Department of Homeland Security Secretary Kirstjen Nielsen repeatedly cited the need for “relentless resilience” Friday, lauding launch of the Cybersecurity and Infrastructure Security Agency. President Donald Trump signed legislation Friday restructuring the National Protection and Programs Directorate into CISA, a new DHS agency.
Karl Herchenroeder
Karl Herchenroeder, Associate Editor, is a technology policy journalist for publications including Communications Daily. Born in Rockville, Maryland, he joined the Warren Communications News staff in 2018. He began his journalism career in 2012 at the Aspen Times in Aspen, Colorado, where he covered city government. After that, he covered the nuclear industry for ExchangeMonitor in Washington. You can follow Herchenroeder on Twitter: @karlherk
Senate Minority Leader Chuck Schumer, D-N.Y., was “very aware” the Senate Intelligence Committee “has been relentless” in probing Facebook about foreign meddling, ranking member Mark Warner, D-Va., told reporters Thursday. Warner was asked about a report suggesting Schumer, whose daughter works at Facebook, told Warner to tone down the probe, so Facebook could focus on GOP misinformation and other issues.
Google warned NTIA against requiring user consent in every instance of data collection, saying “processing of personal information is necessary to simply operate a service and is not particularly risky." The agency posted comments Tuesday, including those earlier reported on (see 1811130058 and 1811090050). Always needing consent could “create a complex experience that diverts attention from the most important controls without corresponding benefits,” Google said. Federal privacy legislation should be applied across all industries that collect user data, whether online or offline, Amazon said. The company warned against a patchwork of privacy laws that “diverts significant resources from inventing new features that will delight customers.” Companies should conduct thorough risk assessments of data collection, Microsoft said. If risks to the user from collecting data outweigh potential benefits of processing the data, “processing should only be allowed to proceed with the individual’s informed consent, as provided through an experience that meets the GDPR requirements,” the company said. Congress should craft legislation that would set U.S. standards that supercede EU general data protection regulation standards limiting access to the Whois database (see 1810310008), MPAA told NTIA. Legislators should “ensure that certain basic WHOIS information remains publicly available, and that any information that the GDPR does require to be removed from public access still be available to third parties with legitimate interests through a reasonable, timely, and effective process,” it said. FTC comments to NTIA released Tuesday are encouraging for online platforms like Facebook and Google, Cowen analyst Paul Gallant said Wednesday. The agency’s comments seemed supportive of a flexible approach to data gathering and against any opt-in data consent requirements, he said.
Moving privacy legislation will be “right at the top of necessary and achievable goals” in 2019, Sen. Roger Wicker, R-Miss., expected to chair the Senate Commerce Committee, told us. Whether a split Congress improves prospects for achieving compromise on a privacy bill is unclear, said lawmakers from both chambers this week.
Consumer protection for artificial intelligence systems is a lot harder for the FTC without clear visibility into system decision-making, said Electronic Frontier Foundation Tech Projects Director Jeremy Gillula Tuesday during the agency’s seventh policy hearing. Some companies have made an effort, but it’s an ongoing problem, he said. Consumers and researchers might not necessarily need every detail about machine learning and artificial intelligence decisions, said Google Brain Team Senior Staff Research Scientist Martin Wattenberg. Google isn't giving “the full matrix of every weight in the neural network, but we’re giving them information that’s useful at the level that they want in terms of a concept that they’re actually interested in.” Wattenberg emphasized progress made in coming up with ways to understand these systems: “They no longer need to be considered black boxes.” Google recommended practices for fair artificial intelligence use, which covers interpretability, privacy and security. Computer & Communications Industry Association Competition and Regulatory Policy Director Marianela Lopez-Galdos questioned whether laws that focus on consumer welfare are sufficient to address machine learning issues.
The FTC defended its ability to protect consumer privacy, noting limitations. In comments to NTIA (see 1811090050) released Tuesday, FTC staff cited the lack of civil penalty authority, broad rulemaking authority and ability to take action against nonprofits and common carriers. The Children's Online Privacy Protection Act is limited because it doesn’t address offline data or data about children, staff said. The agency “supports a balanced approach to privacy that weighs the risks of data misuse with the benefits of data to innovation and competition,” it said, with 5-0 support from commissioners.
Civil penalty authority could encourage companies to take data security seriously, an incentive to increase investment, said FTC Consumer Protection Bureau Director Andrew Smith Friday at a Free State Foundation event. He was asked about the agency’s recent no-fine settlement with Uber (see 1810260040). It’s very difficult to show the “causal link” between a security breach and harm to consumers, he said, but some commissioners believe there’s a “systemic underinvestment” in data security.
Industry groups warned NTIA against pushing privacy policies that restrict data collection. Consumer groups argued for more FTC authority and higher standards on data collection consent. Friday was NTIA’s deadline for comment on the administration’s privacy principles effort. The agency will make them publicly available this week, so we asked stakeholders what they filed, and others released them. Some said they were working on them Friday, and others said they don't plan to file.
BMI and ASCAP consent decrees let companies like Amazon, Facebook, Google and Netflix not pay songwriters what they deserve (see 1810010031), and it’s good DOJ is exploring these decrees, National Music Publishers Association CEO David Israelite said in a Technology Policy Institute podcast. Songwriters “should have a right to negotiate the price of what they create in a free market, and the consent decrees prevent them,” he said in a conversation TPI promoted this week that included RIAA President Mitch Glazier. Thursday, the Internet Association didn’t comment. The Music Modernization Act’s Mechanical Licensing Collective (see 1809180059) will revolutionize how the music industry treats data, Israelite said. The MLC establishes a royalty payment database governed by a board of 10 publishers and four songwriters with oversight from the Copyright Office. It’s unique that the industry won’t “treat the ownership information as proprietary or confidential but rather as public information that is designed to get proper payment,” Israelite said, noting sound recordings will be publicly accessible for three years when the proper owner can’t be found.
The White House will draft data privacy legislation if asked, said National Economic Council Special Assistant to the President Abigail Slater Thursday. Regulating social media is a conversation worth having, she told a Washington Post event. Officials should weigh Europe’s approach to internet regulation while injecting American standards and values, said Slater. President Donald Trump said Wednesday he’s open to working with Democrats to regulate social media (see 1811070053).