Written by Mark M. Jaycox
Last year, we saw more battles in Congress over Internet freedom than we have in many years as user protests stopped two dangerous bills, the censorship-oriented SOPA, and the privacy-invasive Cybersecurity Act of 2012. But Congress ended the year by ramming through a domestic spying bill and weakening the Video Privacy Protection Act.
In 2013, Congress will tackle several bills—both good and bad—that could shape Internet privacy for the next decade. Some were introduced last year, and some will be completely new. For now, here's what's ahead in the upcoming Congress:
The Computer Fraud and Abust Act (CFAA), was one of the key laws the government used in its relentless and unjust prosecution of Aaron Swartz. Zoe Lofgren has proposed "Aaron's Law," which ensures that breaking a terms of service or other contractual obligation does not amount to a CFAA violation. Lofgren's reforms are a terrific start and will be introduced in Congress over the coming weeks. EFF has also proposed revisions to Lofgren's language and overall reform to the CFAA that reduces the draconian penalties and clarifies key definitions in the statute. The proposed reforms will go a long way in preventing a similar situation from happening to a freedom fighter like Aaron again. It's unclear where the language stands in the Senate, but Senators like Ron Wyden have voiced support for Lofgren's bill and should take up CFAA reform. You can take action and email your members of Congress to tell them to support reform of the Computer Fraud and Abuse Act here.
Once again, the 113th Congress will try to update the archaic Electronic Communications Privacy Act. The law, which was passed in 1986, lays out procedures for when the government can obtain your private electronic messages, like email or Facebook messages, from service providers. ECPA states that the government doesn’t need a warrant for emails when they are older than 180 days—even though the Sixth Circuit held that this “180-day rule” violates the Fourth Amendment. Despite the ruling, the Justice Department continues to argue that the DOJ does not have to obtain a warrant.
Last Congress Senator Leahy successfully moved the Senate Judiciary Committee to approve an ECPA amendment mandating warrants for all private electronic communications, but the bill didn’t get to the full Senate. This year, both Senator Leahy and House Reps. Goodlatte and Lofgren will introduce similar legislation to ensure that the same protections that apply to physical private messages also apply to virtual private messages.
Congress should take the lead from the courts and move the legislation forward.
Updating ECPA is also about protecting users geolocation information, especially after the Supreme Court’s decision in the GPS case, United States v. Jones. Senator Wyden and Rep. Chaffetz's GPS Act mandates that the government obtain a warrant before it seeks a user's geolocation information. Currently, the government can obtain such information without a warrant or probable cause, which is something the government has done at a staggering rate.
But the government isn't the only entity spying on cell phone users. Over and over, users are learning the hard way that private companies surreptitiously collect information from users' mobile devices and often share that data with unknown third parties. That's why Congressmen like Rep. Markey and Senator Franken introduced legislation last Congress that requires clear notification and disclosures when a company collects and shares user information with third parties. Both Congressmen plan to reintroduce and move the legislation forward in the 113thCongress.
Congressmen are also girding for another fight on Cybersecurity. Along with more warnings of an upcoming "cyber-Pearl Harbor," Congressmen named cybersecurity a priority in 2013 and are planning to reintroduce a new version of an “information sharing” cybersecurity bill called CISPA, which as EFF described at the time, carved a giant and vague “cybersecurity” loophole into all US privacy laws, while also granting new powers and legal immunity to companies.
The Internet community helped defeat the Cybersecurity legislation and Congress needs to craft any new bill with the utmost concern for privacy.
Lastly, there are rumors that the Obama Administration will propose a new Internet surveillance law, which will expand the Communications Assistance to Law Enforcement Act(CALEA), which forces telephone companies to build a wiretap-friendly backdoors into all their technology—but not social networks and other web-based communications services. In 2005, the FBI pushed the FCC to rule that VOIP and "facilities-based internet access providers" had to abide by CALEA requirements. Now they want even more power. This expansion is in spite of the fact that the FBI has yet to respond adequately to EFF's FOIA lawsuit seeking records that would justify the need to expand federal surveillance laws, given they have a myriad of ways to get such data already (Google’s transparency report shows the government requests for user data is skyrocketing).
The White House and the FBI have not released what is in the proposed legislation, but one report states the FBI wants to require Internet companies, like Google, Facebook, and Twitter to build the same type of backdoors for real-time government surveillance. This would not only create a huge Internet security problem, making the Internet less safe just as Congress pushes for a cybersecurity bill, but threatens basic privacy on the web.
The potential for the 113th Congress to introduce backwards bills like CISPA and CALEA is great. But Congress, and especially new members, should take note of the Internet community's strong—and successful—opposition to bills like SOPA.
It's time to curry favor with everyday constituents, and not with giant corporations or overreaching law enforcement.
Mark is a Policy Analyst and Legislative Assistant for EFF while also performing legal intake and research.