This week, the House of Lords passed the Investigatory Powers Bill, which is likely to become law within weeks. One year ago, the UN’s special rapporteur on privacy, Joseph Cannataci, described the bill as “just a bit worse than scary.” Some provisions of the bill include:
Last month, I had the opportunity to attend Northern Kentucky University’s 9th Annual Cybersecurity Symposium. One of the excellent speakers, Zachary S. Heck (IU Maurer Law grad, ’14, magna cum laude), provided a timely and enlightening presentation on “Biometrics: With Great Data Comes Greater Cybersecurity Responsibility.” Zach is an attorney in the Dayton office of Faruki, Ireland, and Cox. You can read more from Zach and his colleagues on his law firm’s blog.
Zach’s presentation was particularly timely because a few days before the conference, the Georgetown Law Center on Privacy & Technology issued a comprehensive report on law enforcement use of face recognition technology titled, The Perpetual Line-Up: Unregulated Police Face Recognition in America (Oct. 18, 2016). The report includes the following conclusions. First, in the context of law enforcement, the “benefits of face recognition are real” and this “report does not aim to stop” the use of this biometric technology. Second, there is little, if any, regulation, transparency, or accountability of law enforcement use of face recognition databases; and, this must change to ensure the rights of individuals are not violated. The report offers several recommendations, model face recognition legislation, and a model use policy that law enforcement agencies could adopt.
To be sure, the Georgetown report is not a solution in search of a problem. In September 2016, the Associated Press published an article titled, “Across US, Police Officers Abuse Confidential Databases.” Also in September 2016, the Eighth Circuit Federal Court of Appeals noted that a Minnesota legislative auditor’s report found that “at least half of Minnesota’s law enforcement officers were misusing personal information in the [state’s motor vehicle registration] database.” Tichich v. City of Bloomington, 835 F.3d 856, 866 (8th Cir. 2016).
Finally, I had the pleasure of reconnecting with a great friend and former colleague at the NKU Cybersecurity conference, Joe Dehner. Joe is a Member in the Cincinnati office of Frost Brown Todd. Joe’s has an exciting and useful podcast, called the “Data Privacy Detective.” You can listen to Episode 6 of the the Data Privacy Detective, which provides my brief thoughts on the Georgetown “Perpetual Line-Up” report, including possible First and Fourth Amendment concerns that the use of face recognition technology implicates.
Today, Michelle Price shared inspiring remarks about her experience and vision for cybersecurity at the Indiana University Maurer School of Law. Price is currently a Senior Adviser for Cyber Security at the Australian National University’s National Security College. She is on secondment from the Department of the Prime Minister and Cabinet. You can follow Michelle Price on Twitter @Mich1175. Here are some highlights from remarks earlier today.
Today, the Federal Communications Commission adopted new rules that apply to Internet Service Providers, but not “edge” providers such as Twitter or Facebook. (The Federal Trade Commission has jurisdiction over edge providers.) The 3-2 vote divided along party lines. The rules seek to protect consumer privacy and security. Here are some highlights.