US Tech Coalition Calls for New Online Privacy Law

Changes urged to US privacy law
By Maggie Shiels
Technology reporter, BBC News, Silicon Valley

US technology firms and privacy groups have called for an overhaul of privacy laws, saying the government has too much access to private online data.

Google, eBay and others have launched the Digital Due Process coalition, seeking to update the 1986 privacy act, passed before internet usage exploded.

It calls for warrants to be issued before e-mails and texts are handed over to law enforcement agencies.

It seeks more protection of data stored online and mobile tracking information.

Outdated law

The coalition is looking to re-write the Electronic Communications Privacy Act (ECPA) of 1986 that governs what kinds of private digital information the government has access to and how they may obtain it.

“It is not surprising that a law written in 1986 didn’t foresee the privacy protections we need some 25 years later,” Richard Salgado, Google’s senior counsel for law enforcement and information security told BBC News.

The coalition – which includes over 30 members drawn from the worlds of industry, privacy and academia – said the ECPA is “a patchwork of confusing standards that have been interpreted inconsistently by the courts”.

For example, law enforcement agencies can get access to some email information, instant messages, and other data stored online through simple subpoenas, not court-ordered warrants.

The coalition has recommended that a warrant be required before internet providers must hand over the online information – just as a warrant is required for a physical search of a suspect’s computer or filing cabinets.

It wants similar protection before mobile carriers turn over tracking information about customers.

It also want courts to ensure any real-time information like texts and instant messages are relevant to an investigation.

“The law needs to be clear that the same standard applies to email and documents stored with a service provider, while at the same time be flexible enough to meet law enforcement needs,” said Jim Dempsey of the Center for Democracy and Technology.


Members of the coalition said that had had discussions with the White House, the FBI and the justice and commerce departments.

They acknowledged that law enforcement agencies were likely to resist any change and a long debate was almost certain before Congress would act.

“We are not expecting that these will be enacted this year, but it’s time to begin the dialogue,” the CDT’s Mr Dempsey told reporters.

Senator Patrick Leahy, chairman of the Senate Judiciary Committee, said he planned to hold hearings on “much-needed updates” to the US privacy act.
Story from BBC NEWS:

Published: 2010/03/31 04:58:53 GMT


Google Takes A New Approach to China

1/12/2010 03:00:00 PM

Like many other well-known organizations, we face cyber attacks of varying degrees on a regular basis. In mid-December, we detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google. However, it soon became clear that what at first appeared to be solely a security incident–albeit a significant one–was something quite different.

First, this attack was not just on Google. As part of our investigation we have discovered that at least twenty other large companies from a wide range of businesses–including the Internet, finance, technology, media and chemical sectors–have been similarly targeted. We are currently in the process of notifying those companies, and we are also working with the relevant U.S. authorities.

Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.

Third, as part of this investigation but independent of the attack on Google, we have discovered that the accounts of dozens of U.S.-, China- and Europe-based Gmail users who are advocates of human rights in China appear to have been routinely accessed by third parties. These accounts have not been accessed through any security breach at Google, but most likely via phishing scams or malware placed on the users’ computers.

We have already used information gained from this attack to make infrastructure and architectural improvements that enhance security for Google and for our users. In terms of individual users, we would advise people to deploy reputable anti-virus and anti-spyware programs on their computers, to install patches for their operating systems and to update their web browsers. Always be cautious when clicking on links appearing in instant messages and emails, or when asked to share personal information like passwords online. You can read more here about our cyber-security recommendations. People wanting to learn more about these kinds of attacks can read this Report to Congress (PDF) by the U.S.-China Economic and Security Review Commission (see p. 163-), as well as a related analysis (PDF) prepared for the Commission, Nart Villeneuve’s blog and this presentation on the GhostNet spying incident.

We have taken the unusual step of sharing information about these attacks with a broad audience not just because of the security and human rights implications of what we have unearthed, but also because this information goes to the heart of a much bigger global debate about freedom of speech. In the last two decades, China’s economic reform programs and its citizens’ entrepreneurial flair have lifted hundreds of millions of Chinese people out of poverty. Indeed, this great nation is at the heart of much economic progress and development in the world today.

We launched in January 2006 in the belief that the benefits of increased access to information for people in China and a more open Internet outweighed our discomfort in agreeing to censor some results. At the time we made clear that “we will carefully monitor conditions in China, including new laws and other restrictions on our services. If we determine that we are unable to achieve the objectives outlined we will not hesitate to reconsider our approach to China.”

These attacks and the surveillance they have uncovered–combined with the attempts over the past year to further limit free speech on the web–have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down, and potentially our offices in China.

The decision to review our business operations in China has been incredibly hard, and we know that it will have potentially far-reaching consequences. We want to make clear that this move was driven by our executives in the United States, without the knowledge or involvement of our employees in China who have worked incredibly hard to make the success it is today. We are committed to working responsibly to resolve the very difficult issues raised.

Update: Added a link to another referenced report in paragraph 5.