With the revelation that the government is now — legally — collecting phone records and data from the top U.S. tech companies, it’s time to begin paying attention to the most pressing tech policies being created and revised right now. Here are six important policy issues we think you should be paying attention to.
CISPA (Cyber Intelligence Sharing & Protection Act)
The Cyber Intelligence Sharing and Protection Act (CISPA) is a bill that attempts to give American companies a greater degree of protection against cyber security threats. It does this by allowing the government to become a “middleman” of sorts by sharing cyber threat data from all the tech/web companies. Some of these companies are already sharing data, which may or may not be against the law, but if CISPA passes they will absolutely be exempt from prosecution.
Why it could be bad: Some of the bill’s stipulations are vague, including those that protect against the government’s interest in personal data and how far companies are allowed to go when grabbing that data. Many people feel there should be safeguards to protect individual privacy rights.
Status: It passed a vote by the House. And the Senate committee in charge of reviewing CISPA’s House bill has vowed not to review it, deciding instead to draft its own cybersecurity legislation. That doesn’t mean CISPA is dead, as VentureBeat previously pointed out. One of those Senate bills could easily morph back into something very similar to the CISPA House bill, only with a different name.
Check out VentureBeat’s coverage of CISPA.
Marketplace Fairness Act (a.k.a. the Internet Sales Tax bill)
The Marketplace Fairness Act is an attempt to give states the authority to force online sellers to collect sales tax from people who buy products or services from them. The bill was named because of its intent to take away Internet retailers’ advantage of not having to charge sales tax on their items — whereas physical stores do have to collect those taxes.
Why it could be bad: Currently, the bill requires any company to collect taxes if it generates more than $1 million in revenue from out-of-state consumers. The problem is, collecting sales tax from 50 states (let alone cities and counties) is a very complicated task and something that small businesses won’t be able to do easily or cheaply — even though this act does have some provisions to simplify the current state of affairs. Bigger online retailers can handle this type of sales tax collection, so it really just gives companies like Amazon another advantage over the smaller, physical retail stores.
Status: The Marketplace Fairness Act passed a vote in the Senate despite lots of pushback from House members who don’t like the bill at all. Of course, this doesn’t mean it won’t pass, but it could at least end up a little watered down. For instance, an amended version may increase the amount of out-of-state revenue a business generates before it has to collect sales tax to $10 million. Another possible amendment could place a stipulation on the number of employees a company has on salary before the Marketplace Fairness Act would apply to them.
Check out VentureBeat’s coverage of the Marketplace Fairness Act.
DMCA reform (a.k.a. why you can’t legally unlock your smartphone)
The Digital Millennium Copyright Act (DMCA) was originally passed into law in December 1998 to provide media companies with some instruction when it came to licensing content to third-parties. It was later revised, as the Internet became a much bigger force, to give music labels and movie studios some protection against digital piracy. Back then, it sort of made sense, because all media was transitioning into a digital market via consumers faster than copyright holders could adapt to a new business model. DMCA has been effective on some levels because it established a basis for the new frontier of digital copyright law, but it wasn’t able to predict the future — so parts of the law actually hinder innovation and diminish consumer protections to ensure businesses who own those copyrights can make money.
Why it is broken: Today, digital media copyright laws are a total and absolute mess. I could easily fill an entire feature article with specific examples of how DMCA is broken, but I’ll zero in on a single aspect of the law that may actually get reformed in the near future.
The flaw is found in section 1201 of the bill, which treats software as if it were a hit radio single or blockbuster movie.
It prevents consumers in the U.S. from altering the software that comes baked into mobile devices, such as smartphones and tablets, in order to make them work on any wireless carrier. You can buy an iPhone, resell it, or disassemble it for parts, but altering the operating system without permission from the carrier is punishable by up to five years in prison and a hefty $50,000 fine.
The takeaway? Software is not the same as Iron Man 3 or an AC/DC song. (And while I won’t get into how copyright holders — like Microsoft, Viacom, UMG, NBCUniversal, and others — are abusing DMCA’s takedown procedures with over 250,000 infringement claims per week, it’s worth keeping an eye on.)
Status: Back in October, Congress allowed a stipulation to lapse that made altering software on cellphones exempt from being illegal under DMCA. That sparked the ire of over 114,000 citizens, who petitioned the White House to make unlocking cellphones legal. Since then, the White House has responded with full support for the petition and has even asked Congress to pass a law making it legal. More recently, the House has begun a comprehensive review of current copyright laws, including the DMCA.
Check out VentureBeat’s coverage of DMCA.
ECPA reform (a.k.a. email privacy laws)
The Electronic Communication Privacy Act (ECPA) was created in the 1980s, a decade known for producing legendary musical hits from Phil Collins but not so much for its strides in outlining the fundamentals of email communication. The law was created to make sure authorities had a good reason for investigating any electronic communication. As a result, stored electronic communication was treated like physical property for the most part, meaning a warrant was needed prior to investigating the communication. It also added stipulations for wiretapping telephone calls and other electronic communication as it was being sent. For the ’80s this was perfectly acceptable, but it’s pretty outdated over 30 years later.
Why it’s broken: In the ’80s the “cloud” was still only something you’d see in the sky. Email was only being sent between devices over the Internet and stored on devices (computers) that could be considered personal property. So needless to say, the ECPA has no real specifications for handling privacy protections for electronic communication stored in the cloud, i.e., servers that are not in someone’s personal possession. If you had a basement of mail servers in your house that the government wanted access to, they couldn’t touch it without a warrant. But since Google is holding your data, the ECPA has been interpreted to allow authorities to access it after it’s been stored 180 days, because at that point it’s deemed abandoned. The EPCA also has different regulations for opened and unopened email messages. This law is so outdated that it’s an easy target for reform.
Status: ECPA reform is making some headway already. A revised version of the law introduced by Sen. Patrick Leahy (D-VT), which requires authorities to obtain a warrant before being able to access your email regardless of where or how it’s stored, passed unanimously in the Senate last month. The ECPA reform still needs to get through a House committee and then win a vote on the House floor. There’s no telling how long that might take.
Check out VentureBeat’s coverage of ECPA.
CFAA reform (a.k.a. preventing the next Aaron Swartz tragedy)
The Computer Fraud and Abuse Act (CFAA) is a nasty law that makes it illegal for someone to intentionally access a computer without authorization or to access it at a level beyond the level they have authorization for.
More specifically, CFAA makes hacking illegal. Hacking can run the gamut from the sinister to the benign, yet the CFAA doesn’t distinguish between those instances.
CFAA is mostly a criminal law (meaning harsher punishments) that’s been amended so that it can be tried in civil courts. Yet it still has very harsh punishments. First-time offenders of CFAA face a minimum of five years in prison; and repeat offenders face 10 to 15 years. That’s in addition to hefty fines. Depending on what violation you’re charged with within the CFAA, you could face harsher punishments even for a first-time offense.
Why it’s broken: CFAA is extremely vague when it comes to defining what constitutes “accessing a computer without authorization,” and it’s even more vague about what it means for someone to knowingly exceed their authorization on a computer. It also doesn’t make any distinction based on the motive of the offender, which allows prosecutors to manipulate the final sentence far beyond what’s reasonable or fair.
Tragically, this is exactly what happened to 26-year-old Internet activist Aaron Swartz, who faced charges for downloading about 20 million academic documents from PACER in 2008, and again years later for downloading and distributing another 5 million academic documents from for-fee database JSTOR. The second violation alone landed Swartz 13 felony counts. In the aftermath of the prosecution activity, Swartz took his own life — with many saying the overly harsh CFAA charges were a main contributor to his suicide. Swartz wasn’t hacking nuclear missile guidance computer systems, he was making scientific research available to those who would use and learn from it.
Status: There have been several attempts to introduce new legislation that would reform CFAA, but nothing has gained significant traction. Earlier this year, Rep. Zoe Lofgren (D-Calif.) introduced a bill, Aaron’s Law, that would have limited the number of charges brought against someone under CFAA. And in March, a reformed version of CFAA that took a harsher stance against hacking crimes got a cold reception when it was introduced in the House. This is a tech policy issue people want to see fixed not just because it’s broken, but also to honor Swartz’s memory by preventing the same thing from happening to others in the future.
Check out VentureBeat’s coverage of CFAA.
Automotive dealership laws (a.k.a. why you can’t easily buy a Tesla, apart from the price)
Most people don’t realize it, but you can’t actually just decide to create your own line of automobiles and sell them like you would any other product. This seems to be especially true for electric car manufacturer Tesla and its real-life-Tony Stark founder, Elon Musk. Car dealership groups in all 50 states are throwing hissy fits because Tesla wants to allow people to come to its physical retail stores, buy a Model S roadster that day, and have it delivered right to their homes. The auto dealers don’t like Tesla’s model because it cuts out the need for car dealerships entirely. At the very least, Musk’s approach hints that having a two-acre lot with tons of unsold, expensive vehicles might not be the best way to sell cars.
There isn’t a single law governing car sales, but rather a group of state laws with their own guidelines and regulations for selling automobiles. They’re complicated. They’re also very deeply entrenched.
Why these laws are broken: Currently, you can’t buy a Tesla car in many states, such as Virginia or Texas. A potential Tesla customer has to go home to both order and pay for the car online via Tesla’s website. In some cases, the car has to come from California to comply with state laws on dealerships. That’s a tad ridiculous, especially considering the benefits an electric car revolution could have on the economy and the environment. This is a broken law that’s being upheld because auto dealers are worried that without auto dealer regulations, their jobs will be on the line. (I’m all for saving jobs, but not at the expense of innovation that promotes cleaner energy usage and inches us close to Knight Rider becoming a reality.)
Status: Tesla could seek help from federal courts for a decision that would allow it to operate regardless of state regulations. It recently won a small victory in Texas, which will now allow the company to sell cars directly from its retail stores, but only for the first few thousand vehicles. After that, Tesla will need to be approved for a dealer’s license, which has some pretty unreasonable requirements given the company’s business strategy of cutting out the whole dealership process to begin with.
Failing a federal court ruling, Tesla could lobby Congress for its own legislation, allowing it to supersede state automotive dealership laws.
Check out VentureBeat’s coverage of Tesla.
What you can do about all this
Keeping abreast of current tech policy is only the first step, although probably the only step most people with a busy schedule can reasonably take.
But the following steps are easy to do, if you care about the issues above. You might remember them from grade school:
1. Contact your members of Congress to express your concerns about — or support for — tech policies they’ll be voting on. The House even makes it easy to find which Representative represents you.
2. Explain to a handful of friends why you believe these issues are important.
3. Finally, you can always run for office if you don’t feel like your voice is being heard.
Follow all of VentureBeat’s tech policy coverage as it develops.
Top kitty image via Still Burning/Flickr