Five Tech Policy Bugs Congress Needs to Fix
With the Innovation Act dead for this year (read: Why Congress Keeps Screwing Up Tech Policy), Congress’ list of unfixed bugs in laws relating to technology isn’t getting any shorter.
These are some of the biggest open problems that should be addressed:
1. Government snooping.
The Electronic Communications Privacy Act and its pathetically weak standard for law-enforcement access to email parked online remains intact. At the moment, police just have to be curious and nice about asking for data. The most meaningful action to fix this law has come from tech companies like Google, Microsoft, and Yahoo (Yahoo Tech’s publisher) that have decided that one circuit court’s ruling gives them enough ground to refuse to turn over stored data without a proper court order.
(The House did pass a bill last week, the “USA Freedom Act,” that’s supposed to end the National Security Agency’s bulk surveillance. But last-minute changes to the bill can leave the NSA still free to collect vast amounts of data on Americans.)
2. Net neutrality.
Congress seems far too divided to stop Internet providers from undoing the idea of the open Internet and charging websites extra for faster (or even any) delivery of content. That leaves the Federal Communications Commission alone to puzzle things through itself — and the lack of congressional resolve seems to have led the FCC to shy away from any straightforward ban on “paid prioritization” schemes.
3. Data breaches.
The continued absence of a federal standard for notifying customers when their personal data is inadvertently stolen or exposed leaves retailers, banks, and others dealing with 46 different state laws. This is even as episodes like the Target debacle expose the financial data of tens of millions of Americans.
4. Online privacy.
Congressional apathy has led to regulators (not lawmakers) like the Federal Trade Commission making policy. It’s good that the FTC is on the case (see its 2012 settlement with Facebook barring retroactive weakening of existing privacy rules), but are you sure the next administration will stay this course?
On one hand, congressional inaction isn’t all bad, as it prevented the passage last spring of a cybersecurity bill that in retrospect sounds like a fake story from The Onion — it would have encouraged companies to share details about vulnerabilities in their systems with, of all agencies, the NSA.
On the other hand, the Computer Fraud and Abuse Act continues to apply hopelessly broad definitions of a “protected computer” and unauthorized access to it. Those provisions can easily be read to criminalize violating a site’s terms of service or breaking an employer’s IT policies. And this overreach can have consequences beyond wasting courts’ times with ticky-tack violations: After prosecutors threatened Internet activist Aaron Swartz with 35 years in jail for stashing a laptop in a closet to download academic documents from MIT’s campus network for later public distribution, Swartz committed suicide last January.