On December 1, 2016, the Commission on Enhancing National Cybersecurity released its Report on Securing and Growing the Digital Economy. In its Report, the Commission, established in February 2016 by President Obama, provided detailed short- and long-term recommendations to strengthen cybersecurity in the public and private sectors. The Commission took a multi-stakeholder approach, emphasizing the need for broad public-private cooperation, defined consumer rights and responsibilities, and international streamlining efforts. The Report focused on eight cybersecurity topics identified in the Commission’s charging Executive Order: federal governance, critical infrastructure, cybersecurity research and development, cybersecurity workforce, identity management and authentication, Internet of Things, public awareness and education, state and local government cybersecurity, and additionally insurance and international issues.

After studying these eight critical areas, the Commission articulated ten foundational principles that shaped its recommendations in the Report. These principles focused on the growth in size and density of Internet-connected systems, United States and federal government leadership in cybersecurity innovation, private-public collaboration, clear definitions of authority and accountability, consumer education, user-friendly cybersecurity products, privacy and trust development, the unique needs and constraints of small businesses, and designing incentives for innovation.

The Report then enumerated myriad imperatives, recommendations, and action items for the current and next Presidential administrations to develop robust cybersecurity in the nation.
Continue Reading The Commission on Enhancing National Cybersecurity Releases Its Report on Securing and Growing the Digital Economy

Last week, the California legislature passed one of the nation’s most restrictive bills governing law enforcement’s ability to access location information.  Under the California Location Privacy Act, state and local government agencies would be required to secure search warrants before obtaining historical or current location information for any electronic device.  The California bill would curtail some of the law enforcement practices described in this New York Times article, which noted that cellphone carriers responded to 1.3 million law enforcement demands in 2011 — many of which came in the form of subpoenas, emergency requests, or other demands that can be less legally burdensome to secure than warrants.  

The California bill contains only a few narrow exceptions to the warrant requirement, such as responding to a user’s 911 call; with a user’s informed, affirmative consent; or in emergencies involving immediate danger of death or serious physical injury.  In the final round of amendments, the bill’s sponsors added an immunity provision for providers of location information: the Act is not to be construed “to create a cause of action against any foreign or California corporation, its officers, employees, agents, or other specified persons, for providing location information.”

Continue Reading California Legislature Bans Warrantless Location Tracking

The federal government conducted a search for purposes of the Fourth Amendment when it attached a GPS tracking device to a suspect’s car and used the device to track the suspect’s movements for 28 days, the U.S. Supreme Court ruled Monday.

All nine justices voted to uphold the decision by the U.S. Court of Appeals for the D.C. Circuit reversing Antoine Jones’s drug-trafficking conviction, which was partly based on evidence obtained from the tracking device. But the Court split 5-4 on how the government’s actions constituted a search within the meaning of the Fourth Amendment.

A five-justice majority, in an opinion written by Justice Antonin Scalia, held that the government’s physical attachment of the device to Jones’s car was the critical factor because the Fourth Amendment specifically protects “the right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures.”  Physically trespassing on one of Jones’s “effects” — the car — in order to obtain information would have been considered a search when the Fourth Amendment was adopted, the Court held, and such an intrusion therefore requires the government to obtain a warrant under most circumstances. Chief Justice John Roberts and Justices Anthony Kennedy, Clarence Thomas and Sonia Sotomayor joined Justice Scalia’s majority opinion.

Continue Reading Supreme Court: Attaching GPS Tracker to Suspect’s Car Constitutes Search For Purposes of Fourth Amendment

Government officials must seek a warrant to compel the disclosure of cell phone location data, a federal district court ruled, holding that a federal law allowing the government to obtain some information without a warrant violates the Fourth Amendment.

In a one-page order upholding a magistrate judge’s decision, U.S. District Judge Lynn N. Hughes, of the Southern District of Texas, held Nov. 11 that records showing the “date, time, called number, and location of the telephone when the call was made” are constitutionally protected, and thus the government needs a warrant based on probable cause to compel the disclosure of such data. That standard is higher than the standard required for a court order under the Stored Communications Act, which requires a government entity to demonstrate that there are “specific and articulable facts showing that there are reasonable grounds to believe” the contents of or records about an electronic communication are “relevant and material to an ongoing criminal investigation.”

Continue Reading Federal Court Finds Warrant Required to Obtain Cell-Phone Locations

Today, Senator Charles Schumer (D-NY) sent letters to Federal Trade Commission chairman Jon Liebowitz and OnStar executive director Linda Marshall regarding recent controversial changes to OnStar’s privacy policies.  OnStar provides in-vehicle GPS navigation, emergency response, and concierge services for millions of U.S.-manufactured vehicles.  In providing these services, OnStar collects data regarding customers’ location, speed, driving