Earlier today, ServInt signed on to a letter, spearheaded by the Center for Democracy & Technology, that was sent to leaders in the U.S. House and Senate. The letter urged reform of U.S. surveillance practices “by limiting the scope of surveillance and by substantially enhancing…privacy protections, oversight, and accountability mechanisms” — specifically through the enactment of the USA FREEDOM Act, about which we’ve written here before.
Following is a transcript of the letter. Please take a moment to look it over — then contact your elected representatives to urge them to support it. If you’re looking for the Reader’s Digest version of what’s at stake here, it boils down to this: the USA FREEDOM Act would close a wide range of loopholes in previous homeland security-related legislation that make it easy for the government to gain access to your e-mail, data, and other private information, without warrants or the protection of other elements of basic due process. Here’s the letter: Read more
For this final post on the history of U.S. Internet regulation, we need to look at one of the broadest pieces of cybersecurity policy out there – broad enough to hit just about anybody in the world. The Computer Fraud and Abuse Act (CFAA) of 1984 and its increasingly liberal interpretation have led to a state of affairs in which most U.S Internet users — you and me included — could be considered felons.
Technology is changing far faster than any government could hope to keep up. One of the many challenges of setting cybersecurity policy is that if you set requirements that are technical in nature into the law they will be outdated by the time they are passed. The law can’t be prescriptive when it comes to cybersecurity, so it ends up turning to broad generalization.
The Computer Fraud and Abuse Act is one of those laws that succumbs to broad generalization. Read more
Any discussion about PRISM centers around the concept of privacy on the Internet. For my third post on the history of U.S. Internet Legislation, I’ll focus in on the laws that govern our privacy online.
When attempting to ascertain the state of online privacy, there tends to be a lot of talk about law enforcement “abuses.” Having a basic understanding of the laws that serve as the basis for most law enforcement and Intelligence community programs that target online activity can help us determine how, and whether, things need to change.
Let’s start our brief look at those laws by imagining that I’m a U.S. Federal officer and you are an American citizen, and my goal is to go through your underwear drawer to look for suspicious activity. To do that I need a search warrant, signed off by a judge, and generally to get that I need probable cause. The Fourth Amendment to the United States constitution, which prevents unreasonable search and seizure, requires that. The Electronic Communications Privacy Act was written to codify that these fourth amendment rights also exist online. However, certain laws carve out exceptions to the warrant requirement under specific conditions.
Discussion of our privacy rights online center around what the government has and doesn’t have the right to do with our online data. In the wake of PRISM I want to define two categories through which we can explore those legal rights:
- Surveillance that is made possible by the acquisition of a search warrant by law enforcement
- Surveillance that is made possible through an exception to the warrant requirement
Below are a few common legislative acts (not an exhaustive list) that empower law enforcement to get data they seek online. Read more
With the U.S. government’s PRISM program, there has been a lot of talk recently about what the government can and will do with Internet communications. What the government can do is limited by the protections granted under various laws governing the Internet. Some of the most important laws governing protections on the Internet are nearly 20 years old and – when written – were ancillary to much broader legislation.
In 1996, when the Internet was full of promise but of questionable scope, two pieces of United States legislation were passed that helped form the basis of the commercial Internet:
Section 230 of the Communications Decency Act (CDA 230)
The Safe Harbor provisions of the Digital Millennium Copyright Act (DMCA Safe Harbor).
As the Chief Operating Officer of a web hosting company, I take a lot of pride in the work we do. Companies like ServInt are building tools for people who are using the power of the Internet to change the world. Without the protections we receive from laws like CDA 230 and DMCA Safe Harbor, this innovation would not be possible. These two laws are the pillars that hold up the U.S. commercial Internet. Read more
Any discussion of U.S. government laws relating to the Internet and programs like PRISM inevitably begin all the way back in 1986 with the passage of the Electronic Communications Privacy Act. Written before the birth of the modern Internet, ECPA is a key law that enables law enforcement to have access to data while protecting the privacy rights of citizens. ECPA is not a scary law that steals people’s Internet freedom. ECPA is simply an outdated attempt to preserve freedom in the digital arena.
What it is:
At its heart, ECPA is an attempt to try to define the scope of the Fourth Amendment (the part of the Bill of Rights which guards against unreasonable search and seizure, along with requiring any warrant to be judicially sanctioned and supported by probable cause) when it comes to digital communication. Over time, both legislation and judicial precedent have told us what is and isn’t unreasonable search and seizure when it comes to law enforcement action at our home, place of business or on a public street, but in 1986, when Congress took up the task of creating ECPA, they were attempting to outline rules for search and seizure of remotely stored digital data.
ECPA outlines the relationship between data storage providers, their customers, and law enforcement. It acknowledges that providers act as custodians and not owners of information in their possession on behalf of their customers and subscribers. It actually serves to limit the ability of providers to voluntarily disclose customer information to the government.
What should concern you: Read more
If you’ve been following the news recently, you may have heard a lot about the US government’s PRISM program, led by the NSA. There has been a lot of talk about what the government can and cannot do (or will and will not do) under PRISM, and — frankly — a lot of fear as well.
But PRISM is not a US law, it is a government surveillance program built on US laws. To fully understand what kinds of digital information the U.S. government is capable of gathering and analyzing, and under what circumstances, we need to look at the various laws enacted over the years that govern law enforcement in the digital age.
Remember when ServInt was fighting to defeat SOPA and PIPA? Those bills were associated with an attempt to legislate the Internet in some potentially very destructive ways. But SOPA and PIPA are just the tip of the iceberg when it comes to legislation you should know about if you make your living on the Internet. Some proposed laws pose serious risks to the basic concept of a free and open Internet, while others are quite well designed and deserve your full support.
Over the next few weeks, I’ll be walking you through four major legislative initiatives and their associated amendments to give you a background on what legislation you should be aware of as an informed citizen and Internet business owner. Specifically, we’ll look at: Read more
Last week ServInt released an updated SLA that covers all of our products, from VPS to dedicated to cloud. And like everyone else, we laid out the “uptime guarantee” for network, servers, support, etc. This guarantee, though, is simply a threshold, if your service dips below which, you may request hosting credits.
What’s ridiculous is the way some hosts – and some industry “experts” – glibly refer to uptime guarantees as if they were some sort of literal guarantee of future performance: “Wow, they’re offering five nines in their SLA,” “Did you hear about the host that guarantees 100% uptime?”
Uptime guarantees don’t promise what percentage of the time your server will remain online without network disruption, and they are not evidence of future network performance.
An uptime guarantee is – no matter which host you look at – simply a promise of what refund the host offers customers if there is a network outage.
And every network—even the most robust, redundant networks—at some point will experience an outage. Our last network outage was in 2004.
The question is not: Will my host have an outage in the future? They are: How likely is it that my host will be the next to experience an outage? and, How quickly and efficiently will they respond and fix any problem that occurs? Read more
This week, ServInt was one of a dozen hosts to send a letter to the Senate Judiciary Committee to support updating the Electronic Communications Privacy Act, along with the i2Coalition which coordinated the hosting industry’s participation.
The government needs a warrant based on probable cause to search our mail or the documents in our homes. It’s one of our most fundamental rights, guaranteed in the 4th Amendment of the Bill of Rights. But because of this outdated law — the ECPA — which passed in 1986 before the commercial Internet even existed, law enforcement only need a subpoena (issued without a judge’s approval) to read emails that have been opened or are more than 180 days old. Under the ECPA, communications stored on a server over 180 days are said to be abandoned. This rationale has allowed the government to demand access to older electronic communications without a warrant issued by a judge.
That’s right… the government says it doesn’t need a warrant to search through your old email.
This year, Congress is finally considering updating ECPA. ServInt plans to directly engage in this much overdue process, offering its perspective and expertise in dealing with 18 years of serving customers online and dealing responsibly with law enforcement information requests.
We know that aiding law enforcement in responsible ways doesn’t need to come at the expense of our fundamental Constitutional rights. ServInt will be carrying that message, along with other i2Coalition members, up to Capitol Hill this year.
Stay tuned to the ServInt Source where we’ll keep you updated on the status of this and other important Internet legislation.Image by g4114is.
At ServInt we are dedicated to the privacy of our customers and to the creation of sensible legislation that supports our customers but still empowers law enforcement in ways that make sense in the 21st century. It’s one of the reasons we work so hard with i2Coalition to make sure that we influence public policy in a way that’s pro-Internet innovation. It’s one of the reasons we are focused on the reform of the Electronic Communications Privacy Act (ECPA).
Anyone following the CISPA debate closely will know that in spite of the hoopla, as early as last year, Obama promised to veto the legislation should it pass Congress.
So why then would I, as part of the i2 Coalition, head up to Capitol Hill for a day of meetings with Congress as part of Internet Advocacy Day?
The answer is still CISPA, or more specifically, the culture in Congress that created CISPA.