On September 4th, the White House Office of Science and Technology Policy (“OSTP”) released its Blueprint for an AI Bill of Rights (“Blueprint”), which identifies five principles to minimize potential harms stemming from certain applications of AI. The Blueprint recognizes the “extraordinary benefits” that AI can provide, and the Blueprint states that harms stemming from AI are not inevitable.
Last week, President Trump nominated four new commissioners to the Federal Trade Commission (“FTC”): Joseph J. Simons, an antitrust attorney, as Chairman; Noah Joshua Phillips, chief counsel for Senate Majority Whip John Cornyn (R-Texas), for the second Republican seat; Christine Wilson, an executive for Delta Air Lines, for the third Republican seat; and Rohit Chopra, a senior fellow at the Consumer Federation of America, for a Democratic seat. By statute, no more than three commissioners may be members of the same political party. The fifth spot on the Commission would remain vacant pending an additional nomination by the President.
If confirmed by the Senate, these four nominees would establish a Republican majority at the FTC. Since early last year, the agency has been operating with just one Commissioner from each party – Acting Chairman Maureen Ohlhausen and Democratic Commissioner Terrell McSweeny. Earlier in the week, President Trump also announced his intent to nominate Acting Chairman Ohlhausen for a seat on the U.S. Court of Federal Claims. Therefore, these new nominations would completely change the composition of the Commission.…
The White House released on November 15, 2017 the Vulnerabilities Equities Policy and Process for the United States Government (“VEP”) — the process by which the Government determines whether to disseminate or restrict information about new, nonpublic vulnerabilities that it discovers. This release was motivated by criticism following the allegations that significant cyber-attacks have exploited…
Last week, the Office of Management and Budget issued an updated breach response policy for federal agencies, replacing a policy last updated in 2007. The policy, set forth in memorandum M-17-12, provides minimum standards for federal agencies in preparing for and responding to breaches of personally identifiable information (PII). In addition to setting forth…
The White House has released a Presidential Policy Directive on United States Cyber Incident Coordination (PPD-41). PPD-41 is part of President Obama’s broader Cybersecurity National Action Plan, which was unveiled this past February.
Continue Reading White House Releases Presidential Policy Directive on U.S. Cyber Incident Response
Yesterday, the White House announced a series of workshops and an interagency working group devoted to the benefits and risks of artificial intelligence (AI). The announcement cited the growing influence of AI, and specifically its potential applications in healthcare, education, and transportation. On the other hand, the announcement noted the potential risks and policy challenges of AI, such as the potential for job losses and the challenges of predicting and controlling AI technology.
Continue Reading White House Announces Artificial Intelligence Workshops and Working Group
Following the announcement of the President’s Cybersecurity National Action Plan (CNAP), an initiative designed to “enhance cybersecurity capabilities within the Federal Government and across the country,” the White House has released a fact sheet outlining the different components of the CNAP. The announcement of the CNAP follows the President’s request for $19 billion in funding for cybersecurity initiatives in fiscal year 2017, an increase of 35% over the previous year’s request. The CNAP includes a mixture of near-term measures and long-term objectives, with the ultimate goal of enhancing the federal government’s cybersecurity posture while encouraging private citizens and businesses to do the same. Some of the most significant aspects of the CNAP, discussed further below, include:
- The launch of a cybersecurity awareness campaign to promote the use of multi-factor authentication;
- A “systematic” review by the White House to identify areas where the federal government can reduce the use of Social Security Numbers as individual identifiers;
- Plans for the development of a Cybersecurity Assurance Program to test and certify connected devices against certain security standards;
- The creation of a Chief Information Security Officer (CISO) position within the federal government, coupled with a $3.1 billion initiative to modernize federal agencies’ IT systems and applications;
- The establishment of a commission of private sector cybersecurity experts to offer recommendations on cybersecurity initiatives; and
- The establishment of a Federal Privacy Council, composed of representatives from various key federal agencies, to coordinate guidelines for the federal government’s collection and storage of data.
South by Southwest (“SXSW”) Interactive kicked off last week, and Covington was there once again to cover privacy. One panel of interest that we attended, entitled “Data (in)Security: MIT Scientists Tackle Privacy,” featured MIT professors Danny Weitzner, Ronald Rivest, and Sam Madden discussing their current research and related privacy issues. All…
By Caleb Skeath
As we reported yesterday, the Congressional Privacy Bill has been released, following the release of the White House’s proposal for a privacy bill in late February. The bill contains the Commercial Privacy Rights Act of 2015, the Congressional counterpart to the White House’s proposal, along with data breach notification provisions and the “Do Not Track Kids Act of 2015,” which proposes substantial revisions to the Children’s Online Privacy Protection Act (COPPA). As with the White House proposal, the Privacy Rights Act would implement a comprehensive regime of substantive privacy requirements. Our analysis of the Commercial Privacy Rights Act is below, and we will separately post further analysis of the data breach provisions as well as the Do Not Track Kids Act.
Continue Reading Congressional Privacy Bill: Commercial Privacy Rights Act of 2015
As we reported earlier today, the long-awaited White House draft of privacy and data security legislation has been released. While the United States does not today have a comprehensive privacy and data security law, the proposed Consumer Privacy Bill of Rights would impose a suite of substantive privacy and data security obligations across sectors and industries. Our sense is that it would be uphill battle for this sort of sweeping privacy legislation to gain traction in Congress over the next two years.
We have answered your key questions about this proposed legislation below, including:
Who would the bill apply to?
How is “personal data” defined under the bill?
What are the substantive obligations?
Are there any safe harbors?
How would the bill be enforced?
Does the bill preempt state laws?…