habits for digital records are precisely the opposite of the habits that existed in 1986, when ECPA was adopted,” he wrote.  And so it remains today.

However, there is new hope on the horizon.  On May 25, Reps. Tom Marino (R-Pa.) and Suzan DelBene (D-Wash.) introduced the International Communications Privacy Act (ICPA).  Senators Orrin Hatch (R-Utah), Chris Coons (D- Del.), and Dean Heller (R-Nev.) introduced identical legislation in the Senate.  These bills (H.R. 5323 and S. 2986) follow in the footstep of the LEADS Act in seeking to establish a rule of law for lawful access to data in the global environment.

Reps. Marino and DelBene (who had also introduced the LEADS Act) said in a statement:

“We were pleased that the LEADS Act gained such widespread support with more than 130 cosponsors in the House.  ICPA improves upon this effort by broadening industry recognition, and we believe it will earn an even greater backing from our colleagues in Congress.  This bill guarantees that users of technology have confidence that their privacy rights will be protected by due process while simultaneously ensuring law enforcement agencies have necessary access to information through a clear, legal framework to keep us safe.”

The bill stipulates that U.S. law enforcement could obtain warrants for the electronic information of U.S. persons physically located in the United States, or nationals of foreign countries that have a Law Enforcement Cooperation Agreement with the United States, provided the country does not object to the disclosure.  Thus, the ICPA would maintain the sovereignty of nations in protecting information stored within their borders.

By clarifying the rules surrounding the release of electronic information, the ICPA would not only protect individual privacy but would also improve the competitive posture of American companies doing business in the global digital economy.  Cloud computing will continue to revolutionize everything from newsgathering and financial transactions to the Internet of Things as the future of business migrates ever more rapidly to the cloud.  The rules governing privacy and the protection of information in that space need to be clear.

Updating the ECPA with the International Communications Privacy Act would reflect today’s reality of cloud computing and provide the legal framework needed to protect the privacy of individuals, support law enforcement, and promote a competitive environment for American companies.  Congress can’t afford to let this one languish.

The LEADS Act and Cloud Computing

Bipartisan legislation, introduced last month in the House and Senate, promises to reform and update the antiquated Electronic Communications Privacy Act (ECPA) and in the process push back against the practice by agencies of government to gain access to personal data stored on U.S. corporation servers abroad.

The legislation, called the LEADS Act, is co-sponsored in the Senate by Sens. Orrin Hatch (R-Utah), Chris Coons (D-Del.), and Dean Heller (R-Nev.), and in the House by Reps. Tom Marino (R-Pa.) and Suzan DelBene (D-Wash.).

Short for “Law Enforcement Access to Data Stored Abroad,” the LEADS Act’s principal improvements on ECPA are in recognizing that U.S. law enforcement may not use warrants to compel the disclosure of customer content stored outside the United States unless the account holder is a U.S. person, and by strengthening the process – called MLATs (mutual legal assistance treaties) – through which governments of one country allow the government of another to obtain evidence in criminal proceedings.

One of the better examples of the need for updating ECPA centers on a government warrant served on Microsoft for the contents of the email of an Irish citizen stored on a Microsoft server in Dublin.  >> Read More

New Tech and the Old Media

Microsoft’s Chief Counsel for Intellectual Property Strategy, Tom Rubin, recently gave a speech to the UK Association of Online Publishers that has made some waves.

At its most basic, Rubin’s speech was a call for greater copyright protection of “quality content,” and an appeal to content providers for new approaches to the dissemination of their content online.

“The evidence is in,” he says, “and I think we can safely say that the ‘information wants to be free’ approach not only does not work, actually it has been a disaster for almost all newspapers.”

Even if, as a columnist for CNET suggested, Rubin’s speech was meant to position Microsoft, at Google’s expense, as the “safe” technology partner for content companies, many of the specific observations, and the very language employed, provide a welcome contrast to the carelessness and condescension that mark so much of the digerati’s take on the subject.

Speaking of the Evil One, turns out that Google and Yahoo! called off their joint advertising deal just in the nick of time.

A story in the December 2 issue of Am Law Daily quotes Sanford Litvack as saying that the Department of Justice was just three hours away from filing antitrust charges to block the deal when the two companies abandoned their pact.

Litvack says that had the deal not been withdrawn the DOJ would have challenged it under sections of the Sherman Act that “ban agreements that restrain trade unreasonably,” and “make it unlawful for a company to monopolize or attempt to monopolize trade.”

As noted here in September, because of its opacity and potential harm to online publishers and advertisers, the deal alarmed many people, including us. Glad to see it go away, unwept.