executive order – Techdirt (original) (raw)
U.S. Finally Restricts Sale Of Location Data To Foreign Adversaries, But We’re Still Too Corrupt To Pass A Basic Internet-Era Privacy Law
from the very-late-to-the-party dept
Back in February, the Biden administration issued an executive order preventing the “large-scale transfer” of Americans’ personal data to “countries of concern.” The restrictions cover genomic data, biometric data, personal health data, geolocation data, and financial data, with the goal of preventing this data from being exploited by foreign intelligence agencies.
This week the administration fleshed out their planned restrictions in more detail. In a new fact sheet outlining plans for a new national-security program restricting the bulk transfer of consumer data, the government says it will focus primarily of the sale to “countries of concern” including China, Cuba, Iran, North Korea, Russia, and Venezuela.
The executive order and proposed rule defines “bulk” as such:
“The proposed rule would establish the following bulk thresholds: human genomic data on over 100 U.S. persons, biometric identifiers on over 1,000 U.S. persons, precise geolocation data on over 1,000 U.S. devices, personal health data on over 10,000 U.S. persons, personal financial data on over 10,000 U.S. persons, certain covered personal identifiers on over 100,000 U.S. persons, or any combination of these data types that meets the lowest threshold for any category in the dataset.”
While it’s certainly smart to finally start tracking the sale of sensitive U.S. consumer data to foreign countries in more detail (and blocking direct sales to some of the more problematic adversaries), it’s kind of like building barn doors four years after all the animals have already escaped.
We’ve noted for most of the last two decades how a huge variety of apps, telecoms, hardware vendors, and other services and companies track pretty much your every click, physical movement, and behavior, then sell access to that data to a broad array of super dodgy and barely regulated data brokers.
These data brokers then turn around and sell access to this data to a wide assortment of random nitwits, quite often without any sort of privacy and security standards. That’s resulted in a flood of scandals from stalkers tracking women to anti-abortion zealots buying clinic visitor data in order to target vulnerable women with health care misinformation.
This continues to happen for two reasons: at every last step, U.S. leaders put making money above public safety and consumer protection. And the U.S. government has discovered that buying this data is a fantastic way to avoid having to get pesky warrants. This all occurs to the backdrop of a relentless effort to turn all U.S. consumer protection regulators into decorative cardboard cutouts.
So nothing has changed foundationally. We’re literally too corrupt to pass even a baseline privacy law for the internet era, and outside some scattered efforts we really don’t consistently regulate data brokers. Those data brokers in turn have been so fast and loose with broad consumer datasets, it’s been utterly trivial for foreign intelligence agencies around the world to gain access to that data.
It’s nice that it’s 2024 and the U.S. government only just realized this is all a problem, and some basic guard rails are better than nothing, but it’s still not good enough. The U.S. needs comprehensive internet-era privacy laws that hold companies and executives accountable for lax security and privacy standards, and anything short of that (like freaking out exclusively about TikTok) is performance.
Filed Under: behavioral, consumers, data brokers, executive order, genomic, intelligence, location data, privacy, security, wireless
Biden EO Restricts Sale Of Consumer Data To ‘Countries Of Concern’ (But We Still Need A Privacy Law And To Regulate Data Brokers)
from the doing-the-bare-minimum dept
Fri, Mar 1st 2024 05:32am - Karl Bode
So we’ve noted for a long while that the fixation on China and TikTok specifically has often been used by some lazy thinkers (like the FCC’s Brendan Carr) as a giant distraction from the fact the U.S. has proven too corrupt to regulate data brokers, or even to pass a baseline privacy law for the internet era. The cost of this corruption, misdirection, and distraction has been fairly obvious.
Enter the Biden administration, which this week announced that Biden was signing a new executive order that would restrict the sale of sensitive behavioral, location, financial, or other data to “countries of concern,” including Russia and China. At a speech, a senior administration official stated the new restrictions would shore up national security:
“Our current policies and laws leave open access to vast amounts of American sensitive personal data. Buying data through data brokers is currently legal in the United States, and that reflects a gap in our national security toolkit that we are working to fill with this program.”
The EO fact sheet is vague, but states the Biden administration will ask the The Departments of Justice, Homeland Security, Health and Human Services, Defense, and Veterans Affairs, to all work in concert to ensure problematic countries aren’t able to buy “large scale” data repositories filled with U.S. consumer data, and to pass new rules and regulations tightening up the flow of data broker information.
We’ve noted for a long, long time that our corrupt failure to pass a privacy law or regulate data brokers was not only a frontal assault on consumer privacy, it was easily exploitable by foreign intelligence agencies looking to build massive surveillance databases on American citizens.
It’s why it was bizarre to see lawmakers myopically fixated on banning TikTok, while ignoring the fact that our corrupt policy failures had made TikTok’s privacy issues possible in the first place.
You could ban TikTok tomorrow with a giant patriotic flourish to “fix privacy,” but if you’re not willing to rein in the hundreds of sleazy international data brokers doing the same thing (or in some cases much worse at even bigger scale), you haven’t actually accomplished much beyond posturing to get on TV.
The EO sounds at least like a first step (depending entirely on the implementation), but is filled with some flowery and revisionist language. This bit, for example:
“These actions not only align with the U.S.’ longstanding support for the trusted free flow of data, but also are consistent with U.S.’ commitment to an open Internet with strong and effective protections for individuals’ privacy and measures to preserve governments’ abilities to enforce laws and advance policies in the public interest.”
Again, we don’t have a privacy law for the internet era in 2024 not because it was too hard to write one, but because Congress is too corrupt to pass one. We have, repeatedly, made the decision to prioritize the profits of an interconnected array of extractive industries over the public welfare, public safety, and even national security.
The result has been a massive, interconnected, hyper-surveillance market that hoovers up data on your every fart down to the millimeter, bundles that data up in vast profiles, and monetizes it across the globe with very little if any real concern for exploitation and abuse. All under the pretense that because much of this data was “anonymized” (a meaningless, gibberish term), there could be no possible harm.
The result has been just a rotating crop of ugly scandals that have gotten progressively worse. All while we (mostly) sat on our hands whining about TikTok.
The FTC has been cracking down on some location data brokers, but generally lacks the resources (by design) to tackle the problem at the scale it’s occurring. They lack the resources because the over-arching policy of the U.S. government for the better part of the last generation has been to defund and defang regulators under the simplistic pretense this unleashes untold innovation (with no downside).
This myopic view of how government works is all pervasive in America, and has resulted in most corporate oversight in the U.S. having the structural integrity of damp cardboard. And it’s all about to get significantly worse courtesy of a handful of looming Supreme Court rulings aimed at eroding regulatory independence even further. There’s a very real cost for this approach, and the check has been, and will be, increasingly coming due in a wide variety of very obvious and spectacular ways.
But we also don’t have a privacy law and refuse to regulate data brokers because the U.S. government benefits from the dysfunction, having realized long ago that the barely regulated data broker market is a great way to purchase data you’d otherwise need to get a warrant to obtain. Data broker location data is now tethered tightly to all manner of U.S. government operations, including military targeting.
The press has also played a role in failing to educate the public about the real risks of failing to regulate data brokers or pass a privacy law. Just 23 percent of the U.S. public even knows the government has failed to pass a privacy law for the internet era. And when the U.S. press does cover privacy, the fact that rank corruption is at the heart of the dysfunction is routinely never mentioned.
So yes, it’s great that we’re starting to see some growing awareness about the real world costs of our corrupt failures on privacy policy. Senator Ron Wyden, in particular, has been doing an amazing job sounding the alarm on how this failure is being exploited by not just a diverse array of self-serving companies, but a surging authoritarian movement in the post-Roe era.
But it’s going to take a hell of a lot more than an EO to course correct. It’s going to take shaking Congress out of its corrupt apathy. And the only thing I think will accomplish that will be a privacy scandal so massive and unprecedented (potentially including mass fatalities or the leaking of powerful figures’ data at unprecedented scale), that elected officials have absolutely no choice but do do their fucking job.
Filed Under: data brokers, executive order, ftc, joe biden, location data, national security, privacy, russia, security, surveillance
Biden’s Executive Order On Surveillance Doesn’t Do Nearly Enough To Protect Privacy; Playing Word Games Doesn’t Actually Limit NSA Surveillance
from the that's-not-going-to-fly dept
Back in March, we noted that the EU and US had announced that they had come to an agreement on transatlantic data flows. This is actually a really big and important story that gets almost no attention, because “transatlantic data flows” sounds boring. However, it’s really, really big and matters for the future of a global internet as opposed to an extremely splintered regional set of internets. People within Facebook have suggested that this is the single biggest issue facing the future of the company, which might be slight hyperbole, but just… slight.
It’s a big deal.
And, back in March when the initial agreement was announced, it seemed like the US government was going through the motions, rather than fixing the real issue. That’s because for the past few years, whenever people talked about the issue with transatlantic data flows, they focused on boring claims about “data protection,” and kept leaving out the very thing that created these problems: the NSA spying on all sorts of internet traffic and data indiscriminately.
I know, I know this sounds boring, but stick with it and this is actually pretty interesting. Years back, the EU and the US set up a “safe harbor” provision, that basically said that American internet companies could collect data on EU citizens and residents so long as the American companies took certain steps to comply with some fairly straightforward protections for the data of those EU citizens. There was a certification process (as an American company, we even went through it ourselves) to make sure that we protected the data of EU users.
However, when Ed Snowden revealed the details of the NSA’s mass surveillance program, Max Schrems, a privacy advocate from Austria, noted that American companies could no longer actually claim that they were keeping data from the EU safe, because the NSA was snarfing it up. Valid point.
The way to actually fix this was for the NSA to stop all the snarfing. But that’s not what happened. Instead, after the EU Court of Justice agreed with Schrems and tossed out the privacy safe harbor, the EU and the US went back to the drawing board and announced… the “privacy shield.” Which was basically just the privacy safe harbor with a new badass name. Schrems went back to the Court of Justice and the Court of Justice said, “yo, that agreement does nothing about NSA spying.” And, thus, the privacy shield was also tossed out.
So, then we get to this year, and I fully expected yet another weak agreement, based on the announcement back in March. So I’m a little surprised that the final Executive Order from President Biden actually suggests a change in strategy to NSA surveillance. That’s because for years in covering the various debates about transatlantic data flows, I felt like I was one of the few people who remembered we were actually talking about NSA surveillance. It felt like politicians in both countries would just trot out bland nonsense about “data protection,” and “proportionality,” without addressing the only issue that really mattered: the NSA scooping up so much data on people in the EU.
So, at the very least, the new executive order actually is focused on NSA surveillance. And, to be sure, there’s some nice language in there, like:
(ii) Signals intelligence activities shall be subject to appropriate safeguards, which shall ensure that privacy and civil liberties are integral considerations in the planning and implementation of such activities so that:
(A) signals intelligence activities shall be conducted only following a determination, based on a reasonable assessment of all relevant factors, that the activities are necessary to advance a validated intelligence priority, although signals intelligence does not have to be the sole means available or used for advancing aspects of the validated intelligence priority; and
(B) signals intelligence activities shall be conducted only to the extent and in a manner that is proportionate to the validated intelligence priority for which they have been authorized, with the aim of achieving a proper balance between the importance of the validated intelligence priority being advanced and the impact on the privacy and civil liberties of all persons, regardless of their nationality or wherever they might reside.
(iii) Signals intelligence activities shall be subjected to rigorous oversight in order to ensure that they comport with the principles identified above.
But this is the Intelligence Community that we’re talking about, and in the more than two decades we’ve spent covering the IC, we’ve long learned that if you give them even the smallest of loopholes, including the ability to come up with their own made up definitions of common English words, then they will use those loopholes to keep on spying.
Of course, part of this new executive order is the partial revocation of a problematic Obama Presidential Policy Directive, that was an earlier weak attempt to pretend that he was somehow putting some limits on the surveillance powers of the NSA when it was yet another cover story for more surveillance.
So at the very least, the fact that rather than just putting a fresh coat of paint on a random agreement on privacy to allow data flows, it’s a positive step that attempts to address the NSA and its surveillance activities.
But… that’s about all the good that can be said about this. Because it doesn’t actually address the underlying NSA surveillance. Instead, it’s more of a pinky promise that the NSA will be better now, without putting much behind actually making that happen.
Specifically, while the new EO talks about “necessary” and “proportionate” surveillance (two words the EU law requires), it seems pretty clear to basically everyone that the NSA and the White House are up to the old trick where they’ll say those words, but define them how they want them defined, rather than the way everyone else in the world uses them.
Max Schrems, who helped kill off the last two deals, has put out a statement highlighting how this is just words games, rather than actual change:
Bulk surveillance continues via two types of “proportionality”. The US highlights, that the new executive order uses the wording of EU law (“necessary” and “proportionate” as in Article 52 CFR) instead of the previous term “as tailored as feasible” used in Section 1(d) of PPD-28. This could solve the problem, if the US would follow the same understanding and also apply the proportionality test of the CJEU.
However, despite changing these words, there is no indication that US mass surveillance will change in practice. So-called “bulk surveillance” will continue under the new Executive Order (see Section 2 (c)(ii)) and any data sent to US providers will still end up in programs like PRISM or Upstream, despite of the CJEU declaring US surveillance laws and practices as not “proportionate” (under the European understanding of the word) twice.
How is this possible? It seems, the EU and the US agreed to copy the words “necessary” and “proportionate” into the Executive Order, but did not agree that it will have the same legal meaning. If it would have the same meaning, the US would have to fundamentally limit its mass surveillance systems to comply with the EU understanding of “proportionate” surveillance.
So, yes, the White House is now acknowledging that the NSA surveillance is the problem, and making noises about how it’s fixing it, but the reality is that it’s playing word games to pretend it’s fixing it, when it is not. And everyone seems to see that.
The ACLU has also called out how this is not nearly enough:
“President Biden’s executive order does not go far enough. It fails to adequately protect the privacy of Americans and Europeans, and it fails to ensure that people whose privacy is violated will have their claims resolved by a wholly independent decision-maker,” said Ashley Gorski, senior staff attorney with the ACLU National Security Project. “Although the executive order is a step in the right direction, it does not meet basic legal requirements in the EU, leaving EU-U.S. data transfers in jeopardy going forward.”
[….]
“The problems with the U.S. surveillance regime cannot be cured by an executive order alone,” said Gorski. “To protect our privacy and to put transatlantic data transfers on a sound legal footing, Congress must enact meaningful surveillance reform. Until that happens, U.S. businesses and individuals will continue to pay the price.”
TACD, the Trans Atlantic Consumer Dialogue, also put out a statement saying, nice try, but not enough.
The Transatlantic Consumer Dialogue’s (TACD) first analysis of the announced measures reveals that the new provisions would not adequately protect European consumers’ fundamental rights to privacy and data protection, as established in the EU Charter of Fundamental Rights and the General Data Protection Regulation (GDPR), seen in the light of the CJEU’s decision on Privacy Shield
For one, the measures do not seem to solve the issue of the lack of proportionality of the U.S. surveillance laws and practices – one of the main elements that render the current system incompatible with EU law, according to the CJEU. The Executive Order refers to new safeguards and includes the wording “proportionate” as in Article 52 of the EU Charter of Fundamental Rights (EU Charter), but it does not establish any mechanisms to limit the U.S. mass surveillance systems in place. For another, it seems like the Executive Order still does not provide for real judicial redress to European consumers.
The Order establishes a two-step procedure that includes an officer under the Director of National Intelligence and a so-called “Data Protection Review Court”. However, it seems that the latter might not be a judicial body as foreseen under Article 47 of the EU Charter or the US Constitution, but a body within the US government’s executive branch. The procedures before these two bodies will need to be closely analysed before a final statement can be made, but the structure currently looks closer to the “Ombudsperson” position that had existed under the previous framework, Privacy Shield. The CJEU has already proclaimed such form of executive bodies as being in breach of the essence of Article 47 of the EU Charter and reiterated a need for judicial review or approval by an actual court.
The first analysis of the measures shows that the Executive Order does not provide the necessary basis for a decision that the U.S. offers effective and meaningful data protection. Together with the above shortcomings, the failure of the U.S. to have a robust overarching data protection law that ensures the privacy of its own citizens and consumers creates a barrier to any serious consideration on adequacy.
As we’ve been saying for almost a decade now: there is one way to fix this and that’s to stop the NSA’s mass surveillance program. The powers that be (Congress and the President) simply seem incapable of admitting that, and thus we go through this same dance every few years.
Filed Under: eu, executive order, max schrems, nsa, privacy shield, surveillance, transatlantic data flows, us
Declassified Documents Shows The CIA Is Using A 1981 Executive Order To Engage In Domestic Surveillance
from the bypassing-checks,-balances,-and-oversight-with-Executive-power dept
When most people think of the CIA (Central Intelligence Agency), they think of a foreign-facing spy agency with a long history of state sponsored coup attempts (some successful!), attempted assassinations of foreign leaders, and putting the US in the torture business. What most people don’t assume about the CIA is that it’s also spying on Americans. After all, we prefer our embarrassments to be foreign-facing — something that targets (and affects) people we don’t really care about and governments we have been told are irredeemable.
An entity with the power to provoke military action halfway around the world has periodically shown an unhealthy interest in domestic affairs, which are supposed to be off-limits for the nation’s most morally suspect spies. The CIA (along with the FBI) routinely abuses its powers to perform backdoor searches of foreign surveillance stashes to locate US-based communications. It also has asked the FBI to do its dirty secondhand surveillance work for it in order to bypass restrictions baked into Executive Order 12333 — an executive order issued by Ronald Reagan that significantly expanded surveillance permissions for US agencies.
Perhaps most significantly — at least in terms of this report — the order instructed other government agencies to be more compliant with CIA requests for information. Since its debut in December 1981, the order has been modified twice (by George W. Bush) to give the government more power.
That’s the authority the CIA has been using to spy on Americans, as a recent PCLOB (Privacy and Civil Liberties Oversight Board) report shows. The PCLOB performed a “deep dive” in CIA domestic spying at the request of Senators Ron Wyden and Martin Heinrich. After its completion, the senators asked for an unclassified version of the PCLOB’s report. That report has arrived. And, according to Ron Wyden’s statements, it shows the CIA is utilizing EO 12333 to spy on Americans and bypass the protections (however minimal) the FISA court provides to Americans.
“FISA gets all the attention because of the periodic congressional reauthorizations and the release of DOJ, ODNI and FISA Court documents,” said Senators Wyden and Heinrich in response to the newly declassified documents. “But what these documents demonstrate is that many of the same concerns that Americans have about their privacy and civil liberties also apply to how the CIA collects and handles information under executive order and outside the FISA law. In particular, these documents reveal serious problems associated with warrantless backdoor searches of Americans, the same issue that has generated bipartisan concern in the FISA context.”
Wyden and Heinrich called for more transparency from the CIA, including what kind of records were collected and the legal framework for the collection. The PCLOB report noted problems with CIA’s handling and searching of Americans’ information under the program.
Even if the spying isn’t direct, the outcome is pretty much identical to direct targeting. With EO 12333, the CIA obtains the compliance from other federal agencies envisioned by Ronald Reagan back in 1981 as his administration ran headlong into the CIA-implicating Iran-Contra scandal.
Domestic data is supposed to be “masked” if incidentally acquired by foreign-facing surveillance collections. Sometimes this simply doesn’t happen. Sometimes unmasking occurs without proper permission or oversight. The FBI uses this to its advantage. So does the CIA. But the FBI handles domestic terrorism. The CIA does not. That makes the CIA’s abuse possibly more egregious than the FBI’s numerous violations of the same restrictions placed on domestic surveillance via foreign interception of communications by the NSA.
The PCLOB report [PDF] shows the CIA has obtained bulk financial data from other sources, possibly without proper masking of incidentally-collected US persons data. According to the CIA’s response to the report, the only thing separating CIA analysts from US persons’ data and communications is a pop-up box warning them that access may be illegal. This is only a warning. It does not (nor could it) prevent analysts from obtaining data they shouldn’t have access to without explicit permission.
How extensive this “incidental” collection is remains to be seen. And there’s a good chance no one will ever know how often this pop-up was ignored to collect data generated by US citizens and residents. Much of the report is redacted and what was shared with the PCLOB was limited to whatever the CIA felt like sharing. The oversight of programs like these is deliberately limited by the Executive Order — one that made the assumption some things (like national security) are too important to be done properly or overseen directly.
The report does note that the CIA has internal processes to limit abuse of backdoor searches. But it also points out the CIA has read EO 12333 and its modifications to mean it can do what it wants when it wants without worrying too much about straying outside of the generous lines drawn by this Executive Order.
The limits include a requirement to use the “least intrusive collection techniques feasible within the United States or directed against United States persons abroad.” Annex A implements E.O. 12333’s “least intrusive collection technique” requirement regarding activities outside of the United States involving U.S. persons. Given that the Executive Order’s restriction only applies to activities in the United States or activities directed against U.S. persons abroad, the CIA interprets the language of Annex A to only apply to collections directed against USPs abroad. Annex A does not require [redacted] to apply the least intrusive collection technique to collections covered by this report, which are generally not directed against USPs.
There’s the exploitable loop: the EO only applies to collections “directed” at US persons. Since all information is pulled from foreign-facing surveillance collections that “incidentally” collect US persons data, the resulting collection the CIA has access to is completely legal. Analysts access these collections specifically to find US persons’ data, but because no agency deliberately targeted US persons, it’s all above board.
This is the exploitation of foreign bulk collections to obtain information about Americans. While some may argue the damage is minimal because it only accesses information (financial records) unlikely to have an established expectation of privacy, people obviously know their financial institutions track their purchases, but that’s not the same thing as people assuming the government should be able to access records — which may contain sensitive information — using nothing more than an Executive Order that was ostensibly written to strengthen foreign surveillance efforts.
And that’s only what can be observed from this redacted release. This isn’t the CIA’s only attempt to hoover up info on US persons via side channels. Wyden’s letter hints at FISA reforms, which likely refers to domestic phone records the NSA used to collect in bulk — a program that was specifically targeted by Congress following the Snowden revelations. What’s contained in this report is a narrow examination of one part of the CIA’s exploitation of bulk collections to obtain US persons data. And if it feels this confident about its nearly unrestricted ability to perform these backdoor searches, examinations of other aspects of this program are likely to find other domestic data is ending up in the hands of CIA analysts who are supposed to be focused on foreign activities.
Filed Under: cia, domestic surveillance, eo 12333, executive order, pclob, ron wyden, surveillance
Biden Executive Order Disrupts Hot DC Trend Of Pretending 'Big Telecom' Doesn't Exist
from the do-not-pass-go,-do-not-collect-$200 dept
Fri, Jul 9th 2021 03:42pm - Karl Bode
We’ve been submerged in kind of a bizarre asymmetrical tech policy paradigm over the last few years, in which “big tech” is viewed as the absolute root of all evil requiring all manner of hand-wringing and antitrust/regulatory reform. At the same time, policy leaders have simply forgotten that heavily monopolized internet-adjacent sectors like “big telecom” even exist, giving them cover to gut regulatory oversight, consumer protections, and media consolidation rules. Telecom (AT&T) and media (Rupert Murdoch) giants have successfully exploited legitimate public anger at big tech to encourage this kind of lopsided policy thinking.
This week this policy myopia shifted back to baseline a bit with Biden’s new executive order focused on shoring up competition issues. According to the EO fact sheet, the order pushes more than 72 different initiatives across a dozen federal agencies, including the FCC and telecom. Mike covered the not telco portions, which will be covered in this post. Most notable (for telecom, anyway) is that the order nudges the FCC to restore net neutrality rules:
We’ve noted more than a few times how the Trump/Pai net neutrality repeal didn’t just kill “net neutrality rules.” It gutted much of the FCC’s consumer protection authority, limiting its ability to police fairly consistent telecom sector billing fraud and other bad behavior. It also attempted to ban states from filling that consumer protection void. It was effectively a giant wishlist cooked up by telecom monopolies like AT&T, based entirely on bullshit justifications, and propped up by fabricated public support. Despite this, the whole thing was dressed up as “serious policy” by press and policy wonks who should have known better.
In addition to the restoration of net neutrality, the Biden EO also takes several other steps to shore up telecom issues. Among them is urging the FCC to stop telecom giants from creating block-by-block broadband monopolies via exclusive landlord arrangements. The FCC passed rules prohibiting this back in 2007, but they’re so filled with loopholes that telecom giants have been allowed to tap dance around them for years now (Susan Crawford wrote an essential primer on this problem for Wired a few years back).
A not insubstantial portion of the EO involves urging government agencies to simply do their jobs. Like the antitrust enforcers at the DOJ and FCC, who under both administrations are often little more than mindless rubber stamps for problematic job- and competition-eroding megadeals (see: the entirety of US telecom history since 1990). Simply leveraging more scrutiny to the often illusory benefits of endless megadeals would go a long way in shoring up both regulation and this whole “antitrust reform” so popular with the kids these days.
Other aspects of the EO related to telecom are more specific, like requiring that the FCC restore plans (also scuttled during the Ajit Pai era) requiring a sort of nutrition label for broadband, making ISPs disclose hidden fees, throttling, caps, or other restrictions on your broadband line (aka transparency). The order also urges the FCC to collect more data on broadband pricing, something it historically (at telecom lobbyist behest) hasn’t been keen on doing for what should be obvious reasons.
Most of these proposals are common sense, while others restore a lot of the FCC consumer protection authority and policies telecom giants stripped away in a parade of fraud and dodgy bullshit during the Ajit Pai era. But many of them require a fully staffed FCC and permanent agency boss to actually implement, something the Biden administration has been in no rush to provide, much to the annoyance of consumer groups. There’s a lot of ground to cover between what’s in the executive order and actual implementation, and it’s going to require an FCC with some real backbone to accomplish most of it.
Still, much to AT&T and Comcast’s chagrin, the Biden EO makes it clear that the problems created by big telecom haven’t been entirely forgotten, however much these regional monopolies would prefer policy conversations to remain myopically fixated on big tech and big tech alone.
Filed Under: antitrust, broadband, competition, doj, executive order, fcc, joe biden, net neutrality, telco
Biden's Executive Order On Competition Has… Lots Of Really Good Ideas? Though, Potential Overreaches On Executive Power
from the nice-to-see dept
Given how many discussions on antitrust these days are mind bogglingly bad, I was nervous when it was announced that the Biden Administration would be releasing an executive order on competition. Now that it’s out however, I have to admit that I’m very surprised. The executive order is actually full of mostly good ideas. I was… not expecting that. I do think, however, that in some areas it probably (unfortunately) over-stretches executive authority, which should be concerning. But on the whole, there are a bunch of ideas in here to actually deal with anti-competitive problems.
On labor markets, the executive order encourages the FTC to take some positive steps:
* Encourages the FTC to ban or limit non-compete agreements. * Encourages the FTC to ban unnecessary occupational licensing restrictions that impede economic mobility. * Encourages the FTC and DOJ to strengthen antitrust guidance to prevent employers from collaborating to suppress wages or reduce benefits by sharing wage and benefit information with one another.
We’ve talked about all three of these issues extensively in the past, and just how damaging they are. Occupational licensing is massively damaging, in that it’s used to exclude people from jobs, limit competition, and drive up costs to consumers, all based on often completely bogus claims about “safety and security.” I’ve talked in great detail about how noncompete agreements suppress innovation, and that there is extremely compelling evidence that a key reason why Silicon Valley became Silicon Valley is because noncompetes are not enforceable in California (and, relatedly, that the downfall of Detroit was in Michigan making noncompetes enforceable in the early 1980s). Indeed, I’ve long advocated that every state should follow California’s lead and ban noncompetes. And, for all the talk about how “evil” big tech companies are, one area where I have strong agreement is how they colluded to keep wages down a decade ago.
So these three things all sound… really great? However, I’m not entirely sure that the President can actually do things this way. Yes, the executive order just says that he’s “encouraging” the FTC to take these steps, but the FTC is supposed to be an independent agency, and we should all be at least somewhat hesitant to embrace the President pushing independent agencies. Also, it’s not entirely clear to me that the FTC has the authority to follow these suggestions. They are all good suggestions and ideas, and I support the goals. I just worry that taking a shortcut by executive order via the FTC (under potentially dubious authority) could undermine the value of these moves.
The moves regarding healthcare are also interesting and mostly good ideas:
* Directs the Food and Drug Administration to work with states and tribes to safely import prescription drugs from Canada, pursuant to the Medicare Modernization Act of 2003. * Directs the Health and Human Services Administration (HHS) to increase support for generic and biosimilar drugs, which provide low-cost options for patients. * Directs HHS to issue a comprehensive plan within 45 days to combat high prescription drug prices and price gouging. * Encourages the FTC to ban ?pay for delay? and similar agreements by rule.
We’ve talked about much of this before as well, especially the ability to import drugs from Canada and the pure, unadulterated evil of the pay for delay scam. What’s missing, though, is a recognition that the problem with every single one of the items listed above is really in the patent system beneath it. Every one of these issues wouldn’t be an issue at all if we fixed our broken patent system and how it handled pharmaceutical patents. But, because doing that requires (1) Congress, and (2) an impossible fight that the Pharma lobbyists would kill immediately… we instead have to dance around the real problem with again, executive order-driven nudging.
That’s not to say patents are ignored in the executive order. There’s a really nice bit in which it asks the DOJ and Commerce Department to “re-evaluate” its stance on allowing patents in standards:
To avoid the potential for anticompetitive extension of market power beyond the scope of granted patents, and to protect standard-setting processes from abuse, the Attorney General and the Secretary of Commerce are encouraged to consider whether to revise their position on the intersection of the intellectual property and antitrust laws, including by considering whether to revise the Policy Statement on Remedies for Standards-Essential Patents Subject to Voluntary F/RAND Commitments issued jointly by the Department of Justice, the United States Patent and Trademark Office, and the National Institute of Standards and Technology on December 19, 2019.
There are some other items in the healthcare proposal that are beyond typical Techdirt scope, but certainly sound reasonable: such as more hospital transparency and limiting hospital mergers. Back in 2013, we wrote about how healthcare is a giant economic scam, mostly driven by the hospitals (everyone blames the insurance companies, who are complicit, but if you look at the details, it’s often the hospitals themselves that are the real scams).
More specific to tech, there are some new items regarding the FCC and the telco broadband space, which Karl will cover in a separate post. I will note that many of the ideas do seem reasonable — but again, I worry about executive overreach regarding an independent agency, and a failure to address the actual issues.
Regarding “big tech” the executive order pushes for greater scrutiny of mergers — and, especially, acquisitions by the “big” companies. While many people in tech policy I know disagree with this take, I actually don’t have a problem with it in concept. We should scrutinize carefully when very large companies buy smaller companies to see what the impact on competition and consumer welfare should be. What we should not do is automatically rule out all such mergers and acquisitions, because that would create a bunch of consequences that would actually be bad for innovation — such as discouraging investment in startups or limiting acquisitions that actually are additive. But, conceptually, yes, we should scrutinize such mergers carefully. As expected, it also encourages the FTC to make rules barring restrictions on independent repair and DIY repair. Again, the FTC may be somewhat limited in what it can do, but this is a huge step forward for the important right to repair movement.
There is also a part about rules on the collection of user data and how it’s used. That’s… potentially good and potentially bad depending on how it plays out. It asks the FTC to explore:
unfair data collection and surveillance practices that may damage competition, consumer autonomy, and consumer privacy;
In theory that’s good. And there are many companies engaged in sketchy practices with data. But there are also lots of important, and useful uses of data. And I worry that an overly aggressive FTC could conflate the two. I’d much prefer working on proposals to unlock our data by providing more transparency and control to end users, so we don’t have to trust companies that don’t have our best interests in mind.
There’s also a bit about “unfair competition in major Internet marketplaces,” which seems to be aimed specifically at Amazon selling its own branded products. To be honest, I’ve never really understood why this is a problem. A ton of retailers have done this going back basically forever. And, it’s not clear that the supposed “data advantage” that Amazon has really exists or is meaningful.
Overall, there really are a lot of good ideas in here. I just wish most of them were taken up by Congress, rather than being nudged through executive order.
Filed Under: antitrust, competition, doj, executive order, fcc, ftc, non-compete agreements, occupational licensing, patents
Biden Executive Order Will Try To Address Some 'Right To Repair' Harms
from the you-don't-own-what-you-buy dept
Wed, Jul 7th 2021 09:36am - Karl Bode
Back in 2015, frustration at John Deere’s ham-fisted repair restrictions and draconian tractor DRM helped birth a grassroots tech movement dubbed “right to repair.” The company’s crackdown on “unauthorized repairs” turned countless ordinary citizens into technology policy activists, after onerous restrictions not only significantly drove up repair costs, but forced owners to often haul their equipment hundreds or thousands of miles to an authorized repair location.
John Deere’s multi-year promise to do a better job providing access to tools, documentation, and repair options simply never materialized. And of course John Deere is just one of numerous companies engaged in this kind of behavior across numerous sectors, driving major public support for proposed legislation in more than a dozen states that would put a major dent in technology repair monopolies.
In a small win for farmers and right to repair advocates, Biden is apparently planning to include some right to repair mandates in an upcoming executive order on competition. The order itself will urge the FTC to craft tighter rules to address the problem:
“U.S. President Joe Biden wants the Federal Trade Commission to limit the ability of farm equipment manufacturers to restrict tractor owners from using independent repair shops or complete some repairs on their own, a source briefed on the matter told Reuters Tuesday. Biden’s planned executive order on competition, expected to be released in the coming days, will encourage the FTC to address the issue, the source said. Some tractor manufacturers like Deere & Co use proprietary repair tools and software to prevent third parties from performing some repairs. Deere and the FTC did not immediately comment.
The problem is that the FTC’s rule creation and enforcement authority is arguably narrow under the FTC Act (not to mention limited by funding and staffing constraints). Most of the agency’s enforcement authority rests on whether something is clearly “unfair and deceptive.” But most repair monopolies, like Apple, obfuscate their greed by insisting onerous repair restrictions are necessary to protect consumer safety and security. Ideally you’d prefer clear and well crafted state and federal laws, but companies like Apple have worked overtime to insist such legislation would also harm the public.
In 2017, Apple insisted that passing a right to repair law in Nebraska would turn the state into a “mecca for hackers.” More recently, the auto industry tried to claim that expanding Massachusetts’ existing consumer tech law, to make sure that independent garages could access tools and diagnostic gear, would result in a “boom in sexual predators.” Sony, Microsoft, and others eager to monopolize repair options for their game consoles can routinely be found making the same or similar arguments about how better consumer protection would create a parade of unforeseen horribles.
But a recent bipartisan FTC report found that the majority of the claims coming from companies like Apple were false (the company bullies independent repair shop owners to protect revenues, not out of some broad altruism). The report went on to note that stricter state and federal laws and tougher antitrust enforcement would go a long way toward addressing this kind of behavior. In other words, even the FTC acknowledges it’s going to take more than just an EO punting the problem to the FTC if right to repair reform is to be taken seriously.
Filed Under: copyright, drm, executive order, ftc, joe biden, right to repair, unauthorized repairs
No Surprises Here: Presidential Commission On Law Enforcement Repeats Calls For Anti-Encryption Legislation
from the another-pile-of-garbage-ideas dept
[_Note: this is one of multiple posts covering the Commission’s 332-page report._]
The Presidential Commission on Law Enforcement — ushered into existence by a 2019 Executive Order — has released its report [PDF], just in time for the man who ordered it to move out of the White House. President Trump spent his four years defending and praising law enforcement, no matter how often law enforcement’s actions provoked criticism elsewhere. This report does the same thing, even as it pretends to offer an objective opinion on the challenges facing the law enforcement community.
The Commission is composed solely of law enforcement officials and officers, which makes its findings one-sided and, of course, suspect. The report calls for an end to the “disrespect” shown to law enforcement. But it does little to address the roots of this perceived disrespect. At best, the report suggests the public is just “misinformed” about law enforcement’s role in society and posits it’s “progressive prosecutors” and opportunistic legislators causing most of the reputational damage, rather than the things cops do when their leash is long enough.
The report also has nothing good to say about device encryption. Using lingo provided to it by consecutive FBI directors and former AG Bill Barr, the report claims something called “warrant-proof encryption” (a.k.a., regular encryption) should have backdoors legislated into it.
The lack of lawful access to encrypted information controlled by technology companies is presently one of the greatest obstacles to law enforcement in its efforts to combat crime. The rule of law cannot exist in a space—digital or otherwise—that deliberately insulates criminals from law enforcement investigation. The substantial danger to individual victims and general safety posed by warrant-proof encryption demands a prompt and decisive policy action. Because the prominent technology companies have increasingly elected to implement data systems that prevent law enforcement access, the Commission has concluded that a legislative solution may be necessary to optimally balance the interests of personal privacy and public safety.
Ah, but the rule of law can exist in such a space. It’s doing it right now. The FBI may have claimed it had nearly 8,000 devices “insulated” from “investigation” in its possession, but after being questioned by Congress about its struggles with encryption, it revealed it couldn’t accurately count physical items. We’re still waiting for an updated number — one promised to us nearly three years ago.
At least the Commission recognizes law enforcement has never had more tech options at its disposal. But it suggests law enforcement make use of some of its most questionable options more frequently.
New methods of electronic surveillance and digital investigation hold considerable promise, and the Commission recommends that law enforcement take a proactive approach to developing and innovating technologies to combat crime instead of reactively catching up to the technological innovations of the day. Accordingly, the Commission encourages law enforcement to specifically consider—with appropriate contemplation of competing policy interests— developing and adapting crime reduction technologies, such as unmanned aerial systems (quadcopters), acoustic gunshot detection technologies, real time crime centers, and facial recognition software, to add to their crime-fighting arsenal.
Shot spotters. Predictive policing. Facial recognition. This is a list of things that don’t work well and, in the latter two cases, are made worse by the inclusion of biases the tech is supposed to be removing.
Heading back to encryption, the report contains testimonial statements from an agency that shouldn’t be allowed to bitch about encryption until it can be honest about how many encrypted devices are in its possession. Here’s another call for legislated backdoors by Darrin Jones, the FBI’s Assistant Director for Science and Technology:
“The impact and magnitude of the lawful access crisis in the United States has grown to a point where the public safety trade-off to the citizens of this country can and should no longer be made privately and independently in the corporate boardrooms of tech companies. It must, instead, be returned to the halls of the people’s democratically elected and publicly accountable representatives.”
But we don’t know the “impact” or the “magnitude.” The FBI says both are enormous. But the FBI has also overstated the number of locked devices in its possession — something it routinely leveraged to push claims of a looming criminal apocalypse that has completely failed to materialize. Until it can provide an accurate count, it really shouldn’t opine about the “impact” of device encryption. And its testimony shouldn’t be the basis for legislation seeking to weaken encryption.
The report goes on to complain about Facebook adding encryption to its Messenger service and Zoom (sort of…) doing the same for its users. Then it claims this is pretty much the first time law enforcement hasn’t been able to obtain evidence when it has a warrant.
Companies that have chosen to adopt end-to-end user encryption have effectively upended more than 200 years of jurisprudence by placing evidence beyond the reach of a court-ordered search warrant.
Right. Because no one’s destroyed or hidden evidence prior to this point in history. No one held conversations in person to assure no record remained of criminal conspiracies. Just because phones now contain a wealth of potential evidence does not mean the tables have been turned because something more than a physical door separates cops from the stuff they want to take. Any number of third parties store communications and other data in unencrypted form. And no one in law enforcement feels like honestly discussing the phone-cracking tools that are available or how often suspects consent to searches.
The Commission asks for backdoors:
Congress should require providers of communications services and electronic data storage manufacturers to implement strong, managed encryption for stored data and data in motion while ensuring lawful access to evidence pursuant to court orders.
Then it claims it doesn’t want backdoors:
The Commission considered but rejected the idea that lawful access equates to back-door access. Almost all mobile device manufacturers, operating system vendors, and app providers maintain their own “upgrade” back doors, which enables providers to routinely change functions and settings of a device or service. Law enforcement does not seek such direct access, nor does it wish to hold any encryption “keys.” Instead, law enforcement seeks to have tech companies develop and manage for themselves the capability to respond to a lawful court order. Having tech companies themselves remain in control of this process is actually privacy enhancing, ensuring law enforcement is afforded only specific, limited access to data as defined in each case by a specific warrant.
The government won’t be honest about the challenges encryption actually poses — beginning with its refusal to tell Americans how many devices it can’t crack open. And it’s not honest about its desires. A door is a door — a hole in encryption that doesn’t exist until it’s mandated. Refusing to call it a “backdoor” doesn’t change what it is.
Then there’s this, which implies legislators should look into stripping tech companies of protections they currently enjoy… solely to make it easier for law enforcement to access device contents.
Civil liability immunity statutes that were adopted during the infancy of many tech companies may unintentionally encourage such companies to pursue and market user-only access and end-to-end encryption models. Absent any risk of financial liability, the routine cost–benefit analysis— which most companies use to determine whether to dedicate resources to harm-mitigation strategies—may not influence some of these technology companies into a willingness to facilitate lawful access.
According to the Commission, the only way out of this mess is to strip companies of this liability shield… unless they agree to undermine the protections they give to their customers.
As long as tech companies are immune from liability, the Commission assumes that these companies perceive any development or maintenance of lawful access capabilities to be a drain on profits, which allows the tech companies to hide their financial motivations under the guise of a desire to enhance users’ privacy. Ultimately, this behavior enables plausible corporate ignorance and allows criminals to use these systems for illegal purposes. If corporations are to continue to benefit from civil immunity, Congress should mandate that these companies develop and maintain a lawful access solution capable of producing clear text data in response to court-ordered search warrants.
The Commission also says legislators should implement regulations that allow it to wiretap real-time communications that are currently encrypted. Somehow this proposal starts with stored communications and ends with ordained MITM attacks.
The Stored Communications Act of 1986 requires data to be stored for up to 180 days upon request by the government. Providers must also disclose private information in emergency cases where individuals or groups may be in danger. In addition, a “court order is required for access to digital information. An administrative subpoena may be issued to gain access to specific data such as usernames, addresses, telephone numbers, and call transcripts.”
Recently, the FBI investigated a gang task force case where it was revealed that the primary suspect of a homicide case used FaceTime to orchestrate the crime. Because Apple uses end-to-end encryption, it allows criminals to coordinate their crimes through this avenue. If law enforcement is given lawful access, they can then intercept the plans of criminals and gain evidence to prosecute those who break the law.
The government appears to hate tech companies. Combined with the recent attacks on Section 230, Trump and his law enforcement buddies are apparently still entertaining any option that might let them score a win over Big Tech and its supposed anti-conservative/anti-law enforcement bias.
These are dangerous suggestions. Fortunately, they’re being offered up by a lame duck Commission that will presumably expire along with a lot of other Trump mandates following his exit from office. Bill Barr has already resigned. Whoever replaces him presumably can’t be as terrible as he was.
Law enforcement faces a lot of challenges. But it also has access to more tools, data, and information than it’s ever had before. Undermining user security in exchange for law enforcement convenience isn’t the way forward. It’s a step backwards — one that places the government’s wants over the needs of the people it’s supposed to be serving.
Filed Under: doj, encryption, executive order, fbi, going dark, law enforcement, presidential commission on law enforcement
Americans For Prosperity Sue Commerce Department To Find Out Who Was Influencing NTIA's Attack On Section 230
from the interesting-list dept
This is kind of fascinating. The group Americans for Prosperity have announced they’ve filed FOIA litigation against the Commerce Department after it has refused to respond to a FOIA request seeking communications between two former top NTIA officials that we’ve discussed here recently, regarding Section 230.
As background, you’ll recall that after Twitter added two fact checks on Donald Trump’s misleading tweets about mail-in ballots, Trump issued a bizarre executive order, demanding that (among other things) NTIA ask the FCC to reinterpret Section 230. Trump needed to order NTIA to do this because the FCC is supposed to be an independent agency and the President isn’t supposed to order it to do anything. Indeed, as you’ll recall, when Barrack Obama merely made a public statement about net neutrality, without directing the FCC to do anything, basically every Republican, including Donald Trump, whined that he was illegally trying to “bully’ the FCC to do his bidding.
It quickly came out that two NTIA staffers were responsible for crafting the Executive Order: Adam Candeub, a long term critic of Section 230 who had just been hired to NTIA, and Nathan Simington. Candeub was later promoted to run NTIA and just this week was given a top job in the Justice Department. Simington, despite little qualifying experience, has been made an FCC Commissioner.
This was despite a separate FOIA request that revealed that Candeub and Simington, together, had emailed with a Fox News producer, asking to get Fox News host Laura Ingraham to attack Section 230 to help move the NTIA petition forward, and noting that it was important to do so to help re-elect Trump and help with down-ballot Republicans. This, of course, should be disqualifying for either of them to hold government jobs. When you get a job in the government you represent everyone and not just your own political party. You are not supposed to be using your government job to bully the media to do things for purely political reasons.
Given that, there should be tremendous interest in just who Candeub and Simington were talking to about Section 230. And Americans for Prosperity sent a FOIA request seeking exactly that information, asking for any emails between the two of them about Section 230 with a short list of known anti-Section 230 folks, including former Fox lobbyist (and the person responsible for getting FOSTA passed), Rick Lane, anti-230 FCC Commissioner Brendan Carr, AT&T (a company protected by 230, but which has decided to attack the law because it hates Google), DCI Group (a famously sketchy lobbying organization) and a bunch of others.
The full complaint details what happened:
On October 26, 2020, NTIA transmitted its first interim production, which contained 128 records in 35 electronic files. Ex. 5. Thirty-five records were withheld ?in part or in their entirety,? under Exemption 5, but without identifying any relevant privilege. Id. An additional eight records were ?withheld in part under Exemption 6.?
In this production, one record revealed that Mr. Candeub sent an email from a government email address to his private, gmail.com email address.
On November 10, 2020, AFPF asked NTIA whether it could email the next production and when another interim or final production could be expected.
On November 11, 2020, AFPF raised concerns that the first interim production did not include any text messages or instant messages. Id. (?These should be included in ?all communications? as well as e-mail, hand-written notes, etc.?).
On November 16, 2020, NTIA responded that the second interim response was prepared, but the agency required an address clarification. Ex. 8. NTIA also claimed that AFPF?s ?request only specified email, it did not specify text and IM. If [AFPF] would like to request text messages and IM, [it] will need to file another FOIA request for those records.?
AFPF immediately confirmed its mailing address and noted that its initial FOIA request contained ?no reference to seeking only e-mail records,? as it instead mentioned ?all communications.? Id. AFPF further noted that this ?matches the same language in [NTIA?s] . . . clarification confirmation e-mail from September 18 . . . . Therefore, the request covers text messages and IMs.? Id. AFPF also asked how many records were left after the second batch and when AFPF could expect to receive them.
NTIA responded that it does ?not have a final count or an estimate of how many records will be responsive to [AFPF?s] request. Nor d[id it] have an estimate of when this will be completed.? Id. Additionally, NTIA attempted to justify its refusal to include records beyond e-mails in a search for ?all communications? by pointing to a footnote in AFPF?s request that defines the term ?record.?
On November 18, 2020, NTIA transmitted its second interim production, which contained 153 records in 39 electronic files. Ex. 9. Fifty-nine records were withheld ?in part or in their entirety,? under Exemption 5, but without identifying any relevant privilege. Id. An additional twenty-five records were ?withheld in part under Exemption 6.? Id. Additionally, fourteen records were referred to the Department of Justice and three to the Department of Commerce ?for a direct response[.]?
On December 14, 2020, AFPF emailed NTIA noting that both Mr. Candeub and Mr. Simington will reportedly be leaving the agency. Ex. 10. Given these reports, AFPF requested ?that NTIA take affirmative steps to preserve all potentially responsive records, including text message records and any private email account that may contain government records.?
To date, NTIA has not provided a final determination on AFPF?s request, nor has it released another interim or final production of responsive records.
And thus, the lawsuit for failing to comply with FOIA’s requirements. As with most FOIA lawsuits, the main remedy sought is having NTIA actually cough up the records requested, as required by the law. It sure would be interesting to see what’s there, and why NTIA seems unwilling to obey the law and hand over those records.
Filed Under: adam candeub, brendan carr, commerce department, donald trump, executive order, fcc, foia, nathan simington, ntia, rick lane, section 230, transparency
Companies: afp, at&t, dci
District Court Rejects CDT's Challenge Of Trump's Ridiculous Executive Order On Section 230
from the no-standing dept
Back in May, you may recall, Donald Trump issued his silly executive order on Section 230 in response to Twitter adding a couple fact checks to blatant conspiracy theory nonsense that Trump was posting. A week later, the Center for Democracy and Technology (CDT) sued over the executive order, arguing that it was unconstitutional, and clearly retaliatory against Twitter.
When CDT filed the lawsuit I noted that the big question would be whether or not CDT could show standing in order to challenge the order, as it would be harder to prove that it impacted CDT directly. CDT argued that because the executive order would divert its attention and resources away from other, more important, fights regarding free speech online and government surveillance, it injured the organization.
On Friday, a judge agreed with my initial gut reaction and said that CDT failed to show standing. Basically, since the order only directed the government to do a bunch of stupid things, it didn’t really impact CDT.
But Order 13,925 is most notable at this point for what it does not do. It imposes no obligation on CDT (or any other private party), but it merely directs government officials to take preliminary steps towards possible lawmaking. CDT?s claimed injury is not concrete or imminent and is thus insufficient to establish Article III standing. Even if CDT managed to clear the standing hurdle, it faces redressability and ripeness problems too. The Court will therefore dismiss this case for lack of jurisdiction.
The claim that this silly waste of time diverted resources from more serious issues doesn’t impress the court:
If an organization alleges ?only impairment of its advocacy,? that ?will not suffice? to show standing. Turlock, 786 F.3d at 24; see also Food & Water Watch, 808 F.3d at 919 (?Our precedent makes clear that an organization?s use of resources for litigation, investigation in anticipation of litigation, or advocacy is not sufficient to give rise to an Article III injury.?). ?This is true whether the advocacy takes place through litigation or administrative proceedings.? Turlock, 786 F.3d at 24. More, ?an organization does not suffer an injury in fact where it expends resources to educate its members and others unless doing so subjects the organization to operational costs beyond those normally expended.? Food & Water Watch, 808 F.3d at 920 (cleaned up).
Though somewhat ridiculously the judge, Trevor McFadden (appointed by Donald Trump), actually throws in an incredibly silly line, claiming that CDT should be applauding Donald Trump’s executive order, which he suggests (laughably) is about protecting free speech online.
CDT has not met its burden to show an injury to its interests. To begin, there does not appear to be a ?direct conflict? between Order 13,925 and CDT?s stated mission. The Order expresses ?the policy of the United States to foster clear ground rules promoting free and open debate on the internet.? … CDT asserts a similar mission?to ?advocat[e] in favor of First Amendment protection for speech on the Internet.? … One would think that CDT would applaud the President?s desire to prevent online censorship. But no matter. The Court will take CDT at its word and assume that Order 13,925 directly conflicts with its interests. … It still has not established an Article III injury.
That seems quite silly. Just because Trump’s exec order claimed to be promoting free and open debate on the internet, the whole point was to move to stifle speech online, and that’s what CDT was pointing out. Still, the standing point is a big one and CDT can’t jump over that hurdle:
CDT has not alleged that Order 13,925 has ?perceptibly impaired? its ?ability to provide services.? Turlock, 786 F.3d at 24 (cleaned up). It claims that because of the Order it will have to ?devote substantial resources to?: ?participating in the planned FCC rulemaking proceeding,? ?monitoring federal agencies? reports,? ?tracking any FTC action,? ?participating in any proceedings that the Commission institutes,? and ?engaging with federal and state policymakers.?…
This is plainly deficient. Circuit precedent is ?clear that an organization?s use of resources for . . . advocacy is not sufficient to give rise to an Article III injury,? Food & Water Watch, 808 F.3d at 919, ?whether the advocacy takes place through litigation or administrative proceedings,? Turlock, 786 F.3d at 24. CDT?s alleged injury?resources spent monitoring federal agencies, participating in their proceedings, and working with lawmakers?is one to its advocacy work, which is not a cognizable injury. … In other words, CDT has shown that it is engaging in business as usual, not that Order 13,925 ?causes an inhibition of [its] daily operations.? …
All in all this is disappointing, but not unexpected. In the meantime, the executive order has already created its own mess in the form of the NTIA petition to the FCC to reinterpret Section 230, which the FCC, led by total hypocrite Ajit Pai, has agreed to move forward with.
CDT may not have had standing to challenge the bogus order, but the order has still created a huge mess for the open internet. It was the kind of mess that principled people could have stopped much earlier, but they all went along with it, either because they’re too clueless to understand Section 230 or they’re too afraid of Donald Trump pointing his angry temper tantrums in their direction. One hopes that the issue will die with the new administration, but with recent moves like appointing the author of the NTIA petition to the FCC, and some other rumors — combined with Biden’s top tech advisor pushing to ditch 230 entirely — the trail of destruction this executive order is causing isn’t likely to end any time soon.
Filed Under: donald trump, executive order, section 230, standing
Companies: cdt