First GDPR, now ePR: EU’s next privacy law could regulate messaging services like WhatsApp, Skype, iMessage

Originally published June 13, 2018 in One World Identity

On the heels of the EU’s General Data Protection Regulation, Europe is gearing up for its next big privacy push, this time taking aim at data collection within messaging apps. But critics contend the proposed law goes too far, potentially stifling innovation and hurting profits.

OWI Insight: The EU is trying to walk a fine line with GDPR and ePR, ensuring consumer protection without stifling development of new technology and hurting businesses across Europe. There is one catch, though: It’s a bit easier for the EU to take these risks, because, as The Financial Times notes, the bulk of innovation in the tech sector is coming from China and North America. It is telling that many of the heaviest hitters opposing ePR in the Developers Alliance are American companies from Silicon Valley. With the dust from GDPR yet to settle, and apparent infighting at the Council of the European Union over ePR, don’t be surprised if the new law encounters further delays and doesn’t take effect by its targeted deadline of early 2019.

Developers Alliance CEO Statement on the ENCRYPT Act Introduced by Congressman Lieu (D-CA)

Developers Alliance President/CEO Bruce Gustafson:

“The ENCRYPT Act was a great idea in 2016 and it’s an even better one now. Earning the trust and confidence of users is the Software Developer community’s highest priority, and strong encryption is the best way to ensure the privacy and security of user data. There is no such thing as a secure back door; the worst possible future is a patchwork of rules and prohibitions and a ring full of skeleton keys held by every agency and official across 50 states and an untold number of foreign governments. The ENCRYPT Act unambiguously places the Federal Government as the front-line defender of U.S. data security and we strongly support Congressmen Lieu (D-CA), Jim Jordan (R-OH), Suzan DelBene (D-WA), and all co-sponsors for their vision in bringing this legislation forward. Establishing the United States as the global champion of strong encryption is a critical step in securing the nation's ongoing leadership in innovation and entrepreneurship" 


REP LIEU INTRODUCES BIPARTISAN BILL TO STANDARDIZE NATIONAL ENCRYPTION POLICY

Originally posted on Congressman Lieu's official website

June 7, 2018 | Press Release

WASHINGTON – Today, Congressman Ted W. Lieu (D-Los Angeles County), Congressman Mike Bishop (R-MI), Congresswoman Suzan DelBene (D-WA) and Congressman Jim Jordan (R-OH) reintroduced the Ensuring National Constitutional Rights for Your Private Telecommunications (ENCRYPT) Act. The legislation would preempt state and local government encryption laws to ensure a uniform, national policy for the interstate issue of encryption technology.

Upon introduction, Mr. Lieu writes:

“Any discussion of encryption and law enforcement access to data needs to happen at the federal level. As a computer science major, I can tell you that having 50 different mandatory state-level encryption standards is bad for security, consumers, innovation, and ultimately law enforcement. Encryption exists to protect us from bad actors, and can’t be weakened without also putting every American in harm’s way. I am proud to lead this bipartisan group of Members who understand this is an issue of interstate commerce and economic security as well as cybersecurity. The ENCRYPT Act ensures we can have a national discussion about encryption without compromising consumers’ security in the process.”

Upon introduction, Mr. Bishop writes:

“The safety of our nation is the number one priority for this Congress, and establishing a pathway for decryption would create new vulnerabilities to be exploited by bad actors. To better protect our information from cyber threats, whether it deals with our nation’s security, commerce or personal data, we need a unified policy. The ENCRPYT Act is a critical first step in adopting a national approach – instead of the patchwork of encryption standards that our tech industry and law enforcement face today.”

Upon introduction, Ms. DelBene writes:

“Our goal needs to be keeping people’s personal information secure. When 50 states have different laws on encryption, it undermines our efforts to protect innocent Americans from bad actors who are looking to snatch personal data for their own nefarious uses. This legislation strengthens our national security, while ensuring that people’s privacy is protected and advances in technology can continue to flourish.”

Upon introduction, Mr. Jordan writes:

“We know federal agencies have abused warrantless surveillance in the past. The current patchwork system for encryption makes it easier for further abuses of the system and increases the problem by creating potential opportunities for abuse by 3rd party actors. By creating a unified approach to encryption, we can protect security and privacy while allowing law enforcement to continue keeping us safe. Today’s introduction of the ENCYPT Act is an important step in the right direction.”

Support for the ENCRYPT Act:

The App Association President Morgan Reed:

“On behalf of app developers and tech innovators across the country and around the world, we can attest to the value of encryption technologies to protect data and prevent crimes. The App Association is proud to support the ENCRYPT Act, and we commend Representatives Lieu, Bishop, DelBene, and Jordan for their leadership in reintroducing this timely bill.

"The ENCRYPT Act is a necessary step to ensure Americans can use encrypted technologies to protect themselves and their data, regardless of where they live. Encryption protects our most valuable information from nefarious cyber criminals – securing everything from private healthcare data to financial transactions, proprietary business information to the countless interactions that occur throughout the $950 billion global app ecosystem. Weakening encryption through a patchwork of conflicting state policies would jeopardize this protection and create known vulnerabilities that hackers seek to exploit. This legislation establishes national guidelines for the interstate use of encrypted technology and protects the data that drives our local economies and the app economy at large, and we urge Congress to advance these important measures through swift consideration of this important bill."

ITI:

“Encryption is vital to securing consumers’ private information and protecting them from Cybercriminals. With that said, the level of protection consumers experience should not be determined by the state in which they live. State mandates that either ban strong encryption technology, or require the design of intentional vulnerabilities, are untenable from both a security and policy standpoint. ITI commends Reps. Ted Lieu, Suzan DelBene, Mike Bishop, and Jim Jordan for their leadership on the ENCRYPT Act.”

Developers Alliance President/CEO Bruce Gustafson:

“The ENCRYPT Act was a great idea in 2016 and it’s an even better one now. Earning the trust and confidence of users is the Software Developer community’s highest priority, and strong encryption is the best way to ensure the privacy and security of user data. There is no such thing as a secure back door; the worst possible future is a patchwork of rules and prohibitions and a ring full of skeleton keys held by every agency and official across 50 states and an untold number of foreign governments. The ENCRYPT Act unambiguously places the Federal Government as the front-line defender of U.S. data security and we strongly support Congressmen Lieu (D-CA), Jim Jordan (R-OH), Suzan DelBene (D-WA), and all co-sponsors for their vision in bringing this legislation forward. Establishing the United States as the global champion of strong encryption is a critical step in securing the nation's ongoing leadership in innovation and entrepreneurship" 

New America’s Open Technology Institute Policy Counsel and Government Affairs Lead Robyn Greene:

“Despite a wave of news stories and an Inspector General report showing that encryption is not the insurmountable obstacle that the FBI, prosecutors, and state and local police claim, the second Crypto War is unrelenting. Law enforcement has lost credibility in this debate, and Congress should reject their continuing calls for legislation to help them break encryption. We welcome the introduction of the ENCRYPT Act as a step toward putting this endless debate over encryption backdoors to bed once and for all.”

Engine Executive Director Evan Engstrom:

“We applaud the authors of the ENCRYPT Act for working to prevent state and local governments from forcing companies to intentionally weaken the security of their products and services. Undermining encryption would be especially devastating for startups and their users, since they typically lack the resources necessary to protect unencrypted user information. Internet users rely on encryption-enabled startups every day to do things like communicate with loved ones, protect connected devices, and store and share sensitive health, banking, and business information. Weakening encryption will harm those startups and put their users’ sensitive information at risk.”

IA President & CEO Michael Beckerman:

"The internet industry applauds Rep. Ted Lieu, Rep. Jim Jordan, Rep. Susan DelBene, and Rep. Mike Bishop for reintroducing the ENCRYPT Act. Weakening encryption by requiring companies to engineer vulnerabilities into their devices and services makes us all less safe and less secure. Encryption protects our country from countless threats to the financial system, sensitive infrastructure, and individual privacy. The ENCRYPT Act recognizes the importance of encryption to our national security and daily lives."

This bill is also supported by the i2Coalition and Niskanen Center

###

The Next Big Anti-Tech Backlash Is Just Beginning

By Maya Kosoff
Originally published in Vanity Fair on May 29, 2018

Last week, dozens of American-based media and Internet companies went dark for 500 million citizens of the European Union. The culprit? The E.U.’s General Data Protection Regulation (known as G.D.P.R.), which forces companies to adhere to certain guidelines when it comes to the use and storage of people’s data. The law is already causing panic in Europe: in addition to the blackout, tech giants have been hit with multi-billion-dollar complaints filed by European privacy advocates, and programmatic ad buying has plummeted. But the E.U. is on the verge of an even more dire privacy crisis, which could provide a chilling preview of Silicon Valley’s fate should the U.S. choose to follow in its footsteps.

The Next Privacy Battle in Europe Is Over This New Law

By Natasha Singer
Originally published in The New York Times on May 27, 2018

The new European data privacy legislation is so stringent that it could kill off data-driven online services and chill innovations like driverless cars, tech industry groups warn.

The American Chamber of Commerce to the European Union called the legislation “overly strict.” The Developers Alliance, a trade group representing Facebook, Google, Intel and dozens of app makers, said it could cost businesses in Europe more than 550 billion euros, or about $640 billion, in annual lost revenue. And DigitalEurope, another tech trade group, said the legislation’s prohibitive approach “seriously underminesthe development of Europe’s digital economy.”

The NYT article is mentioned in The Daily Mail

What Developers Need to Know About Europe’s Data Privacy Rules

Originally published April 28 in IEEE Spectrum 

New GDPR regulations on personal data will affect even individual coders
By Jeremy Hsu

On 25 May, enforcement will begin of the European Union’s General Data Protection Regulation (GDPR): a law covering any organization anywhere in the world that handles the personal data of EU residents. Many individual developers and small-business owners will need to make sure that their applications, services, and websites comply with the GDPR, even if they do not live in EU countries.

The GDPR aims to give Europeans a clear understanding of who has their personal data and more control over its use. This means organizations must be much more disciplined about capturing and using personal data. “You need to be able to produce, delete, and audit the data easily,” says Michela Palladino, director of European policy and government relations for the nonprofit Developers Alliance.

This article appears in the May 2018 print issue as “What You Need to Know About Europe’s Data Privacy Rules.”

Your Software Is Belong to Us: What if Every Piece of Software Was a Foreign Language?

Your Software Is Belong to Us: What if Every Piece of Software Was a Foreign Language?

Without interoperable software, the future and growth opportunity of the Internet of Things is diminished and may be even in doubt, along with the thousands of companies and millions of developers working on IoT projects. If a handful of companies can control the keys to device and software interoperability, we can be certain of slower growth, higher consumer costs, and lost opportunities for entrepreneurs and innovators.

Dear Congress: Please don’t make us live through the net neutrality nightmare again

Original Source

Spoiler alert: regardless of how the net neutrality debate unfolds at the Federal Communications Commission, we’re headed back to where we were at the start of this fiasco, prolonging the agony of ordinary people, including developers, who rely on a stable and healthy internet for their jobs. Do we need rules? Yes. Do we need rules that change every four years? Please, please no. We need sensible, long-term solutions so everyone knows what rules to play by now and 10 years from now.

For those that remember the pre-net neutrality days, the internet was doing just fine. Apps were being developed, websites launched and once in a while, a startup made it big. The FCC was on the sidelines, watching the big telecom players it regulated build out better and faster networks. But no one trusts giant corporations, and regulators live to regulate, and so the FCC, which isn’t elected and isn’t accountable to voters, decided to extend its reach and protect the internet from itself. They coined the term “net neutrality” and asked for public comment, knowing in advance where they’d take things.

Then the hysterics began.

And those hysterics are bound to repeat themselves. Every pundit and late-night comedian is going to rant as if there are real facts and predictable outcomes in play. But if living through this nightmare one more time would finally result in a stable set of Internet rules, developers would be happy. But the chances of that happening are slim. No matter what the FCC puts in place this time around, a future FCC will put it all back again. It’s like the film “Groundhog Day,” but with zombie hordes of D.C. lawyers.

What developers need is an internet where anyone that’s smart, hardworking, and a little lucky can win. Not a playing field that is rule-free, but one where the rules are known, and where rules are stable and consistent. The flaw in an FCC-driven internet is that the rules reflect the ideology of the sitting commissioners. When the referees change, the rules change too. That frustrates investors, stifles entrepreneurs and kills innovation.

But the fix is simple: Congress must establish a permanent set of net neutrality rules and remove the FCC from the game.

Everyone agrees that the internet must be free and open to all lawful traffic and internet providers must not be allowed to throttle, block, or harmfully discriminate against traffic online. We all agree that players should be transparent in their dealings. These principles have been the foundation of the vibrant growth and innovation that have defined the internet over the past two decades. They have ensured that internet providers don’t favor their own products and services or discriminate against competitors and that websites and applications rise and fall based on their merits, not censorship or manipulation of their traffic online.

For developers — companies that design and build the apps and programs that power the internet experience — this is especially important. They depend upon a stable internet environment that promotes innovation, investment and growth. And we need an internet — wired and wireless — that is open, competitive, stable, fast, and fair to all who use it.

This issue has bounced back and forth between the FCC and the courts for nearly a decade now. Twice, the courts have struck down the FCC’s efforts to police net neutrality. It has led the FCC to reinterpret depression era rules designed for the 1930s era monopoly telephone utility and attempt to apply them to today’s dynamic and hypercompetitive internet.

And now the FCC has launched a new proceeding to undo the flaws of this utility regulation while seeking ideas on how to protect net neutrality without it. This journey between the courts and the regulators and back again must stop. A set of rules, established by Congress, can easily put the issue of net neutrality to rest and support future investment and innovation in a strong, stable, and open internet.

Any other course would be, well, Groundhog Day.

Bruce Gustafson is a senior advisor for the Application Developers Alliance. He formerly headed the Washington, D.C., office of Ericsson, an international communications technology company.