(by Jeff Ward-Bailey, student technologist)
Government surveillance has been a frequent news items ever since the summer of 2013, when Edward Snowden leaked his first set of documents to journalists, explaining the software tools the NSA uses to monitor communications in the United States and abroad. But governments have employed shadowy means to gather intelligence about their own citizens and those of other countries, and have even attempted to disrupt the operations of governments perceived to be hostile to their interests, for many years.
In 2008 a sophisticated piece of malware called “Regin” began spying on governments and individuals in Russia, Saudi Arabia, Ireland, and a handful of other countries. Security researchers didn’t notice Regin until 2014, but the software hadn’t done any damage to infected systems: it had simply run in the background, watching its targets. Researchers initially surmised that Regin had been written by the US, Israel, or the UK to gather intelligence on foreign governments, and further investigation suggested that the British GCHQ spy agency had written the malware.
In 2010 the Stuxnet computer worm was discovered, which targeted industrial controllers in Iran and caused centrifuges used for the enrichment of nuclear material to tear themselves apart. It’s still not known for certain who wrote Stuxnet, but in 2011 Wired reported that it was “believed to have been created by the United States,” and in 2012 The New York Times reported that it was the product of a joint US-Israeli intelligence operation.
Earlier this year security researchers uncovered a suite of surveillance platforms nicknamed EquationLaser, EquationDrug, and GrayFish. Circumstantial evidence suggests that the tools may be connected with the NSA (for example, the tools in the platforms match the names of tools in an NSA spy tool catalog leaked in 2013). Five Iranian companies who were previously infected by Stuxnet were also infected by the “Equation Group” tools.
Few would argue that when a government intentionally infects another government’s systems with malware in an effort to spy on them that practice is, at least, in an ethical grey area. But is such cyberspying (some would call it cyberwarfare, especially when the destruction of property is involved) necessary to protect against attacks? Does the potential for mitigating harm outweigh the ethical implications of spying? And does a government’s mandate to protect the safety of its citizens justify the practice of hacking or spying on other governments?
(By Paul Garboczi, Student Attorney)
On Friday, the White House released a draft of the Consumer Privacy Bill of Rights Act of 2015. This Wall Street Journal article summarizes the bill fairly well. The bill essentially sets forth a set of industry best practices that the Federal Trade Commission would enforce on the private sector. Private sector firms would be encouraged to create privacy codes of conduct, and if they broke their own codes the FTC could take action (although the FTC would not be given rulemaking authority). The bill attempts to give consumers the right to access their information by requesting it from companies. However, companies could refuse such a request if it was “frivolous or vexatious.” The bill is unclear on who would decide if such requests were frivolous. It basically calls on companies to respect and protect consumer privacy without creating a robust enforcement mechanism for consumer privacy.
Since the draft was released on Friday, criticism of the bill has been swift. Consumer privacy advocates are denouncing it for not going far enough in protecting privacy. Opposers of top down regulatory schemes are criticizing it for attempting a one-size-fits-all solution to a problem that requires a flexible approach, and burdening American innovation. The FTC itself released a statement criticizing the bill for lacking “strong and enforceable protections” for consumer privacy. There is also a concern that the bill would preempt state laws, some of which provide stronger privacy protections for consumers.
(by Chelsea E. Brooks, Student Attorney, and Jeffrey Ward-Bailey, Student Technologist)
This Monday, February 23rd through Friday the 27th is Fair Use week, a celebration of the doctrine which, in certain circumstances, permits the use of copyrighted materials without the authorization of the copyright holder.
In honor of this celebration, and this semester’s inaugural Tech Law & You episode, we present an interview with Ian Hales, a new media artist and designer who is currently an instructor at the University of Colorado, Boulder, in the Technology, Arts, & Media Program. We talk with Ian about his experiences with fair use as a professor, and discuss lessons for students and designers on the boundaries of fair use.
We also provide background to the legal aspects of fair use with the help of Kristelia García, an associate professor at Colorado Law, teaching trademark, property, and copyright-related courses and working with the Silicon Flatirons Center for Law, Technology, and Entrepreneurship.
Theme music is by The Carols. Tech Law and You is distributed under a Creative Commons Attribution-ShareAlike license.
By Austin Gaddis (Colorado Law 2L)
As the Federal Communications Commission (FCC) prepares for its much-anticipated vote on Chairman Wheeler’s net neutrality proposal on Thursday, Republicans on the Commission and in Congress are using the opportunity to stage one final battle before the votes are in and the lawsuits begin. Under the Chairman’s proposal, both fixed and mobile broadband services would be regulated under Title II of the Communications Act, which would ban throttling, blocking, and paid prioritization of Internet traffic by Internet service providers (ISPs).
Commissioner Ajit Pai, a Republican, has taken the helm as the chief critic of Wheeler’s plan, often dubbing it “the President’s plan” in a reference to President Obama’s public push to put pressure on the FCC—an independent regulatory agency—to adopt strong net neutrality regulations. Commissioner Pai’s foray into the debate represents the most high-profile opposition of his tenure at the Commission.
On Capitol Hill, Republican lawmakers are also using their platform (and gavels) to put implicit and explicit pressure on FCC as it prepares for Thursday’s vote. Currently, three congressional committees have lined up to investigate the White House’s influence on FCC’s decision-making process, especially since Chairman Wheeler seemed to be signaling a different approach to the net neutrality proceedings before the President’s public campaign in support of strong Title II regulations late last year. One committee, the House Energy and Commerce Committee, has decided to delve even more into the commission’s operations, calling attention to Chairman Wheeler’s use of the agency’s “delegated authority.”
In an address at Colorado Law several weeks ago, Chairman Wheeler outlined his vision for the future of broadband under a Title II regime, delivering what TechCrunch called an “explanatory manifesto of the Chairman’s thinking.” In the speech, he attempted to respond to critics of his plan who think of Title II regulation as an outdated relic of the past, calling instead for a modernized Title II that addresses the unique opportunities and challenges that the Internet poses in the contemporary world.
Articles we’re reading:
(by James Frazier, Melissa S. Jensen, and Samantha Moodie, Student Attorneys)
Last Friday, the TLPC, the American Foundation for the Blind, the American Council of the Blind, and the Library Copyright Alliance filed a comment at the U.S. Copyright Office requesting a renewal of the exemption to Section 1201 of the Digital Millennium Copyright Act aimed at making e-books more accessible to people who are blind, visually impaired, or print disabled and authorized entities. If renewed, the exemption would increase access to literary works and educational resources for people who are blind, visually impaired, or print disabled.
Take a look at the long-form comment attached here, and stay tuned for the Copyright Office’s decision later this year.
(by James Frazier, Student Attorney)
Planes, automobiles, and artificial intelligence. This week, the FAA released new rules regulating drones, Apple and Sony threw their hats into the autonomous automobile arena, and Great Britain announced that it will release new rules governing driverless car testing in the UK. Mike Hean, a Swiss entrepreneur, suggested that driverless cars should be programed with advanced artificial intelligence that would allow an Uber-style ride sharing app. Indeed, Hean believes that driverless car should be able to own themselves, and even earn their own income. Tying these threads together, MIT’s Tech Review released an article this week outlining some contemporary concerns about artificial intelligence.
Continue reading “Last Week in Tech Law & Policy Vol. 6: Self-Driven Tech”
(by Joseph de Raismes, Colorado Law 3L)
This week, I would like to look at internet privacy, how privacy tools are funded, and what the future of privacy should look like.
Last week, ProPublica ran Julia Angwin’s excellent profile of GnuPG’s lead developer Werner Koch. Koch wrote the free email encryption tool GNuPG in 1997, and has been keeping the project alive basically single-handedly ever since. In response to ProPublica’s profile, Koch received an outpouring of support in the form of private donations and grants.
Werner Koch’s situation drew the attention of cryptographer Matt Green, who questioned the entire framework of how we fund the long-term development of privacy tools. In his post, Matt draws attention to the fact that the US government has been an extremely important funding source for key privacy tools, but questions the sustainability of the current framework for funding research and development in this area.
In light of the Snowden revelations, real name systems, perma-cookies, browser fingerprinting, and other sophisticated tracking measures, internet privacy seems more and more like a thing of the past. Is internet privacy a value that should be fostered (and funded) in a cohesive manner?
(by Chelsea E. Brooks, Student Attorney, Joseph N. de Raismes, Student Attorney, Andy J. Sayler, Student Technologist)
Last week, we filed three comments in response to the Copyright Office’s DMCA Section 1201 Tri-annual Exemption Notice of Proposed Rulemaking: a Short Comment for Class 27 (Medical Devices), a Short Comment for Class 22 (Vehicle Software), and a Long Comment for Class 25 (Security Research). All comments were filed on behalf of our client, Professor Matthew Green.
Professor Green is an Assistant Research Professor in the Information Security Institute at Johns Hopkins University and needs to be able to circumvent various access controls on software and devices in the process of conducting good faith security research. Such circumvention is chilled by Section 1201 of the Digital Millennium Copyright Act (DMCA). In our long comment, we argue for an exemption to Section 1201’s anti-circumvention provisions and show that preventing circumvention of access controls is chilling good faith security research and creating other adverse effects. Our short comments reiterate this point with respect to specific types of security research and urge the Copyright Office to grant a broad exemption to the Section 1201 anti-circumvention rules for all forms of good faith security research.
Next up in the proceedings is the second round of public comments filed by those that oppose each exemption. The objection comment deadline is March 27, 2015. Following that, there will be a third round of public comments in which supporters can respond to the objectors’ comments. This round closes on May 1, 2015, after which the Copyright Office will begin the internal process of making their decisions.
( by Allison N. Daley, Colorado Law 2L)
This week I want to focus on a specific area of tech law and policy: health care. With the advent of telemedicine as a way of providing health care at a distance, there is exciting potential for innovation, however with this innovation comes new challenges in law and policy.
As just one example, there is a new app, Harbinger, that transmits communication from Emergency Medical Service (EMS) workers in an ambulance to hospitals in real time. The hope is that such technology can improve care by sending protected health information (PHI) such as drivers licenses and insurance cards to hospitals for faster registration. The app even allows EMS workers to send pictures and videos of injuries or accident scenes for more rapid diagnosis and treatment.
With this great technology, however, privacy concerns abound. Because cell phones store data on the device itself, PHI is much more likely to fall into the wrong hands if a cell phone is lost or stolen. While the Health Insurance Portability and Accountability Act (HIPAA) does not have any official rules banning the use of cell phones, the HIPAA Privacy Rule requires health care providers to implement appropriate safeguards to reasonably protect health information.
In order to solve this problem, the Harbinger app promises:
[P]atient information is encrypted with today’s most advanced methods. The data is transported to our server with the industry standard for banks and credit cards, and is stored in an encrypted format.
While this sounds like it may satisfy HIPAA standards, patients and hospitals will likely still have concerns about this new technology. The founders, both Coloradoans, are currently negotiating with hospitals and we may see the system operating by the end of the year.
For more information, check out Harbinger’s website.
See you next week!
(by Elizabeth J. Chance, Colorado Law 3L)
State of the Union: In his State of the Union address last Tuesday, President Obama shared his vision on hot-topic issues in technology law and policy. In response to debates over US surveillance programs, President Obama promised a report next month on how the country’s intelligence agencies are keeping our country safe and strengthening privacy. Additionally, President Obama assured the country that the government is integrating intelligence to address cyber attacks, and urged Congress to pass legislation to better meet the evolving need of cybersecurity. Without expressly referencing the issue of net neutrality or municipal broadband, President Obama discussed the need for 21st century infrastructure including fast, free, and open Internet:
Twenty-first century businesses need twenty-first century infrastructure—modern ports, stronger bridges, faster trains and the fastest Internet. . . . I intend to protect a free and open internet, extend its reach to every classroom, and every community, and help folks build the fastest networks, so that the next generation of digital innovators and entrepreneurs have the platform to keep reshaping our world.
Community Broadband Act: Two days after the President’s State of the Union Address, four Democrats introduced the Community Broadband Act in Congress. The Community Broadband Act aims to preserve the rights of cities and localities to build municipal broadband networks and ensure that their communities are connected and have access to reliable networks. Senator Edward Markey also continued to urge the FCC to act to use its authority to end any state restrictions that impede local communities from making these decisions for themselves.