The House passed legislation 278-136 Wednesday that would end NSA’s call detail records program (see 2003100031). The chamber was considering amendments in the early evening. Sens. Mike Lee, R-Utah, and Rand Paul, R-Ky., plan to block the legislation, which revises and renews the Foreign Intelligence Surveillance Act. It “doesn’t fix what’s wrong with FISA. It would not have stopped the spying that occurred against” President Donald Trump, Lee tweeted: “I will do everything I can to oppose it in the Senate,” and if it passes, Trump should veto it. “It is by no means a perfect bill,” Judiciary Committee Chairman Jerry Nadler, D-N.Y., said on the House floor Wednesday. “There are many other changes to FISA that I would have liked to have seen here -- but this bill includes important reforms.” USA Freedom Act Section 215 surveillance authorities are to expire Sunday. Attorney General William Barr announced support for the House compromise. The House bill contains “new requirements and compliance provisions that will protect against abuse and misuse in the future while ensuring that this critical tool is available when appropriate to protect the safety of the American people,” Barr said. That Barr, who helped craft the phone records program, supports the bill “is further proof that the bill is utterly inadequate,” said American Civil Liberties Union Senior Legislative Counsel Neema Singh Guliani. The ACLU wrote lawmakers opposing the House legislation, saying the changes “are minimal -- in many cases merely representing a codification of the status quo.”
Washington state representatives refused to back down Tuesday after senators refused to accept House amendments to the proposed Washington Privacy Act (SB-6281) Monday. The House appointed Innovation, Technology and Economic Development Committee Chairman Zack Hudgins (D) and Reps. Drew Hansen (D) and Jeremie Dufault (R) to a House-Senate conference committee. Accepting conference, the Senate appointed bill sponsor and Environment, Energy and Technology Committee Chairman Reuven Carlyle (D), Democratic Deputy Leader Manka Dhingra and Republican Whip Ann Rivers. Lawmakers must work out differences on enforcement, facial recognition and other issues before legislative session ends Thursday (see 2003090051).
The Washington House voted 63-33 Friday on a bipartisan basis for a facial recognition bill (SB-6280). Members amended the bill to add language on private use of facial recognition that had been in the state’s comprehensive privacy bill (SB-6281). Lawmakers decided in recent days to remove the controversial section from the main privacy bill and move it to the other bill, Rep. Norma Smith (R) told us on the phone from the House floor Friday. Smith, who voted aye, praised the amendment by Rep. Debra Entenman (D), which included a private right of action and made other changes. "I originally wanted a ban" on facial recognition after learning about racial bias and other issues, Entenman said on the floor. "This technology does not see me as a brown-skinned person and as a woman." She urged supporting the bill with her amendment to add "moral guardrails." SB-6280 next goes to a House-Senate conference. Friday was the last day for floor votes, but as of 6 p.m. EST, the House hadn't voted on SB-6281 or its more than 25 amendments. The bill coming to the floor allows individuals to bring lawsuits under the state’s Consumer Protect Action, Smith said. Debate over enforcement and facial recognition divided Washington state lawmakers (see 2002280070).
Senate Commerce Committee privacy negotiations are at a standstill, Chairman Roger Wicker, R-Miss., and Senate Majority Whip John Thune, R-S.D., told reporters Tuesday. “We continue to be hopeful, but at this point, there isn’t any path forward,” Thune said, blaming trial lawyers for continuing to move the goalposts on what constitutes an acceptable compromise. “We’re at loggerheads,” Wicker said. “The issues are what the issues have been all along,” including a private right of action and federal pre-emption. “One of the actions that drew attention to this issue to begin with was the California law, which does not have a private right of action,” he said: The Health Insurance Portability and Accountability Act “doesn’t have a private right of action. The bipartisan Washington state law doesn’t have a private right of action. So I don’t know why it’s become a cause celebre for federal data privacy legislation.” It’s a nonstarter for Republicans, but Democrats are insistent, Wicker said. “At some point, a decision is going to have to be made: Do we have a federal standard or not? Consumer groups, small businesses, providers and all sorts of employers and employees across the nation are going to soon see the benefit if not the necessity of having a nationwide standard.”
Safe harbor rules should protect the telecom industry from liability when providers inadvertently block a legitimate call, they said, but companies placing outbound calls to customers demand efforts to ensure legitimate calls go through and corrective action when they don't, in comments to the FCC Wireline Bureau posted through Monday in docket 17-97. Public health and safety sectors report "alarmingly increased levels of blocked or mislabeled calls," said the Credit Union National Association. There's no comprehensive or reliable data on the effectiveness of blocking tools that identify illegitimate or fraudulent calls without also interfering with the ability of legitimate providers to have their calls completed or not mislabeled as spam, it said. USTelecom tells the FCC providers act with care and caution while call blocking. Providers are sensitive to overblocking, the accuracy of their analytics tools improve every day, and providers want to quickly address legitimate calls that are inadvertently blocked, it said. Industry can address concerns while under a safe harbor, it said. ACA International, which represents collection agencies, opposed a safe harbor and wants the FCC to rescind its call blocking declaratory ruling. It said current regulations give too much discretion to voice service providers to determine what types of calls can be blocked. Calls sent by alarm company central stations responding to an alarm continue to be blocked or labeled as potential fraud by voice providers, said the Alarm Industry Communications Committee. AICC urged the FCC to adopt a critical call list of numbers that may never be blocked, including central station numbers used to respond to alarms. But a database of whitelisted numbers "would be a target for bad actors to spoof and otherwise exploit, even with robust security measures," CTIA said. T-Mobile asked the FCC to work with stakeholders to adopt a narrow definition of critical calls, such as those from public safety answering points. T-Mobile also asked the FCC to remain flexible as it measures the success of call blocking. "The tactics used by scammers to target and reach consumers are always evolving," it said. Voice service providers should notify callers immediately upon blocking or labeling a call as spam, Twilio said, and designate a contact point for redress when calls are blocked erroneously. Industry must coalesce around a standard enabling transmittal of secure handling of asserted information using tokens (Shaken) and secure telephone identity revisited (Stir) call authentication information access across TDM-based networks as mandatory implementation deadlines approach, the Cloud Communications Alliance said.
A Maryland House vice chair asked why the state should pass net neutrality given litigation against other states and possible constitutional hurdles. The Maryland House Economic Matters Committee heard testimony Wednesday on a hybrid net neutrality/ISP privacy bill (HB-957). Two other privacy bills at the hearing in Annapolis covered topics that could be part of an effort this summer by a working group led by Del. Ned Carey (D) to develop a comprehensive data privacy bill for next year, said Comcast Vice President-State Government Sean Looney. Net neutrality bills have come up since 2018 in the state's legislature. Vice Chair Kathleen Dumais (D) asked why Maryland “should go out on a limb” before court decisions for other states facing litigation by ISPs. California and Vermont net neutrality laws are on hold after ISPs sued, noted Dumais. “How do we get beyond the supremacy clause of the U.S. Constitution?” ISPs "will challenge anything,” said Gigi Sohn, Benton Institute senior fellow. Maryland Attorney General Brian Frosh (D) supports HB-957. Frosh was one state AG that challenged FCC repeal. Del. Mark Fisher (R) disagreed with some advocates, doubting network operators would invest if they face restrictions. The bill might have more support if it addressed only privacy, he said. Net neutrality supporters have been declaring the end of the web for the three years the bill has been in the legislature, but the internet has become faster and more reliable, said Comcast's Looney. Don’t weave a patchwork of state net neutrality laws, said cable lawyer Matthew Brill of Latham and Watkins: the supremacy clause precludes state action. Wireless users are protected, and it’s “untenable” for states to regulate a national service, said CTIA Director-State Legislative Affairs Lisa McCabe. Comcast urged lawmakers to delay geolocation and biometrics proposals by Del. Sara Love (D) so the privacy working group can look at it this summer. HB-307 proposes biometric data retention rules. HB-1389 would require opt-in consent and disclosure before businesses can collect, use, store or disclose geolocation information from a location-based app. Frosh's office supports Carey's bill (HB-237) to expand the Maryland Person Information Protection Act, said Assistant AG Hanna Abrams. “If you collect data, protect it,” she said. “If something happens, let people know.” Consumer Reports supports requiring manufacturers to secure IoT devices under Carey’s HB-888, said Policy Counsel Katie McInnis. Del. Warren Miller (R) raised a concern the bill may be too broad by including Bluetooth.
An FCC Disability Advisory Committee resolution seeks changes to how privacy of telecom relay service users is protected. The agency should require that data is stored only as long as necessary to fulfill the requirements of the user registration database, and that records are destroyed immediately thereafter, DAC said Wednesday.
Washington state's privacy bill will get a vote Friday at 8 a.m. PST in the Innovation, Technology and Economic Development Committee, confirmed Chairman Zack Hudgins (D) in a Wednesday email to stakeholders. "There is a rumor of a 'new bill' which I think is actually a working draft." It's the committee's last meeting before the deadline to get bills passed by the Senate out of House committee.
The consortium selected to manage industry efforts to trace illegal robocalls to comply with the Telephone Robocall Abuse Criminal Enforcement and Deterrence Act "should enable the participation of a diverse range of voice service providers in the tracebacks that it conducts and allow the participation of any and all providers that are identified in the call path of a traceback," USTelecom told the FCC. Comments were posted through Tuesday in docket 20-22. The agency opened a rulemaking this month (see 2002060038). NCTA wants the consortium to create an executive committee represented by different industry sectors "given an equal voice in the management." The cable group wants budget transparency if fees are collected. It asked whether a traceback group must be independent from a single association. Incompas wants the FCC to spell out how it will evaluate a registrant's claim of neutrality, and it wants to know what criteria the agency will use to select a single consortium for the private-led traceback efforts. Incompas suggested the North American Numbering Council advise the FCC here. The FCC also got comments this week on technical requirements for a reassigned numbers database (see 2002250062).
The California Consumer Privacy Act's right to delete could disrupt “efficient transmission of recall notifications,” which could lead to serious injury or death, U.S. Consumer Product Safety Commission member Peter Feldman wrote in Monday comments on revised CCPA draft rules by California Attorney General Xavier Becerra (D). A Republican, Feldman sought an exemption allowing businesses to keep data for consumer safety or recall efficiency reasons. The AG plans to start enforcing the law July 1 (see 2002070054).