1/14. The Executive Office of the President (EOP) released a statement regarding pending bills directed at foreign web sites dedicated to infringing activity. It criticizes the DNS blocking provisions of the SOPA and PROTECT IP Act.

The statement is attributed to Victoria Espinel (Intellectual Property Enforcement Coordinator), Aneesh Chopra (Chief Technology Officer in the Office of Management and Budget), and Howard Schmidt (Special Assistant to the President and Cybersecurity Coordinator for National Security Staff).

It states that "We must avoid creating new cybersecurity risks or disrupting the underlying architecture of the Internet. Proposed laws must not tamper with the technical architecture of the Internet through manipulation of the Domain Name System (DNS), a foundation of Internet security."

It continues that "Our analysis of the DNS filtering provisions in some proposed legislation suggests that they pose a real risk to cybersecurity and yet leave contraband goods and services accessible online. We must avoid legislation that drives users to dangerous, unreliable DNS servers and puts next-generation security policies, such as the deployment of DNSSEC, at risk."

The bills at issue are S 968 [LOC | WW], the "Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011" or "PROTECT IP Act", and HR 3261 [LOC | WW], the "Stop Online Piracy Act" or "SOPA", which is currently under consideration by the House Judiciary Committee (HJC). See also, HR 3261 as amended in the first phase of the mark up by the HCC.

For an explanation of the possible dangers inherent in DNS blocking, see story titled "Summary of the Argument that DNS Blocking May Decrease Cyber Security" in TLJ Daily E-Mail Alert No. 2,325, January 12, 2012.

The statement also addresses in broad strokes the subjects of censorship and innovation. "Any effort to combat online piracy must guard against the risk of online censorship of lawful activity and must not inhibit innovation by our dynamic businesses large and small. Across the globe, the openness of the Internet is increasingly central to innovation in business, government, and society and it must be protected. To minimize this risk, new legislation must be narrowly targeted only at sites beyond the reach of current U.S. law, cover activity clearly prohibited under existing U.S. laws, and be effectively tailored, with strong due process and focused on criminal activity."

The statement adds that "Any provision covering Internet intermediaries such as online advertising networks, payment processors, or search engines must be transparent and designed to prevent overly broad private rights of action that could encourage unjustified litigation that could discourage startup businesses and innovative firms from growing."

The statement encourages "all sides to work together to pass sound legislation this year that provides prosecutors and rights holders new legal tools to combat online piracy originating beyond U.S. borders".

It also encourages "all private parties, including both content creators and Internet platform providers working together, to adopt voluntary measures and best practices to reduce online piracy.

It concludes that "we will continue to work with Congress on a bipartisan basis on legislation that provides new tools needed in the global fight against piracy and counterfeiting, while vigorously defending an open Internet based on the values of free expression, privacy, security and innovation".

	Sherwin Siy Copyright PK

Sherwin Siy of the Public Knowledge (PK) stated in a release that "This is a fantastic sign". He wrote that it "affirms the message that legislation tampering with the DNS poses real risks to the security and stability of the Internet. It also recognizes that, regardless of intent, copyright legislation can affect free speech, and that it's therefore important for copyright enforcement laws to be narrowly tailored and provide due process."

Siy continued that "The White House also noted that laws can give private parties far too much litigation power -- power that can sue startup companies out of existence and stifle innovation. This is critically important, but then the statement makes a reference that could undermine this point. It notes that content producers and intermediaries should both have voluntary best practices measures. That's a perfectly legitimate stand-alone proposition, but only if it isn't taken to mean the sort of "voluntary measures" that are crafted to create legal pressures for intermediaries to fold under pressure from potential plaintiffs.

In contrast, the Information Technology and Innovation Foundation (ITIF) stated in a release that "many of the critics who tout the benefits of Secure DNS have not yet implemented it because of the many barriers that  stand in the way of its successful operation on today's Internet. With or without Protect IP and SOPA, Secure DNS is little more than a "paper tiger" at present, albeit a very desirable one."

The ITIF added that "We remain confident that the technical measures proposed by Protect IP and SOPA do not threaten cybersecurity, and we believe that careful analysis will show this."

1/12. Rep. Henry Waxman (D-CA), Rep. Diana DeGette (D-CO), and Rep. GK Butterfield (D-NC) sent a letter to their Republican counterparts on the House Commerce Committee (HCC) requesting that the HCC "hold a hearing as expeditiously as possible to explore the answers to questions raised by recent reports about Carrier IQ and data collection, analysis, and transmission in the mobile device market".

For more detail on this issue, see related story in this issue titled "Carrier IQ, Telcos and Phone Makers Respond to Sen. Franken's Questions".

On January 12, 2012 the HCC announced several hearings to be held by the HCC or its Subcommittees in February. However, none pertain to this issue, or any other information or communications technology related issues.

The three wrote that "Carrier IQ software is designed to help mobile device manufacturers and wireless carriers track the performance of their phones and networks. It is present on millions of phones on Sprint, T-Mobile, AT&T, and other networks. Although consumers know little if anything about this software, it could represent a significant threat to privacy."

"Carrier lQ has confirmed some important information about its software: that it can collect information such as calls made and received, a phone's physical location, the URLs of websites searched by a device user, and in some cases, internet search queries, and that it can transmit this information back to network providers."

They also enumerated that questions that should be addressed by the HCC: "What are the data collection, analysis, and transmission capabilities of Carrier IQ and similar software, and what privacy protections are built into the software? Were Android phones sold with security flaws that could have exacerbated privacy concerns related to Carrier IQ and other software and, if so, have these flaws been addressed? Are carriers and device manufacturers providing sufficient disclosure to consumers about this data collection, analysis, and transmission? Do these practices create privacy and security risks for consumers and, if so, how are carriers and manufact1lrers addressing them? How much control do mobile device users have over this data collection, analysis, and transmission and should that control be expanded?"

The three Democrats sent their letter to their Republican counterparts, Rep. Fred Upton (R-MI), Chairman of the HCC, Rep. Cliff Stearns (R-FL), the Chairman of the HCC's Subcommittee on Oversight and Investigations, and Rep. Mary Mack (R-CA), Chairman of the Subcommittee on Commerce, Manufacturing and Trade.

1/12. Sen. Al Franken's (D-MN) sent letters to Carrier IQ, wireless service providers, and phone makers. Companies sent responses in December. These letters provide many details regarding the data collection properties of Carrier IQ software, how phone makers and service providers install and use the software, and what might be the implications for consumers' interests in privacy.

On November 30, 2011, Sen. Franken, Chairman of the Senate Judiciary Committee's (SJC) Subcommittee on Privacy Technology and the Law, sent a letter [PDF] to Carrier IQ, stating that its software, "pre-installed on smartphones ... is logging and may be transmitting extraordinarily sensitive information from consumers' phones, including ... the phone numbers they dial ... the contents of text messages they receive ... the URLs of the websites they visit ... the contents of online search queries ... and ... the location of the customer using the smartphone ..."

Sen. Franken (at right) added that average users have no way to know about this, and "no reasonable means to remove or stop it".

He wrote that "These actions my violate federal privacy laws, including the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act", also known as the ECPA and CFAA.

In particular, he focused on the wiretap provisions of the ECPA (codified at 18 U.S.C. § 2511 et seq.), the pen register provisions of the ECPA which address numbers dialed (codified at 18 U.S.C. § 3121 et seq.), and the Stored Communications Act provisions of the ECPA (codified at 18 U.S.C. § 2701 et seq.). The CFAA is codified at 18 U.S.C. § 1030.

He then propounded numerous interrogatories about what Carrier IQ's software does, how long it stores data, what data is shares and with whom, how data is protected from hackers, and whether Carrier IQ is violating federal law.

Sen. Franken also wrote letters to AT&T, Sprint, HTC, Samsung, HTC, T-Mobile USA, and Motorola.

Carrier IQ Response. Carrier IQ responded by letter [7 pages in PDF] dated December 14. It wrote that "Carrier IQ has built software that allows Network Operators to better understand how mobile devices interact with and perform on their networks. Today our technology is used by our customers in two specific ways: Network Management and Customer Care."

Also, it provides to its users -- carriers and phone makers -- "diagnostic data that help them identify how their networks, and devices on those networks, are performing" and data "to assist individual users who are experiencing problems with their device or with the network".

Carrier IQ stated that its software does enable the software's users to collect location data. But, it asserted that "our software is not used to track the location of consumers".

Also, the software collects "the phone numbers dialed and received". But again, Carrier IQ asserted that its users used its software for "diagnosing and maintaining" their networks.

Also, Carrier IQ disclosed that there is "an unintended bug" that results in the collection of content of text messages. Carrier IQ added that it is working on changes to the software to "ensure that this information is no longer captured".

Carrier IQ added that its software does not collect the "content of emails", or the "details from users' address books". Nor is the software a keystroke logger.

Also, the software can be used for "collection of URLs", that is, web sites visited by the customer using the smartphone.

Also, the Software can be used to collect  search queries "To the extent that such queries may be passed in the URL string.

Carrier IQ letter does not elaborate that search engines such as Google operate in this manner. That is, when one uses a web browser and enters search terms into Google's search box, the browser sends a URL that consists of www.google.com plus a text string that includes the search terms. In other words, Carrier IQ's software enables widespread collection of individuals' search queries.

Carrier IQ added that when all of the data collected by the software is transmitted from individuals' phones to the carriers or phone makers, the phone user does not get billed. Also, Carrier IQ wrote that for one of its carrier customers the data is transmitted from individuals' phones to the carrier. For other customers, the data is transmitted to Carrier IQ. It wrote that "Carrier IQ hosts data for its customers in Carrier IQ's data center", but that Carrier IQ "does not have any rights to the data" and "does not transmit the data to any third parties"

Carrier IQ also wrote about data retention. "Typical minimum retention periods for Carrier IQ's customers are 30 days, although data may be retained beyond date. Carrier IQ is continuing to investigate how long data has been stored for each customer. Due to pending litigation, Carrier IQ is taking efforts to preserve all data currently in its data center."

Carrier IQ wrote that there has been no law enforcement access. "To date, Carrier IQ has not received legal process to provide end user data to any federal or state agency, and Carrier IQ has not provided such data. Should such requests be made, Carrier IQ would comply with its legal obligations, and would direct such requests to its customers, which have the legal rights to the data."

Finally, Carrier IQ wrote that is is not violating federal law.

Sprint Response. Sprint stated in its December 14 letter "there are approximately 26 million active devices have the Carrier IQ software installed", but "At any one time, only 1.3 million devices may be tasked to collect and report data".

Sprint wrote that this is "diagnostic software" and the data collected does not go beyond "technical diagnostics information".

Sprint made the point that, separately from Carrier IQ software, it knows, because it operates the wireless network, the URLs of web sites that its customers visit, the numbers they call or send a text message, and in which cell site they are located.

It then stated that Carrier IQ software enables it to receive location information and the URLs of web sites visited by its customers, but that it does not use this software to obtain customers' numbers dialed, numbers from which customers receive calls, the contents of text messages sent or received, the contents of emails sent or received, the contents of search queries, the contents of address books, or keystroke data.

Sprint also stated that it does not share Carrier IQ data with third parties, and it has not disclosed such data to "federal or state law enforcement".

Sprint also stated that it is not violating federal law.

AT&T Response. AT&T responded by letter dated December 14, 2011. It stated the Carrier IQ software is resident on about 900,000 devices on AT&T's wireless network.

AT&T stated that it uses Carrier IQ software, but "only to collect diagnostic information", and "not to obtain the contents of customers' communications, to track where our customers go on the Internet, or to track customer location".

But, in response to specific questions, it stated that it does use Carrier IQ software to collect location data, and phone numbers. It does not, however, use this software to collect content of emails or text messages (subject to the programming error noted by Carrier IQ), URLs of web sites visited, search queries, information from address books, or keystroke data.

It also stated that it has not shared data collected by this software with law enforcement agencies or third parties other than AT&T companies.

See also, response of Samsung, which makes phones and tablets for companies that provide wireless services, such as Sprint, AT&T and T-Mobile. It stated that it pre-installs Carrier IQ software at the direction of these companies. It also stated that it "does not receive any data that may be collected by Carrier IQ software or Carrier IQ". And hence, it does not share any such data with third parties, make it available to law enforcement, or store it. And, it opines that it is not violating federal law.

See also, response of HTC, which also makes phones for wireless service providers, and installs Carrier IQ software pursuant to its contracts with them. It stated that it does not receive any data from Carrier IQ software. And, it is not violating federal law.

Martin Luther King's Birthday. This is a federal holiday. See, OPM list of 2012 federal holidays.

The House will meet at 2:00 PM in pro forma session. See, Rep. Cantor's calendar.

8:00 - 10:00 AM. Broadband Census News LLC will host a panel discussion titled "The Wired Home and Wireless Policy". The speakers will be Rick Kaplan (Chief of the FCC's Wireless Telecommunications Bureau), Fred Campbell (head of the Wireless Communications Association International), Walter McCormick (head of the US Telecom), Grant Seiffert (head of the Telecommunications Industry Association), and Drew Clark. Breakfast will be served. This event is open to the public. The price to attend is $47.12. See, notice and registration page. This event is also sponsored by Comcast, Google, ICF Intl., Intel, NCTA TIA, and US Telecom. Location: Clyde's of Gallery Place, 707 7th St., NW.

9:00 AM - 4:30 PM. Day one of the Net Caucus's annual State of the Net Conference. See, conference web site and schedule. Location: Hyatt Regency, Capitol Hill, 400 New Jersey Ave., NW.

9:00 AM - 5:45 PM. Day one of a three day event hosted by the International Intellectual Property Institute (IIPI) and U.S. Patent and Trademark Office (USPTO) titled "Seminar on Specialized Intellectual Property Rights Courts". The speakers will include David Kappos (head of the USPTO), Shinjiro Ono (former Deputy Commissioner of the Japan Patent Office), and Jorge Amigo (former Director of the Mexican Institute of Industrial Property). The deadline to register is January 13. Free. See, notice. Location: USPTO, 600 Dulany St., Alexandria, VA.

10:00 - 11:00 AM. The Free Press (FP), Public Knowledge (PK), and others will host a teleconferenced news conference regarding HR 3261 [LOC | WW], the "Stop Online Piracy Act", or "SOPA", and S 968 [LOC | WW], the "Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011" or "PROTECT IP Act". The number is +1 (213) 493-0606; the access code is 236-450-089.

12:00 NOON - 2:00 PM. American Bar Association's (ABA) Section of International Law will host an on site and teleconferenced panel discussion titled "Trade Remedies Approaches of the US and EU Toward China: Similarities and Differences". The speakers will be Joseph Dorn (King & Spaulding), Gary Horlick (Gary Horlick), Edwin Vermulst (VVGB Advocaten), Matthew Yeo (Steptoe & Johnson), and Kristin Mowry (Mowry & Grimson). The price ranges from $15 to $20. Lunch will be provided for on site attendees. See, notice. Location: Sidley Austin, 1501 K St., NW.

12:15 - 1:30 PM. The Federal Communications Bar Association's (FCBA) Young Lawyers Committee will host a brown bag lunch titled "Industry Roundtable -- The Roles and Responsibilities of the Young Lawyer". For more information, contact Mark Brennan at Mark dot Brennan at hoganlovells dot com or Brendan Carr at BCarr at wileyrein dot com. Location: Wilmer Hale, Multi-Purpose Room on the ground level, 1875 Pennsylvania Ave., NW.

The House will meet at 10:00 AM for morning hour, and at 12:00 NOON for legislative business. It will consider a resolution of disapproval of the President's exercise of authority to increase the debt limit. See, Rep. Cantor's calendar.

9:00 - 11:00 AM. The Information Technology and Innovation Foundation (ITIF) will host an panel discussion titled "Bits and Bricks: Transforming the Construction Industry Through Innovation". The speakers will be Robert Atkinson (ITIF), Phillip Bernstein (Autodesk), Dorothy Robyn (Department of Defense), Robert Peck (GSA) and Shyam Sunder (NIST). See, notice. Location: National Press Club, Holeman Lounge, 529 14th St., NW.

9:00 - 11:30 AM. Day two of the Net Caucus's annual State of the Net Conference. See, conference web site and schedule. Location: Hyatt Regency, Capitol Hill, 400 New Jersey Ave., NW.

9:00 AM - 5:30 PM. Day one of a three day event hosted by the International Intellectual Property Institute (IIPI) and U.S. Patent and Trademark Office (USPTO) titled "Seminar on Specialized Intellectual Property Rights Courts". The speakers will include David Kappos (head of the USPTO), Shinjiro Ono (former Deputy Commissioner of the Japan Patent Office), and Jorge Amigo (former Director of the Mexican Institute of Industrial Property). The deadline to register is January 13. Free. See, notice. Location: USPTO, 600 Dulany St., Alexandria, VA.

10:00 AM - 12:00 NOON. The House Oversight and Government Reform Committee (HOGRC) will hold a titled "Government Mandated DNS Blocking and Search Takedowns -- Will It End the Internet as We Know It?" See, notice. The HOGRC does not have jurisdiction over HR 3261 [LOC | WW], the "Stop Online Piracy Act" or "SOPA". The House Judiciary Committee (HJC) does. However, this hearing is directed at provisions in the SOPA. The HOGRC will webcast this hearing. Location: Room 2154, Rayburn Building, with overflow seating in Room 2203.

12:00 NOON - 1:30 PM. American Bar Association's (ABA) Section of Antitrust Law will host a teleconferenced panel discussion titled "Monopolization Updates from China and Canada". The speakers will be Neil Campbell (McMillan) and Kate Wallace (Jones Day). Free. See, notice.

The House will not meet. Day one of a three day event titled "House Republican Issues Conference". See, Rep. Cantor's calendar.

The Senate will not meet.

9:00 AM - 3:30 PM. Day one of a three day event hosted by the International Intellectual Property Institute (IIPI) and U.S. Patent and Trademark Office (USPTO) titled "Seminar on Specialized Intellectual Property Rights Courts". The speakers will include David Kappos (head of the USPTO), Shinjiro Ono (former Deputy Commissioner of the Japan Patent Office), and Jorge Amigo (former Director of the Mexican Institute of Industrial Property). The deadline to register is January 13. Free. See, notice. Location: USPTO, 600 Dulany St., Alexandria, VA.

11:45 AM - 1:45 PM. The Tech Freedom (TF), Competitive Enterprise Institute (CEI) and Cato Institute will host a panel discussion titled "Unintended Consequences of Rogue Website Crackdown". The program will address three bills under consideration by the House and Senate: (1) HR 3261 [LOC | WW], the "Stop Online Piracy Act" or "SOPA", (2) draft [18 pages in PDF] of the "Online Protection & Enforcement of Digital Trade Act", or "OPEN Act", and (3) S 968 [LOC | WW], the "Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011" or "PROTECT IP Act". The speakers will be Berin Szoka (TF), Larry Downes (TF), Allan Friedman (Brookings Institution), James Gattuso (Heritage Foundation), Dan Kaminsky, Julian Sanchez (Cato Institute). Lunch will be served. Free and open to the public. The deadline to register is 12:00 NOON on January 18. See, notice and registration page. Location: Reserve Officers Association of the US, One Constitution Ave., NE.

12:30 - 1:45 PM. The Federal Communications Commission's (FCC) Wireless Telecommunications Bureau's (WB) Division Chiefs will hold a meeting. The speakers will include Mary Bucher (Technologies, Systems and Innovation Division), Nese Guendelsberger ( Spectrum and Competition Policy Division), Roger Noel (Mobility Division), Blaise Scinto (Broadband Division), and Margaret Weiner (Auctions and Spectrum Access Division). The price to attend is $17. Registrations and cancellations are due by 12:00 NOON on January 16. See, notice. The Federal Communications Bar Association (FCBA) states that this is an FCBA event. Location: Wiley Rein, 1776 K St., NW.

6:00 - 8:15 PM. The Federal Communications Bar Association's (FCBA) Wireline Committee will host an event titled "Understanding the Connect America Fund Order". CLE credits. Prices vary. See, notice. Location: Dow Lohnes, 1200 New Hampshire Ave., NW.

The House will not meet. Day two of a three day event titled "House Republican Issues Conference".  See, Rep. Cantor's calendar.

The Senate will meet at 2:00 PM in pro forma session only.

Supreme Court conference day. See, calendar. Closed.

1:00 - 2:30 PM. American Bar Association's (ABA) Section on Intellectual Property Law will host a webcast panel discussion titled "Prosecution Strategies: Tackling USPTO Obviousness Rejections". The speakers will be Janet Hendrickson (Senniger Powers), Gregory Hillyer (Feldman Gale), Michelle O'Brien (O'Brien Jones), and Zachary Stern (Oblon, Spivak). The price ranges from $70 to $150. CLE credits. See, notice.

Day three of a three day event titled "House Republican Issues Conference".

The House will meet. Votes will be postponed until 6:30 PM.

The Senate will meet at 2:00 PM for morning business. The Senate may also consider S 968 [LOC | WW], the "Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011" or "PROTECT IP Act".

6:00 - 9:15 PM. The DC Bar Association will host a program titled "Introduction to Export Controls". The speakers will be Carol Kalinoski (solo practitioner) and Thomas Scott (Ladner & Associates). The price to attend this and the companion program on February 8 ranges from $169 to $229. CLE credits. See, notice. For more information, call 202-626-3488. The DC Bar has a history of barring reporters from its events. Location: DC Bar Conference Center, 1101 K St., NW.

1/13. President Obama named Ed Pagano Deputy Assistant to the President and Senate Liaison. He begins next week. He has worked for Sen. Patrick Leahy (D-VT) since 1993. He is now Sen. Leahy's Chief of Staff. Sen. Leahy stated in a release that "Pagano has advised Leahy on the recently enacted Leahy-Smith America Invents Act" and "on the hearings and confirmations of Supreme Court Justices Sonia Sotomayor and Elena Kagan." Before that, he was Sen. Leahy's Senior Counsel for the Senate Judiciary Committee (DJC). Sen. Leahy stated that Pagano worked on "the USA PATRIOT Act, anti-crime and victims' assistance programs, Leahy's Bulletproof Vest Partnership Act, and the September 11 Victim Compensation Fund. He headed Leahy's work in drafting the charter for the nation’s first-responder grant program, which Leahy included in the USA PATRIOT Act."

1/12. Robert Fisher was named a Deputy Director of the Securities and Exchange Commission's (SEC) Office of International Affairs. See, SEC release.

1/10. Rep. Wally Herger (R-CA) announced that he will not run for re-election in November of 2012. He is a former Chairman of the House Ways and Means Committee's (HWMC) Subcommittee on Trade, and the current Chairman of the Subcommittee on Health. See also, statement by Rep. Dave Camp (R-MI), Chairman of the HWMC.

Tech Law Journal publishes a free access web site and a subscription e-mail alert. The basic rate for a subscription to the TLJ Daily E-Mail Alert is $250 per year for a single recipient. There are discounts for subscribers with multiple recipients.

Free one month trial subscriptions are available. Also, free subscriptions are available for federal elected officials, and employees of the Congress, courts, and executive branch. The TLJ web site is free access. However, copies of the TLJ Daily E-Mail Alert are not published in the web site until two months after writing.

For information about subscriptions, see subscription information page.

Tech Law Journal now accepts credit card payments. See, TLJ credit card payments page.

TLJ is published by David Carney
Contact: 202-364-8882.
carney at techlawjournal dot com
3034 Newark St. NW, Washington DC, 20008.

Privacy Policy
Notices & Disclaimers
Copyright 1998-2012 David Carney. All rights reserved.