Lofgren co-authors bill to update online privacy

A decades-old communications privacy law would be updated to better shield Internet users and wireless subscribers from overly broad government surveillance programs, under a bipartisan bill introduced Monday and coauthored by a Silicon Valley congresswoman.

The Online Communications and Geolocation Protection Act by U.S. Reps. Zoe Lofgren, D-San Jose; Ted Poe, R- Texas; and Suzan DelBene, D-Wash., would modernize the 1986 Electronic Communications Privacy Act by requiring government agencies to get a search warrant based on probable cause prior to intercepting or forcing disclosure of electronic communications or geolocation data.

The 1986 law – meant to set legal standards that law enforcement agencies must meet to access electronic communications – hasn’t kept up with technology, leaving modern user data with only weak, convoluted protection.

“Fourth Amendment protections don’t stop at the Internet, and Americans rightly expect Constitutional protections to extend to their online communications and location data,” Lofgren said in a news release. “Establishing a warrant standard for government access to cloud and geolocation provides Americans with the privacy protections they expect, and would enable service providers to build greater trust with their users and global trading partners.”

The Electronic Communications Privacy Act does not clearly require law enforcement to get a warrant to access Americans’ online communications – all it takes is a subpoena if the content is more than 180 days old.

ECPA also lacks any clear standards for law enforcement access to location information, such as tracking an individual’s cell phone location, leading to confusion in courts, compliance burdens for businesses, a competitive disadvantage with international businesses in countries with stronger laws against government access, and inadequate privacy for Americans.

This bill would:

  • Require the government to get a warrant to access wire or electronic communications content, or to intercept or force service providers to disclose geolocation data;
  • Preserve exceptions for emergency situations, foreign intelligence surveillance, individual consent, public information, and emergency assistance;
  • Prohibit service providers from disclosing a user’s geolocation information to the government in the absence of a warrant or exception;
  • Bar the use of unlawfully obtained geolocation information as evidence; and
  • Provide for administrative discipline and civil liability if geolocation information is unlawfully intercepted or disclosed.
  • 2

    New bill would bar drones over private property

    Drone aircraft would be prohibited from trespassing over private property in California, under a bill introduced this week.

    SB 142 by state Sen. Hannah-Beth Jackson, D-Santa Barbara, would clarify the state’s existing language on trespassing – which forbids people from entering someone’s private property, and from taking photos or recordings there – to specify that it also applies to remotely operated aerial vehicles.

    Hannah-Beth Jackson“Drones have a lot of potentially useful and extremely innovative uses. But invading our privacy and property without permission shouldn’t be among them. When we’re in our backyards, with our families, we have an expectation that we have a right to privacy,” Jackson said in a news release. “This bill would extend these long-established definitions of trespassing and privacy, and bring them into the 21st century, by applying them also to drones.”

    The bill wouldn’t affect drone use in public areas or in airspace above about 400 feet, which is under federal regulation. Jackson introduced her bill Monday, hours after a drone crashed on the White House lawn.

    Assemblywoman Nora Campos, D-San Jose, introduced a bill in December that would require warrants for human surveillance collected by airborne drones; destruction of drone-collected data within one year; and limits on sharing that data. Law enforcement agencies wouldn’t have to get a warrant before using a drone in response to exigent circumstances, traffic accidents, fires, environmental disasters, and searching for illegal marijuana grows in wilderness areas. Gov. Jerry Brown in September vetoed another bill on this subject.


    Rand Paul in Berkeley & SF next week

    Fresh from his second consecutive win in the Conservative Political Action Conference straw poll, Republican presidential hopeful Rand Paul will be in the Bay Area next week to raise funds and speak to students about government surveillance’s intrusion on liberty.

    Rand PaulThe junior U.S. Senator from Kentucky has fundraising events on the morning of Tuesday, March 18 at the Olympic Club of San Francisco. First comes a roundtable breakfast hosted by cardiologist Dr. Michel Accad, 2012 congressional candidate Dr. Wayne Iverson of San Diego, and John Dennis, a Republican now posing his third consecutive challenge to House Minority Leader Nancy Pelosi; tickets for that cost from $500 to $2,500. Later the same morning, contributors will pay $500 each for a private meet-and-greet with Paul, hosted by Dennis and investor Robert Leppo.

    Then, on Wednesday March 19, Paul will address the Berkeley Forum – a nonpartisan, student-run group at UC-Berkeley – about domestic security, the NSA’s collection of telephone metadata, and the public debate regarding privacy and its Constitutional implications. The 3 p.m. event is free for Cal students and faculty, $15 for the general public; tickets are available online.

    Paul’s campaign strategy involves mobilizing young libertarian-leaning voters, much as President Obama did for young Democrats in 2008, and believes issues of privacy and civil liberties will help accomplish that.


    Big Assembly hearing Thursday on digital privacy

    Three Assembly committees are holding a hearing in Silicon Valley on Thursday to explore how to balance privacy and opportunity in the digital age.

    The event from 9 a.m. to 1 p.m. at Santa Clara University’s Mayer Theater is drawing in some of the region’s top business and academic experts on a topic of growing concern: How, by whom and for what the data you put online is used.

    “The goal of the hearing is to learn how current policies are working and to help us balance the economic and social benefits of online communication technologies with our desire to protect personal privacy,” said Assembly Judiciary Committee Chairman Bob Wieckowski, D-Fremont.

    Paul Schwartz and Deidre Mulligan, co-directors of the UC-Berkeley Center for Law & Technology, will join Google privacy policy counsel Daivd Lieber and Internet Association President and CEO Michael Beckerman for a panel on the collection, aggregation and sale of personal information online.

    Aleecia McDonald, director of privacy at the Stanford Center for Internet and Society; Jules Polonetsky, executive director and co-chair of the Future of Privacy Forum; and Chris Hoofnagle, director of information privacy programs at the UC Berkeley Center for Law & Technology, will discuss whether disclosure and transparency – those privacy policies you see on most websites – adequately protects consumers’ privacy.

    Joanne McNabb, the state Justice Department’s director of privacy education and policy; Jim Halpert, co-chair of the global privacy practice at DLA Piper Lewis; and Chris Conley, technology and civil liberties fellow with the American Civil Liberties Union of Northern California, will discuss whether California’s “Shine the Light” law has been effective in protecting online privacy, and what more should be done to inform consumers and control use of their data.

    And finally, Mulligan and Eric Goldman, director of the Santa Clara University High Tech Law Institute, will discuss the major privacy challenges Californians could face in the next five to 10 years, and how government and industry might partner to address them.

    There’ll be a public comment period and post-hearing reception – plenty of chance for you to share your thoughts on these issues with the experts and lawmakers.

    This joint hearing of Wieckowski’s Judiciary Committee; the Business, Professions & Consumer Protection Committee; and the Select Committee on Privacy also will be webcast live.


    Leland Yee introduces social media privacy act

    State Sen. Leland Yee today introduced a bill to stop employers from formally requesting or demanding that workers or job applicants provide their social media usernames and passwords.

    Yee, D-San Francisco, had said last week he would carry such a bill; he has expanded it to bar the practice at public and private colleges and universities as well.

    The Associated Press reported last week that a growing number of businesses, public agencies and colleges around the country are asking job seekers, workers and students for their Facebook and Twitter account information. Two U.S. Senators on Sunday announced they’ll ask the Justice Department to probe whether this runs afoul of federal law.

    “It is completely unacceptable for an employer or university to invade someone’s personal social media accounts,” Yee said in his news release today. “Not only is it entirely unnecessary, it is an invasion of privacy and unrelated to one’s performance or abilities.”

    “These outlets are often for the purpose of individuals to share private information with their closest friends and family,” he said. “Family photos and non-work social calendars have no bearing on a person’s ability to do their job or be successful in the classroom, and therefore employers and colleges have no right to demand to review it.”

    Yee’s bill also will prohibit managers from insisting that applicants or employees sit down with them to review their social media contact or demand printed copies. He’s gutting and amending SB 1349 to carry this content; that bill previously proposed technical tweaks to the Child Abuse and Neglect Reporting Act.


    Corbett: Facebook changes good, but not enough

    An East Bay lawmaker whose online privacy bill was narrowly defeated this summer says Facebook’s new privacy settings are better, but not good enough.

    The social media giant rolled out some new protections on photo tagging and streamlined privacy controls yesterday. State Senate Majority Leader Ellen Corbett, D-San Leandro, said that’s good.

    “I applaud Facebook for moving to give users clearer explanations and greater control over their privacy settings. It’s crucial that users of social networking sites understand who can access the information they provide to sites and how they can control the privacy of that information,” Corbett said in a news release today.

    But while this is a good step, “much more still must be done to protect children and educate adults and children about the dangers of disclosing information on the Internet,” she added. “We know if people are not careful, they can become victims of stalkers, predators, scam artists or identity thieves.

    “The pervasiveness of new social media has raised fundamental questions about public safety and privacy that we need to vigilantly explore. As a parent and a legislator, I have serious concerns about protecting children and will continue to work on this issue.”

    Corbett had authored SB 242, which would have required that social-networking sites default to hiding information unless users choose to have it shown; that they create a process for new users to set their privacy settings as part of their registration, using plain language; and that they remove personal identifying information in a timely manner upon the user’s request. A violation would have been punishable by a fine of up to $10,000.

    SB 242 fell two votes shy of passing the state Senate in early June, after staunch opposition and some hard lobbying by Facebook. Company spokesman Andrew Noyes in late May had said Corbett was threatening California’s internet economy by trying to impose “unnecessary regulations that ignore the extraordinary lengths that companies like ours go to in order to protect individuals’ privacy and give them the tools to determine for themselves how much information they wish to share online.”

    But Corbett notes that although federal law prohibits children under the age of 13 from using social networking sites, more than 7.5 million children under the age of 13 have Facebook accounts, according to Consumer Reports magazine – a particularly vulnerable population, often unaware that sharing personal information over the Internet can make them targets for identity theft, financial scams or molestation.