Tighter Medical Privacy Rules Sought: Via NYT > Privacy.

he Obama administration is rewriting new rules on medical privacy after an outpouring of criticism from consumer groups and members of Congress who say the rules do not adequately protect the rights of patients.

Democratic lawmakers and a few Republicans have denounced the rules, saying they fall short of offering patients the fullest protections possible. Hospitals and insurance companies, seeking to maintain greater control over patient notification, generally support the rules. The White House finds itself caught in the middle.

The rules specify when doctors, hospitals and insurers must tell patients about the improper use or disclosure of information in their medical records. Such breaches appear to have become more frequent, with the growing use of health information technology, social media and the Internet.

Kathleen Sebelius, the secretary of health and human services, issued temporary rules, with the force of law, in August last year. After analyzing comments from the public, she developed final rules and submitted them to the White House Office of Management and Budget for approval in May.

At the urging of the White House, Ms. Sebelius recently withdrew the rules to allow for further consideration. [ Read more ... ]

Do Not Track: Not as Simple as it Sounds: Via Freedom to Tinker.

Over the past few weeks, regulators have rekindled their interest in an online Do Not Track proposal in hopes of better protecting consumer privacy. FTC Chairman Jon Leibowitz told a Senate Commerce subcommittee last month that Do Not Track is “one promising area” for regulatory action and that the Commission plans to issue a report in the fall about “whether this is one viable way to proceed.” Senator Mark Pryor (D-AR), who sits on the subcommittee, is also reportedly drafting a new privacy bill that includes some version of this idea, of empowering consumers with blanket opt-out powers over online tracking.

Details are sparse at this point about how a Do Not Track mechanism might actually be implemented. There are a variety of possible technical and regulatory approaches to the problem, each with its own difficulties and limitations, which I’ll discuss in this post.

An Adaptation of “Do Not Call” [ Read more ... ]

A Review of Verizon and Google's Net Neutrality Proposal: Via EFF.org Updates.

Efforts to protect net neutrality that involve government regulation have always faced one fundamental obstacle: the substantial danger that the regulators will cause more harm than good for the Internet. The worst case scenario would be that, in allowing the FCC to regulate the Internet, we open the door for big business, Hollywood and the indecency police to exert even more influence on the Net than they do now.

On Monday, Google and Verizon proposed a new legislative framework for net neutrality. Reaction to the proposal has been swift and, for the most part, highly critical. While we agree with many aspects of that criticism, we are interested in the framework's attempt to grapple with the Trojan Horse problem. The proposed solution: a narrow grant of power to the FCC to enforce neutrality within carefully specified parameters. While this solution is not without its own substantial dangers, we think it deserves to be considered further if Congress decides to legislate.

Unfortunately, the same document that proposed this intriguing idea also included some really terrible ideas. It carves out exemptions from neutrality requirements for so-called "unlawful" content, for wireless services, and for very vaguely-defined "additional online services." The definition of "reasonable network management" is also problematically vague. As many, many, many have already pointed out, these exemptions threaten to completely undermine the stated goal of neutrality.

Here's a more detailed breakdown of our initial thoughts: [ Read more ... ]

DOJ Pushing to Expand Warrantless Access to Internet Records: Via EFF.org Updates.

This morning's Washington Post reveals that the Department Of Justice has been pressuring Congress to expand its power to obtain records of Americans' private Internet activity through the use of National Security Letters (NSLs).

NSLs, you may remember, are one of the most powerful and frightening tools of government surveillance to be expanded by the Patriot Act. These letters allow the FBI to secretly demand data from phone companies and internet service providers about the private communications of ordinary citizens. The letters include a gag order, which forbids recipients from ever revealing the letters' existence to their coworkers, their friends, or even to their family members, much less the public. [ Read more ... ]

Why the New Federal "Trusted Internet Identity" Proposal is Such a Very Bad Idea: Via Lauren Weinstein's Blog.

Greetings. Last Friday, in White House Proposes Vast Federal Internet Identity Scheme, I posted a brief thumbnail expressing my major concerns regarding the expansive federal Internet Trusted Identity proposal.

Here are a few details explaining why I'm taking such a negative view of this plan.

It's important to note that this entire proposal under discussion, at this stage, is of course nothing but smoke. It has no functional reality, other than as a (useful) starting point for further discussion. But when viewed in the context of other government-related efforts, trends, and statements, it is quite alarming nonetheless, and it's very difficult to overstate its potential for serious negative consequences. Though indeed, like the vision of Christmas Future provided to Ebenezer Scrooge, it's currently only a shadow of what might be, not of what must or necessarily will be.

Let's look at one of the "Envision It!" boxes in the plan as posted at the Department of Homeland Security: [ Read more ... ]

White House Proposes Vast Federal Internet Identity Scheme: Via Lauren Weinstein's Blog.

Greetings. The White House has just released the draft of a rather chilling document -- tellingly hosted on Department of Homeland Security servers -- that proposes the creation of a vast, federally-led "Trusted identities in Cyberspace" infrastructure that would potentially reach into nearly every aspect of Internet use, from financial transactions to comments on blogs. The White House is seeking public comments on the proposal.

While touted as a voluntary public/private partnership toward universal Internet identities, it seems clear from an initial reading that such a scheme is a preemptive push toward what would eventually be a mandated Internet "driver's license" mentality of the sort I've been warning against (e.g. Saving Internet Anonymity -- The Struggle is Joined [April/2010]). [ Read more ... ]

EU Search Engine Snooping Mandate Sneaked Into Child Protection Declaration: Via EFF.org Updates.

A controversial, surreptitious proposal to compel search engines to store everything that European citizens search for on the Internet has been introduced by a few members of the European Parliament. The veiled mandatory data retention proposal was sneaked into a broader declaration called "Written Declaration 29," which ostensibly seeks to promote the protection of children by developing an early warning system (EWS) to fight against pedophiles and sex offenders. But hidden within the text of the Declaration is obscure language mandating the storing of searches on a massive scale:

Ask the [European] Council and the [European] Commission to implement Directive 2006/24/EC and extend it to search engines in order to tackle online child pornography and sex offending rapidly and effectively.

The Directive 2006/24/EC, more widely known as the European Data Retention Directive, is an unpopular framework that compels telecommunications service providers operating in Europe to store all communications traffic data between six months and up to 2 years, for possible use by law enforcement. [ Read more ... ]

Regulating and Not Regulating the Internet: Via Freedom to Tinker.

There is increasingly heated rhetoric in DC over whether or not the government should begin to "regulate the internet." Such language is neither accurate nor new. This language implies that the government does not currently involve itself in governing the internet -- an implication which is clearly untrue given a myriad of laws like CFAA, ECPA, DMCA, and CALEA (not to mention existing regulation of consumer phone lines used for dialup and "special access" lines used for high speed interconnection). It is more fundamentally inaccurate because referring simply to "the internet" blurs important distinctions, like the difference between communications transport providers and the communications that occur over those lines.

However, there is a genuine policy debate being had over the appropriate framework for regulation by the Federal Communications Commission. In light of recent events, the FCC is considering revising the way it has viewed broadband since the mid-2000s, and Congress is considering revising the FCC's enabling statute -- the Communications Act. At stake is the overall model for government regulation of certain aspects of internet communication. In order to understand the significance of this, we have to take a step back in time. [ Read more ... ]

Congress Coaxes States to Collect DNA: Via Threat Level.

Federal lawmakers are using the purse strings to coax more states into adopting rules that require suspects who are arrested for various crimes — but not charged — to submit to DNA sampling for inclusion into a nationwide database.

It doesn’t matter if the suspect was charged or even acquitted.

Sponsored by Harry Teague (D-New Mexico), the measure provides $75 million to the nation’s financially broken states — all in a bid to coax the 11 states with such DNA-testing laws to keep them on the books, and to entice others to follow suit. The Senate Judiciary Committee received the package Wednesday, a day after the House passed the bill on a 357 to 32 vote.

All Democrats voting approved the bill, CNET’s Declan McCullagh points out. And it’s likely to sail through the Senate. President Barack Obama, who supports DNA collection upon arrest, is expected to sign it.

The House’s passage of the so-called “Katie’s Law,” or HR 4614, comes as the states and federal government are slashing budgets in response to record-setting financial shortfalls.

All the while, a civil rights challenge to California’s DNA-collection law is pending in San Francisco federal court, a lawsuit threatening to derail similar laws in Alabama, Alaska, Colorado, Florida, Kansas, Louisiana, North Dakota, South Carolina, South Dakota and Vermont. [ Read more ... ]

House votes to expand national DNA arrest database via CNET by Declan McCullagh

Millions of Americans arrested for but not convicted of crimes will likely have their DNA forcibly extracted and added to a national database, according to a bill approved by the U.S. House of Representatives on Tuesday.

By a 357 to 32 vote, the House approved legislation that will pay state governments to require DNA samples, which could mean drawing blood with a needle, from adults "arrested for" certain serious crimes. Not one Democrat voted against the database measure, which would hand out about $75 million to states that agree to make such testing mandatory.

"We should allow law enforcement to use all the technology available to them...to reduce expensive and unjust false convictions, bring closure to victims by solving cold cases, better identify criminals, and keep those who commit violent crime from walking the streets," said Rep. Harry Teague, the New Mexico Democrat who sponsored the bill.

But civil libertarians say DNA samples should be required only from people who have been convicted of crimes, and argue that if there is probable cause to believe that someone is involved in a crime, a judge can sign a warrant allowing a blood sample or cheek swab to be forcibly extracted. [ Read more ... ]

ACTA Debate Gets Specific: Via CDT - Center for Democracy & Technology..

1. Draft Text of ACTA Made Public
   
2. ACTA’s Selective Export of U.S. Copyright Law May Foster Highly Skewed Legal Regimes in Other Countries
   
3. A Number of Proposed Provisions Could Encourage or Require Changes to U.S. Domestic Copyright Law
   
4. Other Concerns
   

1.  Draft Text of ACTA Made Public

Since late 2007, the United States and a number of other countries, including Australia, Canada, the European Union, Japan, Mexico, and South Korea, have been negotiating an “Anti-Counterfeiting Trade Agreement” (ACTA).  A variety of speculation, rumors, and leaks regarding what ACTA might contain have prompted concern in the blogosphere and the tech industry.  Until recently, however, the only official documents that had been publicly released were high-level outlines and statements offering little guidance on ACTA’s specific provisions and language. [ Read more ... ]

ACTA Discussion Show Audio from "Coast to Coast AM" Radio Now Online: Via Lauren Weinstein's Blog.

Greetings. A number of persons have requested the show audio from my extensive discussion of the many risks inherent in the process and particulars of ACTA (the Anti-Counterfeiting Trade Agreement) from "Coast to Coast AM" radio last Sunday night.

I was just informed this morning that it is now online -- all 2.5 hours including listener calls. Who says there's no in-depth discussion of important issues on national radio anymore?

Anyway, for your possible enjoyment and edification, or perhaps simply as a sleep aid, the show is available at this YouTube playlist. (I have no affiliation with this poster of the show.)

--Lauren--

Read Original Article:(Via Lauren Weinstein's Blog.)

ACTA Treaty Abominations on "Coast to Coast AM" Radio Tonight (Sunday): Via Lauren Weinstein's Blog.

Greetings. This is just a quick heads-up that I've been booked tonight (Sunday, 9 May) onto Coast to Coast AM -- the nationwide/global late night radio program -- for what will probably be a rather extensive discussion of the international ACTA (Anti-Counterfeiting Trade Agreement) and the various abominations in its ongoing (mostly secret) negotiations and currently known provisions.

My segment is currently scheduled to run through most of the first hour of the show at least (after the top of the hour news and show intro), which begins at 10 PM PDT. [ Read more ... ]

Lawmakers consider changes to wiretapping law to protect cloud services: Via Computerworld Privacy News.

Users of e-mail and cloud computing services need to have the same protections Users of e-mail and cloud computing services need to have the same protections from law enforcement searches as do people who leave information on laptops or in office cabinets, witnesses told a U.S. House of Representatives subcommittee.

Congress should rewrite the 1986 Electronic Communications Privacy Act (ECPA), a law governing law enforcement agencies' access to electronic information, to account for changes in technology in the past two decades, representatives of Microsoft and the Center for Democracy and Technology (CDT) said during a hearing Wednesday.

There's widespread confusion over the law, said James Dempsey, CDT's vice president for public policy.

The U.S. Department of Justice has asserted that federal agents do not need a court-issued warrant to request the contents of e-mail from vendors that store the e-mail, even though agents would need a warrant to see a document stored on a laptop or in a file cabinet, said Dempsey. Some courts have required warrants for stored e-mail, however. [ Read more ... ]

Run Privacy Upgrade — It's Time for Congress to Update ECPA: Via Blog of Rights: Official Blog of the American Civil Liberties Union.

Today, the House Judiciary Subcommittee on the Constitution, Civil Rights, and Civil Liberties is holding its first hearing to discuss the woefully outdated Electronic Communications Privacy Act. (Did we mention that it was written in 1986?!)

The Fourth Amendment of the Constitution was designed to protect the privacy of our personal information. Unfortunately, innovation has far outpaced the electronic privacy laws passed by Congress, leaving us in a world of grey areas, loopholes, and inadequate protections that simply don't match our modern world.

The ACLU submitted testimony calling on Congress to modernize ECPA in the following ways: [ Read more ... ]

Consumer Groups Say Proposed Privacy Bill Is Flawed: Via NYT > Privacy.

The proposal doesn’t provide enough protection, the consumer advocates say, from companies that want to gather personal information to tailor ads to users.

A LONG-AWAITED draft of a Congressional bill would extend privacy protections both on the Internet and off line, but privacy advocates said the bill did not go far enough in protecting consumers.

The draft legislation was released Tuesday by Representatives Rick Boucher, Democrat of Virginia, and Cliff Stearns, Republican of Florida. Mr. Boucher is the chairman of the House subcommittee on communications, technology and the Internet, and Mr. Stearns is the panel’s ranking minority member. The two lawmakers will collect comments on the draft, and hope to have formal legislation introduced within a month or so, Mr. Boucher said in an interview. [ Read more ... ]

Groups Call ‘Privacy’ Legislation Orwellian: Via Threat Level.

Privacy groups gave an overwhelming thumbs down Tuesday to proposed legislation by Rep. Rick Boucher (D-Virginia) that for the first time would mandate the length of time online consumer information could be kept.

The proposal would require websites to discard data collected from their users after 18 months. Some suggested the retention limit for consumer data should be shorter, perhaps just days, to allow a company enough time to mine it before deleting it.

“It’s very Orwellian to call this a privacy bill,” said Evan Hendricks, editor and publisher of Privacy Times.

Boucher said in a statement the bill’s goal “is to encourage greater levels of electronic commerce by providing to internet users the assurance that their experience online will be more secure.”

The legislation, which Boucher released Turesday as a “discussion” draft, also largely keeps intact the status quo of the so-called “opt-in” or “opt-out” paradigms. The measure is likely to remain in draft for months, privacy groups said. [ Read more ... ]

Net Neutrality: FCC Trojan Horse Redux: Via EFF.org Updates.

The Washington Post reports that FCC Chairman Genachowski is considering basing the FCC's proposed net neutrality rules on precisely the legal foundation discredited in a recent court ruling:

Specifically, he is exploring a legal push under the current legal framework for broadband, which is under Title I, that would make possible the FCC’s push for a new net neutrality rule and reforms under a national broadband plan, the sources said. That could include a legal push in courts where it would assert that the FCC has the mandate from Congress to deploy broadband to all Americans in a timely manner.

This is a bad idea, no matter what your views of the wisdom of the FCC's proposed net neutrality regulations. [ Read more ... ]

The Gizmodo Raid: A Preview of Hollywood's Dystopian Plan for Copyright Enforcement: Via EFF.org Updates.

Last week’s police raid on Gizmodo blogger Jason Chen’s house, in response to a request from Apple Inc., has led many to wonder why government resources are being spent on a spat between Apple and Gizmodo.

But here at EFF, we are also wondering if we’ve just seen the future of copyright enforcement. Although the Gizmodo seizure doesn’t appear to be rooted in copyright, having cops kicking in doors over what seems like a private dispute reminded us of recent efforts by the big content industries to get law enforcement to go after “copyright thieves.” [ Read more ... ]

Praising, cursing ACTA: reactions roll in: Via Law & Disorder Section - Ars Technica.

Ars has already dived deep into the bowels of the Anti-Counterfeiting Trade Agreement (ACTA), and our findings were about as pretty as that metaphor suggests.

The agreement has already been improved under public pressure, so what's the broader reaction to its release? We rounded up some of the most interesting reactions. If you want a sense of how the debate over ACTA will play out over the rest of this year, consider these talking points a sneak preview.

Read Original Article:(Via Law & Disorder Section - Ars Technica.)

ACTA Backs Away From 3 Strikes: Via Threat Level.

A proposed global intellectual-property treaty no longer nudges the international community to develop “three strikes” protocols to suspend internet connections of customers caught downloading copyrighted works, according to a draft of the Anti-Counterfeiting Trade Agreement released Tuesday.

The official draft of the proposed intellectual property accord was released after months of leaks and assertions by the Obama administration that it was a classified national security secret.

Still, critics of the proposal said Tuesday that a controversial theme in the draft (.pdf) remains: that the United States was “attempting to export a regulatory regime that favors big media companies at the expense of consumers and innovators,” according to Public Knowledge, a Washington, D.C., digital rights group.

The group and others were, in part, referring to the U.S. Digital Millennium Copyright Act. Under the DMCA, internet service providers are responsible for the infringing material hosted on their networks if they fail to remove the content at the rights holder’s request. [ Read more ... ]

Mass. Data Security Law Says "Thou Shalt Encrypt": Via Slashdot.

emeraldd writes with this snippet from SQL Magazine summarizing what he calls a "rather scary" new data protection law from Massachusetts: "Here are the basics of the new law. If you have personally identifiable information (PII) about a Massachusetts resident, such as a first and last name, then you have to encrypt that data on the wire and as it's persisted. Sending PII over HTTP instead of HTTPS? That's a big no-no. Storing the name of a customer in SQL Server without the data being encrypted? No way, Jose. You'll get a fine of $5,000 per breach or lost record. If you have a database that contains 1,000 names of Massachusetts residents and lose it without the data being encrypted, that's $5,000,000. Yikes.'"

Read Original Article:(Via Slashdot.) [ Read more ... ]

Preliminary Analysis of the Officially Released ACTA Text: Via EFF.org Updates.

The text of the draft Anti-Counterfeiting Trade Agreement was finally released to the public yesterday. We welcome the official release of the ACTA text after two years of negotiations. We can now have a serious public debate about its content and far-reaching impact on citizens' lives. [ Read more ... ]

Tell Congress Your Genes Aren't For Sale: Via ACLU Alerts.

In 1992 the US Patent Office started issuing patents on human genes to private companies. Currently nearly twenty percent of human genes are patented and vital scientific research and genetic testing has been delayed, limited, or even shut down due to concerns about patents. Once a patent is issued, an owner can prevent anyone from studying, testing, or even looking at a gene.

Genes are a product of nature and therefore should not be patentable. Patenting a gene is akin to issuing a patent for gravity or water. In March 2010, a federal court in New York agreed, voiding the patent issued to Myriad Genetic Laboratories on the breast cancer genes.

Representative Xavier Becerra (D-CA) introduced H.R. 977, the “Genomic Research and Accessibility Act” during the 110th Congress to bar the issuance of gene patents. He would like to reintroduce a new version of the bill this year, but needs your help. Representative Becerra needs support from colleagues on both sides of the aisle if his bill has any chance of being enacted.

Read Original Article:(Via ACLU Alerts.)

ACTA Text To Be Released on April 21.: Via EFF.org Updates.

The 8th round of negotiations on the controversial Anti-Counterfeiting Trade Agreement wrapped-up in New Zealand last week, with negotiators announcing that the ACTA text will be made public next Wednesday, April 21.

Around the world, those following ACTA have been analyzing the leaked 18 January consolidated text since it surfaced on the Internet last month. The leaked version contained much text in square brackets, indicating that there was significant disagreement between negotiating countries on fundamental issues such as ACTA’s scope. The leaked text also disclosed countries’ negotiating positions. We learnt, for instance, which countries were concerned about Three Strikes (thank you New Zealand and Canada), who wants ACTA to extend to patents, and who is proposing criminal sanctions for inciting, aiding and abetting intellectual property infringement (the EU). By comparison, the official version of ACTA will be released in an "unattributed" form; countries’ negotiating stances will not be included.

The U.S. negotiators had made clear before this negotiating round that release of the ACTA text would be conditional upon progress being made towards agreement on substance. Friday’s joint announcement suggests that occurred: [ Read more ... ]