Filters Applied


Congress Has a Chance to Get It Right on Email Privacy

Congress has an opportunity to finally put to bed one of the longest running but seemingly least controversial issues in tech policy: what do police need to do to access private communications held by third parties? The language of the Email Privacy Act, which would address this, has been included in the House (but not the Senate) version of must pass legislation, the National Defense Authorization Act. Let’s get it done.

Read More Read More

The Bill Our Privacy Desperately Needs in the Digital Age

Senators Mike Lee (R-UT) and Patrick Leahy (D-VT) have introduced a sweeping, bipartisan measure to modernize our electronic communication privacy laws. Lee and Leahy have long been champions of reform, advancing measures such as the Email Privacy Act. The ECPA Modernization Act of 2017 goes well beyond that effort and proposes important updates to the Electronic Communications Privacy Act (ECPA) – a law Senator Leahy helped draft more than 30 years ago – to address the reality of communications in the modern digital age.

Read More Read More

DHS Refuses to Back Away from Invasive Spying at the Border

Back in March, CDT, along with more than 50 other civil society groups and trade associations, wrote a letter to Department of Homeland Security Secretary John Kelly urging that he back away from DHS proposals to use border searches as a tool to collect passwords and other social media information. Today we received a response. Unfortunately, the reply largely ducks our concerns, ignoring the main issues at play and doing little to shed light on the government’s plans or put to rest controversy about its contentious proposal. This non-answer is deeply troubling because it seems to indicate that Customs and Border Protection (CBP, which is a sub agency of DHS) is doing nothing to change course from a recent, dangerous trend: the use of the U.S. border as a tool to conduct broad surveillance.

Read More Read More

Finding a Path Forward When Law Enforcement Needs Digital Evidence Held in Other Nations

Last week in United States vs. Microsoft, the Department of Justice (DOJ) petitioned the Supreme Court to decide the reach of the U.S. government when compelling U.S. companies to turn over data stored outside the U.S. Courts are divided on the issue. The Second Circuit Court of Appeals held that the Electronic Communications Privacy Act (ECPA) cannot reach extraterritorially. Magistrates in other circuits have disagreed, interpreting the search as occurring where a company discloses data, not where the data is seized. However, what no one disputes is that as the number of requests skyrockets, the system for accessing data across borders is deeply in need of reform, and that courts are ill-suited to tackle the complicated equities at stake. CDT argues that progress can be made through reforms in following four areas: bilateral agreements, the MLAT system, domestic U.S. law, and the adoption of certain legal changes.

Read More Read More

“The Cyber” Part II: Cybersecurity Research and the Role of the Enforcer

In CDT’s white paper, we look at whether there are other steps the Department of Justice, in particular, could take to better improve the consistency and fairness of CFAA prosecution to avoid any repeat of something like the Swartz case. For instance, we ask whether the DOJ could release more detailed guidance (similar to, for instance, regulations governing foreign investment review at the Treasury Department) with illustrative examples of cases where security research will not prompt investigation or prosecution.

Read More Read More

“The Cyber:”  Everything You Need to Know About Computer Security Research and More

Of all of this attention to cybersecurity issues, however, too little is being paid to arguably the most important constellation in the cyber universe: the thousands of researchers who toil, often in obscurity, to identify and mitigate cybersecurity vulnerabilities. And yet, this research is more important than many of us not in this world can appreciate. We’ve released a comprehensive white paper that we hope will help frame these conversations going forward. Our paper, titled “The Cyber: Hard Questions in the World of Computer Security Research,” takes a deep dive into four areas of focus.

Read More Read More

At Last: EPCA Reform Bill to Move Forward with Markup

Today, the House Judiciary Committee finally moved forward with a markup of the Manager’s Substitute to the 1986 Email Privacy Act (H.R. 699), which will amend ECPA so that, with limited exceptions, law enforcement officials will be required to obtain a warrant based on probable cause before searching and seizing data stored in the cloud. It is supported by more than 50 civil society groups, trade associations and companies big and small. CDT hopes that this vote is the beginning of a broader ECPA reform and ultimately new privacy protections for every American.

Read More Read More

Data Privacy Day: A Reminder of the Need to Update ECPA

For years CDT has been leading the charge to update ECPA, the law that governs how police and government can access to our personal communications like emails and photos. We’ve consistently argued that these types of private communications should only be accessible with a warrant based on probable cause – the same standard used to search your postal mail or your home. Today, Data Privacy Day, is a good day to talk about why.

Read More Read More