In October 2022, the White House unveiled its Blueprint for an AI Bill of Rights — a step CDT warmly welcomed, after urging the Biden Administration to lead on the use of artificial intelligence in high-risk settings.

At a time when AI and automated systems are increasingly being used in decisions that impact people’s lives — from assessing job applicants and screening tenants for housing, to detecting fraud and determining eligibility in public benefits programs — it’s essential to safeguard against biased and ineffective designs. CDT praised the Blueprint for considering the diverse ways in which discrimination can occur in AI tools, for challenging inappropriate and irrelevant data uses, and for sharing practical steps that companies and agencies can take to reduce harm.

Later in the year, CDT welcomed the National Institute for Standards & Technology’s (NIST) AI Risk Management Framework, which guides private and public sector decision-makers in how to map, measure and manage risks. Speaking with NIST Director Dr. Laurie Locascio at the Framework’s unveiling, our CEO called it an important step that should be followed by sector-specific guidance, transparency and auditing mandates, and rules for AI procurement and use across the federal government.

The 2022 U.S. midterm elections featured hotly contested races and increasing political attacks on the administration of elections. Building on our years of work on election security, CDT released a major report on “de-weaponizing and standardizing” post-election audits. We explained that a post-election audit is one of the strongest ways to earn public confidence in election systems, but that audits can be misused to sow distrust in an outcome advocates dislike. CDT called for robust election audit standards and a credentialing system for auditors, and explained how observers can distinguish good post-election audits from sham reviews.

CDT also took on other key issues in election security. We partnered with Georgetown University on original research revealing that only 1 in 4 election websites use the .gov domain, which creates an opportunity for bad actors to create fake but legitimate-seeming election websites that spread disinformation. We shared our findings with election officials and federal cybersecurity leaders to increase resources for election officials to migrate to the government-only .gov domain. We also issued an important primer on ballot-marking devices (BMDs), helping election officials distinguish between legitimate security considerations and exaggerated claims that undermine trust in an important tool that helps disabled people vote independently.

With the 2024 U.S. presidential election on the horizon, CDT is leading new research to increase security and public trust in elections, and partnering with election officials, lawmakers, civil society groups, and others who share our commitment to free and fair elections.

In a landmark study, CDT’s election and research teams revealed that women of color candidates in the 2020 U.S. elections were more than four times as likely as white candidates to be the targets of violent online abuse. Based on a large sample of Twitter data, the research also found that women of color candidates were twice as likely as other candidates to be targeted with or be the subject of mis- and disinformation.

The findings of the study – called “An Unrepresentative Democracy,” and underwritten by the Knight Foundation – are worrying because a healthy democracy requires political participation and representation from all segments of society.

CDT’s study is one of the first to examine the problem of mis- and disinformation and abuse using a representative sample of all women of color candidates that ran in 2020. It contributes an evidence base for concerns that advocates, particularly those from communities of color, have raised for some time.

Along with our quantitative analysis, CDT researchers interviewed candidates who shared disturbing firsthand accounts of online hate and abuse. CDT built on our findings with recommendations for social media companies to more directly focus on these issues; for political parties to increase their resources around online abuse; and for further research work ahead.

A bipartisan bill in the U.S. House of Representatives marked the most significant progress to date toward a long-awaited and much-needed comprehensive federal privacy law. CDT was at the forefront as the American Data Privacy and Protection Act (ADPPA) was negotiated and passed through the House Energy & Commerce Committee, fighting for a strong bill that will establish privacy protections for consumers across America.

ADPPA didn’t make it across the finish line in 2022, but the bill’s bipartisan momentum marked an important milestone. Committee members reached a compromise on hard issues like preemption and a private right of action, and — crucially — embraced a privacy framework that is grounded in baseline rules companies must follow, rather than relying on user notice and consent. As individuals and companies alike call for clearer rules governing commercial data practices, CDT will keep urging Congress to act.

Meanwhile, the FTC launched a proceeding to explore rules to address harmful online commercial data and security practices. CDT welcomed the inquiry and filed detailed comments to inform the Commission’s actions, describing the impact of current data practices, recommending privacy-protective measures the FTC could adopt, noting competition issues the FTC might consider, and addressing harmful data practices in the education and government services sectors.

Transparency is essential to empower users and increase accountability in online services, but it can be hard for policymakers to know what “transparency” really means. In 2022, CDT released a conceptual framework for transparency about practices that affect users’ speech, access to information, and protection from government surveillance. It maps and describes platforms’ current and past transparency efforts, and offers recommendations for policymakers and companies. Our Research team bolstered this work with a report analyzing what forms of transparency are most useful to users, placing particular focus on recommendation algorithms that play such a large role in users’ online social media experiences.

CDT also sought to expand researchers’ access to data from online services — a key way for academics, journalists, and civil society to analyze trends and provide an independent check on company practices. As legislators and companies alike considered researcher access proposals, we convened researchers to articulate what forms of access and vetting methods are most effective. We published a report studying how other industries have balanced the benefits of researcher access against privacy and other risks, and how those lessons might apply to social media companies. Then, as legislative discussions gained momentum, we engaged with policymakers on both sides of the Atlantic, analyzing competing proposals — and ultimately welcoming the passage of a first-of-its-kind researcher access mandate in the EU’s Digital Services Act.

When the Senate drafted the well-intentioned but fatally flawed Kids Online Safety Act (KOSA), CDT recognized that the bill risked making kids less safe — and could also be weaponized to attack LGBTQ+ people and individuals who seek information about reproductive or gender-affirming care. In response, CDT rallied 100 human rights and LGBTQ+ organizations in a letter to Congress sharing these concerns.

One of CDT’s core fears is that KOSA could be used by state Attorneys General to censor online resources and information for queer and trans youth, people seeking reproductive healthcare, and other young people. The bill creates a vague “duty of care” to prevent harm to minors at a time of increasing politicization of these issues. It also risks jeopardizing the safety and privacy of vulnerable youth by presuming that parental surveillance of teens’ internet use is universally a good thing — an assumption that sadly does not match real-world experience.

CDT made clear that, rather than rushing KOSA through, the best way to protect kids online is to pass bipartisan federal privacy legislation that safeguards all Americans. As an increasing number of states consider legislation focused on children’s online safety, we need to make sure those approaches consider the interests of all children, and don’t create inadvertent harms that will put more kids at risk.

In 2022, CDT’s Workers’ Rights & Technology Project focused on ways workplace technologies impact people’s access to jobs, their ability to organize, and the quality of their daily lives.

We celebrated when the Equal Employment Opportunity Commission and Department of Justice published guidance warning that automated hiring systems can cause discrimination – specifically focusing on the risk of discrimination against disabled people, a concern CDT had urged action on for years. Building on this work, CDT partnered with leading civil rights organizations to release the Civil Rights Principles for Hiring Assessment Technologies. The principles are designed to inform policymakers, provide a baseline for company best practices, and empower workers to fight for their rights.

We also honed in on the risks created by surveillance and AI-driven task management systems in the workplace, which can force people to work at an unsafe pace and face disciplinary actions for even minor deviations. Late in the year, we were proud to see the National Labor Relations Board take action, releasing guidance on the harms that intrusive electronic surveillance and management systems can inflict.

CDT also fought for workers’ privacy. We championed bills like California’s AB 1651, which aims to extend privacy protections to workers through a legal framework geared to the unique dynamics of workplace technology and data use. While the law did not ultimately pass, California workers gained the protections of the California Consumer Privacy Act (CCPA), representing one of the most significant shifts in workplace privacy laws in U.S. history – a change CDT will be watching closely as CCPA goes into force next year.

When students returned to schools following extended periods of remote learning, activity monitoring technologies originally aimed at keeping students safe followed them, both during the school day and at home.

A 2022 CDT survey revealed that software that tracks and flags students’ online activity can significantly harm the students it’s meant to protect — with students facing increased disciplinary action and contact with law enforcement, LGBTQ+ students being outed, and students reporting a chilling effect on their speech and how they access information. Certain groups of students, including students who rely on school-provided devices and students with disabilities, were at demonstrably greater risk of experiencing these harms, as were Black students, Hispanic students, and students from low-income families.

Motivated by these findings, CDT mobilized a coalition of civil rights organizations to urge action by the U.S. Department of Education, which should warn schools and vendors that student monitoring technologies may violate civil rights laws. Our research was picked up in news outlets around the country, including in-depth discussions on NPR and their local affiliates, a feature story in Wired, and award-winning coverage in The 74 Million.

The legal landscape for online speech is shifting rapidly in the U.S., with activity in state legislatures and in the courts. CDT was on the front lines, filing briefs in the Supreme Court cases Google vs. Gonzalez and Twitter v. Taamneh, and in cases out of Texas and Florida.

At the heart of the Supreme Court cases is whether the bedrock intermediary liability law Section 230 shields online service providers from liability for third-party content they “recommend” – and, if Section 230 does not provide protection, whether providers’ failure to remove terrorist content confers liability under the Anti-Terrorism Act (ATA).

In Gonzalez, CDT and a half-dozen leading technologists argued that recommending content online is inextricable from publishing it, and therefore deserves protection under Section 230. In Taamneh, we argued that a provider should only be liable under the ATA if it has knowledge that a specific piece of user-generated content on its platform provides substantial assistance to a terrorist act. If the Court were to decide otherwise in these cases, online services would be incentivized to restrict speech by barring discussion of controversial topics, aggressively removing content, or shutting down content moderation systems originally adopted to improve user experience.

In the Texas and Florida cases, we emphasized the importance of online services’ First Amendment right to moderate content without government interference. We warned that Texas social media law HB 20, which requires social media platforms to moderate content in a “viewpoint neutral” way, would chill services from moderating hate speech, disinformation, and violent threats. In Twitter v. Paxton, we explained that when the government pressures an online service in retaliation for content moderation practices that officials disagree with, it will inevitably result in those services self-censoring in a way that harms users and the public.

At CDT’s sixth annual Future of Speech Online event, The Supreme Court’s Pivotal Term, we brought together top legal experts, company leads, advocates fighting against online hate and disinformation, and other experts to discuss the issues at stake in these cases and deliberate strategies for protecting online speech.

CDT brought on board several new policy experts in 2022. Eric Null and Nathalie Maréchal joined as Co-Directors of CDT’s Privacy & Data Project, where they lead efforts to protect the privacy rights of technology users and fight harmful and discriminatory uses of data online and offline.

Joining CDT as General Counsel and Senior Counsel for Competition Policy was George Slover, who brings his competition policy experience to bear on enabling much-needed competition in the online marketplace, and all the benefits that will make it possible, while also ensuring that privacy, security, and other fundamental online protections can be preserved and strengthened.

Jake Laperruque joined CDT’s Security and Surveillance Project as Deputy Director, where he works on reforming intelligence surveillance laws, preserving encryption worldwide, and resisting discriminatory surveillance of marginalized communities.

As a founder of the Global Encryption Coalition, CDT continued to fight for the protections granted by encryption — protections that helped ensure access to secure communications for human rights defenders in many countries in 2022, including protesters in Iran and fighters in Ukraine.

We spoke out in favor of encryption when several countries, including India and Turkey, advanced legislation that would authorize their governments to demand data about services’ users and the contents of their communications. Demands that communication service providers disclose content are fundamentally out of step with end-to-end encryption, which ensures that only a sender and recipient can access the content of messages, and ensures their privacy, security, and authenticity.

Given the profound importance of encryption to secure communications around the world, CDT was proud to see the United Nations Office of the High Commissioner for Human Rights (OHCHR) issue its strongest-ever endorsement of the importance of end-to-end encryption in the protection of democracy and human rights worldwide. Echoing CDT’s long-held positions and recent advocacy, the OHCHR highlighted that certain government mandates for technology design are fundamentally incompatible with end-to-end encryption, and called out the European Commission’s proposed Regulation on Child Sexual Abuse, the UK’s Online Safety Bill, the U.S. EARN IT Act, and India’s new Intermediary Guidelines as governmental attacks on encryption that pose threats to human rights.

The second annual Global Encryption Day, on October 21, saw over 5.9 million people participate in online and offline events to raise awareness about the value of encryption. Voices ranging from the World Economic Forum to representatives from the Women’s March joined policymakers and advocates in highlighting their support of strong encryption and Global Encryption Day.

In 2022, CDT’s Internet Architecture team filled leadership roles across the organizations that debate and set internet standards, co-chairing the World Wide Web Consortium (W3C)’s Privacy Interest Group and the Internet Research Task Force’s Human Rights Protocol Consideration Group, and joining the Internet Architecture Board. CDT also served on the U.S. delegation to the 2022 meeting of the International Telecommunication Union, a specialized United Nations agency, and convened civil society leaders to improve public interest engagement within internet governance spaces.

CDT serves in these standards-setting bodies as a watchdog for the protection of human rights. We help ensure that the privacy, security, and human rights effects of any policy or technical proposal are reviewed and discussed. In 2022, we helped drive conversations about how to move towards a more privacy-protective internet, how end-to-end encrypted messaging might interoperate between different providers, and how to collaboratively build the protocols that allow augmented and virtual reality worlds to function across different web browsers and other internet-connected software.

Crucially, we also help our civil society colleagues navigate processes for contributing to standards-setting processes to expand civil society participation and impact.

As CDT does each year, we regularly convened our Working Groups — which comprise experts from civil society, industry, academia, the legal field, and other professions — to explore pragmatic solutions to the latest and most pressing challenges in tech policy.

In 2022, CDT’s Working Groups covered topics including the sale of personal data from data brokers to law enforcement; the key questions and tradeoffs around researcher access to data from online platforms; international standards for privacy in online advertising; the road ahead for the European Union’s Digital Services Act; and the role of technology companies in defending democracy.

Through this private forum, in which participants are free to converse, learn, and contribute ideas without staking out public positions, we work to find common ground on tough issues.