Could impact how information is shared and what powers government has in collecting your digital files
Last year after an outpouring of opposition, Internet advocates logged a victory when they defeated the controversial Stop Online Piracy Act (SOPA).
Now there are other new bills and efforts to amend existing law that could reshape how businesses share digital information about users and what powers the federal government has in obtaining online data. Below are four that are either actively being debated, or could come up for consideration soon.
Electronic Communications Privacy Act (ECPA)
Since this law setting standards for how the government can access digital information of citizens passed in 1986, technology has changed dramatically, but the law has not.
Proponents of ECPA reform say the most egregious portion of the law involves the rights the government has to obtain electronic files without needing a warrant. “A paper letter sitting in your home or office drawer has a significantly higher level of constitutional protection compared to an email right now,” says Robert Holleyman, president of the Business Software Alliance, who backs changes to ECPA to strengthen consumer and business privacy.
ECPA allows the government to obtain access to digital communications — including email, Facebook messages, information sitting in your public cloud provider’s databases, and a variety of other files — with only a subpoena and not a warrant once those items are 180 days old.
To provide a scope of how much information companies hand over the government, Google recently reported that it coughed up more 18,000 requests for information from the government in the second half of last year alone.
There is already movement afoot on Capitol Hill to change this. Last year, the Senate Judiciary Committee passed an update to ECPA, but it failed to reach a vote on the full Senate floor. This month, members of the House of Representatives filed an update to ECPA, so the debate will ramp up again soon.
Another portion of ECPA dictates when the government has access to GPS tracking using cellphones. There has been some support in the House for the GPS Act, which would set policies for when the government can access location information of citizens, but the Senate bill passed last year was silent on this issue.
Cyber Intelligence Sharing and Protection Act (CISPA)
At a basic level, CISPA dictates how companies share information about cyberthreats with the federal government. Opponents to the legislation, like the Electronic Frontier Foundation (read an FAQ about CISPA from the EFF here), are worried about what they call inadequate privacy protections given the broad definitions of cyberthreat.
Equally concerning, according to Mark Stanley, head of campaigns and communications for the non-partisan Center for Democracy & Technology (CDT), is that information companies turn over to the government goes to the National Security Administration, he says, which is a military division of the government.
“Rightfully so, there is little sunlight on what the NSA does,” Stanley explains. “Because it’s a military entity, it must be secret.” But that creates privacy issues when companies provide personally identifiable information (PII) about U.S. citizens over to the NSA. “We have no idea what it will be used for,” he says, because of broad definitions of cybersecurity in the bill. CDT is calling for rules dictating which organizations of the government use information and for what.
CISPA has been kicking around Washington, D.C., for the past few years but has gained bipartisan support recently, including from the two leading members of the House Intelligence Committee. Supporters reintroduced the bill in February, setting it up to be a hotly debated piece of legislation in the coming months.
Computer Fraud and Abuse Act (CFAA)
Internet freedom fighters mourned the loss of anti-SOPA organizer and Reddit co-founder Aaron Swartz earlier this year. Swartz was facing prosecution under CFAA, which has since been referred to by some as “Aaron’s Law.” Reform-seekers believe CFAA — which was passed in the late 1980s and updated a decade later — is too restrictive in banning information sharing. Swartz, for example, was charged with stealing millions of scholarly articles and documents from an MIT subscription-based service called JSTOR, and could have served jail time.
Generally speaking, CFAA makes it a federal crime to access and share protected information. Organizations like the EFF have called for CFAA reforms for years, though, specifically to reduce penalties for CFAA violations and to install clearer definitions of what a breach of CFAA is.
It’s unclear where CFAA reform stands at this point, though. Washington inside-the-beltway blog Politico recently reported that the Obama administration has been reluctant to support reform efforts.
Trans Pacific-Partnership Agreement (TPP)
While the other three items on this list have pertained only to U.S. law, there is an international debate ongoing to establish standards for online sharing among countries on either side of the Pacific. Technology advocates are worried about what the TPP will mean for digital copyright laws both in the U.S. and internationally.
The TPP involves nine countries along the Pacific Rim, including the U.S., Peru, Chile, Vietnam, Singapore, Malaysia, Australia, New Zealand and Brunei, and soon Japan and Canada. The agreement could expand U.S. intellectual property (IP) standards to other countries, while reinforcing existing IP laws in America. Advocates such as the EFF are worried about what the law will mean for their efforts to ease “fair use” restrictions of content and reform copyright laws such as the Digital Millennium Copyright Act (DCMA). More broadly, though, the EFF says the technology portions of TPP negotiations have been conducted in a shroud of secrecy.
The U.S. Trade Office on its website discusses the benefits of TPP, particularly as they relate to trade agreements between the countries, but says little about the technology impacts of the TPP. Meanwhile, the next rounds of negotiations for the TPP are ongoing during the first two weeks of March.