Professor Green is an Assistant Research Professor in the Information Security Institute at Johns Hopkins University and needs to be able to circumvent various access controls on software and devices in the process of conducting good faith security research. Such circumvention is chilled by Section 1201 of the Digital Millennium Copyright Act (DMCA). In our long comment, we argue for an exemption to Section 1201’s anti-circumvention provisions and show that preventing circumvention of access controls is chilling good faith security research and creating other adverse effects. Our short comments reiterate this point with respect to specific types of security research and urge the Copyright Office to grant a broad exemption to the Section 1201 anti-circumvention rules for all forms of good faith security research.
Next up in the proceedings is the second round of public comments filed by those that oppose each exemption. The objection comment deadline is March 27, 2015. Following that, there will be a third round of public comments in which supporters can respond to the objectors’ comments. This round closes on May 1, 2015, after which the Copyright Office will begin the internal process of making their decisions.
This week I want to focus on a specific area of tech law and policy: health care. With the advent of telemedicine as a way of providing health care at a distance, there is exciting potential for innovation, however with this innovation comes new challenges in law and policy.
As just one example, there is a new app, Harbinger, that transmits communication from Emergency Medical Service (EMS) workers in an ambulance to hospitals in real time. The hope is that such technology can improve care by sending protected health information (PHI) such as drivers licenses and insurance cards to hospitals for faster registration. The app even allows EMS workers to send pictures and videos of injuries or accident scenes for more rapid diagnosis and treatment.
With this great technology, however, privacy concerns abound. Because cell phones store data on the device itself, PHI is much more likely to fall into the wrong hands if a cell phone is lost or stolen. While the Health Insurance Portability and Accountability Act (HIPAA) does not have any official rules banning the use of cell phones, the HIPAA Privacy Rule requires health care providers to implement appropriate safeguards to reasonably protect health information.
In order to solve this problem, the Harbinger app promises:
[P]atient information is encrypted with today’s most advanced methods. The data is transported to our server with the industry standard for banks and credit cards, and is stored in an encrypted format.
While this sounds like it may satisfy HIPAA standards, patients and hospitals will likely still have concerns about this new technology. The founders, both Coloradoans, are currently negotiating with hospitals and we may see the system operating by the end of the year.
For more information, check out Harbinger’s website.
State of the Union: In his State of the Union address last Tuesday, President Obama shared his vision on hot-topic issues in technology law and policy. In response to debates over US surveillance programs, President Obama promised a report next month on how the country’s intelligence agencies are keeping our country safe and strengthening privacy. Additionally, President Obama assured the country that the government is integrating intelligence to address cyber attacks, and urged Congress to pass legislation to better meet the evolving need of cybersecurity. Without expressly referencing the issue of net neutrality or municipal broadband, President Obama discussed the need for 21st century infrastructure including fast, free, and open Internet:
Twenty-first century businesses need twenty-first century infrastructure—modern ports, stronger bridges, faster trains and the fastest Internet. . . . I intend to protect a free and open internet, extend its reach to every classroom, and every community, and help folks build the fastest networks, so that the next generation of digital innovators and entrepreneurs have the platform to keep reshaping our world.
Community Broadband Act: Two days after the President’s State of the Union Address, four Democrats introduced the Community Broadband Act in Congress. The Community Broadband Act aims to preserve the rights of cities and localities to build municipal broadband networks and ensure that their communities are connected and have access to reliable networks. Senator Edward Markey also continued to urge the FCC to act to use its authority to end any state restrictions that impede local communities from making these decisions for themselves.
State of the Union: This week, I want to look ahead to President Obama’s State of the Union Address, which will be held Friday, January 20th. The President has revealed cybersecurity as being one of the key issues he will address. In particular, he is proposing a 30-day window in which companies must notify consumers that their data has been breached, is championing criminalization of selling credit card information outside of the U.S., and is expected to recommend to Congress a Consumer Privacy Bill of Rights. In addition to consumer-focused proposals, the President wants to broaden the legal definition of unauthorized computer access under the Computer Fraud and Abuse Act (CFAA) and increase penalties for computer access crimes.
Back to Sony: Connecting back to last week’s post, could the Sony hacking scandal have been influential in directing this agenda? As mentioned in Vol.1, the Sony hack has “broad implications for the future of law enforcement, crime and punishment, privacy, and war.” Those implications may already be coming to light as Shaun Donovan, the Director of the Office of Management and Budget, has cited to the Sony hack in writing the Administration’s cybersecurity proposals to Congress. Donovan states:
[T]he dramatic increase in cyber intrusions and the recent destructive and coercive attack on Sony Pictures Entertainment offer a stern reminder that we must act with urgency to do everything possible to better protect the Nation and economy against cyber threats.
With that statement in mind, consider two questions posed by the New York Times:
When should the federal government step in to fight hackers? And is America’s own use of cyberweapons a complicating factor?
Blackhat: Hollywood’s recent connections with cybersecurity don’t stop with the Sony hack. The just-released Blackhat glamorizes the world of hacking and raises the question: could the current climate of fear of cyber crime lead to over-inclusive policy making? Members of the Obama administration are already citing to the Sony hack as reasoning for increasing punishments and broadening the power of the CFAA. Is this reasoning justifiable? Can increasing penalties effectively deter undesirable hacking? (The legal ramifications didn’t seem to deter the Sony hackers.)
Just about every week during the fall and spring semesters, the TLPC spends time discussing current events in tech law and policy. Our students do a great job researching and highlighting current events, so this semester we thought we’d share what we’re reading with the world.
I have the task of leading our inaugural discussion, so I’m going to focus on two events that have blown up over our winter break:
Net Neutrality. While it’s hard to narrow down the 10+ year-old net neutrality / Open Internet discussion down, the biggest news over break was the soft-launch of the Commission’s plan to reclassify ISPs under Title II of the Telecommunications Act— announced at the Consumer Electronics Show—in rules to be voted on at the Commission’s February open meeting. Other interesting issues waiting in the wings include the treatment of wireless providers, the Commission’s approach to forbearance, various other bells and whistles of the final item (I’m particularly interested in the treatment of reasonable network management and the premises operator exception), and how the courts and Congress will ultimately impact the state of play (or not).
The Sony Hack. There’s so much to say about this, but I’ve been most interested in the epistemological debate over whodunit (is it North Korea, or isn’t it?), and the difficulty of assessing adversaries online. This is the tip of the iceberg for this phenomenon, which has broad implications for the future of law enforcement, crime and punishment, privacy, and war.
We at TLPC are proud to introduce the pilot episode of our podcast, Tech Law and You. In the inaugural episode, we present an interview with Jeff Blattner, President of Legal Policy Solutions and Clinical Professor at American University in Washington, DC. Student attorneys Mel Jensen and Alex Koral talk with Jeff about his time working for Senator Ted Kennedy, and discuss lessons for law students on maintaining strong relationships, working on teams, and building a portfolio of skills.
(by Stephanie Vu, Colorado Law 3L, and Stefan Tschimben, Interdiscliplinary Telecom Program student)
On October 20th, the TLPC and the ATLAS Institute at the University of Colorado held a screening and panel discussion of the documentary The Internet’s Own Boy: The Story of Aaron Swartz. The documentary follows the life and death of Internet activist and programing prodigy Aaron Swartz. Aaron played a part in the creation of web feed format RSS (Really Simple Syndication) and was a co-founder of Reddit. Aaron was best known to some for his political activism against the Stop Online Piracy Act and his crusade for the open access to information. This crusade led to a two-year legal battle and ultimately his death at age 26. The documentary explores the relationship between civil liberties and technology and gives a heartfelt account of a young man whose life work has benefited almost everyone who has ever used the internet.
According to Professor Blake Reid, “Aaron’s life and death have left an indelible mark on public policy surrounding technology, digital civil liberties, and access to knowledge. The Internet’s Own Boy is a window into Aaron’s legacy through which anyone interested in the future of our democracy in an information age should take a careful and thoughtful look.”
Congratulations to the winners of the 2014 CU Fall Technology Policy Challenge! The winning team consisted of four TLPC members. From left to right: Molly McClurg (Colorado Law 2L), Amber Williams (Colorado Law 3L), Stefan Tschimben (CU Interdisciplinary Telecommunications Program student), and Vickie Stubbs (ATLAS Institute student).