Encryption, Potential Data Breach Legislation, and Intermediary Liability Updates: The May 2018 Legislative Update

Congressional Outlook

The Senate voted to reverse the FCC’s repeal of the Restoring Internet Freedom Order, which repealed 2015’s Open Internet Order that enforced net neutrality. Senator Markey (D-MA), used a procedural vote under the Congressional Review Act (CRA).

The House is also entering into budget season, taking up the annual National Defense Authorization Act and appropriations bills. The current NDAA contains language banning federal agencies from using devices or products that contain ZTE and Huawei equipment, starting in 2021.

As reported last month, several Senators and Representatives introduced legislation that would address net neutrality. That includes the bills Senator Kennedy and Rep. Blackburn introduced to stop blocking and throttling and Rep. Maloney’s Save Net Neutrality Act. There has not been any movement on them, nor is there expected to be. We are also watching the consolidated cases in the DC Circuit Court of Appeals and 9th Circuit Court of Appeals. Because of the nature of multijurisdictional litigation, it may be months before any news comes from either court.

Privacy/Data Breach/Encryption

The Senate Judiciary Committee had Cambridge Analytica whistleblower Christopher Wylie testify at a May 16 hearing on data privacy. During the hearing, Senators Whitehouse, Feinstein and others discussed the need to regulate data in general terms. After the hearing, the Cybersecurity Caucus held its first bicameral meeting in a long time to note its anniversary, but also to discuss its role post-Cambridge Analytica.

Legislation to monitor:

• The Honest Ads Act (Klobuchar (D-MN)) – to prevent foreign interference in elections.
• 72-hour notification to users when personal data misused offers remedies to a user after a breach. (Klobuchar/Kennedy)
• The Consent Act. (Blumenthal (D-CT), Markey (D-MA)) The My DATA Act. (Blumenthal)
• Potential legislation on making data a privacy right or require affirmative opt-in before user data shared. (Young (R-IN))

Encryption Activity: During a speech last week, Attorney General Jeff Sessions voiced support for Congress to take up encryption legislation that would allow law enforcement the access it needs to thousands of locked wireless communications devices.

Last week, Rep. Zoe Lofgren (D-CA) re-introduced a pro-encryption bill that would bar government agencies from mandating crypto backdoors on commercial software and hardware products. The Secure Data Act, which she and Rep. Massie (R-KY) first introduced in 2014 has these cosponsors: Nadler (D-NY), Poe (R-TX), Lieu (D-CA) and Gaetz (R-FL).

We’ve long supported legislation which prevents encryption backdoors and looks forward to engaging Rep. Lofgren on the subject next month at the 2018 edition of our annual Congressional Fly-In.

Intermediary Liability Activity

Senate Section 230 Working Group: Senator Graham (R-SC) recently announced that he believed it was necessary for the Senate to continue engaging on online liability issues and intends to organize a Senate working group on Section 230. His office has not released further details.