Time to Break the Logjam on ECPA Reform

posted by in Data October 21, 2014
Oct 21

No one can argue convincingly that the email, photos and documents we store electronically are any less important to our personal and professional lives than the ones we keep on paper. Yet they are still held to different standards: Authorities need a warrant to search an old-fashioned file cabinet, but not your hard drive or email account.

That’s because the law that governs access to digital records, the Electronic Communications Privacy Act, or ECPA, turns 28 years old this week. It was enacted in 1986 — well before anyone but a small handful of scientists and academics had ever used the Internet — and it is long overdue for reform. Addressing this issue is an important step in building public trust in the innovative technologies at the heart of the digital economy.

Lawmakers in both parties agree on this proposition and have coalesced around appropriate reform measures. In the Senate, Judiciary Chairman Patrick Leahy (D-Vt.) has partnered with Mike Lee (R-Utah) to introduce the ECPA Amendments Act (S. 607), a bill that would fix the law by requiring authorities to obtain warrants to access private electronic communications from service providers. A companion bill in the House (H.R. 1852) has attracted more than 270 co-sponsors, and a broad coalition of public-interest groups and industry voices also supports reform.

These efforts have stalled, however, because civil agencies, led by the Securities and Exchange Commission, have urged Congress to re-create the accident of history that gave them access digital records with only a subpoena.

It is time for Congress to break this logjam. So BSA, along with a diverse coalition of technology companies and civil society groups, wrote letters last month to House and Senate leaders calling for a vote on the pending legislation. The upcoming lame duck session will be their last opportunity in this Congress. This is an achievable bipartisan accomplishment that also would be very well worthwhile.

To stay relevant, laws must evolve with technological reality. ECPA is way behind the times. It must be updated for the 21st century.

Privacy Protection Is at Stake in Microsoft’s Battle with the DOJ

posted by in Data July 28, 2014
Jul 28

Technology has fundamentally changed the way we all store our information, and that has put technology companies on the front lines of the fight to ensure private data are protected as well in the digital age as in the past. This fight is now playing out in a lawsuit in New York, where the US government is urging a court to ignore the true nature of digitally stored information so that it can avoid clear limits on search-and-seizure authority. The court should instead reaffirm limits on government power to preserve critical privacy protections.

Up on appeal is a case from the US District Court in the Southern District of New York in which the government served Microsoft Corp. with a search warrant directing it to produce the contents of a customer’s email account. Microsoft determined that it had stored the content on a server in Dublin. Rather than produce the email content, the company produced only data stored in the United States and moved to dismiss the warrant to conduct an exterritorial search at the government’s behest.

This case presents critically important issues for each of us as we increasingly turn to sophisticated technologies to store and organize our private communications, our photographs, our most sensitive business and personal data. The right to keep that data private is essential — and it requires that we extend and adapt longstanding legal protections to the new context of today’s digital world.

That is what the US Supreme Court recognized unanimously on June 25 in Riley v. California, when it ruled that the federal government cannot conduct warrantless searches of information stored on a cellphone. In that case, the government claimed that past decisions allowing the search of “a cigarette pack, a wallet or a purse” found on a person when he or she was arrested should be applied to the very different context of digitally stored information. The argument that those two types of searches are “materially indistinguishable,” the court found, “is like saying that a ride on horseback is materially indistinguishable from a flight to the moon. Both are ways of getting from point A to point B, but little else justifies lumping them together.”

The case pending in federal court in New York involves law enforcement officials’ authority to obtain information using warrants, which do not require any advance notice to the person whose information is being sought. Ordinarily, warrants are limited to information located within the United States. But the government claims it can serve a warrant on an Internet service provider in the United States and force that company to turn over emails of non-US customers stored on servers outside this country.

That astonishing overreach is based on a legal fiction — that no search occurs until the digital data are transferred to the United States. But that is simply wrong as a technical matter, because the foreign server must be searched to identify the information at issue and to transfer it to the United States. And it is wrong as a legal matter as well: No one would argue that physical papers stored in Ireland, France or Hong Kong had not been “searched” if they were identified, bundled up and sent to the United States.

The government’s expansive argument also violates a second fundamental legal principle, known as “comity,” which requires US courts to give appropriate respect to the laws and interests of other nations when addressing questions about the application of US law abroad. Another recent Supreme Court decision, Daimler AG v. Bauman, addressed this very point, adopting a narrow rule regarding the jurisdiction of US courts because of concerns about intruding on the interests of other nations. The federal government argued in favor of that narrow approach.

Now it is urging precisely the opposite approach and ignoring the fact that many other countries have laws protecting the privacy of their citizens that make it illegal to send individuals’ personal information outside their borders. The government’s demands therefore would force companies to violate foreign law — and risk criminal penalties — or violate US law by refusing to do so. It’s particularly odd that the government is urging its aggressive legal rule when it has other options. Mutual legal assistance treaties in place with many other nations allow the US government to ask the country in which the information is located to obtain the information using its own, local authority. And the 42-nation Convention on Cybercrime provides for cross-border assistance in obtaining electronically stored data.

The US government’s position is ultimately self-defeating. Extending US law outside our country’s borders would make non-US individuals and companies reluctant to do business with service providers that have operations within the United States. Moreover, if the US government decides it can demand information in other countries, other governments will follow suit and force technology companies to turn over the private information of American citizens. This chaotic and routine infringement of sovereign territory is unsustainable as a framework for collecting private citizens’ communications and other personal information internationally.

Let’s hope the New York court follows the same path as the Supreme Court and rejects the government’s attempt to eviscerate privacy protections that are recognized in the United States and in the laws of other countries around the world.

Reprinted with permission from the July 28 issue of The National Law Journal (c) 2014 ALM Media Properties, LLC. Further duplication without permission is prohibited. All rights reserved.

BSA Global Survey Reveals Security Concerns With Unlicensed Software — and Points to the Solution

posted by in Intellectual Property June 24, 2014
Jun 24

bsa_report_interior
Of all the priorities CIOs and IT managers are juggling these days — from cloud to mobility to data analytics — surveys find that cybersecurity is what keeps them up at night. And there’s good reason for that: Symantec dubbed 2013 the “Year of the Mega Breach” while the Economist Intelligence Unit found that more than 75 percent of organizations suffered a security incident in the past two years causing major system disruption or loss of sensitive data.

In this threat environment, the newly released 2013 edition of BSA’s bi-annual Global Software Survey finds that IT managers cite security threats from malware as the top reason to avoid unlicensed software. Among their specific concerns are intrusions by hackers and loss of data. Those concerns are not unreasonable. Yet a surprising 43 percent of the software installed on PCs around the world in 2013 was not properly licensed, at a commercial value of $62.7 billion. So while companies are justifiably worried, they are failing to act.

In fact, BSA’s Global Software Survey found that less than half of IT managers are confident their companies’ software is properly licensed, and only 35 percent of companies have written policies requiring use of properly licensed software. That is particularly striking when you consider the correlation between company policies and employee behavior: The survey found that at companies with written policies, 50 percent of employees say they never use unlicensed software, whereas at companies without written policies almost 60 percent of employees say they use unlicensed software frequently.

The good news is, this is a problem that can be solved. There are common-sense steps IT managers can take to track and manage their organizations’ software licenses:

  • First, know what’s on your system by keeping track of all software installations and ensuring your organization has the appropriate licenses for them;
  • Establish a formal, written policy and communicate it out to employees;
  • Adopt sound software asset management (SAM) practices.

SAM programs such as BSA’s Verafirm can help companies stay compliant and generate more value from their software. SAM ensures the right controls are in place to avoid security and operational risks while giving companies a full view of what is installed on their networks. Perhaps unsurprisingly, the Global Software Survey found that IT managers at companies with SAM programs in place are the most confident their software is properly licensed.

To read the full study, including estimated rates and commercial values of the unlicensed PC software installed last year in more than 100 countries around the world, visit www.bsa.org/globalstudy.

Positive Shift in Europe’s Approach to Cloud Policy

posted by in Cloud Computing May 2, 2014
May 02

Policy discussions about cloud computing in Europe have at times been fraught with protectionist rhetoric. Exacerbated by Edward Snowden’s revelations on government surveillance, there have been calls for data location requirements, procurement preferences for European providers, dedicated French or German cloud networks, and even a “Schengen area for data” as ways to promote deployment of cloud services wholly focused on the European market.

While BSA fully supports efforts to promote cloud computing in the EU, these types of policies would run contrary to the borderless nature of the cloud and hamper, not encourage, cloud uptake. (more…)

Restoring Confidence in the Digital Economy

posted by in Data, Global Markets April 10, 2014
Apr 10

How do we restore trust and confidence in the underpinnings of the digital economy in the wake of unsettling disclosures about international surveillance practices?

That question is top of mind for policymakers in the US and European Union as they ponder the possibility of a grand, new transatlantic trade and investment partnership. As I noted in speeches this week in Brussels and Paris, getting the answer right will be critical if we are going to capture maximum benefit from the kinds of software innovations that are transforming everything from the way manufacturers manage their supply chains to the way doctors provide healthcare. (more…)

EU-US Summit Is an Opportunity to Re-Establish Trust in the Transatlantic Relationship

posted by in Global Markets March 26, 2014
Mar 26

Today’s EU-US Summit in Brussels, at which President Obama will join his European counterparts, Herman Van Rompuy, President of the European Council, and José Manuel Barroso, President of the European Commission, provides an important opportunity to reinforce EU-US economic ties. A strong transatlantic partnership will send a message to global markets that the greatest prospects for economic growth and development lie in keeping borders open to data flows and preventing mandates on where servers and other computing infrastructure are located.

The commercial relationship between Europe and the US is the most significant in the world. Yet events this past year have strained this bond, in particular revelations about US government access to data. As a result, some European policymakers have argued the EU should retreat from its strong economic ties with America, calling for suspension of the Safe Harbor mechanism that facilitates cross-border data flows, requesting servers to be located geographically within Europe, even pushing for European IT independence. (more…)

Affirming the Patentability of Software

posted by in Intellectual Property February 27, 2014
Feb 27

The Supreme Court next month will hear oral arguments in CLS Bank v. Alice Corp., an important case that could go a long way toward affirming that the breathtaking software innovations transforming the world around us are patentable just like any other form of innovation as long as they meet the standard tests of being new, useful, non-obvious and adequately described.

The debate about software patentability has been contentious in recent years, partly because it has been exacerbated by questionable inventions masquerading as software patents. Take the patents asserted by Alice Corp. They simply describe a well-known process for settling financial transactions — an abstract idea that has been around for centuries — and claim that performing the steps on a computer is an invention. The concept of performing intermediate settlements on a computer adds no substantial value and does not make the abstract idea patentable, so the Court should find Alice’s patents invalid. (more…)

Study Shows Impact of Software Infringement for Manufacturers

Feb 12

It has long been well understood that software is a key driver of growth and innovation because it serves as a tool of production for businesses across every sector of the global economy. It also follows that the impact of software intellectual property infringement is far reaching — and a new study quantifies that impact in the manufacturing sector.

Bill Kerr, associate professor at Harvard Business School, and Chad Moutray, chief economist for National Association of Manufacturers (NAM) have found that global software IP infringement is a significant drain on the US economy. Their study, commissioned by NAM and the National Alliance for Jobs and Innovation, reveals that between 2002 and 2012 software infringement cost nearly $240 billion in manufacturing revenue, $70 billion in GDP and more than 42,000 US manufacturing jobs.

Results of the study were discussed on January 30, 2014 in a panel discussion at NAM headquarters featuring the study authors and industry leaders:

A Forward-Looking Trade Agenda for the Digital Economy

posted by in Cloud Computing, Global Markets January 30, 2014
Jan 30

The world now invests nearly $4 trillion a year on information and communications technologies. This is propelling rapid evolution in the global economy, transforming everything from the way manufacturers manage their supply chains and retailers serve their customers, to the way doctors provide healthcare and police monitor crime statistics to improve public safety.

But capturing the maximum possible benefit from all this innovation — to spur growth, create jobs and improve people’s quality of life — will require modernizing global trade rules to promote rather than inhibit international sales and exports of the kinds of products and services that are powered by software, cloud computing and data analytics.

With major trade negotiations now underway in the Atlantic and Pacific — plus separate multilateral talks progressing on services and IT products — we have a historic opportunity to enact such an agenda and drive long-term growth in the digital economy. That is the main conclusion of a new report from BSA | The Software Alliance, titled, “Powering the Digital Economy: A Trade Agenda to Drive Growth.”

(more…)

Pass the Innovation Act

posted by in Intellectual Property December 3, 2013
Dec 03

The US House of Representatives is set to vote this week on the Innovation Act (H.R. 3309), an important bipartisan bill that would curb abusive patent litigation by reducing the financial incentive for bad actors to engage in it.

BSA urges Members of Congress to support the bill.

We have laid out the case for balanced patent reform along with a detailed analysis of the Innovation Act on PatentPrinciples.org. For a great overview of why the bill is needed, we would also encourage everyone to watch this video from Judiciary Chairman Bob Goodlatte (R-Va.), the bill’s sponsor: