Letter from Our CEO
CDT President & CEO Alexandra Reeve Givens: One of our core priorities is to ensure that “tech policy” conversations center the communities and issues directly impacted by technology.
There are some important themes in the our team’s work from 2023. We explore what those features are, what we did, and what kind of impact they’ve had. Take a deep dive with us.
Supporting a Vibrant Digital Public Square
At a time when the landscape for online trust and safety is rapidly shifting, civil society organizations, scholars, policymakers, businesses, and members of the public are more loudly voicing concerns about various aspects of online life. CDT is working to protect people’s rights to express themselves, access information, and find community, while increasing users’ privacy and sense of safety, agency, and control.
A Vision for Responsible, Rights-Respecting AI
In 2023, no topic in technology was hotter than artificial intelligence. Teams across CDT weighed in on how AI is already impacting people’s rights and our democracy, and how highly capable foundation models will cause further change – in areas as wide-ranging as employment; housing and lending; government surveillance; elections; the administration of government programs; the use of AI in schools; and more.
Preparing for a Seismic Election Year
In 2024, more than 4 billion people are eligible to vote, with major elections in over 76 countries around the world. In 2023 — a crucial year of preparation — CDT focused not only on secure elections infrastructure, but also on how to ensure voters can access reliable information about when and how to vote, and the candidates and issues at stake.
CDT Europe: A Leading Voice for Human Rights in EU Tech Regulation
Since 2013, CDT Europe has worked in Brussels to advocate for the promotion and protection of democracy and human rights in EU tech law and policy. In 2023, the CDT Europe team welcomed two new Programme Directors and other staff, allowing us to deepen our work on online expression, privacy, AI, and surveillance.
Below are some of our proudest accomplishments from 2023. Our work has never been more important.
Defending Against Data Harms
From an individual’s personal health data, to their private financial information, CDT remained committed to limiting harms that result from the use of people’s sensitive information — particularly for marginalized communities. When the Federal Trade Commisison (FTC) launched a sweeping public comment process on commercial data practices, CDT highlighted how marginalized communities are disproportionately impacted by numerous data collection and processing practices, and urged the FTC to develop specific protections against discrimination as part of its rulemaking on commercial surveillance and data security.
We kept up the fight for a comprehensive privacy law throughout 2023, emphasizing its importance to protecting civil rights, including in response to a National Telecommunications and Information Administration inquiry about how data practices can harm marginalized communities. In Congress, CDT CEO Alexandra Reeve Givens testified before the House Energy & Commerce Committee on the importance of comprehensive U.S. federal privacy legislation. Emphasizing the long-overdue need for such a law, Givens observed that this was Congress’s 31st hearing on privacy protections in five years.
In 2023, we shined a light on how data management practices affect tenant screening and people’s access to public housing, urging the FTC and Consumer Financial Protection Bureau (CFPB) to take action while continuing our efforts on privacy and data use issues for workers, students, people with disabilities, and more.
We also provided guidance to the CFPB on the intricacies of the data broker ecosystem, and on how CFPB could use its authority to protect consumers against harms.
Launching CDT’s AI Governance Lab
In 2023, as policymakers and people around the world grappled with rapid developments in AI, CDT launched its new AI Governance Lab. Helmed by leading experts Miranda Bogen and Kevin Bankston, the Lab provides a strong public interest voice in advancing solutions for the responsible governance of AI systems. The Lab engages directly with AI companies and multistake-holder initiatives to advocate for best practices, supports public interest advocates with technical expertise, and guides policymakers on effective standards and regulatory approaches. Its Advisory Committee includes noted experts Rumman Chowdhury, Irene Solaiman, Deb Raji, and Dave Willner.
The AI Governance Lab was created thanks to supporters including The David and Lucile Packard Foundation, Ford Foundation, Open Society Foundations, the Patrick J. McGovern Foundation, and the Siegel Family Endowment.
Combatting Stalking & Gender-based Violence in the Digital Age
While people are increasingly using popular Bluetooth location-tracking devices to locate lost items, stalkers and abusers can also misuse these devices to surreptitiously track people. This year, CDT partnered with the National Network to End Domestic Violence (NNEDV) to develop best practices for tracking-device manufacturers and smartphone companies that can help detect the presence of unwanted trackers, calling for collaborative work on a universal standard.
In May, Google, Apple, and other companies released a first-of-its-kind joint specification to make location tracking devices more discoverable, and began work with CDT and NNEDV to move the specification into the Internet Engineering Task Force, a leading standards body. As we helped drive this effort, CDT worked to ensure that the proposed protections extend to people with disabilities, recommending that trackers’ alerts include visual, auditory, and haptic aspects so that people who are Blind, Deaf, or hard of hearing can also locate unwanted devices.
In 2023, CDT also continued our work to address online gender-based violence. We weighed in on the EU’s efforts to draft a directive, sharing recommendations to ensure it aligns with international human rights law. We urged social media platforms to take concerns of gender-based violence seriously, and to improve transparency practices and engagement with civil society and academic researchers to better understand trends and forms of abuse. As the Digital Services Act went into effect, we underscored how its mandatory due diligence obligations create an opportunity to address “legal but harmful” gender-based violence online.
Shaping the EU’S Implementation of the Digital Services Act
While the Digital Services Act (DSA) — the EU’s flagship online platform regulation — entered into law in late 2022, regulators worked throughout 2023 on drafting extensive secondary legislation and preparing for enforcement. CDT Europe was a leading voice in the process, coordinating civil society voices with a particular focus on shaping the auditing provisions, advocating for meaningful researchers’ access to data from very large online platforms, and ensuring strong protections for users’ expression rights.
Early in the DSA’s implementation, CDT Europe expressed concern about the ways the regulation empowers law enforcement agencies as “‘trusted flaggers”’ of online content while retaining the power to seek information on users — providing an avenue for potential subversion of the rule of law. We urged regulators to put strong safeguards in place to protect against human rights violations, noting civil society’s crucial role in holding platforms and government agencies to account.
Later in 2023, following the announcement of which online platforms would qualify as “Very Large Online Platforms” and “Very Large Online Search Engines” under the DSA, CDT Europe urged the Commission and online platforms to ground those assessments in human rights and regularly consult with civil society.
Pushing Back on Overbroad Surveillance Authorities
This past year saw a renewed push to corral U.S. surveillance laws like Section 702 of the Foreign Intelligence Surveillance Act (FISA). CDT has long pointed out that Section 702 can be misused for domestic surveillance, a clear abuse of civil liberties.
In July 2023, we saw more evidence of exactly this type of harm when it was revealed that the FBI used its authority under FISA to view the communications of Black Lives Matter protesters, lawmakers, journalists, and a batch of 19,000 campaign donors. Given that these abuses have continued despite reassurances from federal law enforcement, we continued urging Congress to make key reforms before reauthorizing Section 702.
CDT supports adding a warrant requirement for gathering information about any U.S. persons, reforming the FISA Court, and preventing law enforcement and intelligence agencies from purchasing data historically obtained through a warrant or court approval. Our advocacy on these issues was featured in national news outlets like The Washington Post, Time Magazine,
and Gizmodo.
Our efforts to combat unchecked government surveillance extended beyond Section 702.
We advocated for the Fourth Amendment Is Not For Sale Act, which passed unanimously
out of the House Judiciary Committee. We also filed an amicus brief in U.S. v Hay, calling out law enforcement’s use of warrantless, pervasive video surveillance of a home, and publicly opposed legislation giving law enforcement unchecked power and risking improper grounding of drones used by journalists and protesters.
Leading Civil Society Involvement in EU AI Act Negotiations
As 2023 came to a close, EU lawmakers agreed upon the final text of the AI Act. CDT Europe led coordination of civil society organizations through the Act’s long negotiations, helping a broad range of public interest groups follow and engage on the issues. In October, we hosted a civil society roundtable with the Spanish Presidency of the Council of the European Union and high-level representatives from 15 member states to discuss how the regulation should safeguard human rights.
Ultimately, the final text of the AI Act reflected a number of priorities championed by CDT and civil society, including provisions requiring fundamental rights impact assessments. However, limitations on remote biometric surveillance, predictive policing, and the use of AI in the biometrics and migration fields did not go far enough. Throughout 2024, we will be working to ensure that the AI Act secures access to remedy for harms caused by AI systems, particularly for marginalized groups, and helping regulators and impacted groups alike navigate how the AI Act interacts with European equality law and the new Digital Services Act.
Preserving Workers’ Rights and Autonomy
Increasingly, companies are using intrusive automated tools to hire and monitor their workers, with strong implications for workers’ rights. CDT’s Workers’ Rights & Technology Project works to address this trend, focusing on preserving workers’ health, safety, and privacy, and preventing technology from facilitating discrimination in the labor market.
CDT encouraged the Biden Administration’s efforts in this space, mobilizing a coalition of civil rights and workers’ rights organizations to urge leadership from the White House and the Department of Labor. We also called for more concrete agency actions to mitigate the harms that workers are already experiencing. We celebrated the Biden Administration’s AI Executive Order’s directive for the Department of Labor to address the risk that electronic surveillance and automated management pose to workers, and the Equal Employment Opportunity Commission’s announcement that it would prioritize enforcement of guidelines that help prevent discriminatory tech practices.
As legislators also considered how to protect workers, CDT advised on bills like a proposal to prevent extreme information disadvantages that workers and consumers face when companies use AI to make decisions about their lives. We also welcomed the Stop Spying Bosses Act, the first bill of its kind to appear on Capitol Hill, which would target the risks associated with software used to electronically surveil or algorithmically manage workers.
Keeping Up the Fight to Protect Reproductive Privacy
In the wake of the U.S. Supreme Court’s 2022 Dobbs decision, CDT sprang into action to protect the privacy of data about people’s reproductive decisions. In 2023, we continued to speak up.
CDT identified and pushed for adoption of more comprehensive reproductive health data protections, including publishing a Consumer Privacy Framework for Health Data. The Framework urges companies to place meaningful limits on their collection, sharing, and use of health data, increasing users’ privacy and reducing the chance of companies becoming embroiled in law enforcement demands for their users’ private health information.
CDT also engaged in a number of regulatory efforts. We welcomed the Department of Health & Human Services’s proposed rule protecting patients’ medical records from law enforcement access when the procedure is lawful under the circumstances in which it was provided. We celebrated when the Federal Trade Commission (FTC) cracked down on data brokers selling people’s sensitive location data, and when both HHS and the FTC cautioned medical providers to ensure that their websites are not improperly leaking information about the patients visiting their sites.
In the states, we analyzed and provided technical advice on the use of “shield laws” to protect the information of patients in a given state from out-of-state abortion investigations. In a significant win for reproductive rights and data protection, Washington and New York became the second and third U.S. states to enact such laws.
Grounding Kids’ Online Safety Efforts in Respect for Rights
In a year where lawmakers focused intensely on children’s safety online, CDT sought to address the risks that various proposals pose to children’s rights and the rights of all internet users. Engaging on the Kids Online Safety Act (KOSA), CDT under-scored that the original bill’s provisions empowering state Attorneys General to sue social media platforms for loosely-defined harms created dangerous threats to free expression — jeopardizing users’ ability to speak freely and access information about important topics like reproductive care, racial justice, and LGBTQ+ issues.
A significant number of state and federal bills proposed new age verification requirements
for online services. CDT warned that these requirements could force online services to collect increased amounts of data on their users — adults and children alike — and reiterated our call for strong federal privacy protections.
Throughout our work, we urged regulators not to jeopardize the safety and well-being of the youth they’re seeking to protect. For this reason, we opposed legislative proposals that threaten encryption in the name of child safety, such as the Senate’s STOP CSAM Act. (A 2023 Child RightsInternational Network report supported our concerns, concluding that any effective ban on encryption in the services children use would do more harm than good to children.) We also underscored schools’ legal obligations to support cybersecurity, and commended the Federal Communications Commission when it acted on CDT’s recommendations to enhance cybersecurity protections for schools.
In original CDT research, we used diary studies and interviews with young people to learn about which protections they want to see online. Our report surfaced key recommendations to improve users’ agency and online safety, such as the ability to delete, block, and report unwanted content; default private settings; the introduction of friction in interactions with unknown profiles; and the ability for users to track the outcome of their reports of unwanted content or interactions.
Empowering Parents, Teachers, & Students in the Debate Over Tech in Schools
As the role of technology in K-12 education grows, so does the use of monitoring technologies to track students’ online activity. CDT conducted in-depth interviews with parents to hear their views: Parents told us that schools’ student monitoring programs are having a chilling effect on students’ speech, and how those programs can undermine students’ relationships with teachers and administrators.
Amid increasing levels of parental concern about school data practices, a CDT survey found that schools’ use of online monitoring technology is increasing students’ encounters with law enforcement and other disciplinary actions — with the effects disproportionately experienced by LGBTQ+ students and students with disabilities.
CDT turned our research insights into action, urging the Department of Education to reiterate that existing civil rights laws prohibit using technologies in a manner that discriminates against students and infringes their rights. We also published recommendations to help schools and
districts procure technology that will help them meet students’ needs, rather than inadvertently place students at risk of further harm.
When the public release of ChatGPT forced schools to quickly reckon with generative AI, CDT stepped up to provide support and analyze how educators are navigating this new landscape. We celebrated when the Biden Administration’s AI Executive Order directed the Department of Education to develop resources, policies, and guidance regarding the use of AI in education, a
step CDT had urged as evolving technology increasingly impacts students’ rights.
Driving Civil Society Participation in Internet Standards
As part of CDT’s work to promote human rights in technology development, we continued to engage in international standards bodies on questions around interoperability, privacy, encrypted messaging, and web advertising.
CDT served as a member of the Internet Architecture Board (IAB), co-chaired the Human Rights Protocol Considerations research group at the Internet Engineering Task Force (IETF), and co-chaired the Privacy Interest Group at the World Wide Web Consortium (W3C). We use these roles to advance public interest priorities and support fellow advocates to engage in internet standards work, including convening side meetings at major standards gatherings and partnering with Article 19 on a Civil Society Advocate’s Guide to the IETF.
One area of focus was privacy in web advertising, where proposals like Google’s Privacy Sandbox will see further design discussions and broader deployment over the next few years. CDT is especially engaged in conversations to advance privacy-preserving methods for measuring ad effectiveness, which would reduce one business justification for collecting and sharing users’ personal data. More broadly, we worked to develop principles for privacy-supportive standards for the Web which, once adopted, could be referenced in many open standards and open-source software projects going forward.
In an important step, the UN Office of the High Commissioner for Human Rights (OHCHR) issued a report calling for technical standard-setting processes to effectively integrate human rights considerations. CDT provided input as OHCHR developed the report, presenting to the UN Human Rights Council about the challenges civil society faces in participating in technical standards bodies, and helping coordinate submissions from across industry and civil society that the report cited heavily. Building on the UN’s endorsement, we encouraged the IETF, W3C, and other standards bodies to lead more inclusive processes and ensure human rights impact assessments as a critical step of standards work.
Speaking Out for Non-English Languages
For years, tech companies have struggled to moderate the high volume of content on their services, particularly when that content is shared across many languages. To date, the vast majority of efforts to expand automated and human-led moderation services have been directed toward English-language content: this year, CDT worked to highlight this asymmetrical allocation of resources and the need for change.
In an original paper, CDT’s Research team examined new “multilingual language models,”
which companies claim make it easier to train AI-based systems to moderate content in low-resource languages for which little online training data is available. While those tools show promise, we found that they also carry inherent limits that are particularly dangerous in high-risk contexts. CDT’s Equity in Civic Technology Project highlighted how tools aiming to detect students’ use of generative AI are disproportionately likely to wrongly flag writing by non-native English speakers, putting them at greater risk of discipline. With our findings in mind, we pushed for greater investment by the National Science Foundation to strengthen the capabilities of AI systems in non-English languages, and ultimately drive more equitable automated moderation and processing of online content.
Throughout our efforts, we prioritized collaboration with experts from language communities around the world. To build on this work, we launched a new two-year project that will carry into 2025, examining the resourcing and effectiveness of content moderation in non-English languages from the perspective of communities in the Global South.
Launching CDT’s Alumni Network!
Since CDT’s founding in late 1994, scores of talented people have taken part in our work to protect human rights and democratic values in the digital age. In 2023, we happily launched the CDT Alumni Network to bring together this wonderful community.
We had a great turnout for our inaugural Alumni Happy Hour in July, with former CDT staff, Board members, Advisory Council members, fellows, and interns joining our current staff and interns for a fun evening on the D.C. office patio. Alumni also enjoyed a dedicated lounge area at Tech Prom in November. We’re planning more regular opportunities to bring our alumni together: if you’re not on the alumni mailing list, forgive our oversight and let us know so we can add you!
Next year will mark CDT’s 30th Anniversary. In addition to strengthening our alumni ties, we recently kicked off a CDT History & Archive Project. CDT’s history is the history of the early commercial internet, and we’re excited to organize our archive, gather stories, and help capture this extraordinary time for future generations. We welcome advice, volunteers, and contributions for this project, and look forward to sharing more about it in the months ahead.
Welcoming New CDT Team Members
Many fresh faces joined CDT in 2023, from board members to new staff. We welcomed Katherine Maher, former CEO and Executive Director of the Wikimedia Foundation, to our Board of Directors. Katherine has since joined NPR as CEO.
CDT also added the following staff to our growing team:
– Kate Ruane, Director, Free Expression
– Miranda Bogen, Director, AI Governance Lab
– Sarah Zolad, Director, Finance and Staff Operations
– Kevin Bankston, Senior Advisor on AI Governance
– Elizabeth Dickson, Associate Director, Development & External Affairs
– Jacob Kauffman, System Administrator and Web Technician
– Ariana Aboulafia, Policy Counsel, Disability Rights in Technology Policy
– Maddy Dwyer, Policy Analyst, Equity in Civic Technology
– Kristin Woelfel, Policy Counsel, Equity in Civic Technology
– Tim Harper, Senior Policy Analyst, Democracy and Elections
– Amy Winecoff, AI Governance Fellow
– Isabella Hillebrand, Operations Associate
Defending Encryption Around the World
2023 saw important wins for encryption on the global stage. At RightsCon, the leading global summit on human rights in the digital age, CEOs from prominent secure messaging services Signal, Element, WhatsApp, and OpenMLS affirmed their commitment to protecting end-to-end encryption during a panel convened by CDT Chief Technology Officer Mallory Knodel. CDT welcomed Meta’s later announcement that it had begun rolling out default end-to-end encryption (E2EE) on Facebook Messenger, and Signal’s important rollout of privacy-protecting usernames.
Changes like these are one reason CDT helped form the Global Encryption Coalition (GEC), which grew to over 400 members in 2023. The Coalition fought to defend encryption in the U.S., Australia, Turkey, the United Kingdom, and more. In an important decision, the European Court of Human Rights ruled that backdoors to weaken encrypted communications violate the right to private life, stating that “confidentiality of communications is an essential element of the right to respect for private life and correspondence.”
Going into 2024, as a growing number of governments consider online safety laws that threaten encryption, CDT will continue working to expand the size and influence of the GEC, emphasizing the essential need to protect private and secure communications.
Partnering with Democracy Journal to Envision a Democratic Digital Age
In a unique collaboration, CDT partnered with Democracy: A Journal of Ideas on a volume featuring leading scholars addressing the challenges presented to democracy by technology in the 21st century.
In the first essay, A Democratic Digital Age?, CDT President and CEO Alexandra Reeve Givens examined the complexity of governing emerging technologies in a democratic society, while sharing several emerging areas of consensus for effective regulation. “This is a critical moment for digital governance and democracy”, she wrote. “There is an opportunity to rise to the occasion and articulate a human rights-centered, democratic vision for the new digital age. Doing so will matter not only for our own democracy, but as a model for those fighting for human rights and democracy around the world.”
The special edition was supported by the John S. and James L. Knight Foundation.
Promoting Sound Competition Policy
In a marketplace where only a handful of telecommunications service providers dominate, and digital platforms continue to exert strong influence over both modern communications and commerce, CDT spoke up in favor of pro-competition policy interventions that address both the structural makeup of the market and functions of the services themselves.
As market concentration in the economy continued to be a significant concern, we supported and helped guide efforts by the Justice Department and Federal Trade Commission to update their merger enforcement guidelines. We also highlighted that privacy concerns cannot be effectively addressed solely through antitrust enforcement, and that a strong federal privacy law is urgently needed.
As the AI debate surged in 2023, CDT called attention to the potential for AI to be employed as a powerful tool for coordinating and enforcing anti-competitive collusion in pricing, and the challenges it poses for detection and enforcement. CDT called for greater transparency on companies’ algorithmic use and building greater technological expertise in the enforcement agencies.
CDT supported state and federal efforts to better ensure that the “right to repair” – the historically recognized right of consumers to choose where to get their products fixed – is preserved for consumers in the digital age. CDT wrote to the New York Governor urging her to sign the Digital Fair Repair Act (the first enacted law of its kind) and, following enactment of “right to repair” laws in Minnesota and California, published an article in the CPI Antitrust Chronicle saying that the time has come to recognize the right in national law. We also voiced support for federal legislation to require auto manufacturers to give car owners and their designated repair shops access to vehicle-generated data needed for repairs.
Tech Prom!
AT CDT’s 2023 annual benefit, Tech Prom, art collided with science. CDT debuted a one-night-only group exhibit showcasing talented artists’ work, centered on the complexity of algorithmic systems and the intricate relationship between technology and society. We were pleased to feature artists Chris Combs, Billy Friebele, and Curry J. Hackett.
CDT CEO Alexandra Reeve Givens highlighted AI’s breakthrough year, and emphasized the need for industry, policymakers, and civil society to work together in developing standards, norms, and regulatory protections for a future we can trust.
At CDT, we’re committed to driving that collaborative engagement – not only in AI, but across our work on commercial privacy practices, platform governance, civic technology, elections, government surveillance, and more.
Tech Prom 2023 drew nearly 950 guests from government, tech companies, civil society, and academia to The Anthem. We greatly appreciate our sponsors and guests, who brought in over $1 million in support of this event and CDT’s advocacy work.
Mark your calendars for CDT’s next Tech Prom on Thursday, November 14, 2024, and join our community in supporting civil rights and civil liberties in the digital age.
Click on any image to bring up gallery.
Spring Fling!
In 2023, CDT hosted our inaugural Spring Fling—an evening celebration during the International Association of Privacy Professionals’ (IAPP) annual Global Privacy Summit.
Spring Fling brought together almost 500 privacy and AI leaders from industry, civil society, and government on a warm evening at Dirty Habit at the Hotel Monaco. We were especially glad to welcome international and out-of-town guests who were visiting D.C. for the IAPP Summit, and to build bridges between Summit attendees and the D.C.-based privacy and AI policy community. We appreciated all who joined this inaugural event, and look forward to making Spring Fling an annual tradition!
Click on any image to bring up gallery.
Financials
CDT is committed to sound financial stewardship and transparency. We have received clean audits each year from an independent auditing firm and have high ratings from nonprofit watchdogs GuideStar, Charity Navigator, and GreatNonprofits.
Board & Council
We are especially grateful to those who offer important insights on a regular basis and help to guide our work. We could not have such an outsized impact without your energy and efforts.
Previous Years
Reports from previous years.