House Commerce Chairman Fred Upton, R-Mich., said encryption isn't about picking sides, but assessing options. "Identifying a solution to this problem may involve trade-offs and compromise, on both sides, but ultimately it comes down to what society accepts as the appropriate balance between government access to encryption and the security of encrypted technologies,” he wrote on Medium, to which his office linked in a news release Wednesday. A House Commerce subcommittee last week held a hearing about the issue and included testimony from several law enforcement and technology experts (see 1604190002).

By a 419-0 vote, the House approved the Email Privacy Act (HR-699), which would protect the content of people's emails and electronic communications (see 1604260014). Approval of the measure, which updates part of the Electronic Communications Privacy Act (ECPA) of 1986, was hailed by privacy and technology associations, which said ECPA lagged behind the rapid advancement of technologies such as cloud computing. "In order for the law to keep up with technology and users' reasonable expectation of privacy, that information must be protected by a search warrant," said Center for Democracy and Technology's Chris Calabrese in a statement. He was one of the negotiators who forged a compromise bill with the House Judiciary Committee, which approved HR-699 two weeks ago. The measure, which was introduced by Reps. Kevin Yoder, R-Kan., and Jared Polis, D-Colo., in February 2014, was expected to pass because it had 314 co-sponsors. “Citizens should no longer be at risk of having their emails warrantlessly searched by government agencies," said Polis in a statement. "The Email Privacy Act will update our archaic privacy laws for the 21st century and safeguard our Fourth Amendment rights." CTA President Gary Shapiro said in a statement that the same privacy protections apply now to both online communications and physical mail. It will "instill confidence in consumers that personal data is legally protected, no matter where it is stored," he added. Similar statements came from the American Civil Liberties Union, the Computer & Communications Industry Association, Information Technology and Innovation Foundation, Institute for Policy Innovation, Internet Association and TechNet. In a joint statement, Sens. Mike Lee, R-Utah, and Pat Leahy, D-Vt., who introduced a similar measure in the Senate, called the House vote "a historic step" in updating privacy laws. They said their bill has broad support and urged the Senate to act and pass it (see 1604140010).

Senate Republican High-Tech Task Force Chairman Orrin Hatch, R-Utah, plans a special roundtable Wednesday with TechNet members on cross-border data flows, encryption and privacy, intellectual property protections, the Trans-Pacific Partnership trade agreement and other issues, said a news release from his office. More than 25 CEOs and senior executives -- including Oracle CEO Safra Catz, Cisco Executive Chairman John Chambers, Microsoft President-Chief Legal Officer Brad Smith and Google General Counsel Kent Walker -- will discuss the political network's legislative priorities for 2016, the release said. The discussion won't be open to the media and public. Hatch's task force had a closed discussion April 20 with Gibson Dunn attorney Ted Olson on encryption. Olson led Apple's legal fight with the government over getting the company's help in trying to access the contents of an iPhone used by one of the San Bernardino, California, mass shooters (see 1604180028). After the discussion, Hatch said in a statement he appreciated Apple's "willingness to engage in a public debate about how best to balance the needs of law enforcement agencies with those of our technology companies. These are not easy issues, and it will take input from every side to develop a viable solution."

The Congressional Budget Office said enacting the Email Privacy Act (HR-699), which updates the Electronic Communications Privacy Act of 1986, "would have no significant cost to the federal government." CBO said in a one-page report Monday that "enacting the legislation would not affect direct spending or revenues; therefore, pay-as-you-go procedures do not apply." It said HR-699, which is set for a House floor vote Wednesday, "would not increase net direct spending or on-budget deficits in any of the four consecutive 10-year periods beginning in 2027." CBO said the bill includes no intergovernmental or private-sector mandates, nor would it impose costs on state, local or tribal governments. The legislation would close a loophole that allowed law enforcement agencies to access an American's private emails and other stored electronic content -- if the content is more than six months old -- without a warrant during criminal investigations. The bill would require a warrant in all instances. HR-699 has more than 300 co-sponsors and was unanimously approved by the House Judiciary Committee April 13 (see 1604130036).

More than a million people use Facebook over the Tor Internet anonymizing software since Facebook made the website directly available over the Tor network in 2014, wrote Alec Muffett, Facebook's software engineer for security infrastructure, in a Friday blog post. Last June, about 525,000 people accessed Facebook over Tor over a "typical 30 day period" by using the Tor browser to access the site directly, the Facebook Onion site built specifically for Tor users or through the Orbot app on Android devices, he said. "This number has grown -- roughly linearly -- and this month, for the first time, we saw this '30 day' figure exceed 1 million people." People use Tor generally to improve their privacy and security on the Internet.

The Electronic Frontier Foundation said it will appeal a decision by a federal judge that the FBI isn't violating the Constitution by issuing National Security Letters (NSLs) with accompanying gag orders that prohibit electronic communications providers from even revealing they received such a letter. EFF said in a Thursday news release it will appeal the March 29 decision, which was unsealed this week, to the 9th U.S. Circuit Court of Appeals. The privacy group, representing two unidentified providers, challenged the NSL statutes beginning in 2011. “This government silencing means the service providers cannot issue open and honest transparency reports and can’t share their experiences as part of the ongoing public debate over NSLs and their potential for abuse," said EFF Deputy Executive Director Kurt Opsahl in the release. "Despite this setback, we will take this fight to the appeals court, again, to combat USA FREEDOM’s unconstitutional NSL provisions." One of EFF's clients has been gagged since 2011, he said. NSLs are a type of administrative subpoena that seeks subscriber information that's relevant to a terrorism investigation or clandestine activity, U.S. District Judge Susan Illston said in her ruling. EFF said Illston ruled in 2013 that NSL provision was unconstitutional, but the government appealed to the 9th Circuit, which said changes made by the USA Freedom Act enacted in 2015 require a new review by the U.S. District Court in San Francisco. Illston's unsealed ruling said the USA Freedom Act amendments "cure the deficiencies ... and that as amended, the NSL statutes satisfy constitutional requirements." She also said the government justified in three NSL applications that disclosure would endanger U.S. national security and create other harms. But she said the government couldn't justify a fourth application. "However, the client still cannot identify itself because the court stayed this portion of the decision pending appeal," EFF said.

Two House committees that formed a joint bipartisan working group last month on encryption released a "roadmap," broadly outlining its scope and duties, said Republican and Democratic leaders of the House Judiciary and the Commerce committees in a joint news release. The bipartisan group (see 1603210061), which is expected to complete its work by the end of this Congress, is projected to meet with federal, state and local government entities, former government officials, industry and civil society groups, legal experts, academics and cryptographers. Members and staff can also do site visits, and outside groups are encouraged to submit papers, scholarly articles and testimony, which will be made public, the release said.

The Electronic Frontier Foundation sued DOJ to find out whether the government used "secret orders" to compel technology companies to decrypt the private communications of customers, after two EFF Freedom of Information Act requests and appeals went denied or unanswered. EFF, which filed the lawsuit Tuesday, said the practice could jeopardize the security of devices used by millions of people. The federal government has sought assistance from technology companies, notably Apple in the San Bernardino, California, mass shooting case and others (see 1603290059), through legal challenges in traditional federal courts, EFF said. But the Foreign Intelligence Surveillance Act (FISA) "allows the government to seek technical assistance from third parties with respect to any application it seeks or order or opinion it receives from the" Foreign Intelligence Service Court (FISC), the suit said. The privacy group wants to know how much FISA has been used and how much FISC has forced companies to help the government. “If the government is obtaining FISC orders to force a company to build backdoors or decrypt their users’ communications, the public has a right to know about those secret demands to compromise people’s phones and computers,” said EFF Senior Staff Attorney Nate Cardozo in a news release. EFF filed a FOIA request with DOJ's National Security Division Oct. 8, and Justice responded that it hadn't found any documents except for "two items of potentially responsive correspondence" that were determined to be exempt from FOIA. EFF filed an administrative appeal Jan. 22, saying DOJ "improperly withheld records under FOIA." That was denied April 4. EFF filed another FOIA request March 7, which DOJ hasn't responded to, prompting the suit. Justice declined to comment Wednesday.

Senate Republican High-Tech Task Force Chairman Orrin Hatch, R-Utah, plans a closed special session Wednesday with Gibson Dunn attorney Ted Olson, who led Apple's legal team in the fight with DOJ and the FBI over getting Apple's assistance in gaining access to the iPhone used by one of the San Bernardino, California, mass shooters. Olson, U.S. solicitor general under President George W. Bush, will discuss constitutional and statutory issues of the San Bernardino case, implications and considerations for policymakers. All members of the Senate are invited to the briefing, which will be closed to the media and public, a notice said.

Consumers in 24 countries, including the U.S., are increasingly worried by how their personal information is being managed by companies and governments, said a Centre for International Governance Innovation (CIGI)-commissioned global survey released Monday. Done by research firm Ipsos, the survey of 24,153 users Nov. 20-Dec. 4 found 57 percent of people globally were more concerned about their online privacy than a year ago. Only 30 percent of respondents said they thought their government "is doing enough" to keep personal data secure and safe from companies, the survey said. The poll found 38 percent didn't think their Internet activities were being monitored, while 46 percent thought their activities weren't being censored. "Internet users are expressing a clear lack of trust in the current set of rules and, more importantly, in the actors that oversee the sharing and use of personal data online,” Fen Hampson, director of Canada-based CIGI’s global security and politics program, said in a news release. But 70 percent of respondents said law enforcement agencies should have a right to access people's online communications for "valid national security reasons," including 64 percent of Americans, the survey said. It also said 63 percent of respondents don't want companies to develop technologies preventing law enforcement from accessing content of people's online conversations.