Left to chance

On November 24, the European Parliament established new Internet policies, including a right to Internet access, net neutrality obligations, and strengthened consumer protections. Under the ePrivacy directive, communications service providers will also be required to notify consumers of security breaches, persistent identifiers (“cookies”) will become opt-in, there will be enhanced penalties for spammers, and national data protection agencies will receive new enforcement powers. The amended directive takes effect with publication on December 18 in the EU Official Journal. Member states then have 18 months to transpose the Directive into national law. See EPIC Privacy Law Sourcebook.

The European Network and Information Security Agency has released a new report on Cloud Computing. The ENISA report recommends that European officials determine the application of data protection laws to cloud computing services. The report also considers whether personal data may be transferred to countries lacking adequate privacy protection, whether customers should be notified of data breaches, and rules concerning law enforcement access to private data. Earlier this year, EPIC filed a complaint with the Federal Trade Commission, urging the Commission to examine the adequacy of privacy safeguards for cloud computing services. A subsequent letter by computer researchers, addressed to Google CEO Eric Schmidt, raised similar concerns. See EPIC Cloud Computing.

4th Annual Judicial Symposium on Civil Justice Issues
Law in Cyberspace:  Legal Blogging & the Courts

John Verdi,
EPIC Senior Counsel

Northwestern School of Law
Searle Center on Law, Regulation, and Economic Growth
Chicago, IL
December 7, 2009

Officials from the United States and the European Union are meeting in Washington this week to review “Safe Harbor,” a framework that allows the processing of data on EU citizens by US firms without traditional legal protections. Safe Harbor has been challenged by the European Parliament and questioned by academic experts. The Federal Trade Commission recently took action against US firms that incorrectly claimed current Safe Harbor certification, but the only penalty imposed was that the companies may not in the future misrepresent membership in any privacy, security, or other compliance program.

President Obama nominated Julie Brill and Edith Ramirez to be commissioners of the Federal Trade Commission. Brill, North Carolina’s top consumer advocate, serves as the senior deputy attorney general and chief of consumer protection and antitrust for the North Carolina Department of Justice. Ramirez, who specializes in intellectual property and complex litigation matters, is a partner in a Los Angeles, California law firm and has experience representing companies such as Mattel, Inc. and Northrop Grumman Corp. In a press release, President Obama stated, “These individuals bring a depth of experience to their respective roles, and I am confident they will serve my administration and the American people well. I look forward to working with them in the months and years ahead.”

The Obama administration has told Congress it supports renewing three provisions of the Patriot Act due to expire at year’s end, measures making it easier for the government to spy within the United States.

In a letter to Sen. Patrick Leahy, the Vermont Democrat and chairman of the Senate Judiciary Committee, the Justice Department said the administration might consider “modifications” to the act in order to protect civil liberties.

“The administration is willing to consider such ideas, provided that they do not undermine the effectiveness of these important authorities,” Ronald Weich, assistant attorney general, wrote to Leahy, (.pdf) whose committee is expected to consider renewing the three expiring Patriot Act provisions next week. The government disclosed the letter Tuesday.

It should come as no surprise that President Barack Obama supports renewing the provisions, which were part of the Patriot Act approved six weeks after the Sept. 11, 2001 attacks.

As an Illinois senator in 2008, he voted to allow the warrantless monitoring of Americans’ electronic communications if they are communicating overseas with somebody the government believes is linked to terrorism. That legislative package, which President George W. Bush signed, also immunized the nation’s telecommunication companies from lawsuits charging them with being complicit with the Bush administration’s warrantless, wiretapping program. That program was also adopted in the wake of Sept. 11.

These are the three provisions due to expire:

*A secret court, known as the FISA court, may grant “roving wiretaps” without the government identifying the target. Generally, the authorities must assert that the target is an agent of a foreign power and/or a suspected terrorist. The government said Tuesday that 22 such warrants — which allow the monitoring of any communication device — have been granted annually.

*The FISA court may grant warrants for “business records,” from banking to library to medical records. Generally, the government must assert that the records are relevant to foreign intelligence gathering and/or a terrorism investigation. The government said Tuesday that 220 of these warrants had been granted between 2004 and 2007. It said 2004 was the first year those powers were used.

*A so-called “lone wolf” provision, enacted in 2004, allows FISA court warrants for the electronic monitoring of an individual even without showing that the person is an agent of a foreign power or a suspected terrorist. The government said Tuesday it has never invoked that provision, but said it wants to keep the authority to do so.

“The basic idea behind the authority was to cover situations in which information linking the target of an investigation to an international group was absent or insufficient, although the target’s engagement in ‘international terrorism’ was sufficiently established,” Weich wrote.

The American Civil Liberties opposes renewing all three provisions, especially the lone wolf measure.

Michelle Richardson, the ACLU’s legislative counsel, said in a telephone interview, “The justification for FISA and these lower standards and letting it operate in secret was all about terrorist groups and foreign governments, that they posed a unique threat other than the normal criminal element. This lone wolf provision undercuts that justification.”

The committee hearing is set for 10 a.m. Sept. 23 and will be webcast live.

See Also:

• FBI Use of Patriot Act Authority Increased Dramatically in 2008 …
• Bloggers, TV, Go Nuts Over Misleading ‘Patriot Act’ Arrest Claim …
• FBI Tried to Cover Patriot Act Abuses With Flawed, Retroactive …
• FBI Targets Internet Archive With Secret ‘National Security Letter …
• Judge Orders FBI to Turn Over Thousands of Patriot Act Abuse …
• FBI Misuses, Underreports Patriot Act Power: Audit
• Court Strikes Down Key Patriot Act Power Again

Original article at Threat Level