This past week, Congress demanded answers from former Equifax CEO Richard Smith about what, exactly, went so terribly wrong in his company’s handling of its massive data breach this summer, and to ask how to keep something like this from happening again. Over the course of four hearings in both the Senate and the House, it became clear that the list of "wrongs" is lengthy. But one of the most damning revelations emerged in the aftermath of the breach in the company’s attempts to mitigate harm post-breach. To be clear, we’re not talking about mitigating consumer harm - we’re talking about Equifax protecting itself from accountability through the use of forced arbitration.
Lots and lots and lots of people are talking about the Equifax breach. Many share similar views: this can’t happen again, Equifax should face some economic consequence, consumers need to be better educated, we need legislation, we need regulation. All of which may be valid and reasonable, but few of which will actually happen. Foremost among them, we will have another breach.
An appeal playing out in the 9th Circuit Court of Appeals over mobile phone labeling exposes a phenomenon of great import to the future of technology: corporate use of the First Amendment to ax regulation. The stakes are seemingly rather small in the case of CTIA v. City of Berkeley. It involves a humble municipal ordinance requiring cell phone retailers to disclose the same information about permissible levels of radiofrequency (RF) radiation that the Federal Communications Commission already requires mobile phone manufacturers to reveal in their manuals.
One of our top issues we tackled in 2015 was reforming Section 1201 of the Digital Millennium Copyright Act (DMCA). To recap, Section 1201 makes it illegal to break digital locks in order to access copyrighted works (like the movie on a DVD or software in a device), even for legitimate purposes. Every three years, public interest groups spend time and money petitioning the Copyright Office to exempt certain uses and technologies from this law. The Library of Congress released the most recent decisions for this triennial process in October 2015. One example that affects many people that we have yet to touch on is vehicle use. You may not have thought about how copyright law regulates your car. However, cars are increasingly powered as much by software as they are by motors.
Recently, investigative journalists at the Intercept revealed that Securus, a nationwide provider of phone and video services to jails and prisons, suffered a massive security breach when someone obtained, and then leaked, records of more than 70 million phone calls by prisoners across the country, along with links to downloadable recordings of those calls. Among these calls were records of “at least 14,000 recorded conversations between inmates and attorneys.” In fact, the Intercept claims that Securus has amassed a huge database of federally protected consumer propriety network information (CPNI, or “metadata” containing the number you call, at what time and for how long) and has been storing this data for years. The Intercept also reports that Securus may be selling access to this data to law enforcement investigators.