The November-December 2019 Developers Alliance U.S. Policy Update.
In This Update
Chaos As Usual
Articles of impeachment against President Donald Trump have been laid out by Speaker Nancy Pelosi. The articles have passed House Judiciary and are set for a full House vote early the week of the 16th before the members leave for their holiday recess. A full explanation of the charges is here (TLDR: “abuse of power and obstruction of Congress”). Unsurprisingly, votes are expected to be along party lines. The drama shall continue into 2020, as the Senate is expected to pick up their hearings related to the charges after the break. Senate procedure will largely be based on how the Clinton impeachment hearing was handled procedurally. Senate Majority Leader Mitch McConnel (R-KY) sees a Trump removal from office unlikely, signifying that Republicans are mostly expected to side with the President.
Congress is still procrastinating on passing a full-year funding bill. Members have agreed to further delay the process with another stopgap bill that goes until late December. The new shutdown deadline will likely coincide with votes on Trump’s impeachment.
Intermediary Liability And Section 230
Section 230 of the Communications Decency Act, the law that protects platforms from liability when users post illegal content, continues to be a hot topic on both the Hill and the campaign trail. The list of questions grows, as to who is policing the internet, how much policing should occur, what liability should there be if there is an effort to police, and whose and what content should be policed and when.
Graham Seeks To “Child-proof” Social Media.
Senate Judiciary Chairman Lindsey Graham (R-SC) has been discussing a possible update to the liability protections for the tech industry under Section 230 of the Communications Decency Act. Specifically, Graham, in concert with Sen. Richard Blumenthal (D-CT), is looking at an update specifically to build in more safeguards for children against online predators. While the senators are on a crusade to “child-proof some of these social media sites because people lurk on these things and they prey on kids,” no draft bill has been released as of yet.
Intermediary Liability In The USMCA Called A “real gift to big tech.”
Section 230 was thrust into the spotlight this past month with regards to the U.S.-Mexico-Canada Agreement (USMCA) on trade. There was much debate on including the sweeping Section 230 provisions in the trade agreement to ensure that American technology companies will continue to benefit from the law’s immunity. Critics claimed that including the legal protections in the trade agreement could damage domestic efforts to amend the Section 230 law later on. Despite best efforts by some members, legal protections for tech companies stayed in the USMCA. Speaker Nancy Pelosi (D-CA) called it a “real gift to big tech.” Showing a bipartisan opposition to the result, Sen. Ted Cruz (R-TX) tweeted, “Something I rarely say: I agree with Nancy Pelosi.”
Kids (And Their Data) These Days…
Developers Alliance filed comments on December 9th, 2019 in response to a Federal Trade Commission (FTC) request on whether additional changes are needed to the 2013 revisions to the Children’s Online Privacy Protection Rule (COPPA Rule). Check them out here.
Warren Asks FTC To Find Its Courage.
The popular-yet-unpopular opinion in Washington right now is that the FTC desperately needs reform. While Elizabeth Warren (D-MA) thinks the lack of enforcement as of late is due to a lack of “courage” by the FTC, members on both sides of the aisle cite an overly broad agency mandate and lack of sufficient funding to remotely accomplish their organizational goals. This begs the question — how do we fix this? It’s tough to act as a regulator to Silicon Valley, where the world’s wealthiest and most technologically advanced companies run the show when your budget (when it’s actually passed *cough cough*) is dwarfed by the companies you’re supposed to be regulating, and the staffing for one large company in the space is 30:1 to the enforcers on a good day. This also goes without saying that the FTC has way more than one company in the space to regulate. Enter why there are so many members of Congress trying to make reforms in the privacy space…
Congress Considers A Federal Agency Enforcing Online Privacy.
Reps. Anna Eshoo (D-CA) and Zoe Lofgren (D-CA) — both of Silicon Valley released text for their Online Privacy Act. The bill seeks to establish a Digital Privacy Agency, complete with 1,600 employees and an annual budget of $200 million that aims to protect consumer privacy online. Legislation is slow-moving on the bill as there is still debate on the Hill over provisions for preemption and a private right of action, as well as a variety of points for how data will be treated, enforced, and when necessary, altered. The proposing representatives admitted privacy enforcement was a grand undertaking, with Eshoo citing “I believe that the FTC lacks the staff, the expertise, and the culture to take [this on].” Some republicans find the current iteration of the bill too aggressive.
New Data Privacy Bills Sponsored By Senate Democrats.
On December 3, Sen. Cantwell (WA-D) introduced a bill on data privacy rights. Known as the Consumer Online Privacy Rights Act (S.2968), the bill – which has been co-sponsored by multiple Senate democrats – allows for “people to see the personal information that is amassed about them and block it from being sold. The measure also promises steep fines and opens the door for Web users to bring lawsuits, if social media sites, retailers and others engage in harmful practices and break the rules.” Cantewell indicated that in order to get a bipartisan bill passed Republicans would need to support a private right of action, noting that many on the right are in favor of a federal law that preempts state legislation. Roger Wicker (R-MS) indicated that he’s open to potentially including a narrow private right of action in comprehensive data privacy legislation, despite Republicans largely resisting in talks thus far. Both parties have indicated that while the process for a bill is taking longer than either would wish, it has been a largely bipartisan process.
On December 2, Sen. Schatz (D-HI) introduced the Data Care Act of 2019 (S.2961). The bill, co-sponsored by a number of Democratic senators, seeks to establish duties for online service providers with respect to end-user data that such providers collect and use. Schatz’s office states that the bill will “require websites, apps, and other online providers to take responsible steps to safeguard personal information and stop the misuse of users’ data.”
Parents Disgruntled By TikTok Parent Company.
ByteDance, the parent company of TikTok is being sued by unhappy parents over children’s data violations. ByteDance has already faced COPPA (Children’s Online Privacy Protection Act) enforcement actions in the past for their data practices. Another COPPA enforcement action on the horizon?
TikTok The Party Don’t Stop.
Sen. Hawley (R-MO) has come out with a new bill called The National Security and Personal Data Act (S. 2889). The bill is meant “to safeguard data of Americans from foreign governments that pose risks to national security by imposing data security requirements and strengthening the review of foreign investments.” American companies would be prohibited from storing user data or encryption keys in any country that poses a potential security concern for the US. Hawley additionally seeks to prevent Chinese companies from collecting any more information from American users than is necessary to provide their service. This provision potential creates difficulties for technology companies as they could face increased regulatory burdens when operating internationally. This is due to the recent security concerns associated with cross border transfer of data through apps that could lead to spying on US citizens, such as the case with TikTok, the video app owned by Chinese company Bytedance. This bill highlights the role of technology in the broader ongoing US-China trade war.
Facebook Called Into Question… Again.
Sens. Hawley (R-MO) and Coons (D-DE) additionally recently reached out to Facebook CEO Mark Zuckerberg to call into question whether Facebook’s stated privacy practices around location tracking actually protect users as the company claims. The senators included in their letter to the tech CEO a list of questions pertaining to company policy surrounding data privacy and location collection.
Where To Even Begin With CCPA?
A guide for startups to prepare for the California Consumer Privacy Act (CCPA).
Additionally, here is an infographic from IAPP detailing the potential pitfalls from CCPA non-compliance.
Klobuchar Pushes Honesty For Advertising.
Klobuchar plugged her Honest Ads Act (S.1356) that was introduced back in May during the latest presidential debate, showcasing that candidates are focusing on content moderation / this issue will bleed into the coming election season. Bill seeks “To enhance transparency and accountability for online political advertisements by requiring those who purchase and publish such ads to disclose information about the advertisements to the public, and for other purposes.”
Can $100 Billion Keep The US Ahead?
According to Senate Minority Leader Chuck Schumer, a proposal for $100 billion in new funding for fundamental AI research is circulating Congress with bipartisan support. The discussion comes as members recognize it is vital for the United States to stay technologically competitive in these areas, particularly compared to nations such as China. Compare that to the United States’ current “$4.9 billion in unclassified artificial intelligence and machine learning-related research and development in fiscal 2020” (source: Bloomberg Government) and the projected 37.5 billion for worldwide AI R&D in 2019 (source: IDC).
Yang Highlights US VS China AI Race.
Yang highlighted the importance of the AI race against China citing, “Their government is putting billions of dollars to work subsidizing the development of AI in a way we are not.”
Politico came out with a policy stance/issue tracker to help you decide who to vote for based on their known policy positions — who are tech views do you like best?
The (Strongly-Suggested) Ethics Of Facial Recognition.
The U.S. Chamber of Commerce Released Facial Recognition Policy Principles. Their Technology Engagement Center (C_TEC) released the document, stating that “the business community must lead the way to mitigate any risks and ensure the safe development and deployment of facial recognition technology.”
Bipartisan Push For Fourth Amendment Protections.
On November 14, Sen. Chris Coons (D-DE) and Sen. Mike Lee (R-UT) cosponsored the bipartisan bill entitled the Facial Recognition Technology Warrant Act of 2019 (S.2878). The bill seeks to limit the use of facial recognition technology by Federal agencies while balancing Fourth Amendment protections by requiring that federal law enforcement obtain a court order before using facial recognition technology to conduct targeted ongoing public surveillance. While still in its infancy, lawmakers in the House have discussed taking up a similar proposal regarding facial recognition software given privacy concerns.
Google V. Oracle Rages On.
The US Supreme court agreed to hear an appeal from Alphabet Inc’s Google versus Oracle Corp. in the case of API copyrights. Google has stated, “Developers should be able to create applications across platforms and not be locked into one company’s software.” While Google’s argument relies on the fair use of APIs, Oracle contends that Google should pay for their usage of the Oracle-owned programming language. The case, regardless of turnout, has major implications for the software industry and legal protections associated with it. The case is expected to be argued this spring, with a decision announced by July. Developers Alliance has written extensively on the API case currently before the court and has filed an Amicus Brief of our own with the Supreme Court in favor of them hearing the case. Our team plans on remaining active in the process and will keep you abreast of any developments as they unfold.
China Issues DeepFake Ban.
China makes it a criminal offense to publish deepfakes without proper disclosure. The government reserves “the right to prosecute both users and image and video hosting services for failing to abide by the rules.” With California criminalizing deepfakes for campaign advertising (AB 730) last month, the Chinese version leaves less room for satire and time constraints.
The End Of A Google Era.
Google Co-Founders Larry Page and Sergey Brin have announced that they are stepping aside from their respective operational roles of Google’s parent company, Alphabet. Page and Brin announce their transitions to an advisor role on Alphabet’s board of directors as they make way for Google CEO Sundar Pichai to move to the head seat at Alphabet. Pichai appears to be a welcome shakeup as far as Washington is concerned, as he “had already become the public face for the company in recent years, meeting with the president, testifying in Congress and leading Google’s annual developer conference and quarterly investor calls.”
Amazon Not Strong Enough With The Force? Issues Protest.
Amazon will be protesting the $10 billion “JEDI” Pentagon cloud contract that was awarded to Microsoft, citing “political influence,” and more specifically, the “President’s repeatedly expressed determination to, in the words of the President himself, ‘screw Amazon.’” Yikes.
On November 14th, the House Small Business Committee held a hearing entitled “A Fair Playing Field? Investigating Big Tech’s Impact on Small Business.” Witnesses filled a two-part panel and included representatives from large tech companies, technology interest groups, and a variety of small businesses that work with large tech platforms. The hearing discussed the benefits and challenges to small businesses that come along with interacting with large technology platforms, as well as potential room for improvements to allow both parties to interact more efficiently.
A Risk To Public Safety?
On December 10th, the Senate Judiciary Committee held a hearing on “Encryption and Lawful Access: Evaluating Benefits and Risks to Public Safety and Privacy.” The hearing included testimony from representatives from Google and Apple, as well as Cyber Security Professor Matt Tait, and New York District Attorney Cyrus R. Vance, Jr. Industry experts stressed the importance of strong end-to-end encryption to security as well as their willingness to work with law enforcement and build out detection mechanisms for when criminal activity has been conducted. The senators seemed far from amused with these efforts, as they continued to demand a back door for law enforcement. Senator Feinstein (D-CA) expressed her disdain for the Apple v. FBI encryption lawsuit that followed the 2015 shooting in San Bernardino, California. Judiciary Chairman Lindsey Graham (R-SC) was a it more blunt, stating “My advice to you is to get on with (creating a back door for law enforcement), because this time next year if we haven’t found a way that you can live with, we will impose our will on you.”
Various national security officials in the US and abroad informed Facebook that by increasing their privacy efforts that ongoing and future criminal investigations could be harmed, thus they should not allow for end-to-end encryption without a back door option for law enforcement. Facebook replied, citing the pervasiveness of encryption technologies and stating “We strongly oppose government attempts to build backdoors because they would undermine the privacy and security of people everywhere.” Of course, secure encryption with a back door is an oxymoron. The real debate here is between data security and government access.
Tis The Season… To Pass The USMCA.
The tech industry has lauded the passage of the United States-Mexico-Canada Agreement (USMCA). While it is largely seen as an updated version of the North American Free Trade Agreement, the agreement is particularly notable for the software industry as it includes a digital trade chapter, allowing for modernization of rules on commerce. Changes to the agreement are seen as measures that promote economic growth, create new jobs, and foster innovation in the United States. While the final terms have yet to be released, the notable aspects of the agreement as outlined previously are that it sets to:
Prohibit customs duties and other discriminatory measures from being applied to digital products distributed electronically (e-books, videos, music, software, games, etc.).
Ensure that data can be transferred cross-border and that limits on where data can be stored and processed are minimized, thereby enhancing and protecting the global digital ecosystem.
Ensure that suppliers are not restricted in their use of electronic authentication or electronic signatures, thereby facilitating digital transactions.
Guarantee that enforceable consumer protections, including for privacy and unsolicited communications, apply to the digital marketplace.
Limit governments’ ability to require disclosure of proprietary computer source code and algorithms, to better protect the competitiveness of digital suppliers.
Promote collaboration in tackling cybersecurity challenges while seeking to promote industry best practices to keep networks and services secure.
Promote open access to government-generated public data, to enhance innovative use in commercial applications and services.
Limit the civil liability of Internet platforms for third-party content that such platforms host or process, outside of the realm of intellectual property enforcement, thereby enhancing the economic viability of these engines of growth that depend on user interaction and user content.
USTR Finds France “Unreasonable” On Digital Trade.
Stock up on the Champagne and Camenbert now: The Trump administration continues their battle with France over the Digital Services Tax. Following an internal investigation, the Office of the U.S. Trade Representative (USTR) said they found that France’s tax is “unreasonable or discriminatory and burdens or restricts U.S. commerce” — specifically against U.S. tech giants like Facebook, Google, Apple, and Amazon. USTR will hold a public hearing Jan. 7 on its proposed retaliation and is taking public comments through Jan. 14.