Why Obama’s ‘big data’ report matters

“Big data,” meet “big mo.”

Lawmakers and privacy advocates are hopeful that the release of the White House’s “big data” report could lend momentum to surveillance, data security and privacy legislation that is pending in Congress.

The White House report was commissioned by President Obama in response to last year’s controversy over National Security Agency surveillance, and completed by White House advisor John Podesta and other administration officials.

{mosads}The report was released this month, and contained a slew of reform recommendations, including changes to email surveillance, the creation of a national data breach standard and the establishment of a baseline for consumer privacy.

Those recommendations dovetail nicely with the priorities of privacy advocates, who are hopeful that broadly supported legislation reforming email surveillance under the Electronic Communications Privacy Act (ECPA) will now make it across the finish line.

Under the 1986 law, law enforcement officials do not need a warrant to access emails that are more than 180 days old.

While it’s clear that the law was not written with modern email in mind, civil agencies like the Securities and Exchange Commissions have resisted the legislative overhaul, arguing they need the power to perform warrantless email searches in their investigations.

But lawmakers aren’t buying that argument.

In the House, the Email Privacy Act, which would require a warrant for email access, has 209 cosponsors. 

Rep. Kevin Yoder (R-Kans.), who authored the Email Privacy Act, said there is growing support for the “common sense” bill.

It “has overwhelming bipartisan support with new co-sponsors being added every day,” and “momentum is continuing to build as the public learns more about government agencies reading Americans’ emails and spying on them without due process and without a warrant,” he said in a statement The Hill.

Despite the strong backing for Yoder’s bill, the House Judiciary Committee has not yet taken up a bill to reform the email searches.

“Even though there’s substantial support … no action has been scheduled” by House Judiciary Chairman Bob Goodlatte (R-Va.), Rep. Zoe Lofgren (D-Calif.) said.

Lofgren has her own bill that would reform ECPA and require law enforcement officials to obtain a warrant for access to geolocation information. That portion “is pretty important” for comprehensive privacy reform, she said.

Lofgren said she didn’t know if the Big Data report would give momentum to ECPA reform.

“My Republican colleagues are not big fans of the president,” she said, adding that she hopes “they will not discount” the report.

“We are starting to run out of time,” she said.

A House Judiciary aide said Goodlatte “is working closely” with committee members and outside groups “to identify ECPA reform priorities and geolocation privacy standards.”

“Chairman Goodlatte is interested in pursuing more comprehensive reforms to ensure that the statute sets forth greater civil liberties protections for Americans and clear, long-term investigative procedures for law enforcement,” the aide said.

Some advocates are optimistic that Goodlatte will take up the reform bill now his committee succeeded has unanimously passed a bipartisan bill to curb government surveillance.

“Given the strong push for surveillance reform we saw this week, it’s clear there’s an appetite to do privacy reform this Congress,” said Chris Calabrese, legislative counsel at the ACLU for privacy issues.

On the other side of the Capitol, Senate Judiciary Chairman Patrick Leahy (D-Vt.) is championing his own ECPA reform proposal.

Last year, the Judiciary Committee passed a bill from Leahy and Sen. Mike Lee (R-Utah) that would require law enforcement officials to obtain a warrant to access emails. 

Though the bill sailed through committee with bipartisan support, it has not yet come up on the Senate floor.

Leahy told The Hill that he is hopeful the big data report will get the ball moving again.

“The White House has dragged its feet for a long time, but I hope this might help,” he said.

The big data report also called on Congress to pass a law that would create a uniform notification requirement for companies that suffer from data breaches.

Following a spate of high profile hacks — including a data breach at Target that affected tens of millions of people — Congress has focused on whether current law is adequate to protect consumers.

The Federal Trade Commission (FTC) brings action against companies that do not adequately protect their users’ data, but members of the agency, including Chairman Edith Ramirez, have asked Congress for the ability to bring civil penalties as well.

Republican FTC Commissioner Maureen Ohlhausen said she is “somewhat optimistic about some kind of data security and breach notification legislation, given the FTC’s bipartisan support for such legislation and the ongoing reports of data breaches.” 

“The White House report is one of the many factors that may help contribute to passage of such legislation,” Ohlhausen told The Hill.

Others are less optimistic about the prospects for a data breach bill.

Paul Martino, a partner at Alston & Bird and co-chair of the firm’s privacy and data security practice, noted Congress has tried and failed to pass such legislation in the past.

“There have been data breach bills for nine years, and there is a reason they haven’t passed,” Martino said.

Martino said the complexity of writing legislation that preempts a “patchwork of 47 state laws,” along with attempts to create carve outs for companies, have repeatedly derailed legislation.

Rounding out the legislative wish list for privacy groups, the White House’s review called on the Department of Commerce to advance the “Consumer Privacy Bill of Rights” that Obama first proposed in 2012.

The report directs the Commerce Department to gather stakeholder input and craft legislation to codify those principles. A Commerce Department spokeswoman said that process would begin “soon.”

“The White House big data report has reinvigorated the conversation about baseline privacy legislation, including how legislation can appropriately account for big data’s benefits and risks,” FTC Commissioner Julie Brill said in a statement to The Hill.

Brill called on the administration “to release a proposed bill to further this important discussion” once it has solicited and processed stakeholder input.

The Commerce Department is likely to seek public comment on general privacy principles and go from there to craft a bill, according to Justin Brookman, director of the Center for Democracy and Technology’s Project on Consumer Privacy.

“The administration has wanted to do this for awhile,” but larger conversations about government surveillance has “superseded some of those discussions,” he said.

Still, Martino isn’t optimistic about action on legislation.

“I don’t see a bill like that being able to pass Congress,” he said, because the U.S. has taken a “sector-specific” approach to privacy law.

He said the big data report and efforts by the FTC have helped to fuel a needed debate about consumer privacy.

“Having a public conversation among government and industry on these issues is a good first step.”