Cybersecurity Detour on the Road to Surveillance Parity

For some time, the European Commission and European Data Protection Authorities have complained that US law provides insufficient protection to Europeans for the data that is shared from Europe to the United States. Ironically, legislation that the Senate just passed, CISA, or S. 754, would increase the gap in data protection between Europeans and Americans in US law, rather than help close it. CISA permits companies to share with the Federal government “cyber threat indicators” derived from Internet users’ communications.

Read More

European Parliament Asks EU Member States – Again – To Reign in Electronic Surveillance

In April 2014, the European Parliament adopted a resolution calling for European Member States, as well as the US, to bring surveillance laws and practices in line with human rights standards. Today, the European Parliament voted on a resolution following up on that inquiry, repeating the call for reforms.

Read More

A Qualified Win for Cybersecurity Researchers in DMCA Triennial Rulemaking

Today, the Library of Congress released its final rule granting a number of three-year exemptions from the Digital Millennium Copyright Act’s prohibition against circumvention of technological measures controlling access to copyrighted works. Of particular note, the final rule grants an exemption for security research. CDT has focused on winning this exemption, arguing that the DMCA’s prohibition chills essential cybersecurity research and has little to do with copyright infringement. The granted exemption is an acknowledgment of the importance of security research and the unnecessary legal risks security researchers currently face under the DMCA.

Read More

ICANN Accountability Recommendations - Third Time’s the Charm?

The ICANN54 meeting in Dublin wrapped up with the Cross Community Working Group on enhancing ICANN accountability announcing that it is working towards a third version of its accountability recommendations. ICANN54 was supposed to be the meeting when it all came together: the IANA transition proposal largely ready to send to NTIA and the accountability proposal in its final approval stages. While the IANA transition proposal is almost ready, the same cannot be said for the accountability work.

Read More

Making Privacy a Reality: The Safe Harbor Judgment and Its Consequences for US Surveillance Reform

Earlier this month, the Grand Chamber of the Court of Justice of the European Union (CJEU) struck down the legal underpinnings of the EU-US Safe Harbor Agreement—the arrangement that enabled thousands of US companies to transfer EU users’ data to the US for processing and storage. Although the Court’s decision to invalidate the basis for Safe Harbor has placed a serious burden on transatlantic trade, the judgment makes clear and persuasive findings about the protections EU residents’ data must enjoy when transferred to the US. In doing so, it has provided a major impetus for reforms to Section 702 of the Foreign Intelligence Surveillance Act (FISA).

Read More

Guide To Cybersecurity Information Sharing Act Amendments

The Senate is expected to resume consideration of the Cybersecurity Information Sharing Act (CISA, S. 754) on Monday, October 26. None of its pending amendments will fix the fundamental flaws in the legislation. However, specifically, rejection of the Cotton amendment and adoption of the other pending amendments would diminish some of the damage the bill would do to privacy. Greg and Jadzia explain why, addressing the amendments in the order they will be considered on the Senate floor.

Read More

CISA Managers’ Substitute Makes Limited Privacy Improvements

The Senate has begun to consider the Cybersecurity Information Sharing Act or CISA (S. 754) on the Senate floor and will do so again next week. First up is consideration of a Managers’ Substitute for the bill –– which includes some, mostly very modest, additional pro-privacy changes that are derived in part from amendments proffered to the bill. We explain those changes below, while delving into the key privacy and security concerns (that CDT identified) that remain unaddressed or insufficiently addressed.

Read More

Despite Improvements, Whitehouse Computer Crimes Amendment to CISA Needs More Work

This blog post focuses on one of the remaining 14 pending amendments to the Cybersecurity Information Sharing Act (CISA). Amendment S.754 was proposed by Senator Whitehouse (D-RI), and would effectively expand the federal anti-hacking statute, the Computer Fraud and Abuse Act (CFAA), 18 USC 1030. Though it is significantly better than earlier versions, CDT continues to oppose Senator Whitehouse’s S.754 amendment to CISA.

Read More