Section 230 Hearings

Republicans continue to spotlight Section 230 and supposed bias against conservatives on social media platforms.

On 1 October , against a backdrop of coordinated, increasing Republican focus on 47 U.S.C. 230 (aka Section 230), the Senate Commerce, Science, and Transportation Committee voted unanimously to subpoena three technology CEOs:

  • Jack Dorsey, Chief Executive Officer of Twitter;
  • Sundar Pichai, Chief Executive Officer of Alphabet Inc. and its subsidiary, Google; and 
  • Mark Zuckerberg, Chief Executive Officer of Facebook.

Ahead of the markup, it appeared that Democrats on the committee would oppose the efforts, which the top Democrat claimed

Taking the extraordinary step of issuing subpoenas is an attempt to chill the efforts of these companies to remove lies, harassment, and intimidation from their platforms. I will not participate in an attempt to use the committee’s serious subpoena power for a partisan effort 40 days before an election.

However, the chair and ranking member worked out an agreement that would expand the scope of the subpoenas beyond just Section 230 and would include privacy and “media domination.” With broader language, Democrats chose to vote yes, making it a unanimous vote.

This hearing, and the markup held by the Senate Judiciary Committee held the same day are part of the larger Republican narrative to cast technology companies as biased against conservative viewpoints. This was also on display during today’s House Judiciary Committee hearing on possible antitrust behavior by large technology companies when Ranking Member Jim Jordan’s (R-OH) statement had little to say about antitrust law or anticompetitive behavior and focused solely on Section 230. Republicans seem intent on shining a light on what they call a conservative bias among technology companies where allegedly viewpoints from the right are taken down, censored, and edited at a much higher rate than those on the left. These claims are made even though studies and data from Facebook have shown that conservative content is often the most popular on online platforms.

In his opening statement, Chair Roger Wicker (R-MS) said Dorsey, Zuckerberg, and Pichai declined to attend a hearing, necessitating subpoenas. Wicker stated

This Congress, the Commerce Committee and other committees in this body have examined the growing and unprecedented power and influence that Facebook, Google, and Twitter have in the United States. We have questioned how they are protecting and securing the data of millions of Americans. We have explored how they are combatting disinformation, fraud, and other online scams. We have examined whether they are providing a safe and secure internet experience for children and teens. We have discussed how they are removing content from their sites that encourages extremism and mass violence. We have examined their use of secret algorithms that may manipulate users and drive compulsive usage of the internet among our youth. And most recently, we have reviewed how they are moderating content across their platforms and applying their terms of service and community standards to their users.

Wicker added that “[w]ith over 4.5 billion internet users today, we recognize the challenge of addressing many of the issues I mentioned and policing obscene and other indecent material online…[and] Section 230 of the Communications Decency Act, however, was enacted almost 25 years ago to address this very challenge.” Wicker asserted

  • Over time, this law has undeniably allowed the modern internet to flourish. It has helped usher in more speech and more expression, and limited the proliferation of truly reprehensible content. However, following repeated and consistent reports of political bias and the suppression of certain viewpoints, I fear that Section 230’s sweeping liability protections for Big Tech are stifling a true diversity of political discourse on the internet. According to a 2018 Pew study, seven out of 10 Americans agree.
  • On the eve of a momentous and highly-charged election, it is imperative that this committee of jurisdiction and the American people receive a full accounting from the heads of these companies about their content moderation practices. 

Wicker claimed “[t]his is not a partisan issue…[because] [b]oth candidates for President today agree.” Wicker asserted:

In May, the President of the United States rightly questioned whether Section 230 has outlived its usefulness. The Democrat[ic] nominee for President has done the same, calling for Big Tech’s liability shield to be “revoked immediately.” One Democrat[ic] member of this committee stated in July that “there is no reason for these platforms to have blanket immunity, a shield against any accountability that is not enjoyed by any other industry in the same way.” This member also acknowledged that “there is a broad consensus that Section 230 as it currently exists no longer affords sufficient protection to the public.” And just last week, another Democrat[ic] member of this committee joined a letter to Facebook demanding answers regarding the company’s inconsistent enforcement of its content moderation policies.

Ranking Member Maria Cantwell (D-WA) remarked:

I actually can’t wait to ask Mr. Zuckerberg further questions. I’m so proud that when we had a hearing before with Mr. Zuckerberg, I asked him an infamous question that’s now part of a movie: “What was their interference in the last elections?” At which point, the woman who is a whistleblower inside the organization says to the camera, “He’s lying.” So, can’t wait to have Mr. Zuckerberg here again.

Cantwell stated:

  • I think the issues that we are discussing of how we function in an information age are of extreme importance. I think the issue of privacy and also media domination by the platforms when they put their foot on the throats of local news media is also an issue. So I appreciate [Wicker’s] offer today of adding to the subpoena language both privacy and media as a discussion point we can bring up in the subpoenas.
  • What I don’t want to see is a chilling effect on individuals who are in a process of trying to crack down on hate speech or misinformation about COVID during a pandemic. Part of this discussion will end up being about the fact that some of these social platforms have tried to move forward in a positive way and take down information that is incorrect.
  • I welcome the debate about 230. I think it should be a long and thoughtful process, not sure that a long and thoughtful process will happen before the election, but I understand my colleagues’ desires here today. So, happy to move forward on these subpoenas with the additions that [Wicker] so graciously added.

At the 1 October markup of Section 230 legislation, the Senate Judiciary Committee opted to hold over the “Online Content Policy Modernization Act” (S.4632) to try to reconcile the fifteen amendments submitted for consideration. The Committee could soon meet again to formally markup and report out this legislation. Even if the Senate passes Section 230 legislation, it is not clear there will be sufficient agreement with Democrats in the House to get a final bill to the President before the end of this Congress. The primary reason is that Democrats are focused on hate speech on online platforms aimed at women, minorities, and other groups, some of which is coming from the far right. In their public remarks, Republicans have not called this feature of platforms a problem, and they seem more focused on alleged bias and actions against conservative viewpoints.

Chair Lindsey Graham (R-SC) submitted an amendment revising the bill’s reforms to Section 230 that incorporate some of the below amendments but includes new language. For example, the bill includes a definition of “good faith,” a term not currently defined in Section 230. This term would be construed as a platform taking down or restricting content only according to its publicly available terms of service, not as a pretext, and equally to all similarly situated content. Moreover, good faith would require alerting the user and giving him or her an opportunity to respond subject to certain exceptions. The amendment also makes clear that certain existing means of suing are still available to users (e.g. suing claiming a breach of contract.)

Senator Mike Lee (R-UT) offered a host of amendments:

  • EHF20913 would remove “user[s]” from the reduced liability shield that online platforms would receive under the bill. Consequently, users would still not be legally liable for the content posted by another user.
  • EHF20914 would revise the language the language regarding the type of content platforms could take down with legal protection to make clear it would not just be “unlawful” content but rather content “in violation of a duly enacted law of the United States,” possibly meaning federal laws and not state laws. Or, more likely, the intent would be to foreclose the possibility a platform would say it is acting in concert with a foreign law and still assert immunity.
  • EHF20920 would add language making clear that taking down material that violates terms of service or use according to an objectively reasonable belief would be shielded from liability.
  • OLL20928 would expand legal protection to platforms for removing or restricting spam,
  • OLL20929 would bar the Federal Communications Commission (FCC) from a rulemaking on Section 230.
  • OLL20930 adds language making clear if part of the revised Section 230 is found unconstitutional, the rest of the law would still be applicable.
  • OLL20938 revises the definition of an “information content provider,” the term of art in Section 230 that identifies a platform, to expand when platforms may be responsible for the creation or development of information and consequently liable for a lawsuit.

Senator Josh Hawley (R-MO) offered an amendment that would create a new right of action for people to sue large platforms for taking down his or her content if not done in “good faith.” The amendment limits this right only to “edge providers” who are platforms with more than 30 million users in the U.S. , 300 million users worldwide, and with revenues of more than $1.5 billion. This would likely exclude all platforms except for Twitter, Facebook, Instagram, TikTok, Snapchat, and a select group of a few others.

Senator John Kennedy (R-LA) offered an amendment that removes all Section 230 legal immunity from platforms that collect personal data and then uses an “automated function” to deliver targeted or tailored content to a user unless a user “knowingly and intentionally elect[s]” to receive such content.

Also this week, Senators Joe Manchin (D-WV) and John Cornyn (R-TX) introduced a bill that would change Section 230 to ostensibly “to stop the illicit sale of opioids and other drugs online” per their press release through a new requirement that online platforms report content indicating such activity is occurring. However, this bill would sweep much wider than controlled substances. The customary explanatory preamble of legislation in Congress gives the game away: “[t]o require reporting of suspicious transmissions in order to assist in criminal investigations and counterintelligence activities relating to international terrorism, and for other purposes.”

Under the “See Something, Say Something Online Act of 2020” (S.4758), online platforms would need to report “known suspicious transmissions” of “major crimes,” a term defined to include “crimes of violence,” “domestic or international terrorism,” and “serious drug offense[s].” Online platforms would need to report all such transmissions it should reasonably know about in the form of a “suspicious transmission activity report” (STAR) to the Department of Justice (DOJ) within 30 days unless it has evidence of an active sale or solicitation of drugs or terrorism. However, these STARs would be exempt from Freedom of Information Act (FOIA) requests. Platforms must establish a mechanism by which people can report suspicious activity as well. Failing to report such activity will result in the removal of the Section 230 liability shield and could be sued in a civil or criminal action because a failure to report would make the platform itself the publisher of the content, opening it to legal jeopardy.

Consequently, platforms would need create a system to vet material posted online for anything objectionable that could then be reported. It is safe to assume we would see overreporting, which begs the question of how the or state and local law enforcement agencies would choose to manage those possible crimes. Also, does the DOJ or other law enforcement agencies even have the capacity to manage what could be a considerable number of reports, triaging those serious enough to require immediate action. Also, would such a statute create a greater incentive to move to encrypted platforms and also for the development of such platforms.

It is interesting the Manchin/Cornyn bill seems to steer clear of child pornography and other exploitative sexual material. In contrast, the “Eliminating Abusive and Rampant Neglect of Interactive Technologies Act of 2020” (EARN IT Act of 2020) (S.3398) would change Section 230 by narrowing the liability shield and potentially making online platforms liable to criminal and civil actions for having child sexual materials on their platforms. Perhaps Manchin and Cornyn are interested in trying to add the bill to the EARN IT Act during Senate consideration or the “Online Content Policy Modernization Act” during the Senate Judiciary Committee markup. Or it may be that Manchin and Cornyn are trying to have an approach to fighting the opioid epidemic they can show to voters in their states. In any event, it is unclear what their intentions are at this point. However, it bears note that the provision requiring the reporting of domestic terrorism may appeal to many Democratic stakeholders, for they have repeatedly expressed concerns about the online activity of white supremacists and the effect of this content offline.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Image by Gerd Altmann from Pixabay

Senate Judiciary Hearing On Google

A committee looks at the possible antitrust practices of Google in the adtech market.

The Senate Judiciary Committee’s Antitrust, Competition Policy & Consumer Rights Subcommittee will hold a hearing on 15 September titled “Stacking the Tech: Has Google Harmed Competition in Online Advertising?.” In their press release announcing the hearing, Chair Mike Lee (R-UT) and Ranking Member Amy Klobuchar (D-MN) asserted:

Google is the dominant player in online advertising, a business that accounts for around 85% of its revenues and which allows it to monetize the data it collects through the products it offers for free. Recent consumer complaints and investigations by law enforcement have raised questions about whether Google has acquired or maintained its market power in online advertising in violation of the antitrust laws. News reports indicate this may also be the centerpiece of a forthcoming antitrust lawsuit from the U.S. Department of Justice. This hearing will examine these allegations and provide a forum to assess the most important antitrust investigation of the 21st century.

Chair Mike Lee (R-UT) said the focus of the hearing is Google’s online advertising business and whether it is monopolist or has engaged in any conduct that harms competition and consumers. He said he would discuss antitrust policy more broadly before discussing Google. Lee remarked he has served on the subcommittee for nine years, six of which as chair, and during this period antitrust policy has evolved and a gulf has widened between the two sides of the issue. He claimed there are those who would like to see no antitrust laws at all, while others are overly deferential to speculative efficiencies, quick to dismiss actual evidence of competitive harm when it might conflict with unproven economic theories. Lee argued this end of the spectrum fetishizes freedom even when harm might endanger freedom. He claimed they forget that markets, like governments, do not keep themselves free, and that liberty s only secure when power is diffused.

Lee said at the other extreme is a line of arguments that has been pushing for years an agenda to transform antitrust laws from a tool based in economic science to protect and promote competitive markets into a panacea for all their perceived social ills. He said built on the myopic economic presence that big is bad, which is, to them, the beginning and end of the question, some at this end of the spectrum would use antitrust policy to address labor, racial, and income disparities. Lee conceded these may be laudable goals, but these are not problems antitrust law is meant to solve nor are they goals antitrust law is capable of solving, at least not without creating a host of other problems. He argued that attempts to repurpose antitrust law into a social justice program would have scores of unintended consequences that would cripple the United States’ (U.S.) economy for generations. He noted there is hypocrisy in thinking big is bad only applies to corporations and not to government bureaucracy, the type needed to dismantle large companies and regulate them.

Lee said he is on the side of the American people, the law, and vigorous enforcement of antitrust laws that have made the U.S. the most prosperous nation on earth. He asserted that already enacted laws are, for the most part, sufficient to meet the challenges of the day. Lee reiterated the maxim that liberty is only secure when power is diffused, a principle central to the U.S.’ Constitutional Republic. Lee claimed the concept of federalism, perhaps the greatest contribution of the founding generation, is what makes the U.S. unique among all other nations. He stated this principle applies to economic power as it does to political power. Lee contended that antitrust laws may be properly described as federalism for the economy.

Lee said that hearing is focused on what may prove the seminal antitrust case of the 21st Century that may define the terms of competition and innovation in the U.S.’ dynamic economy for years and decades to come. He said unlike some of his House colleagues, he has no interest in staging a political spectacle to attack, condescend, and talk over witnesses. Lee remarked naïve though it may be in 2020, he said his hope is that by looking at this specific question, the subcommittee can have a serious and frank conversation about the state of competition in digital markets. He declared that online advertising is an incredibly complex business, one that touches every single person on the internet.

Lee explained the technologies that connect publishers and advertisers have evolved rapidly over the last decade, and he expansion of online advertising has facilitated an explosion of online content by allowing even the smallest website owner to monetize the content they produce. He said small and local businesses have also benefitted from being able to quickly and easily promote their businesses without any of the same capital investments that would have been required just a few decades ago. Lee admitted that at the same time, this growth and expansion has been largely consolidated onto a single platform, Google’s online ad business. He said that as business has grown, so, too, have complaints that Google, which operates both the ad selling and ad buying platforms and then sells its own inventory through those platforms has given rise to conflicts of interest and claims it has rigged online ad auction technology to favor its own interests and protect its own market share. Lee said whether this is true or not matters because so many businesses depend upon digital advertising to market their products or to monetize the content they produce. Web users in turn benefit from free online content and being connected to relevant businesses in a way that helps to make optimal business decisions. Lee said, simply put, markets function better when businesses thrive, and consumers are informed. He asserted ideally online advertising helps accomplish this, but, if, on the other hand, online advertising has been monopolized and constrained by opaque pricing and exclusionary conditions, everyone loses to that degree. Lee added that Google and other big tech companies have been accused of other bad acts unrelated to antitrust or competition, and he said he has repeatedly expressed his concern about anti-conservative bias by these firms. He pledged to continue to pursue these concerns but added that while his concerns about anti-conservative bias may have implications for antitrust like market power, today’s hearing is not fundamentally about those concerns.

Ranking Member Amy Klobuchar (D-MN) explained

  • We are not having this hearing because Google is successful. Google is successful. I just used it on my way here. Or because Google is big. That’s not why,from my perspective, we’re having this hearing. We are having it because even successful companies, even popular companies, and even innovative companies are subject to the laws of this country including our antitrust laws. 
  • We are all successful when we make sure that our economy is strong and our economy is working better. But the law can’t be blinded by Google’s success or its past innovations if the company in its zeal to achieve greater success crosses a line into anticompetitive behavior. It’s our job to regulate it. It’s that simple. So we’re going to touch on issues, I hope, today of competition, technological innovation, the use of personal data. These are some of the defining issues, as the chair has said, defining issues of our time and I personally think, as we go into the months to come, this won’t just be about Google. This isn’t even just about the tech industry as much as I believe we need to change our laws and look at monopsonies and look at changing the burdens and making it so that our laws are as sophisticated as the companies that now occupy our economy.

Klobuchar asserted:

  • I think we need to do all that and I think it should be a huge priority going into the year. But right now as the chairman mentioned, we are focused on this issue today. Our society has never been more dependent on this technology than we are now in the midst of this global pandemic. As I noted, not just Google, the pandemic has forced a bunch of small businesses to close their doors and the five largest tech companies continue to thrive to the point where they briefly accounted for nearly 25% value of the entire S&P 500 stock index just a few weeks ago.
  • Again, I don’t quarrel with their success, but we have to start looking at do our laws really match that situation. And even if the original intent when these companies started as start-ups was to be innovative, which they’ve been, at what point do you cross the line so you squelch innovation and competition from other companies? We start with this, the ownership and use of data.
  • The powerful companies that provide us with these technologies are also collecting personal information. We know that. They know who our friends are, they know the books we read, where we live, whether we’ve graduated from college, income levels, race, how many steps we took yesterday. The chairman and I share an interest in this. How long we’ve stayed where we are. Machine learning analyzes troves of personal data, allowing our firms to discern even more sensitive information about us, our medical conditions, political, religious views and even preferences that we don’t even know we have. And why would companies do all of this? Well, put simply, to target us with digital advertisements. There’s really no other reason. It is a capitalist society. That’s what they do.

Klobuchar stated

  • Now, Google makes more money doing that than any company in the world, hands down, by leveraging its unmatched access to consumer data gained through its existing dominance in online and mobile search, mobile operating systems, Android, email, Gmail, online and mobile video, YouTube, browsers, Chrome, mobile mapping apps, Google maps and ad technology.
  • So, this ad technology ecosystem, known as the ad tech stack, consists of advertisers on one side and publishers on the other. So let’s look at these two sides. On the advertising side Google controls access to the huge number of advertisers that place ads on Google search which is nearly 90% of the search market and has unparalleled access to data as I described. On the publisher side, Google has privileged access to ad data to inform its bidding strategies. And then it also effectively controls the process, the ad auction process, that gets an advertiser’s ad to be put on a publisher’s site. Google dominates all the markets for services on both sides of the ad/tech stack, the publisher side and the advertising side, and I hope that will be a lot of our focus today. Research has suggested that Google may be taking between 30 and 70 percent of every advertising dollar spent by advertisers using its services depriving publishers of that revenue. Who are the publishers? They’re content producers. They’re things like the Minneapolis Star Tribune, they depend on revenue, so many of our content producers, our news producers do to get by.  
  • And to me, given that my dad was a journalist, to me this is one of the key elements here because if you have unfairness in how that ad echo system is going, then you’re depriving these news organizations at a time when the first amendment is already under assault of the revenue that they need to keep going. So whether it’s happening, and we don’t know all of the details at the Department of Justice right now, this could be the beginning of a reckoning for our antitrust laws to start looking at how we’re going to grapple with the new kinds of markets that we see across the country. It would help answer the question whether our federal antitrust laws are able to restrain the business conduct of even the largest, most successful companies in the world. When you think of the breakup of AT&T, that was our last big thing that happened in the antitrust area. Really big thing. What did that lead to? Lower prices, more competition. It really worked. But we’re not able to do this right now.
  • And my hope is that we’re getting the start and the Justice Department, that things are going on at the FTC. But to really do that, they’re going to do resources to take on the legions of lawyers at the companies and that’s my first goal. What can we do for enforcement? My second, what do we have to do to make the laws work better, to look at some of the deals that have already been made? The third is what are the remedies? Do they make a difference in changing the behavior and allowing competition? I literally don’t have personal grudges against these companies like sometimes the president has expressed about various companies. I don’t. I just want our capitalist system to work. I want it to work. And to have it work you simply can’t have one company dominating areas of an industry. Our Founding Fathers started this country in part because they were rebelling against monopoly power.

Google Global Partnerships and Corporate Development President Donald Harrison stated

  • Online advertising prices in the U.S. have fallen more than 40% since 2010. According to the Progressive Policy Institute, “for every $3 that an advertiser spends on digital advertising, they would have to spend $5 on print advertising to get the same impact.” As a result, the share of U.S. GDP going to advertising in media has declined roughly 25% in recent years. The benefits of these lower prices ow directly to American businesses and consumers.
  • We help businesses grow from advertising on (1) our own sites, and (2) other publishers’ sites.
    • Advertising on Google sites and apps
    • A wide range of businesses, including many small firms, advertise on our sites and apps like Google Search and YouTube. That’s where we earn the majority of our advertising revenue.
    • We show no ads — and make no money — on the vast majority of searches. We show ads only on a small fraction of searches, typically those with commercial intent, such as searches for “sneakers” or “toaster.” We face intense competition for these types of searches. An estimated 55 percent of Americans start product searches on Amazon, not Google. And many online shoppers use Walmart, eBay, and other sites. For travel searches, many go to Expedia, Kayak, Orbitz, and TripAdvisor. Facebook, Bing, Twitter, Snap, Pinterest, and many more compete with us for a range of commercial advertisements.
    • Advertising on non-Google sites and apps
    • In addition to ads on our own properties, Google also helps businesses advertise on a wide range of other websites and mobile applications, known as “publishers.” We offer technology that (1) helps advertisers buy ad space — known as the “buy side,” and (2) helps publishers sell their ad space — known as the “sell side.” This technology is often referred to as “ad tech.”
    • The ad tech portion of our business accounts for a small fraction of our advertising revenue. And we share the majority of that revenue with publishers. Publishers get paid for every impression — each time an ad is viewed — even if the ad is never clicked. Of the revenue we retain, a large portion goes to defray the costs of running this complex and evolving business.
  • A crowded and competitive ad tech ecosystem
    • The ad tech space is crowded and competitive. Thousands of companies, large and small, work together and in competition with each other, each with different specialties and technologies. We compete with Adobe, Amazon, AT&T, Comcast, Facebook, News Corporation, Oracle, and Verizon, as well as leaders like Index Exchange, Magnite, MediaMath, OpenX, The Trade Desk, and many more.
  • Google shares billions of dollars with publishers, more than the industry average.
    • Even as online ad prices and ad tech fees have fallen, benefiting businesses and consumers, Google has helped publishers make more money from ads. In 2018, we paid more than $14 billion to the publishing partners in our ad network — up from $10 billion in 2015.
    • In 2019, when both advertisers and publishers used our tools, publishers kept over 69 percent of the ad revenue — more than the industry average. And when publishers use our tools to sell directly to advertisers, they keep even more of the revenue.

Chalice Custom Algorithms Chief Executive Officer Adam Heimlich contended

  • In 2016, Google combined search and display data, breaking a promise made to American regulators. Google also broke the industry’s privacy standard by linking consumers’ names, from Gmail, to the ID numbers assigned to browsers for exchange transactions.
  • Continuously, from 2016, Google came up with new ways to pollute the exchange ecosystem they’d previously seemed to embrace. Pollution came in the form of restrictions and exclusions that made the open web less efficient for buyers and sellers.
  • Google took YouTube, Google’s most valuable display property, off the exchanges, while making it available through an exclusive “pipe” from Google’s exchange bidder. Google excluded data providers from its websites and measurement partners from its platforms. Google’s selling platform denied publishers’ demand for a unified, exchange- vs-exchange action. To keep publishers from getting rid of Google’s software, Google funnels exclusive display demand from its search platform through it. Google weaponized new privacy laws to restrict advertisers’ and publishers’ access to their own ad data in Google tools.
  • Google tightened ties among its products until the shady broker was no longer one among a set of competitors: Google became the only display company not hobbled by the exclusions and restrictions it’d placed on everyone else. The power to interoperate among buy-side, sell-side and measurement software went from being a feature of the exchange ecosystem to a capability exclusive to Google.
  • Now, progress on innovation is squeezed to the margins of the industry, and new adtech is rare. The majority of advertisers have stagnated or regressed.
  • There’s more at stake than most people realize. The more efficient the ad market, the more likely it is that superior new products will find customers and thrive. When the ad exchanges function properly, the size advantage from flooding the airwaves is offset by quieter voices speaking directly to whoever’s most open to any given improvement. It tilts the incentives of every business toward innovation.
  • Google is dominating display by breaking interoperability and subtracting the efficiencies of a symmetrical market. Pre-2016, under intense competitive pressure, ad exchanges were becoming more transparent and privacy-respectful as the ecosystem grew. Google could have coped with these developments without using its market power destructively: There was nothing to stop Google from exiting the arena or competing within its open standards. Whether or not Google competes with other big tech firms is irrelevant to the harms they’ve caused publishers, measurement companies, platforms and small businesses like mine in the ~$50B open web display market.
  • It was efficient when publishers, platforms, measurement tools and service providers all interoperated. Innovators of a great new product or service could access a global marketplace of thousands of buyers and sellers quickly at low cost. Small businesses with great ideas had a shorter ramp to success.
  • Now, funding for new adtech startups has been drying up and the pace of innovation slowed down. The number-one concern I hear from potential investors is Google’s domination of the market my company operates in. For years, they’ve been breaking existing efficiencies and preventing the development of new ones.
  • Many expect Google to successfully mislead regulators about its conduct in the open web, and its harmful effects. I’m grateful for the opportunity to help scrutinize Google’s claims. For the sake of competition, the innovation competition drives and the benefits innovation brings, Google should be forced to either exit the ad exchange market or compete within its open standards.

Omidyar Network Beneficial Technology Senior Advisor David Dinielli stated

  • [U]nder current law, there is a strong case to be made that Google has illegally monopolized, or illegally maintained a monopoly in, the market for digital advertising on what is termed the “open web,” i.e., advertising that appears on websites as users traverse the internet.
  • Through a variety of conduct described herein, Google now occupies every layer the “ad tech stack”—a term that describes the various functions that serve to match website publishers with the advertisers who seek to deliver targeted ads to consumers who are viewing those websites. In antitrust parlance, website publishers provide the “supply” of ad space, and advertisers create the “demand” for that space. The market for this sort of advertising is unique and appears on its face dysfunctional from an antitrust standpoint: Google—through its various ad tech tools – represents both the suppliers and the purchasers and also conducts the real-time auctions that match buyers and sellers and determine the price. Moreover, Google appears to have engaged in a multitude of anti-competitive acts, such as making the ad space on YouTube (which it owns) available exclusively through its own ad tech tools, that were designed to cement its lock on this market and exclude competitors. As my co-author and I said in a recent paper about the digital advertising market, “all roads lead through Google.”
  • Google has asserted that the digital advertising market is vibrant and competitive, and that publishers and advertisers have many options in buying and selling advertising space. Of course, it is not surprising that there are other some other actors in this market, given the significant profits to be made. But a recent report from the United Kingdom’s Competition and Markets Authority (“CMA”) explained, based on an extensive factual investigation, that Google holds a dominant position—as high as 90%—in every layer of the ad tech stack. Moreover, a monopolization case in the U.S. does not require proof that the alleged monopolist hold 100% of a particular market—which would make it literally a monopolist—but rather that it has “monopoly power” and that it has engaged in anticompetitive conduct to obtain or maintain that power rather than competing on the merits. Google’s conduct as described herein surely fits that standard.
  • Digital advertising is complex and the tools and processes that allow for near- instantaneous placement of ads every time we open a web page can seem opaque. But the consequences of unchecked power in this market are significant. If advertisers are paying higher prices than would obtain in a well-functioning market, economic theory teaches that those higher advertising prices will be passed down to consumers in the form of increased prices for goods and services. If website publishers, such as local news outlets, are being paid less than they should for their supply of advertising space, they will invest less in content creation and news gathering. Google is the winner and the rest of us are the losers. This committee therefore is right in investigating if current antitrust law is up to the task of ensuring competition in digital advertising and exploring possible legislative fixes if it is not.

Netchoice Vice President and General Counsel Carl Szabo stated

  • Among the many Google products and services that consumers love are Google Search, YouTube, Gmail, and Google Drive—all amazingly useful, and all free. To many critics of “Big Tech,” however, when consumers enthusiastically choose these free-of-charge products, it amounts to proof that something must be wrong. Every successful new service or product that proves a winner with consumers is deemed by these critics to be just another antitrust violation.
  • But Google’s greatest successes are being won in markets with the greatest competition. In the digital ads market, for example, Google faces fierce competitive pressure. You would never know that listening to the critics.
  • For starters, Google is no monopoly. It’s wildly popular with consumers, yes. And true, it’s also very popular with investors. But the company faces competition from all corners, including from other tech platforms such as Facebook and Amazon (which are simultaneously and thus illogically also dubbed monopolies).
  • Far from being evidence of any unlawful conduct, Google’s success under these conditions offers abundant proof that it is meeting and exceeding the fundamental test that has been the bedrock of antitrust law for the last 40 decades: are consumers benefitting? There can be little doubt on this point, for Google’s users vote daily with their choices. In order to dismiss this as irrelevant, the critics are now arguing that antitrust enforcement should simply abandon the consumer welfare standard, enabling them to attack “bigness” per se. This would undermine the very purpose of antitrust law since its inception more than a century ago.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Photo by Morning Brew on Unsplash

Further Reading, Other Developments, and Coming Events (17 August)

Here are Coming Events, Other Developments, and Further Reading.

Coming Events

  • On 18 August, the National Institute of Standards and Technology (NIST) will host the “Bias in AI Workshop, a virtual event to develop a shared understanding of bias in AI, what it is, and how to measure it.”
  • The United States’ Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) announced that its third annual National Cybersecurity Summit “will be held virtually as a series of webinars every Wednesday for four weeks beginning September 16 and ending October 7:”
    • September 16: Key Cyber Insights
    • September 23: Leading the Digital Transformation
    • September 30: Diversity in Cybersecurity
    • October 7: Defending our Democracy
    • One can register for the event here.
  • The Senate Judiciary Committee’s Antitrust, Competition Policy & Consumer Rights Subcommittee will hold a hearing on 15 September titled “Stacking the Tech: Has Google Harmed Competition in Online Advertising?.” In their press release, Chair Mike Lee (R-UT) and Ranking Member Amy Klobuchar (D-MN) asserted:
    • Google is the dominant player in online advertising, a business that accounts for around 85% of its revenues and which allows it to monetize the data it collects through the products it offers for free. Recent consumer complaints and investigations by law enforcement have raised questions about whether Google has acquired or maintained its market power in online advertising in violation of the antitrust laws. News reports indicate this may also be the centerpiece of a forthcoming antitrust lawsuit from the U.S. Department of Justice. This hearing will examine these allegations and provide a forum to assess the most important antitrust investigation of the 21st century.
  • On 22 September, the Federal Trade Commission (FTC) will hold a public workshop “to examine the potential benefits and challenges to consumers and competition raised by data portability.” By 21 August, the FTC “is seeking comment on a range of issues including:
    • How are companies currently implementing data portability? What are the different contexts in which data portability has been implemented?
    • What have been the benefits and costs of data portability? What are the benefits and costs of achieving data portability through regulation?
    • To what extent has data portability increased or decreased competition?
    • Are there research studies, surveys, or other information on the impact of data portability on consumer autonomy and trust?
    • Does data portability work better in some contexts than others (e.g., banking, health, social media)? Does it work better for particular types of information over others (e.g., information the consumer provides to the business vs. all information the business has about the consumer, information about the consumer alone vs. information that implicates others such as photos of multiple people, comment threads)?
    • Who should be responsible for the security of personal data in transit between businesses? Should there be data security standards for transmitting personal data between businesses? Who should develop these standards?
    • How do companies verify the identity of the requesting consumer before transmitting their information to another company?
    • How can interoperability among services best be achieved? What are the costs of interoperability? Who should be responsible for achieving interoperability?
    • What lessons and best practices can be learned from the implementation of the data portability requirements in the GDPR and CCPA? Has the implementation of these requirements affected competition and, if so, in what ways?”
  • The Federal Communications Commission (FCC) will hold an open meeting on 30 September, but an agenda is not available at this time.

Other Developments

  • On 14 August, the California Office of Administrative Law (OAL) approved the Attorney General’s proposed final regulations to implement the California Consumer Privacy Act (CCPA) (A.B.375) and they took effect that day. The Office of the Attorney General (OAG) had requested expedited review so the regulations may become effective on 1 July as required by the CCPA. With respect to the substance, the final regulations are very similar to the third round of regulations circulated for comment in March, in part, in response to legislation passed and signed into law last fall that modified the CCPA.
    • The OAL released an Addendum to the Final Statement of Reasons and explained
      • In addition to withdrawing certain provisions for additional consideration, the OAG has made the following non-substantive changes for accuracy, consistency, and clarity. Changes to the original text of a regulation are non-substantive if they clarify without materially altering the requirements, rights, responsibilities, conditions, or prescriptions contained in the original text.
    • For further reading on the third round of proposed CCPA regulations, see this issue of the Technology Policy Update, for the second round, see here, and for the first round, see here. Additionally, to read more on the legislation signed into law last fall, modifying the CCPA, see this issue.
    • Additionally, Californians for Consumer Privacy have succeeded in placing the “California Privacy Rights Act” (CPRA) on the November 2020 ballot. This follow on statute to the CCPA could again force the legislature into making a deal that would revamp privacy laws in California as happened when the CCPA was added to the ballot in 2018. It is also possible this statute remains on the ballot and is added to California’s laws. In either case, much of the CCPA and its regulations may be moot or in effect for only the few years it takes for a new privacy regulatory structure to be established as laid out in the CPRA. See here for more detail.
  • In a proposed rule issued for comment, the Federal Communications Commission (FCC) explained it is taking “further steps to protect the nation’s communications networks from potential security threats as the [FCC] integrates provisions of the recently enacted Secure and Trusted Communications Networks Act of 2019 (Secure Networks Act) (P.L. 116-124) into its existing supply chain rulemaking proceeding….[and] seeks comment on proposals to implement further Congressional direction in the Secure Networks Act.” Comments are due by 31 August.
    • The FCC explained
      • The concurrently adopted Declaratory Ruling finds that the 2019 Supply Chain Order, 85 FR 230, January 3, 2020, satisfies the Secure Networks Act’s requirement that the Commission prohibit the use of funds for covered equipment and services. The Commission now seeks comment on sections 2, 3, 5, and 7 of the Secure Networks Act, including on how these provisions interact with our ongoing efforts to secure the communications supply chain. As required by section 2, the Commission proposes several processes by which to publish a list of covered communications equipment and services. Consistent with sections 3, 5, and 7 of the Secure Networks Act, the Commission proposes to (1) ban the use of federal subsidies for any equipment or services on the new list of covered communications equipment and services; (2) require that all providers of advanced communications service report whether they use any covered communications equipment and services; and (3) establish regulations to prevent waste, fraud, and abuse in the proposed reimbursement program to remove, replace, and dispose of insecure equipment.
    • The agency added
      • The Commission also initially designated Huawei Technologies Company (Huawei) and ZTE Corporation (ZTE) as covered companies for purposes of this rule, and it established a process for designating additional covered companies in the future. Additionally, last month, the Commission’s Public Safety and Homeland Security Bureau issued final designations of Huawei and ZTE as covered companies, thereby prohibiting the use of USF funds on equipment or services produced or provided by these two suppliers.
      • The Commission takes further steps to protect the nation’s communications networks from potential security threats as it integrates provisions of the recently enacted Secure Networks Act into the Commission’s existing supply chain rulemaking proceeding. The Commission seeks comment on proposals to implement further Congressional direction in the Secure Networks Act.
  • The White House’s Office of Science & Technology Policy (OSTP) released a request for information (RFI) “[o]n behalf of the National Science and Technology Council’s (NSTC) Subcommittee on Resilience Science and Technology (SRST), OSTP requests input from all interested parties on the development of a National Research and Development Plan for Positioning, Navigation, and Timing (PNT) Resilience.” OSTP stated “[t]he plan will focus on the research and development (R&D) and pilot testing needed to develop additional PNT systems and services that are resilient to interference and manipulation and that are not dependent upon global navigation satellite systems (GNSS)…[and] will also include approaches to integrate and use multiple PNT services for enhancing resilience. The input received on these topics will assist the Subcommittee in developing recommendations for prioritization of R&D activities.”
    • Executive Order 13905, Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services, was issued on February 12, 2020, and President Donald Trump explained the policy basis for the initiative:
      • It is the policy of the United States to ensure that disruption or manipulation of PNT services does not undermine the reliable and efficient functioning of its critical infrastructure. The Federal Government must increase the Nation’s awareness of the extent to which critical infrastructure depends on, or is enhanced by, PNT services, and it must ensure critical infrastructure can withstand disruption or manipulation of PNT services. To this end, the Federal Government shall engage the public and private sectors to identify and promote the responsible use of PNT services.
    • In terms of future steps under the EO, the President directed the following:
      • The Departments of Defense, Transportation, and Homeland Security must use the PNT profiles in updates to the Federal Radionavigation Plan.
      • The Department of Homeland Security must “develop a plan to test the vulnerabilities of critical infrastructure systems, networks, and assets in the event of disruption and manipulation of PNT services. The results of the tests carried out under that plan shall be used to inform updates to the PNT profiles…”
      • The heads of Sector-Specific Agencies (SSAs) and the heads of other executive departments and agencies (agencies) coordinating with the Department of Homeland Security, must “develop contractual language for inclusion of the relevant information from the PNT profiles in the requirements for Federal contracts for products, systems, and services that integrate or utilize PNT services, with the goal of encouraging the private sector to use additional PNT services and develop new robust and secure PNT services. The heads of SSAs and the heads of other agencies, as appropriate, shall update the requirements as necessary.”
      • the Federal Acquisition Regulatory Council, in consultation with the heads of SSAs and the heads of other agencies, as appropriate, shall incorporate the [contractual language] into Federal contracts for products, systems, and services that integrate or use PNT services.
      • The Office of Science and Technology Policy (OSTP) must “coordinate the development of a national plan, which shall be informed by existing initiatives, for the R&D and pilot testing of additional, robust, and secure PNT services that are not dependent on global navigation satellite systems (GNSS).”
  • An ideologically diverse bipartisan group of Senators wrote the official at the United States Department of Justice in charge of the antitrust division and the chair of the Federal Trade Commission (FTC) “regarding allegations of potentially anticompetitive practices and conduct by online platforms toward content creators and emerging competitors….[that] stemmed from a recent Wall Street Journal report that Alphabet Inc., the parent company of Google and YouTube, has designed Google Search to specifically give preference to YouTube and other Google-owned video service providers.”
    • The Members asserted
      • There is no public insight into how Google designs its algorithms, which seem to deliver up preferential search results for YouTube and other Google video products ahead of other competitive services. While a company favoring its own products, in and of itself, may not always constitute illegal anticompetitive conduct, the Journal further reports that a significant motivation behind this action was to “give YouTube more leverage in business deals with content providers seeking traffic for their videos….” This exact conduct was the topic of a Senate Antitrust Subcommittee hearing led by Senators Lee and Klobuchar in March this year.
    • Senators Thom Tillis (R-NC), Mike Lee (R-UT), Amy Klobuchar (D-MN), Richard Blumenthal (D-CT), Marsha Blackburn (R-TN), Josh Hawley (R-MO), Elizabeth Warren (D-MA), Mazie Hirono (D-HI), Cory Booker (D-NJ) and Ted Cruz (R-TX) signed the letter.
  • The National Security Agency (NSA) and the Federal Bureau of Investigation (FBI) released a “Cybersecurity Advisory [and a fact sheet and FAQ] about previously undisclosed Russian malware” “called Drovorub, designed for Linux systems as part of its cyber espionage operations.” The NSA and FBI asserted “[t]he Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS) military unit 26165” developed and deployed the malware. The NSA and FBI stated the GRU and GTsSS are “sometimes publicly associated with APT28, Fancy Bear, Strontium, and a variety of other identities as tracked by the private sector.”
    • The agencies contended
      • Drovorub represents a threat to National Security Systems, Department of Defense, and Defense Industrial Base customers that use Linux systems. Network defenders and system administrators can find detection strategies, mitigation techniques, and configuration recommendations in the advisory to reduce the risk of compromise.
  • The United States Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) published Cybersecurity Best Practices for Operating Commercial Unmanned Aircraft Systems (UAS) “a companion piece to CISA’s Foreign Manufactured UASs Industry Alert,…[to] assist in standing up a new UAS program or securing an existing UAS program, and is intended for information technology managers and personnel involved in UAS operations.” CISA cautioned that “[s]imilar to other cybersecurity guidelines and best practices, the identified best practices can aid critical infrastructure operators to lower the cybersecurity risks associated with the use of UAS, but do not eliminate all risk.”
  • The United States Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) released the “Identity, Credential, and Access Management (ICAM) Value Proposition Suite of documents in collaboration with SAFECOM and the National Council of Statewide Interoperability Coordinators (NCSWIC), Office of the Director of National Intelligence (ODNI), and Georgia Tech Research Institute (GTRI)…[that] introduce[] ICAM concepts, explores federated ICAM use-cases, and highlights the potential benefits for the public safety community:”
    • ICAM Value Proposition Overview
      • This document provides a high-level summary of federated ICAM benefits and introduces domain-specific scenarios covered by other documents in the suite.
    • ICAM Value Proposition Scenario: Drug Response
      • This document outlines federated ICAM use cases and information sharing benefits for large-scale drug overdose epidemic (e.g., opioid, methamphetamine, and cocaine) prevention and response.

Further Reading

  • Trump’s Labor Chief Accused of Intervening in Oracle Pay Bias Case” By Noam Scheiber, David McCabe and Maggie Haberman – The New York Times. In the sort of conduct that is apparently the norm across the Trump Administration, there are allegations that the Secretary of Labor intervened in departmental litigation to help a large technology firm aligned with President Donald Trump. Starting in the Obama Administration and continuing into the Trump Administration, software and database giant Oracle was investigated, accused, and sued for paying non-white, non-male employees significantly less in violation of federal and state law. Estimates of Oracle’s liability ranged between $300-800 million, and litigators in the Department of Labor were seeking $400 million and had taken the case to trial. Secretary Eugene Scalia purportedly stepped in and lowered the dollar amount to $40 million and the head litigator is being offered a transfer from Los Angeles to Chicago in a division in which she has no experience. Oracle’s CEO Safra Catz and Chair Larry Ellison have both supported the President more enthusiastically and before other tech company heads engaged.
  • Pentagon wins brief waiver from government’s Huawei ban” By Joe Gould – Defense News. A Washington D.C. trade publication is reporting the Trump Administration is using flexibility granted by Congress to delay the ban on contractors using Huawei, ZTE, and other People’s Republic of China (PRC) technology for the Department of Defense. Director of National Intelligence John Ratcliffe granted the waiver at the request of Under Secretary of Defense for Acquisition and Sustainment Ellen Lord, claiming:
    • You stated that DOD’s statutory requirement to provide for the military forces needed to deter war and protect the security of out country is critically important to national security. Therefore, the procurement of goods and services in support of DOD’s statutory mission is also in the national security interests of the United States.
    • Section 889 of the “John S. McCain National Defense Authorization Act (NDAA) for FY 2019” (P.L. 115-232) requires agencies to remove this equipment and systems and also not to contract with private sector entities that use such equipment and services. It is the second part of the ban the DOD and its contractors are getting a reprieve from for an interim rule putting in place such a ban was issued last month.
  • DOD’s IT supply chain has dozens of suppliers from China, report finds” By Jackson Barnett – fedscoop. A data analytics firm, Govini, analyzed a sample of prime contracts at the Department of Defense (DOD) and found a surge in the presence of firms from the People’s Republic of China (PRC) in the supply chains in the software and information technology (IT) sectors. This study has obvious relevance to the previous article on banning PRC equipment and services in DOD supply chains.
  • Facebook algorithm found to ‘actively promote’ Holocaust denial” by Mark Townsend – The Guardian. A British counter-hate organization, the Institute for Strategic Dialogue (ISD), found that Facebook’s algorithms lead people searching for the Holocaust to denial sites and posts. The organization found the same problem on Reddit, Twitter, and YouTube, too. ISD claimed:
    • Our findings show that the actions taken by platforms can effectively reduce the volume and visibility of this type of antisemitic content. These companies therefore need to ask themselves what type of platform they would like to be: one that earns money by allowing Holocaust denial to flourish, or one that takes a principled stand against it.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Image by Foundry Co from Pixabay

Further Reading, Other Developments, and Coming Events (15 August)

Here are Further Reading, Other Developments, and Coming Events.

Coming Events

  • On 18 August, the National Institute of Standards and Technology (NIST) will host the “Bias in AI Workshop, a virtual event to develop a shared understanding of bias in AI, what it is, and how to measure it.”
  • The United States’ Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) announced that its third annual National Cybersecurity Summit “will be held virtually as a series of webinars every Wednesday for four weeks beginning September 16 and ending October 7:”
    • September 16: Key Cyber Insights
    • September 23: Leading the Digital Transformation
    • September 30: Diversity in Cybersecurity
    • October 7: Defending our Democracy
    • One can register for the event here.
  • The Senate Judiciary Committee’s Antitrust, Competition Policy & Consumer Rights Subcommittee will hold a hearing on 15 September titled “Stacking the Tech: Has Google Harmed Competition in Online Advertising?.” In their press release, Chair Mike Lee (R-UT) and Ranking Member Amy Klobuchar (D-MN) asserted:
    • Google is the dominant player in online advertising, a business that accounts for around 85% of its revenues and which allows it to monetize the data it collects through the products it offers for free. Recent consumer complaints and investigations by law enforcement have raised questions about whether Google has acquired or maintained its market power in online advertising in violation of the antitrust laws. News reports indicate this may also be the centerpiece of a forthcoming antitrust lawsuit from the U.S. Department of Justice. This hearing will examine these allegations and provide a forum to assess the most important antitrust investigation of the 21st century.
  • On 22 September, the Federal Trade Commission (FTC) will hold a public workshop “to examine the potential benefits and challenges to consumers and competition raised by data portability.” By 21 August, the FTC “is seeking comment on a range of issues including:
    • How are companies currently implementing data portability? What are the different contexts in which data portability has been implemented?
    • What have been the benefits and costs of data portability? What are the benefits and costs of achieving data portability through regulation?
    • To what extent has data portability increased or decreased competition?
    • Are there research studies, surveys, or other information on the impact of data portability on consumer autonomy and trust?
    • Does data portability work better in some contexts than others (e.g., banking, health, social media)? Does it work better for particular types of information over others (e.g., information the consumer provides to the business vs. all information the business has about the consumer, information about the consumer alone vs. information that implicates others such as photos of multiple people, comment threads)?
    • Who should be responsible for the security of personal data in transit between businesses? Should there be data security standards for transmitting personal data between businesses? Who should develop these standards?
    • How do companies verify the identity of the requesting consumer before transmitting their information to another company?
    • How can interoperability among services best be achieved? What are the costs of interoperability? Who should be responsible for achieving interoperability?
    • What lessons and best practices can be learned from the implementation of the data portability requirements in the GDPR and CCPA? Has the implementation of these requirements affected competition and, if so, in what ways?”
  • The Federal Communications Commission (FCC) will hold an open meeting on 30 September, but an agenda is not available at this time.

Other Developments

  • The Global Engagement Center (GEC) at the U.S. Department of State published the “GEC Special Report: Pillars of Russia’s Disinformation and Propaganda Ecosystem” The GEC drew on “on publicly available reporting to provide an overview of Russia’s disinformation and propaganda ecosystem.”  The GEC identified the five pillars of Russia’s Disinformation and Propaganda Ecosystem:
    • official government communications;
    • state-funded global messaging;
    • cultivation of proxy sources;
    • weaponization of social media; and
    • cyber-enabled disinformation.
    • The GEC stated
      • This report provides a visual representation of the ecosystem described above, as well as an example of the media multiplier effect it enables. This serves to demonstrate how the different pillars of the ecosystem play distinct roles and feed off of and bolster each other. The report also includes brief profiles of select proxy sites and organizations that occupy an intermediate role between the pillars of the ecosystem with clear links to Russia and those that are meant to be fully deniable. The emphasis on these proxy sites is meant to highlight the important role they play, which can be overlooked given the attention paid to official Russian voices on one end of the spectrum, and the social media manipulation and cyber-enabled threats on the other.
  • The United States (U.S.) Department of Veterans Affairs (VA) has restarted its process for rolling out its new electronic health record (EHR) and announced it has “revised its previous schedule to convert facilities to its new HER capabilities with updated timelines for deployments in August in Columbus, Ohio, and October in Spokane, Washington.” The VA opted to replace its Veterans Health Information Systems and Technology Architecture (VistA) with a commercial off-the-shelf system the U.S. Department of Defense has chosen, Cerner Millennium. However, this $16 billion acquisition has encountered numerous difficulties and delays, which has caught he continued attention of Congress.
    • The VA claimed “The new timeline will preserve the 10-year implementation schedule and the overall cost estimates of VA’s EHR modernization program…[and] [a]fter the conversion at these sites, VA will bring other select facilities forward in the timeline.”
    • In June 2020, the U.S. Government Accountability Office (GAO) found:
      • VA met its schedule for making the needed system configuration decisions that would enable the department to implement its new EHR system at the first VA medical facility, which was planned for July 2020. In addition, VA has formulated a schedule for making the remaining EHR system configuration decisions before implementing the system at additional facilities planned for fall 2020.
      • VA’s Electronic Health Record Modernization (EHRM) program was generally effective in establishing decision-making procedures that were consistent with applicable federal standards for internal control. However, VA did not always ensure the involvement of relevant stakeholders, including medical facility clinicians and staff, in the system configuration decisions. Specifically, VA did not always clarify terminology and include adequate detail in descriptions of local workshop sessions to medical facility clinicians and staff to ensure relevant representation at local workshop meetings. Participation of such stakeholders is critical to ensuring that the EHR system is configured to meet the needs of clinicians and support the delivery of clinical care.
  • The United States (U.S.) Government Accountability Office (GAO) studied and reported on privacy and accuracy issues related to the use of facial recognition technology requested by the chairs of the House Judiciary and Oversight and Reform Committees. This report updates a 2015 report on the same issues and renews the agency’s call first made in 2013 that Congress “strengthen[] the current consumer privacy framework to reflect the effects of changes in technology and the marketplace—particularly in relation to consumer data used for marketing purposes—while also ensuring that any limitations on data collection and sharing do not unduly inhibit the economic and other benefits to industry and consumers that data sharing can accord.”
    • In the new report, the GAO explained that “[s]takeholders we interviewed identified additional activities that companies could improve the use of facial recognition technology. These activities include
      • defining the purpose for the technology’s use and clearly notifying consumers how companies are using the technology—such as surveillance or marketing;
      • identifying risks and limitations associated with using the technology and prohibiting certain uses (e.g., those with discriminatory purposes); and
      • providing guidance or training related to these issues.
    • The GAO asserted
      • However, these voluntary privacy frameworks and suggested activities that could help address privacy concerns or improve the use of facial recognition technology are not mandatory. Furthermore, as discussed earlier, in most contexts facial recognition technology is not currently covered by federal privacy law. Accordingly, we reiterate our 2013 suggestion that Congress strengthen the current consumer privacy framework to reflect the effects of changes in technology and the marketplace.
  • The United States Department of Justice (DOJ) “announced the dismantling of three terrorist financing cyber-enabled campaigns, involving the al-Qassam Brigades, Hamas’s military wing, al-Qaeda, and Islamic State of Iraq and the Levant (ISIS)…the government’s largest-ever seizure of cryptocurrency in the terrorism context.”
    • The DOJ claimed
      • These three terror finance campaigns all relied on sophisticated cyber-tools, including the solicitation of cryptocurrency donations from around the world.  The action demonstrates how different terrorist groups have similarly adapted their terror finance activities to the cyber age.  Each group used cryptocurrency and social media to garner attention and raise funds for their terror campaigns.  Pursuant to judicially-authorized warrants, U.S. authorities seized millions of dollars, over 300 cryptocurrency accounts, four websites, and four Facebook pages all related to the criminal enterprise.
  • The United States (U.S.) National Counterintelligence and Security Center (NCSC) revealed it has “has been providing classified briefings and other assistance to federal procurement executives, chief information officers and chief information security officers from across the U.S. Government on supply chain threats and risks stemming from contracting with five Chinese companies.” The NCSC explained the “supply chain security briefings are designed to assist federal agencies implement” Section 889 of the “John S. McCain National Defense Authorization Act (NDAA) for FY 2019” (P.L. 115-232).
    • The NCSC stated:
      • One provision of the NDAA prohibits the U.S. Government from directly using goods and services from five specified Chinese companies — Huawei, ZTE Corporation, Hytera Communications, Hanghzou Hikvision and Dahua Technology Company.
      • Another, broader, provision of Section 889 prohibits federal agencies from contracting with any company that uses goods and services from these five Chinese firms. This particular prohibition takes effect on August 13, 2020, unless a federal agency authorizes a waiver for a specific company, which can only be granted by the agency head after receiving NCSC supply chain security guidance.
  • The Federal Communications Commission (FCC) denied two petitions to stay an April 2020 rulemaking that would make the 6Ghz band of spectrum available to users other than the incumbents. The FCC noted “wo parties—Edison Electric Institute (EEI) and Association of Public-Safety Communications Officials-International, Inc. (APCO)—petitioned to stay the Order:
    • EEI, a trade association representing investor-owned electric utilities, seeks only to stay the effectiveness of the rules that apply to low-power indoor devices. 
    • APCO, a non-profit association of persons who manage and operate public-safety communications systems, seeks to stay the rules for both standard-power and low-power indoor operations.
    • In the rule and order, the FCC explained
      • We authorize two different types of unlicensed operations—standard-power and indoor low-power operations. We authorize standard-power access points using an automated frequency coordination (AFC) system. These access points can be deployed anywhere as part of hotspot networks, rural broadband deployments, or network capacity upgrades where needed. We also authorize indoor low-power access points across the entire 6 GHz band. These access points will be ideal for connecting devices in homes and businesses such smartphones, tablet devices, laptops, and Internet-of-things (IoT) devices to the Internet. As has occurred with Wi-Fi in the 2.4 GHz and 5 GHz bands, we expect that 6 GHz unlicensed devices will become a part of most peoples’ everyday lives. The rules we are adopting will also play a role in the growth of the IoT; connecting appliances, machines, meters, wearables, and other consumer electronics as well as industrial sensors for manufacturing.
  • In a speech, the Australian Competition and Consumer Commission (ACCC) Chair Rod Sims laid out the status of his agency’s actions against Google, Facebook, and other large technology platforms flowing from its final report in its “Digital Platforms Inquiry” that “proposes specific recommendations aimed at addressing some of the actual and potential negative impacts of digital platforms in the media and advertising markets, and also more broadly on consumers,” including:
    • The ACCC recently launched an action against Google regarding misleading representations it made to consumers to obtain their consent to expand the scope of personal information it collected and used about its’ users online activities.
    • In another case, which we brought against Google last year, we allege that Google misled consumers into sharing location data with Google. We contend Google did not clearly inform consumers using Android mobile devices that a particular account setting allowed Google to collect location data. We assert that many consumers may have unknowingly provided more of their personal location data to Google than they intended. Google then used consumers’ location data to enhance the value of its advertising services to prospective advertisers. This case is currently in Court with a hearing scheduled in late November.
    • Currently the ACCC is considering the acquisition by Google and Facebook of Fitbit and Giphy, respectively. We are considering questions such as whether they have the ability to give themselves advantages by favouring their own products, or whether these acquisitions are raising barriers to entry for other competitors.
    • In April 2020 the Federal Government directed the ACCC to develop a mandatory code of conduct to address bargaining power imbalances between Australian news media businesses and digital platforms. We recently published the draft legislation for the code.
  • A British appeals court overturned a decision that found that a police force’s use of facial recognition technology in a pilot program that utilized live footage to be legal. The appeals court found the use of this technology by the South Wales Police Force a violation of “the right to respect for private life under Article 8 of the European  Convention  on  Human  Rights,  data  protection  legislation,  and  the  Public  Sector Equality Duty (“PSED”) under section 149 of the Equality Act 2010.”

Further Reading

  • North Korean Hacking Group Attacks Israeli Defense Industry” by Ronen Bergman and Nicole Perlroth – The New York Times. Israel is denying the claims of a cybersecurity firm that hackers from the Democratic People’s Republic of Korea (DPRK) deeply penetrated its defense industry. Through the use of sophisticated phishing, including fake LinkedIn accounts and fluent English speakers, employees at Israeli defense companies were tricked into stalling spyware on these personal computers and then the hackers allegedly eventually accessed classified Israeli networks. The attacks show growing sophistication from DPRK hackers and that those looking to penetrate networks will always seek out weak spots.
  • Pentagon Requests More Time to Review JEDI Cloud Contract Bids” by Frank Konkel – Nextgov. The United States Department of Defense (DOD) has asked for yet more time to resolve who will win the second round of the Joint Enterprise Defense Infrastructure (JEDI) cloud contract that may prove worth more than $10 billion to the winner. The Pentagon had told the court it was on schedule to make an award ion the rebid of the contract that Microsoft had won over Amazon. The latter claimed political interference from the White House violated federal contract law, among other claims, resulting in this lawsuit.
  • Google rival’s study urges letting mobile users pick search defaults” by Ashley Gold – Axios. DuckDuckGo, a search engine, claims in newly released research that permitting Android users to choose their search engine would decrease Google’s market share by 20%. This could be relevant to the United States (U.S.) Department of Justice’s (DOJ) antitrust investigation. As a point of reference, in the U.S., the United Kingdom, and Australia, Google’s share of the mobile search engine market is 95%, 98% and 98%. DOJ may seriously look at this remedy as the European Commission (EC) imposed this as part of its antitrust case against Google, resulting in a record €4.34 billion fine.
  • Facial Recognition Start-Up Mounts a First Amendment Defense” By Kashmir Hill – The New York Times. Clearview AI has retained legendary First Amendment lawyer Floyd Abrams to make the argument that its collection, use, and dissemination of publicly photos scraped from the internet is protected as free speech. Abrams is quoting as saying that while privacy is, of course, an important right, the First Amendment to the United States Constitution would trump any such rights. It is expected that this argument will be employed in the myriad suits against the facial recognition technology firm in the range of suits against the company.
  • An advanced group specializing in corporate espionage is on a hacking spree” By Jeff Stone – cyberscoop. A new hacking group, RedCurl, has gone on a worldwide hacking campaign that broke into businesses in the United Kingdom, Canada, and other places. The hackers phished a number of businesses successfully by impersonating someone from the human resources in he organization.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

House Action On FISA Fizzles; A Conference Committee Is Requested

First things first, if you would like to receive my Technology Policy Update, email me. You can find some of these Updates from 2019 and 2020 here.

Despite House Democratic leadership’s plans to pass the Foreign Intelligence Surveillance Act (FISA) reauthorization the Senate sent back to the House earlier this month, plans for a vote last week were scrapped when the coalition that made possible passage of substantially the same bill in March fell apart. Instead, the House voted for a motion to disagree with the Senate’s amendments, to request a conference, and to appoint conferees. It remains to be seen whether the Senate opts to go to conference with the House, but a statement from a spokesperson for the Senate Majority Leader suggested he would support doing so. In the meantime, intelligence and law enforcement agencies cannot use the authorities the bill would renew and reform for they expired on 15 March except for investigations that started before that date.

At week’s beginning, it appeared as if the House would bring the amended “USA FREEDOM Reauthorization Act of 2020” (H.R. 6172) to the floor and possibly take a run at adding language that barely failed to get added during debate in the Senate that would further pare back the ability of federal law enforcement agencies to use the FISA process for surveillance. However, the Trump Administration more forcefully stated its objections to the amended bill, including a veto threat issued via Twitter, that caused Republican support for the bill to cave, and with it the chances of passage, for Republican votes were needed to pass the bill in the first place. Consequently, House Democratic Leadership explored the possibility of a clean vote on the Senate-amended bill, with the House Rules Committee reporting a rule for debate, but this effort was also scuttled as there were not the votes for passage of the bill, sending it to the White House. Instead, House Democratic Leadership opted to go to conference committee, which succeeded in a 284-122 proxy vote, one of the first taken under the new procedure. Thereafter, the House named the following conferees: House Judiciary Committee Chair Jerrold Nadler (D-NY) and Ranking Member Jim Jordan (R-OH); House Intelligence Committee Chair Adam Schiff (D-CA) and Ranking Member Devin Nunes (R-CA) and Representative Zoe Lofgren (D-CA).

House Democratic plans on the FISA reauthorization went from amendment to passing the bill the Senate passed to requesting a conference after the Democratic-Republican coalition that got the bill out of the House in March crumbled.  

As noted, this week, the Trump Administration’s opposition has stiffened with the President getting on the field via Twitter, the Department of Justice (DOJ) publicly stating its opposition, and House Republican leadership urging its Members to vote no on H.R.6172. Moreover, progressive Democrats and allied advocacy groups were pushing House Democratic Leadership to adopt provisions blocking the collection and surveillance of web browsing and search engine history under Section 215. Also, some House Democrats had announced their intention to vote against H.R. 6172 regardless of whether the Section 215 narrowing was added, and so it was not clear the Speaker had the votes to pass a bill the President had vowed to veto anyway.

On 26 May, President Donald Trump tweeted “I hope all Republican House Members vote NO on FISA until such time as our Country is able to determine how and why the greatest political, criminal, and subversive scandal in USA history took place!” On 27 May, Trump tweeted

If the FISA Bill is passed tonight on the House floor, I will quickly VETO it. Our Country has just suffered through the greatest political crime in its history. The massive abuse of FISA was a big part of it!

Also on 27 May, Assistant Attorney General Stephen Boyd released the following statement on H.R.6172:

The Department worked closely with House leaders on both sides of the aisle to draft legislation to reauthorize three national security authorities in the U.S.A. Freedom Act while also imposing reforms to other aspects of FISA designed to address issues identified by the DOJ Inspector General. Although that legislation was approved with a large, bipartisan House majority, the Senate thereafter made significant changes that the Department opposed because they would unacceptably impair our ability to pursue terrorists and spies. We have proposed specific fixes to the most significant problems created by the changes the Senate made. Instead of addressing those issues, the House is now poised to further amend the legislation in a manner that will weaken national security tools while doing nothing to address the abuses identified by the DOJ Inspector General.

Accordingly, the Department opposes the Senate-passed bill in its current form and also opposes the Lofgren amendment in the House. Given the cumulative negative effect of these legislative changes on the Department’s ability to identify and track terrorists and spies, the Department must oppose the legislation now under consideration in the House. If passed, the Attorney General would recommend that the President veto the legislation.

And yet this week, the head of the DOJ’s National Security Division John Demers said there is no pressing need for reauthorization at this time. He remarked in an interview:

We’re going to have to look at where we can fill in the gaps using criminal tools. They’re not perfect. Foreign partners are not crazy when we use their information as the basis of criminal tools, because we don’t have the same protections that we do to protect underlying information as we do on the national security side. We are going to do the best we can to fill those holes and keep those investigations going.

Two weeks ago, following Senate amendment and passage of H.R.6172, a DOJ spokesperson said of the bill, it “would unacceptably degrade our ability to conduct surveillance of terrorists, spies and other national security threats.”

Early in the week, Representatives Zoe Lofgren (D-CA) and Warren Davidson (R-OH) submitted an amendment along the lines of the language Senators Ron Wyden (D-OR) and Steve Daines (R-MT) that the Senate rejected by one vote to bar the collection of web browsing and internet search history via a FISA order under Section 215. Lofgren and Davidson had negotiated with other House Democratic stakeholders on language acceptable to them.

Regarding their amendment, in their press release, Lofgren and Davidson claimed “[t]he amendment – which is supported by Reps. Adam Schiff, Chair of the House Permanent Select Committee on Intelligence, and Jerrold Nadler, Chair of the House Judiciary Committee – is an outright prohibition: the government will not be able to use Section 215 to collect the websites that a U.S. person visits, the videos that a U.S. person watches, or the search queries that a U.S. person makes…[and] [s]pecifically:

  • If the government is not sure if you’re a U.S. person, but you could be, the government cannot get your internet activity without a Title I FISA warrant.
  • If the government wants to order a service provider to produce a list of everyone who has visited a particular website, watched a particular video, or made a particular search query: the government cannot make that order unless it can guarantee that no U.S. persons’ IP addresses, device identifiers, or other identifiers will be disclosed to the government.
    • This amendment does not allow for the incidental collection of U.S. persons’ web browsing or search information when the target is a specific-selection term that would or could produce such information.
  • This prohibition is a strict liability-type provision. (It isn’t a knowledge standard or a reasonable-belief standard. An order must not result in the production of a U.S. person’s web browsing or search information.)
  • If the order would or could result in the production of a U.S. person’s web browsing or search information, the government cannot order it without a Title I FISA warrant that must be narrowly tailored toward the subject of the warrant.

It appeared this amendment would be made in order during debate, but opposition from both the left and right in the House and among stakeholders made this untenable. The fact that the Lofgren/Davidson amendment was narrower in that it would only provide this protection to people in the United States whereas the Wyden/Daines amendment would have outright barred the practice under FISA led to opposition on the left. Early on 27 May, Wyden supported this language, but when House Intelligence Committee Chair Adam Schiff (D-CA) suggested that intelligence agencies could continue to collect web browsing and search histories of Americans, Wyden withdrew his support. Thereafter, House Democratic Leadership ultimately decided against allowing this amendment to have a vote.

In December, Lofgren and Davidson were among the Members who introduced the “Safeguarding Americans’ Private Records Act of 2020” (H.R.5675/S.3242) in both chambers. In their press release, the sponsors claimed “[t]he bill includes a host of reforms:

  • It would permanently end the flawed phone surveillance program, which secretly scooped up Americans’ telephone records for years.
  • It would close loopholes and prohibit secret interpretation of the law, like those that led to unconstitutional warrantless surveillance programs.
  • It would prohibit warrantless collection of geolocation information by intelligence agencies.
  • It would respond to issues raised by the Inspector General’s office by ensuring independent attorneys, known as amici, have access to all documents, records and proceedings of Foreign Intelligence Surveillance Court, to provide more oversight and transparency.

Notably, beyond revoking the authority for the NSA to restart the telephone collection program, the bill would also exclude from the definition of “tangible thing” in the Section 215 business records exception: Cell site location information, Global positioning system information, Internet website browsing information, and Internet search history information. The bill also contains language that would limit the use of Section 215 to only counterterrorism and foreign intelligence matters and limit the retention of any such material to three years unless it includes foreign intelligence. Moreover, the bill would increase the justification requirements the government must meet before a nondisclosure requirement (aka gag order) can be placed on a company subject to a Section 215 order.

Two week ago, the Senate amended and passed H.R. 6172 by an 80-16 vote. Consideration of the bill was stalled in March when some Senators pushed for amendments, a demand to which the Senate Majority Leader finally agreed, provided these amendments would need 60 votes to be adopted. Consequently, once COVID-19 legislation had been considered, the Senate returned to H.R.6172, and debated and voted upon three amendments, one of which was agreed to. Senators Pat Leahy (D-VT) and Mike Lee’s (R-UT) amendment to expand the amicus process during the FISA process prevailed by a 77-19 vote. In an op-ed in The Washington Post, Leahy and Lee argued

  • The key to our proposal is to substantially strengthen a program that currently allows FISA judges, in very limited circumstances, to appoint outside legal scholars — called “amici”— to independently analyze FBI surveillance requests that are particularly sensitive. Out of thousands of cases, FISA judges have called for such an independent review by a court-appointed “amicus” only 16 times. Yet this protection is critical because, unlike every courtroom you may have stepped into or any court in a TV drama, the FISA court is not adversarial — meaning there is only a government lawyer and a judge, but no one to advocate for Americans under surveillance.
  • We propose measures that would authorize and actively encourage judges in this secret court to seek independent amicus reviews in all sensitive cases — such as those involving significant First Amendment issues — thereby adding a layer of protection for those who will likely never know they have been targeted for secret surveillance.

As mentioned, Wyden and Daines offered an amendment to narrow the Section 215 exception to the Fourth Amendment’s requirement that a search requires a warrant. Section 215 currently allows for FISA court approved searches of business records and all tangible things in the course of a national security investigation, and the underlying text of H.R. 6172 would exclude cell site location and GPS location from Section 215. The Wyden/Daines amendment would also exclude web browsing and search engine histories.

As Wyden explained during debate,

With web browsing and searches, you are talking about some of the most intimate, some of the most personal, some of the most private details of the lives of Americans. Every thought that can come into people’s heads can be revealed in an internet search or in a visit to a website: their health histories, their medical fears, their political views, their romantic lives, their religious beliefs. Collecting this information is as close to reading minds as surveillance can get. It is the digital mining of the personal lives of the American people.

However, the amendment failed to reach the 60-vote threshold necessary for adoption under the rule of debate for H.R. 6172, failing by one vote as four Senators did not vote.

As for the underlying bill the Senate considered, in March, the House passed H.R. 6172 by a 278-136 vote, a bill to reauthorize three expiring FISA provisions used by the National Security Agency (NSA) primarily to conduct surveillance: the business records exception, roving wiretaps, and the “lone wolf” provision. These authorities had been extended in December 2019 to March 15, 2020. However, the Senate did not act immediately on the bill and opted instead to send a 77-day extension of these now lapsed authorities to the House, which did not to take up the bill. The Senate was at an impasse on how to proceed, for some Members did not favor the House reforms while others wanted to implement further changes to the FISA process. Consequently, Senate Majority Leader Mitch McConnell (R-KY) promised amendment votes when the Senate took up H.R.6172.

Moreover, H.R. 6172 ends the NSA’s ability to use the so-called call detail record (CDR) program that had allowed the agency to access data on many billions of calls. Nonetheless, the NSA shut down the program in 2018 due to what it termed technical problems. This closure of the program was included in the bill even though the Trump Administration had explicitly requested it also be reauthorized.

As mentioned, H.R. 6172 would reauthorize the business records exception, which includes “any tangible thing,” in FISA first instituted in the USA PATRIOT Act in 2001 but would reform certain aspects of the program. For example, if the Federal Bureau of Investigation (FBI) or NSA is seeking a business record under FISA for which a law enforcement agency would need to obtain a warrant, then the FBI or NSA will also need to obtain a warrant. Currently, this is not the case. Additionally, under H.R.6172, the FISA application process under Section 215 could not be used to obtain a person’s cell site location or GPS information. However, the FBI or NSA would still be able to use Title I of FISA to seek cell site location or GPS data for purposes of conducting electronic surveillance related to alleged foreign intelligence. The bill would require that prosecutors must inform defendants of the evidence derived from electronic surveillance unless doing so would harm national security.

Moreover, records obtained under Section 215 could be retained no longer than five years subject to a number of exceptions that may serve to make this limitation a dead letter. For example, if such records are deemed to have a “secret meaning” or are certified by the FBI as being vital to national security, then such records may be held longer than five years. Given the tendency of agencies to read their authority as broadly as possible and the past record of IC agencies, it is likely these authorities will be stretched as far as legally possible. It bears note that all restrictions are prospective, meaning that current, ongoing uses of Section 215 would be exempted. The business records provision would be extended until December 1, 2023 as are the other two expiring authorities that permit so-called roving wiretaps and allow for surveillance of so-called “lone wolves.”

For FISA applications under Title I (i.e. electronic surveillance), any agency seeking a FISA order to surveil will need to disclose to the FISA court any information that may call into question the accuracy of the application or any doubtful information. Moreover, certain FISA applications to surveil Americans or residents would need to spell out the proposed investigative techniques to the FISA court. Moreover, any FISA application targeting U.S. officials or candidates for federal office must be approved by the Attorney General in writing before they can be submitted. H.R.6172 would permit the suspension or removal of any federal official, employee, or contractor for misconduct before the FISA court and increases criminal liability for violating FISA from five to eight years. Most of these reforms seem aimed at those Members, many of whom are Republican, that were alarmed by the defects in the FISA surveillance process of Trump Campaign associate Cater Page as turned up by the Department of Justice’s Office of the Inspector General investigation. Some of these Members were opposed to the House Judiciary Committee’s initial bill, which they thought did not implement sufficient reforms to the larger FISA process.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.

Senate Amends FISA Reauthorization; Bill Goes Back To House

A bill to renew three lapsed surveillance provisions was changed during debate, and it is unclear when the House would take up the bill.  

First things first, if you would like to receive my Technology Policy Update, email me. You can find some of these Updates from 2019 and 2020 here.

The Senate sent an amended version of the Foreign Intelligence Surveillance Act (FISA) reauthorization back to the House without a clear timeline as to when that body will take up this bill. The Senate adopted one amendment to bolster the FISA amicus and disclosure process, narrowly failed to adopt another to exclude web browsing information and search history outside the scope of Section 215, and handily rejected an amendment to limit the use of FISA against United States persons.

In March, the House passed the “USA FREEDOM Reauthorization Act of 2020” (H.R. 6172) by a 278-136 vote, a bill to reauthorize three expiring FISA provisions used by the National Security Agency (NSA) primarily to conduct surveillance: the business records exception, roving wiretaps, and the “lone wolf” provision. These authorities had been extended in December 2019 to March 15, 2020. However, the Senate did not act immediately on the bill and opted instead to send a 77-day extension of these now lapsed authorities to the House, which did not to take up the bill. The Senate was at an impasse on how to proceed, for some Members did not favor the House reforms while others wanted to implement further changes to the FISA process.

Moreover, H.R. 6172 ends the NSA’s ability to use the so-called call detail record (CDR) program that had allowed the agency to access data on many billions of calls. Nonetheless, the NSA shut down the program in 2018 due to what it termed technical problems. This closure of the program was included in the bill even though the Trump Administration had explicitly requested it also be reauthorized.

As mentioned, H.R. 6172 would reauthorize the business records exception, which includes “any tangible thing,” in FISA first instituted in the USA PATRIOT Act in 2001 but would reform certain aspects of the program. For example, if the Federal Bureau of Investigation (FBI) or NSA is seeking a business record under FISA for which a law enforcement agency would need to obtain a warrant, then the FBI or NSA will also need to obtain a warrant. Currently, this is not the case. Additionally, under H.R.6172, the FISA application process under Section 215 could not be used to obtain a person’s cell site location or GPS information. However, the FBI or NSA would still be able to use Title I of FISA to seek cell site location or GPS data for purposes of conducting electronic surveillance related to alleged foreign intelligence. The bill would require that prosecutors must inform defendants of the evidence derived from electronic surveillance unless doing so would harm national security.

Moreover, records obtained under Section 215 could be retained no longer than five years subject to a number of exceptions that may serve to make this limitation a dead letter. For example, if such records are deemed to have a “secret meaning” or are certified by the FBI as being vital to national security, then such records may be held longer than five years. Given the tendency of agencies to read their authority as broadly as possible and the past record of IC agencies, it is likely these authorities will be stretched as far as legally possible. It bears note that all restrictions are prospective, meaning that current, ongoing uses of Section 215 would be exempted. The business records provision would be extended until December 1, 2023 as are the other two expiring authorities that permit so-called roving wiretaps and allow for surveillance of so-called “lone wolves.”

For FISA applications under Title I (i.e. electronic surveillance), any agency seeking a FISA order to surveil will need to disclose to the FISA court any information that may call into question the accuracy of the application or any doubtful information. Moreover, certain FISA applications to surveil Americans or residents would need to spell out the proposed investigative techniques to the FISA court. Moreover, any FISA application targeting U.S. officials or candidates for federal office must be approved by the Attorney General in writing before they can be submitted. H.R.6172 would permit the suspension or removal of any federal official, employee, or contractor for misconduct before the FISA court and increases criminal liability for violating FISA from five to eight years. Most of these reforms seem aimed at those Members, many of whom are Republican, that were alarmed by the defects in the FISA surveillance process of Trump Campaign associate Cater Page as turned up by the Department of Justice’s Office of the Inspector General investigation. Some of these Members were opposed to the House Judiciary Committee’s initial bill, which they thought did not implement sufficient reforms to the larger FISA process.

Like the bill the House Judiciary Committee was to mark up, the “USA FREEDOM Reauthorization Act of 2020” would set a six-month deadline for the Director of National Intelligence to declassify significant FISA opinions, orders, and decisions. The bill also beefs up the adversarial procedures in the FISA process by expanding the process by which amici curiae are expanded and their ability to ability FISA decisions to the FISA review court would also be expanded. Additionally, both FISA courts and the FISA review court would be empowered to seek outside legal counsel.

The Intelligence Committees would see their power increased to seek and obtain FISA applications in order to conduct oversight of the FISA process.

Finally, the powers of the Privacy and Civil Liberties Oversight Board (PCLOB) to oversee the FISA process would also be expanded. PCLOB would need to report on the extent to which FISA investigations are arising from protected First Amendment activities and from protected characteristics such as race, gender, sexual orientation, and others. There are broader PCLOB reforms that, for example, lengthen PCLOB members’ terms to six years and allows them to serve past the six-year mark until a successor is confirmed by the Senate as is the case with many other agencies.

Senators Pat Leahy (D-VT) and Mike Lee (R-UT) succeeded in having their amendment to expand the amicus process expanded during the FISA process by a 77-19 vote. In an op-ed in The Washington Post, Leahy and Lee argued

  • The key to our proposal is to substantially strengthen a program that currently allows FISA judges, in very limited circumstances, to appoint outside legal scholars — called “amici”— to independently analyze FBI surveillance requests that are particularly sensitive. Out of thousands of cases, FISA judges have called for such an independent review by a court-appointed “amicus” only 16 times. Yet this protection is critical because, unlike every courtroom you may have stepped into or any court in a TV drama, the FISA court is not adversarial — meaning there is only a government lawyer and a judge, but no one to advocate for Americans under surveillance.
  • We propose measures that would authorize and actively encourage judges in this secret court to seek independent amicus reviews in all sensitive cases — such as those involving significant First Amendment issues — thereby adding a layer of protection for those who will likely never know they have been targeted for secret surveillance.

Leahy elaborated during floor debate:

  • My amendment with Senator Lee would create a presumption of amici participation in cases involving significant First Amendment issues, not just “exceptional concerns” as in the House bill. Importantly, we also create a presumption of amici participation when the FBI considers the case to be a “sensitive investigative matter” which the FBI would call an investigation involving the domestic media, a domestic religious organization, or a public official. I think all of us should agree that in those instances we ought to have somebody independently looking at them.
  • Most critically, though, we would leave the decision to appoint amici entirely up to the FISA judge. Even if it would fall into all of these categories they could still say no. As a result, the argument that the expanded amici participation would duly burden the court doesn’t even withstand the slightest scrutiny. If the judge believes amici would not be appropriate because the case is too time sensitive or too simple or too routine or for any other reason–any other reason–they have the discretion to not appoint amici at all. Under our amendment, throughout the FISA process, the judge maintains complete control. It is not a burden on the court. What it is doing is empowering the court. It is up to them.

Senators Ron Wyden (D-OR) and Steve Daines (R-MT) offered an amendment to narrow the Section 215 exception to the Fourth Amendment’s requirement that a search requires a warrant. Section 215 currently allows for FISA court approved searches of business records and all tangible things in the course of a national security investigation, and H.R. 6172 would, as noted, exclude cell site location and GPS location from Section 215.

As Wyden explained during debate,

With web browsing and searches, you are talking about some of the most intimate, some of the most personal, some of the most private details of the lives of Americans. Every thought that can come into people’s heads can be revealed in an internet search or in a visit to a website: their health histories, their medical fears, their political views, their romantic lives, their religious beliefs. Collecting this information is as close to reading minds as surveillance can get. It is the digital mining of the personal lives of the American people.

However, the amendment failed to reach the 60-vote threshold necessary for adoption under the rule of debate for H.R. 6172, failing by one vote as four Senators did not vote.

Finally, Senator Rand Paul (R-KY) offered an amendment “to prohibit the use of  authorities  under  [FISA]  to  surveil  United  States  persons  and  to  prohibit  the  use of information acquired under such Act in  any  criminal,  civil,  or  administrative  proceeding or as part of any criminal, civil, or  administrative  investigation,  and  for  other purposes.” Paul’s amendment would bar the use of FISA for the following:

(1)  electronic surveillance of a United  States person;

(2)  a  physical  search  of  a  premises, information, material,  or  property used  exclusively  by, or under the open and exclusive  control of, a United States person;

(3) approval of the installation and use of a pen register or trap and trace device to obtain information concerning a United States person;

(4) the production of  tangible  things (including  books,  records,  papers,  documents,  and other items) concerning a United States person; or

(5) the  targeting of a United States person for the acquisition of information.

Moreover, prosecutors could not use any such information in court proceedings against U.S. persons if obtained without a warrant issued by a federal court excepting FISA courts.

The amendment failed by an 11-87 vote, and then the Senate sent the amended version of H.R. 6172 back to the House by an 80-16 vote where its path to enactment is not immediately clear, in no small part, due to the extended COVID-19 recess that body has taken. However, the House Rules Committee is taking up a proxy voting measure today that may allow all Members to vote without having to be in Washington. This may allow action much sooner on the bill.

© Michael Kans, Michael Kans Blog and michaelkans.blog, 2019-2020. Unauthorized use and/or duplication of this material without express and written permission from this site’s author and/or owner is strictly prohibited. Excerpts and links may be used, provided that full and clear credit is given to Michael Kans, Michael Kans Blog, and michaelkans.blog with appropriate and specific direction to the original content.