CDT Policy Posts

Congress Rejects PATRIOT Act Re-Write, but Modest Improvements Still Possible

December 7, 2009

Congress Rejects PATRIOT Act Re-Write, but Modest Improvements Still Possible

1)    House and Senate Committees Renew PATRIOT with Mostly Minor Changes
2)    The Risks of National Security Letters
3)    House Bill Offers More Significant Change to NSL Authority
4)    Obama Administration Uses Secret Briefings to Resist Strong Standards for FBI Investigations

___________________________________________

1)  House and Senate Committees Renew PATRIOT with Mostly Minor Changes

On November 5, the House Judiciary Committee completed its mark up and reported a PATRIOT Act reauthorization bill, H.R. 3845. The Senate Judiciary Committee completed its markup of companion legislation, S. 1692, in October. The next stop for both bills are floor votes and then a process to reconcile the differences between them.  The outlines of a final package are probably in the two bills reported by the Committees, but the full Congressional calendar suggests that there is not sufficient time for the process to wrap up this year.

PATRIOT is under discussion right now because two of the Act’s amendments to intelligence authorities, and a third, related intelligence authority, are due to expire, or “sunset,” on December 31 unless Congress renews them.  The three expiring provisions, while important, are not as significant as other PATRIOT Act provisions that do not expire.  One expiring provision has never been used and a second was rendered less important by intervening changes in related laws. 

Refocusing the FTC’s Role in Privacy Protection

November 10, 2009

1) 1) CDT Submits Comments in regards to the FTC Consumer Privacy Roundtable

2) The Significance of a Comprehensive Set of Fair Information Practice Principles

3) Examining FIPs at Work: Recent FTC Enforcement Actions Demonstrate a Path Forward

4) CDT Recommendations for Future FTC Action


1) CDT Submits Comments in regards to the FTC Consumer Privacy Roundtable

CDT has submitted comments for the FTC’s first in a series of public roundtable discussions exploring the privacy challenges posed by 21st-century technology and business practices that involve the collection and use of consumer data. CDT views these roundtable sessions as a historic opportunity for the FTC to develop and announce a comprehensive privacy protection policy for the next decade.

The FTC’s current notice, choice and security regime has brought progress toward corporate compliance on privacy, but seems to have met the limits of its utility. CDT urges the FTC to finally move beyond this limited framework. Now is the time for the Commission to apply a full set of Fair Information Practice principles (FIPs) in pursuit of privacy protection. Privacy is an issue that will define the use of technology in the 21st century. CDT expects that the FTC will stand up for consumers and continue to bolster its role as one of the leading agencies in the world safeguarding consumer privacy. This Commission has a great opportunity to make its mark on history by creating a strong framework in favor of privacy, and we urge the FTC to make the most of it.

CDT Discusses Key Policies Issues Surrounding User-Centric Identity Management

November 6, 2009

1) User-Centric Digital Identity

2) Government Pilots of Federated, User-Centric Identity

3) Key Policy Questions for User-Centric Identity Systems


1) User-Centric Digital Identity

In the digital context, identity is simply a claim or set of claims about the user, similar to the physical claim of a driver’s license (“this person is allowed to drive according to this state”) or a library card (“this person is allowed to borrow books”). Traditionally, Web sites ask users to log in to the site in order to assert their identity – whether it is to enable participation or to provide services to the user. However, new models for digital identity have been evolving in order to streamline online interactions and make authentication easier for online service providers.

Many of the identity technologies developed to address problems with traditional identity solutions fall under the loosely defined term “user-centric identity.” New models for identity management separate the service provider and the identity provider, allowing me to log in to thousands of websites using a single set of credentials. A trust framework often connects the user, the identity provider, and the service provider (often called the relying party), laying out a set of conditions that each party should adhere to in order to maintain a trusted system.

Patriot Act Sunsets Should Prompt Re-Consideration of Anti-Terror Powers; Adjustments Needed To Protect Civil Liberties

September 16, 2009

1) Patriot Sunsets Should Prompt Broad Examination of Intelligence Authorities, with a Focus on Documented Abuses

2) Most Expiring Provisions Should Be Amended and Reauthorized

3) Reform Should Start with Powers That Have Been Abused: National Security Letters

4) What's Next in Congress for the Patriot Act?


1) Patriot Sunsets Should Prompt Broad Examination of Intelligence Authorities, with a Focus on Documented Abuses

With letters to Congress this week, the Obama Administration kicked off a debate on the reauthorization of three intelligence surveillance provisions related to the USA PATRIOT Act. The Administration called for all three provisions to be renewed but, in an important development, it said it was willing to consider amendments to the expiring provisions that would protect civil liberties, provided the amendments don't undermine the provisions' effectiveness.

CDT files brief urging privacy safeguards for Google Books

September 9, 2009

CDT has filed an amicus brief in the Google Books copyright lawsuit, asking for the judge to approve the proposed settlement in the case, but also to ensure that reader privacy is protected as Google implements the expanded services envisioned in the settlement. The settlement would dramatically transform Google Books from an index and finding aid into a resource for users to browse, preview, and purchase full-text access to the millions of books Google has scanned from libraries around the world. Such increased access to knowledge will certainly be of great benefit to scholarship and education, but CDT and several other information privacy advocates have identified serious potential threats to reader privacy and intellectual freedom-values that have for many years been taken seriously and highly protected by libraries.

1) CDT files brief urging privacy safeguards for Google Books

2) Privacy Concerns and CDT's Recommendations

3) The Larger Picture of Privacy Online