Inside the Beltway : July 2012

Senate Commerce Committee Eyes Privacy, Cyber Security Legislation Gaining Traction
 

The Senate Committee on Commerce, Science, and Transportation has held two hearings in the last three months regarding privacy legislation. The first, in May, examined perspectives from the Administration and the Federal Trade Commission around the need for baseline privacy legislation. The second hearing, less than two weeks ago, investigated whether industry self-regulatory programs could do enough to protect consumer privacy.

While these were the first Senate Commerce hearings on the topic in 2012, little progress has been made in bridging the divide between Senate Republicans and Democrats on this issue and the legislative stalemate seems likely to continue until the next Congress.

In sum, Committee Democrats, like Sen. Rockefeller (D-WV), prefer baseline privacy legislation and cite consumers’ ignorance of deceptive and technically worded privacy practices that could subject consumers to harm. Republicans, like Sen. Pat Toomey (R-PA), continue to express doubt about whether true consumer harm is taking place and would prefer to see industry self-regulatory efforts given more time to educate and offer choice to consumers.

However, recent efforts to re-start negotiations towards comprehensive Cyber Security legislation could have ramifications for the privacy debate. Specifically, ABM is engaging Members of Congress to understand whether data breach or data security legislation could be added to an agreed-upon Cyber Security bill and to what extent such a policy rider might define terms related to data collection and use practices.

ABM will continue to monitor the Cyber Security legislation to ensure that harmful definitions are not included in a final bill, if one is achieved. As for privacy legislation in general, the political stalemate will likely continue until the next Congress in 2013, but ABM remains actively engaged on the issue now, knowing that whatever legislation does not move this year will likely be carried over into next year. ABM continues to advocate for self-regulation and for a business capacity exemption that would ensure that laws regarding consumer privacy do not limit the ability of b-to-b companies to collect and use information about an individual in a business capacity.

Supreme Court to Review Copyright First Sale Case

The United States Supreme Court last month accepted review of a case concerning the scope of the “first sale” doctrine of copyright law, which generally allows resale of lawfully purchased copyrighted works. 

The specific issue raised by the case is whether works manufactured abroad are subject to the first sale doctrine. The U.S. Court of Appeals for the Second Circuit, in John Wiley & Sons Inc. v. Kirtsaeng, ruled that they are not subject to the doctrine, meaning that textbook publisher John Wiley & Sons could pursue infringement claims against a man who imported its Asian-published textbooks and resold them in the United States. A strong dissent argued that the Copyright Act is ambiguous on the issue, and that the first sale doctrine should apply to all works, wherever published.

The Supreme Court’s ultimate ruling could be important for publishers and importers of copyrighted materials. A decision affirming that the first sale doctrine does not apply to foreign-made works could encourage some publishers, especially of high-value works, to shift publishing abroad, in order to maintain greater control over such works. Depending on its breadth, such a ruling could also restrict resale within the United States of many non-publishing goods as well, if they contain copyrighted text, art, or other content.   

USPS Loses $2 Billion in May, While Research Shows Improved Delivery
House to vote on legislation in late July

The U.S. Postal Service reported a loss of $2 billion for the month of May, the eighth month of its fiscal year. The Postal Service has lost $10.1 billion year-to-date. However, total mail volume was up 1.1% from last May, and total revenue was up 3% over the year-earlier period. Periodical revenue, which is about 2.7% of total postal revenues, was up 1.4% over last May, but is down 3.8% year-to-date.

Meanwhile, according to Red Tag News Publications Association, which monitors delivery of approximately 45 daily, weekly, bimonthly and monthly periodical publications, USPS has shown significant improvement in the last six months. Delivery trends for weekly Red Tag member publications include:

The Postal Service has also released its delivery percentages by postal area for May:

• Eastern: 78%
• Northeast: 78%
• Western: 77%
• Great Lakes: 76%
• Capital: 75%
• Pacific: 73%
• Southern: 70%

Lastly, The House of Representatives is scheduled to take up postal reform legislation at the end of July. ABM and its mailing coalition, the Coalition for a 21st Century Postal Service, have been meeting with House Members over the last month to educate them on the importance of a sustainable and reliable Postal Service and to advocate passage of the legislation. In addition, ABM has been active in efforts to dissuade Congressional Appropriators from getting involved in postal reform measures, as a piece-meal approach will likely doom the comprehensive postal reform effort to failure.   

Behavioral Advertising Industry Self-Regulation Still Under Attack at Three-Year Mark

The advertising industry’s self-regulatory plan for online behavioral advertising, announced with great fanfare on July 2, 2009, continues to draw attacks from several sides, even as its proponents claim great success in the program’s launch and acceptance. Proponents and opponents of the plan testified at a recent congressional hearing.

On the positive side, the privacy icon created by the industry’s self-regulation arm, the Digital Advertising Alliance (DAA), is being used by hundreds of ad networks, for a trillion ads a month, with about a million customer opt-outs since January 2011. 

But on the negative side, Microsoft announced recently that the next version of its Internet Explorer browser will ship with its “Do Not Track” option activated by default—a move that could prevent most consumers from ever seeing online behavioral ads, and the informational and opt-out options provided by DAA.  And two key lawmakers, Reps. Joe Barton, R-Tex., and Edward Markey, D-Mass., co-chairs of the Congressional Bi-Partisan Privacy Caucus, endorsed Microsoft’s move in a June 19 letter to the World Wide Web Consortium Tracking Protection Working Group, which is developing key web standards in the area.

The Barton-Markey letter also suggested that the two leaders’ concerns went beyond online behavioral advertising, and extended to all forms of web advertising and data collection:  “In our view, Do Not Track should encompass non-targeted advertising along with not accumulating, using, sharing , or selling the consumer’s personal data.”

ABM supports the ad industry self-regulatory system for online behavioral advertising, and continues to engage Members of Congress to ensure that business information is clearly delineated from consumer information in regards privacy and data collection legislation.

White House Seeks Public Input on IP Enforcement

On June 25 Victoria Espinel, the U.S. Intellectual Property Enforcement Coordinator, posted a blog requesting public input on the Administration’s new strategy aimed at improving the effectiveness of its efforts to protect U.S. intellectual property both domestically and overseas.

Espinel hopes to gather the best thoughts and recommendations possible by publishing a Federal Register Notice, where the American public can submit their ideas and the Government can review submissions.

“Beyond recommendations for government action as part of the next Strategy,” she writes, “we are looking for information on and recommendations for combating emerging or future threats to American innovation and economic competitiveness posed by violations of intellectual property rights. Additionally, it would be useful to receive submissions identifying threats to public health and safety posed by intellectual property infringement, in the U.S. and internationally, as well as information relating to the costs to the U.S. economy resulting from infringement of intellectual property rights.”

Click here to learn more about submitting your strategy recommendations. They may include, but need not be limited to: legislation, regulation, guidance, executive order, Presidential memoranda or other executive action including, but not limited to, changes to agency policies, practices or methods.

PostalVision Offers Six Growth Strategies for USPS
 

Last month’s PostalVision conference, held in Washington, D.C. by consultancy Ursa Major Associates, looked at the role of the Postal Service in the digital arena. Attendees included digital companies, USPS representatives, Postal labor unions, customers and service providers across all classes of mail.

According to WhatTheyThink.com, there were three main takeaways from the event: 1) Congress will never let the USPS go under; (2) USPS can only embrace digital technologies via work share contracts with the private sector and 3) the Postal Service is still a $50 billion business projected to handle half the world’s mail volume by 2020.

Much of the event focused on the USPS’ opportunity as a platform. Keynote speaker Phil Simon, author of “The Age of the Platform: How Amazon, Apple, Facebook and Google Have Refined Business,” shared how industry leaders are developing “plank ecosystems” offering features, applications, programs and services which also urge innovations from outside partners and developers.

While Postmaster General Patrick Donohoe noted the USPS still has the largest physical network in the world, it’s still limited by “1940 work rules.” Ruth Goldway, chairman of the Postal Regulatory Commission (PRC), offered six growth strategies for the USPS, including allowing private sector more access to the network; capitalizing on geographic reach of the postal network; leveraging the trusted nature of the Postal Service (expanding Vote by Mail service, emergency medical countermeasures, mail-in test kits); tapping intellectual capital of the Postal Network (national addressing system, employee’s institutional knowledge, patent portfolio, hybrid mail, lessons from other national postal operators); providing customers more control over the mail; and fostering partnerships (including federal, state and local government agencies, credentialing services to Government customers, prize contests, retail reinvention).

FTC Action Against ‘Data Broker’ Based on Credit Reporting Act Violations

Regulation of “data brokers” was one of the FTC’s recommendations in its major report on privacy in March. But what does the FTC mean by “data brokers?” And, most importantly to ABM members, does that concern extend to business-to-business data collections?

An enforcement action last month provides some clues to the FTC’s concerns, and suggests that they may be focused on activity much different from most b-to-b data collections. On June 12, the agency entered into a settlement with Spokeo, Inc., a company that it described as “a data broker that compiles and sells detailed information profiles on millions of consumers.” On close examination, Spokeo was prosecuted under a credit-reporting act for selling credit-reporting-type reports about consumers – practices much different from those engaged in by most b-to-b “data brokers.”

Specifically, Spokeo was accused of creating and providing “consumer reports” under the Fair Credit Reporting Act (FCRA) – information bearing on a consumer’s credit worthiness which is “used or expected to be used” for the purposes of credit or employment eligibility. Spokeo assembled its consumer reports from many online and offline sources, and sold its reports through paid subscriptions, to customers in the human resources, background screening and recruiting fields. Spokeo sold the reports with the intent that they would “serve as a factor in deciding whether to interview a job candidate or whether to hire a candidate after a job interview.”

Thus, Spokeo’s business model, as described by the FTC, fit squarely in the area that the FCRA covers. Spokeo thereby qualified as a “consumer reporting agency” which was obligated, under the FCRA, to ensure its information was accurate, to make its reports available to consumers, to provide certain notices to consumers, and to make sure its reports were used only for legally permissible purposes. It allegedly failed at each of these FCRA-mandated duties.

Spokeo entered into a consent judgment, in which it agreed to pay an $800,000 civil penalty and reform its practices. The FTC celebrated its victory with a press release that trumpeted its victory over this “data broker.”  But on close analysis, the case says relatively little about regulation of “data brokers” in general, because the decision was based solely on the FCRA violations. And if and when the FTC follows through with a call for new legislation to give consumers access to all “data brokers,” this case suggests that the FCRA may already provide sufficient protection for consumers.

Web Privacy Census May, or May Not, Reveal Concerns

Researchers at the University of California at Berkeley, who also campaign for legislation protecting consumer privacy rights, released a study recently that purports to show more intrusions into the privacy of Internet users. But the study results may not really support the authors’ claim of increasing privacy intrusions.

The Berkeley Web Privacy Census study was directed by Christopher Hoofnagle, who engages in both privacy research and privacy advocacy. It is designed to be the first of regular quarterly surveys of privacy practices of the most-visited websites. In the study, the practices of the most frequently visited 100, 1,000, and 25,000 websites were analyzed using web robots that recorded the websites’ information-collection practices.

Although the study concluded that most popular websites use many third-party HTTP cookies, the standard technology for storing data about a user’s previous activity on a website, the study could only crudely and inexactly distinguish between generally well-accepted “first party” cookies (used on a single website) and more controversial “third party” cookies (used in online behavioral advertising). It appears from the study, for example, that cookies shared between gm.com and chevrolet.com would be classified as “third party” cookies although the sharing actually took place within the same company. 

The study also analyzed two technologies that arguably can be more intrusive than mere HTTP cookies – Flash Cookies, and HTML5 web storage. Interestingly, although Hoofnagle and his colleagues made headlines in 2009 with their study revealing unexplained use of Flash cookies by many websites (a practice that in some case allowed “respawning” of HTTP cookies that consumers had deleted), the current study seems to shows a sharp decrease in use of Flash cookies – possibly because their original occurrence was inadvertent in the first place and has been corrected in light of their 2009 report. And the study’s finding of increased use of HTML5 web storage may mean very little in connection with web tracking, because of the multiple possible uses of HTML5 web storage.    

Hoofnagle and other web privacy researchers at Berkeley, Stanford and Carnegie-Mellon continue to make headlines and influence policy with their studies and surveys. (One of their studies was cited by the White House earlier this year.) It is becoming increasingly apparent that businesses that wish to take advantage of tracking technologies need to understand these studies, and, where appropriate, point out their limitations, or commission more comprehensive and credible studies themselves.