All blog posts related to the issue: GPS Act
  • Amendments offered to the Cybersecurity Act of 2012

    UPDATE: Wyden Statement on Vote Against Cloture of the Cybersecurity Act

    GPS Act

    Press Release Text of Amendment | U.S News and World Report Op-Ed

    U.S. Senator Ron Wyden (D-Ore.) and U.S. Representative Jason Chaffetz (R-Utah) teamed up to write the Geolocation Privacy and Surveillance (GPS) Act, which is now being offered as an amendment to the Cybersecurity Act of 2012.

    Currently, laws pertaining to geolocation tracking have not kept pace with technology.  Judges in different jurisdictions have issued conflicting rulings about what procedures law enforcement must follow – and how much evidence is necessary – to obtain individuals’ geolocation data from private companies.  This lack of clarity creates problems for law enforcement agencies and private companies, as well as uncertainty for customers. 

    The bipartisan legislation creates a legal framework designed to give government agencies, commercial entities and private citizens clear guidelines for when and how geolocation information can be accessed and used. 

    The GPS Act requires government agencies to get a probable cause warrant to obtain geolocation information in the same way that they currently get warrants for wiretaps or other types of electronic surveillance. It also requires private companies to get customer consent before sharing their customers’ information outside the normal course of business, and outlaws “cyber-stalking” by making it a crime to secretly track someone’s movements electronically

    Click here for more information on the GPS Act

    “Stay Off My Cloud” Amendment

    Press Release | Text of Amendment

    Stay Off My Cloud puts in place several privacy protections to ensure that the government stays off your personal cloud.

    Many private companies contract with government agencies to provide information services to “continuously monitor” their networks and report to the federal government agencies in “real time or near real time” cyber incidents that jeopardize the “integrity, confidentiality, or availability of information or an information system.”

    The amendment makes it clear that service providers need only provide information about cybersecurity incidents if they pose a threat to the government’s information. Importantly, with respect to continuous monitoring and reporting requirements, operators of government information are allowed to use processes that will protect the privacy of individual or non-government, customer specific data.  

    Stay Off My Cloud prohibits individuals’ private data from being accessed by the government solely because it’s stored by a company who provides information services to a government agency.

    No Binding International Cyber Treaties without Senate Approval Amendment

    Press Release | Text of Amendment

    Title VI of the Cybersecurity Act of 2012 calls upon the Secretary of State to “develop and lead Federal Government efforts to engage with other countries to advance the cyberspace objectives of the United States, including efforts to bolster an international framework of cyber norms, governance and deterrence.”

    The administration had used similar language found in the Pro IP Act of 2008 to justify entering into binding international agreements on intellectual property as part of the Anti-Counterfeiting Trade Agreement without the advice and consent of the Senate. This amendment makes it clear that nothing in the Cybersecurity Act of 2012 shall be construed to enable the president to enter the U.S. into a binding international agreement on cybersecurity without the advice and consent of the Senate. 

  • Clear Geolocation Guidelines Are Needed to Protect Privacy Rights

    (Note: This editorial piece was originally posted on US News & World Report as part of their Debate Club series wherein lawmakers answered the question, "Should Probable Cause Be Required for Police to Use Cell Phone Location Data?")

    Before cellphones were commonplace, law enforcement's ability to track your movements was largely limited to the natural human powers of observation. As long as tracking you around the clock meant following you around the clock, it was generally safe to assume that law enforcement would only dedicate the time, energy, and resources necessary to follow you if they had a good reason. In other words, there was little risk that overreaching law enforcement would abuse its surveillance powers to track law-abiding citizens.

    Things have changed.

    Thanks to technological advancements, police departments no longer have to pay overtime or divert resources from other projects to find out where someone goes. Tracking suspects or law-abiding individuals is now as easy as accessing their GPS signals or asking a cellphone company for its customers' location records.

    While having access to geolocation data is clearly useful for law enforcement agencies, without the resource limitations that used to discourage the government from tracking you without good reason, the limits on when and how geolocation data can be accessed are unclear. A police department, for example, might not have the resources to follow everyone who lives within a city block for a month, but without clear rules for electronic tracking there is nothing to stop it from requesting every resident's cellphone location history.

    Obviously, we expect people to see us when we step out onto the street each morning, but we don't expect those people to track all of our movements over the course of days, weeks, months, or even years. A lot can be learned from our location histories, like where we go to church, what doctors we see, what political organizations we belong to, and who we spend our time with.

    Earlier this year, the Supreme Court ruled that law enforcement must to get a warrant before secretly tracking an individual with an electronic monitoring device. While it seems likely that the majority of the court would agree that secretly turning someone's cellphone into a tracking device would be similarly intrusive, law enforcement shouldn't have to go all the way to the Supreme Court every time it needs direction on how it can use tracking technology.

    Clear guidelines for accessing geolocation data won't just protect the privacy rights of law-abiding Americans—much like warrant requirements for wiretaps—they will make it possible for law enforcement to use geolocation tools with confidence that the evidence they gather will be admissible in court. Clear rules will also reassure cellphone companies that they can comply with government requests without violating their customers' privacy, and the justice system can create criminal penalties for stalkers who use geolocation tools to secretly track their victims.

    A lot has changed since 1986, when Congress last set rules for electronic privacy. It's time for Congress to step in and set a modern standard.