Top Five Internet Issues to Watch in 2013
Opinion from the Center for Democracy & Technology
Feb. 14, 2013 -- It's been a little over a year since a tsunami of protest brought down the ill-fated SOPA and PIPA, the two bills in Congress that were supposed to protect the copyrights of musicians and movie makers, but left Internet companies saying they'd have to be digital police. After such heavyweights as Google and Wikipedia weighed in, the bills died, leaving Washington shell-shocked and the burgeoning Internet community emboldened.
It is now well understood that the American people care about the Internet and value its openness and freedoms. This year is likely to be a critical one for the open Internet, with issues on the agenda in Washington that may affect the character of the Internet for generations to come.
Here are five high critical issues that Internet users ought to care about now:
A Warrant Requirement for Communications Content Stored in the Internet 'Cloud'
What's the issue? The government's access to the personal information that you store online -- email, photos, calendars and even location information generated by your cellphone -- is governed by the Electronic Communications Privacy Act (ECPA). It was enacted in1986, when cellphones were, literally, the size of bricks and the closest thing to a smartphone was the Dick Tracy "wrist radio." But more than 25 years of innovation has far outpaced the initial protections provided by ECPA, leaving the courts to try and sort out how and when the law applies. Under ECPA, law enforcement agencies do not need a warrant to gain access to most of the content stored in the cloud.
Last year Sen. Patrick Leahy, D-Vt., ECPA's original author, made a run at updating the law to require a warrant for both content and for some location information. ECPA reform is backed by an unusually broad and diverse coalition of advocates and companies.
What's at stake? Ensuring all data you store online has strong privacy protection against government access. The scandal that swallowed the career of four-star general and former CIA Director David Petraeus gave the American public a jolt when news accounts chronicled that the FBI had been snooping around the general's Gmail account and the Gmail accounts of others caught up in the scandal. Right now, if you have email stored more than 180 days, it is essentially fair game for any law enforcement agency to sift through, without having to prove to a judge that there's a compelling reason.
And it's not just email that's at stake here. Your smartphone is a personal tracking device, sharing your location in the normal course of its operation. Law enforcement's appetite for that information seems insatiable, with records showing that investigators made 1.3 million requests to mobile carriers in one year for subscriber information such as text messages and location information.
The courts are beginning to require warrants in some instances. For example, the Supreme Court recently ruled that it is unconstitutional for the police to attach a GPS tracker to a suspect's car without getting a warrant, and the Sixth Circuit found that the Fourth Amendment protects email. But it will be up to Congress to bring the law fully into the 21st century to protect our rights as technology evolves.
Surveillance Back Doors on the Internet
What's the issue? For many years, the Communications Assistance for Law Enforcement Act (CALEA) has required telephone and later interconnected Voice over IP networks to have technical "back doors" to give law enforcement officers easy wiretap access when they have a lawful intercept order. Now the FBI wants to expand that law to the Internet, requiring apps and Internet services to build in similar back doors.
Clearly, lawful electronic surveillance plays a vital role in fighting crime and protecting national security; however, these goals must be achieved without clamping down on cherished freedoms or at the cost of chilling innovation and choking off commerce. Though no official CALEA II legislation has been introduced, the FBI's public demands suggest that its proposal will be alarmingly broad.
What's at stake? CALEA II mandates could dramatically increase government surveillance at a time when wiretapping is near record levels, chilling free speech and stoking fears of Big Brother. Human rights activists abroad who count on encrypted peer-to-peer communications to resist surveillance would become newly susceptible to oppression. Extending CALEA would create new cybersecurity vulnerabilities, essentially leaving the "back door" open for malicious hackers, identity thieves and foreign agents to exploit.
CALEA II would chill the global demand for American-made communications services. It would stifle innovation because any new app or service would have to be designed to be "wiretap ready," a cost that start-up companies would find untenable. And it would likely prompt other countries to impose new mandates that are equally burdensome.
The Battle Over the FCC's "Open Internet" Safeguards
What's the issue? In December 2010, the FCC adopted rules to safeguard the Internet's open character -- sometimes referred to as "Internet neutrality" rules. The rules are intended to preserve the Internet as a level playing field on which innovators are free to launch new services and users are free to access those services without tampering or favoritism.
To preserve this open environment, Internet Service Providers (ISPs) are barred from restricting the types of services or websites you use, and they cannot play favorites by speeding some up and slowing others down.
Verizon quickly challenged the rules in court. The company argues that the FCC lacks authority over ISP behavior and that ISPs have a First Amendment right to engage in "editorial discretion" just as newspapers and cable TV operators do. A decision is expected sometime later this year.
What's at stake? The next generation of new and innovative online services. The Internet itself is just a platform; what really empowers users is the ever-evolving set of online services and technologies. Thanks to the Internet's freewheeling environment, users constantly find better ways to communicate, work, and play – often in ways they would never have imagined just a few years before.
The innovation engine is fueled by the simple fact that, from its inception, the Internet has enabled upstarts to launch new services without getting any kind of blessing or permission from established network operators. But if the FCC's rules are struck down, ISPs could choose to become the Internet's new kingmakers, dictating which content, websites, and services will be accessible and how well they perform.
Indeed, if the court were to agree with Verizon's First Amendment argument, ISPs would have legal carte blanche to "edit" their subscribers' online communications. Subscribers could complain to their ISPs, of course, but most Americans have very few options for broadband access and so may not have the luxury of voting with their pocketbooks by changing providers. The end result would be an Internet on which new and experimental services and technologies cannot just be launched, but instead require the prior consent or participation of major ISPs. The "next big thing" might never get off the ground.
Reform of a Dangerously Broad Computer Crime Law
What's the issue? The Computer Fraud and Abuse Act (CFAA) is a dangerously vague and broad law -- so much so that simply lying about your age on Facebook, or otherwise violating a website's terms of service or an employer's computer use policy, could be prosecuted as a federal crime. For years my organization, the Center for Democracy & Technology (CDT), has worked with a broad, bipartisan coalition to reform this law to better protect average Internet users and better target malicious hackers.
Last year this coalition succeeded in getting the Senate Judiciary Committee to approve new language that would have narrowed the law. Unfortunately, the bill to which that language was attached didn't make it to the Senate floor before the end of the congressional session.
At the beginning of this year, however, a tragedy revived the debate over what conduct should count as a computer crime and how those crimes should be punished. The week before Internet Freedom Day -- a holiday to commemorate the victory against SOPA that he helped make possible -- Internet activist Aaron Swartz took his own life. At the time of his death, Aaron was facing the possibility of years in prison and millions of dollars in fines for alleged violations of the CFAA, and his death has prompted new bipartisan calls for reform on Capitol Hill.
Rep. Zoe Lofgren, D-Calif., posted to Reddit a draft CFAA reform bill -- "Aaron's Law" -- shortly after Swartz's passing. In the spirit of the open Internet that Swartz championed, CDT has been collaborating with allies like the Electronic Frontier Foundation, the ACLU and Stanford's Center for Internet & Society in an open process on Reddit to provide suggestions on how that draft can be improved and expanded before it's introduced. Fixing the CFAA is long overdue, and we hope that this tragedy will at the very least spur Congress to enact these much needed reforms.
What's at stake? The ability to use the Internet without fear of being targeted by an overzealous prosecutor and threatened with decades in prison for taking steps to protect your identity, engage in critical security research, or make innovative uses of data that's been published to the public web. With Rep. Lofgren and Sen. Ron Wyden, D-Ore., indicating their intent to introduce CFAA reform bills that would clarify and narrow the scope of the law, other advocates further pressing for more just and proportionate penalties under the law, and netroots activists gearing up for major campaigning on the issue, it looks like 2013 may finally be the year that Congress updates computer crime law for the 21st century.
Violating a contract isn't a felony in the offline world and it shouldn't be one in the online world, and as it has in past years, CDT will continue to work with its allies to press for a CFAA that is both strong on crime and sensible in its scope.
Cybersecurity Legislation
What's the issue? The U.S. government, companies and Internet users themselves all face growing cybersecurity threats. Sharing information about those threats is critical to counter them. However, cybersecurity bills introduced in the last Congress threatened privacy by authorizing over-sharing of information, and because they could have put the super-secret National Security Agency (NSA) in effective control of civilian cybersecurity program.
What's at stake? The nation's civilian cybersecurity program could turn into an intelligence wiretapping program. To avoid this, the sharing of information about cybersecurity threats must be carefully constrained, the authority to counter those threats clearly and narrowly defined, and a civilian agency -- the Department of Homeland Security -- should be in charge.
If the nation's super-secret spy organization, the NSA, becomes an unconstrained hub for cybersecurity information sharing, there will be no public accountability for its use and misuse of Internet communications shared with it, and no confidence that Internet communications it obtains for cybersecurity purposes are not used for unrelated intelligence surveillance. Activists who rose up to defeat SOPA and PIPA are ready to defend the Internet against such a disaster.
This piece is the opinion of the author and does not represent the opinion of ABC News.