Google’s request to seal documents in a civil suit accusing Google of violating wiretap laws by scanning Gmail messages “demonstrate[s] hypocrisy at the company’s core,” said Consumer Watchdog Privacy Project Director John Simpson in a Tuesday blog post (http://bit.ly/1hgF3dd). “Google is in the business of gathering data and making it public, often when people want to keep it private,” Simpson said. Google has argued information in the case might reveal trade secrets, and thus certain documents should be sealed, he said. “I think the reason is just Google’s reflexive secrecy about everything it does,” he said. A number of media organizations have filed an amicus brief with U.S. District Judge Lucy Koh, arguing First Amendment rights should require the disclosure of all legal proceedings in the case. Oral arguments will be held Thursday at the U.S. District Court in San Jose, Calif.
European Parliament approval of an investment package for pan-European digital projects and high-speed broadband networks “will help transform everything from movie theatres to operating theatres; from our transport to our tourism industry,” said Digital Agenda Commissioner Neelie Kroes in a statement Wednesday. The European Commission proposed the Connecting Europe Facility (CEF) in 2011 as part of a multiyear funding program to support transport, energy and digital infrastructure projects, setting aside 9.2 billion euros ($12.6 billion) for CEF digital, of which 7 billion euros would support investment in high-speed broadband, the EC said. Last year, however, the Council reduced the CEF digital amount to 1 billion euros, forcing the EC to “fundamentally reorient its plans,” the EC said. The vote comes on top of political agreement on an EC-proposed e-identification regulation as well as a plan to cut the cost of broadband rollout, making it a “great week for the digital agenda, said Kroes.
To discuss the Digital Millennium Copyright Act’s (DMCA) notice-and-takedown provisions, the Commerce Department’s Internet Policy Task Force, U.S. Patent and Trademark Office (USPTO) and NTIA scheduled a forum March 20, in Alexandria, Va., said a Commerce announcement (http://bit.ly/MYXMPm). The forum will be on the Commerce Department’s green paper on copyright, and is one of series planned for “approximately every six weeks, alternating between the USPTO main campus and Silicon Valley, at a location to be announced,” it said. Other green paper items, such as remixes, first-sale doctrine and statutory damages, will be discussed at upcoming meetings, it said. The goal of the meetings is for stakeholders to arrive at an “agreed outcome” on the DMCA’s notice and takedown provisions “by the end of 2014,” it said. Statutory damages and the first-sale doctrine were points of contention at the last green paper forum in December (CD Dec 13 p11).
Facebook and the GSM Association will try to bring Internet-based communication services to billions of people worldwide, they said Tuesday (http://prn.to/1jxpP3v). GSMA, which represents mobile operators such as AT&T, T-Mobile and Verizon, works with Facebook through their Internet.org partnership. Facebook revealed the start of Internet.org in August (CD Aug 22 p13) (http://bit.ly/1gzKsJJ), saying its goal was to bring Internet access to everyone in the world. The work with GSMA will help that, said it and Facebook. “While there are nearly 7 billion mobile connections worldwide, there are only 3.4 billion people that currently have mobile phones,” said GSMA Chief Regulatory Officer Tom Phillips. “Mobile will offer many around the world, particularly in emerging markets, their only access to the Internet and the information and communications services it enables."
The U.N.’s work in 2015 on the 10-year review of implementation of the World Summit on the Information Society (WSIS) and the Millennium Development Goals (MDG) must include “all stakeholders at the table,” said the Computer & Communications Industry Association, the Information Technology Industry Council, the Software & Information Industry Association and seven other Internet industry groups Monday. The U.N. should align the two reviews “to ensure that the WSIS goals and accompanying measurable targets are fully connected to the outcomes of the MDG review process,” the groups said in a joint letter to the Finish and Tunisian ambassadors to the U.N. The two ambassadors are leading consultations on how to organize the WSIS review. The U.N. should pursue “concrete, measurable targets” for the WSIS review and a “bottom-up-driven review process” that encourages multistakeholder participation, they said (http://bit.ly/1fnHfk0).
President Barack Obama needs to work with Congress to codify his Consumer Privacy Bill of Rights (CPBR) to strengthen the privacy protections of Americans, said a letter (http://bit.ly/1chdMSI) from 35 organizations, including the American Civil Liberties Union, Electronic Frontier Foundation and American Library Association, addressed to Obama. The letter was sent on the two-year anniversary of the Obama administration’s publication of its own CPBR (http://1.usa.gov/1lfWygZ), it said. “Americans today worry about retailers who lose their credit card information, intelligence agencies that gather their phone records, and data brokers that sell their family’s medical information to strangers,” it said. “We urge you to work with those in Congress who favor the privacy rights of Americans, who support updates to privacy law, and who understand why this issue is so critical to so many Americans,” it said.
Attorney General Eric Holder urged Congress to pass legislation that would create “a strong, national standard” that would require companies to alert consumers when a data breach may have compromised their information. National requirements on data breach notification would aid ongoing law enforcement efforts and “would empower the American people to protect themselves” if they are at a heightened risk of identity theft, Holder said Monday in a video posted on the Justice Department’s website. The law should include an exemption for “harmless” data breaches to “avoid placing unnecessary burdens” on responsible businesses, Holder said (1.usa.gov/1fyydPq). In the wake of recent breaches at Michaels, Neiman Marcus and Target which exposed consumers’ information, Congress has been exploring legislation that would institute rules for data breach customer notification. Bills under consideration include the Personal Data Privacy and Security Act (S-1897), the Data Security Act (S-1927) and the Data Security and Breach Notification Act (S-1976). Senate Commerce Committee Chairman Jay Rockefeller, D-W.Va., said in a statement that S-1976, which he introduced in late January, “would create this strong standard for notification when consumers’ personal information has been compromised. I know my colleagues understand how important it is to act urgently on data security legislation and I hope they work with me to pass this bill.” House Judiciary Committee Chairman Bob Goodlatte, R-Va., said in a statement that he welcomes Holder “to the discussion on how to address this growing problem.” House Judiciary has been studying its own data breach proposals and has been collecting input through hearings and other consultations that analyze the issue “from various perspectives,” Goodlatte said. House Commerce Trade Subcommittee Chairman Lee Terry, R-Neb., said in a statement that Holder should concentrate on prosecuting “hacktivists,” saying “Congress does the hard work of drafting legislation through the committee process and not the Administration through weekly addresses on You Tube.” Terry said he has been calling for a federal data breach notification standard for months and plans to explore the issue again during a subcommittee hearing on the FTC set for Friday.
The European Commission announced a list of cloud security certification schemes. One obstacle to uptake of cloud computing is worry about the security of systems in the cloud, Digital Agenda Commissioner Neelie Kroes wrote on her blog Monday (bit.ly/eadjGs). Although cloud computing can make systems safer, there are still valid questions about whether data will stay confidential and available and maintain their integrity, she said. Many of the concerns can be resolved by proper certification mechanisms that are transparent and customer-centered, she said. Such systems can’t offer a 100-percent guarantee, but do provide a framework to assess and mitigate risks. There are certification services on the market for network and information security, and some are relevant to the cloud, Kroes said. As part of its cloud strategy, the EC worked with the European Network and Information Security Agency (ENISA) and industry to learn how existing certification systems could help potential cloud users decide how secure different solutions are, she said. There are now several certification schemes for the cloud (bit.ly/1hKhEn5), all vetted by ENISA, Kroes said. This is just the first step and more certification systems will be added, she said.
Strict enforcement of existing European data protection laws is crucial for restoring trust between the EU and U.S., said European Data Protection Supervisor (EDPS) Peter Hustinx Friday. His opinion (bit.ly/1jjAj6w) responded to European Commission statements on rebuilding trust in EU-U.S. data flows and on the functioning of the safe harbor agreement that allows European companies to send personal data to the U.S. In addition, the EDPS said, reformed EU data protection rules should require clarity and consistency in addressing issues such as prerequisites for data transfers, processing of personal information for law enforcement purposes and conflicts of international law. He urged quick progress to thwart attempts by political and economic interests to narrow fundamental privacy rights. Hustinx stressed that massive monitoring of communications violates EU data protection and fundamental rights measures. Any exceptions to those rights for national security purposes should only be permitted if they are strictly necessary, proportionate and in line with European case law, he said. In addition to existing legislation, stronger laws and agreements are needed in the future to restore confidence that has been seriously undermined by various snooping scandals, he said. Other recommendations included: (1) Tighter deadlines for review of safe harbor and followup if any deficiencies remain. (2) Ensuring that current talks on an EU-U.S. “umbrella” agreement for law enforcement cooperation don’t legitimize massive data transfers but comply with existing rules. (3) Working toward more interoperability of national legal privacy frameworks. (4) EC-lead education initiatives on the security of data processed on the Internet in EU institutions and relevant bodies in member countries.
In the last month, more than 500 members have joined the International M2M Council, a recently-formed trade group for Internet of Things companies, said IMC in a Thursday news release (http://on.mktw.net/1eYm6Xp). Individuals from FedEx, Hyundai, Siemens Healthcare, Tata Group and the Defense Department are part of that recent group, IMC said. “There has been a leadership vacuum on a global level,” said IMC Executive Director Keith Kreisher. “Companies looking to deploy IoT business models are hungry for information -- how much will it cost and what are the risks?” IMC plans to also release a new “content library,” with case studies emphasizing the return on investment for deploying IoT technology, IMC said. AT&T and Iridium are among companies IMC has previously said have joined (CD Oct 16 p16).