SIIA, like many others in the tech industry, eagerly awaits a draft privacy bill from the Hill. We support a strong and comprehensive federal privacy law that is designed to prevent and remedy harms, gives consumers meaningful control and access to their personal data, and bars unreasonable data collection and use practices. As we have noted in many fora, how to achieve this will require many sensitive policy decisions, all of which Congress is uniquely poised to decide.

The Microsoft Ireland case goes before a Second Circuit Court of Appeals on September 9.  The case raised this fundamental question: when U.S. law enforcement wants a U.S. email provider to provide them with information about a foreign national, whose law applies?  U.S. law or the law of the data subject’s country?  Microsoft’s brief, the United States brief, and legal commentary all focus on the location of the data as the key element in reaching a decision.  But this leads to insoluble difficulties, not matter who wins the case. A better alternative would focus on the citizenship or the location of the user as the key element.  This appropriately takes into account the privacy interest of the user in that country as well as the sovereignty interests of the country itself.

The Senate Committee on the Judiciary has scheduled a hearing entitled “Going Dark: Encryption, Technology, and the Balance Between Public Safety and Privacy” for Wednesday, July 8 at 10:00 a.m., in Room 226 of the Dirksen Senate Office Building.  Among the witnesses is FBI Director James Comey who is expected to testify that national security and law enforcement officials need their own special access to encrypted material.  The world, he will say, is going dark.

In a series of white papers released this week, Leviathan Security Group assesses the security of world-spanning cloud storage services, versus storing data in localized datacenters.

District Court Upholds FTC Data Security Authority