Privacy Amendments Strengthen Cybersecurity Bill
ITU Gives a Nod Towards Transparency; Still a Long Road to Full Civil Society Participation
CDT Issues Updated Privacy Guidelines for Mobile Apps
Featured on Policy Beta
July 25 - Boston, MA - Deven McGraw will participate on a panel on "Best Practices in Medical Device Security and Privacy."
July 27 - Las Vegas, NV - Kevin Bankston will participate in a panel entitled "Should the Wall of Sheep Be Illegal? A Debate Over Whether and How Open WiFi Sniffing Should Be Regulated" at Defcon"
Cybersecurity legislation inched forward last week with the introduction in the Senate of a new bill with language on information sharing that is significantly more favorable to privacy than other pending bills. While major concerns still remain, the Majority Leader may push for a cloture vote this week. On the international front, the International Telecommunication Union promised greater transparency, but not nearly enough to justify the intervention of that UN body into Internet policy making. Meanwhile, CDT re-issued an important set of privacy guidelines for developers of mobile apps, just as the Commerce Department launched its mulit-stakeholder consultation on mobile privacy.
Privacy Amendments Strengthen Cybersecurity BillCybersecurity legislation in the Senate took a welcome turn with the introduction of a new bill containing several key privacy amendments. Lawmakers have struggled to draft legislation that would allow companies and the government to share information about cyberattacks and threats without eroding privacy. The new amendments, included in a revised bill sponsored by Senators Lieberman, Collins, Feinstein and Carper, narrow the definition of what can be shared with the government, focusing more concretely on indicators of cybersecurity threats. In a second important change, companies will be encouraged to share cybersecurity information with civilian agencies, not with military entities such as the National Security Agency. Further, the amendments specify that information shared with the government would be used only for cybersecurity and to protect against serious threats to children or imminent threats of death or serious bodily injury, and not for other purposes unrelated to cybersecurity.
Concerns still remain, however, not only with the information sharing language and with provisions on countermeasures and monitoring, but also with Title I of the bill, which seeks to promote improvements in the cybersecurity practices of critical infrastructure operators. A vote testing support for the bill, on a motion to invoke cloture (that is, to limit debate), could come later this week.
ITU Gives a Nod Towards Transparency; Still a Long Road to Full Civil Society ParticipationThe International Telecommunication Union, in advance of a December meeting that will consider how much authority the UN body should have over Internet governance, announced that it would make public one document summarizing only some proposals under consideration and launch a platform for public comment on the document. Notably, a prior version of this document was already leaked weeks ago on WCITleaks and the document does not attribute proposals to specific governments. This limited action does not translate into meaningful transparency or participation by civil society. The vast majority of documents related to the ITU process, including specific positions governments are taking on revisions to a key ITU treaty, remain locked behind a password wall and are only available to other Member States and Sector Members. CDT and other civil society groups around the world are urging each Member State of the ITU to publicly release preparatory documents for the treaty revision process, including the Member State's own proposals for revising the treaty, and to convene open, public consultations to solicit input from all stakeholders to inform the Member State's positions in advance of the December meeting.
CDT Issues Updated Privacy Guidelines for Mobile AppsOn July 12, the Commerce Department held the first in a series of forums aimed at developing "an open, transparent, consensus-driven process to develop a code of conduct regarding mobile app transparency," according the National Telecommunications & Information Administration (NTIA), the agency hosting the meetings.
To help jumpstart the process, and to guide industry in the meantime, CDT and the Future of Privacy Forum released an updated version of their "best practices" guide for mobile app developers. The guide is intended to help developers as they build privacy into their products.
The 20-page guide, developed through a consultative process chaired by CDT and FPF is intended to be a road map for mobile app developers to build privacy into your apps, better inform and empower end-users, and foster trust and confidence in the mobile app ecosystem.
Internet Defense League, which is intended to fight for an open and innovative Internet by enlisting millions of people around a shared set of values.
spoken out against the troubling - and unnecessary - threats data retention mandates pose to Internet users' privacy.