FCC Draws Line in the Net Neutrality Sand

In what is arguably the end of the beginning of the fights over net neutrality, the Federal Communications Commission (FCC) voted yesterday, 3-2 to establish rules intended to “preserve the Internet as an open network enabling consumer choice, freedom of expression, user control, competition and the freedom to innovate.” Since both court and legislative challenges were anticipated well in advance of yesterday’s vote, and each of the five Commissioners has a different take on the order (their statements are available at the FCC website), the vote is the start of something, rather than the end. Preliminary reactions from the public suggest a division of opinion comparable (but perhaps not identical) to that of the Commission.

The order is explained as part of OpenInternet.gov, but the full text is not currently available. There are three basic rules:

Transparency: Providers of broadband Internet service must publicly disclose information about their network management practices and terms of services to allow consumers to make informed choices and for application/service/content/device providers to develop their products and services for operation on those networks.

No Blocking: Providers of fixed broadband Internet services (this includes cable modems, DSL, and fixed wireless – though there is some confusion in press reports on this last point) cannot block lawful services, applications, content or non-harmful devices, unless subject to reasonable network management. The same is true for applications that might compete with providers’ telephony services (in other words, this should ensure that Voice Over Internet Protocol or Skype services can be used on a Comcast or Verizon network).

No Unreasonable Discrimination: Providers of fixed broadband services cannot unreasonably discriminate in transmitting lawful network traffic to consumers. Reasonable network management does not constitute unreasonable discrimination.

The FCC is pointedly exempting mobile networks (primarily cellular telephones) from the last two rules, under the presumption that the infrastructure and/or competitors in this space are not sufficiently mature to allow for completely open network management. This will likely be a point of contention in some circles, but will not likely attract as much attention as the fights over whether the FCC is within its authority to establish these rules, or whether the need for them exists. Those fights should last for years, absent bad behavior from a broadband provider.

Commerce Department and Federal Trade Commission Seek Guidance on Online Privacy

In the first half of December the Federal Trade Commission (FTC) and the Commerce Department’s Internet Policy Task Force (IPTF) each issued reports focused on privacy online. In both cases the reports are meant as the next step in a process of consultation and feedback between these agencies, the public, and relevant stakeholders. As the Congress has struggled and failed to advance online privacy legislation over the last several years, it may be the executive branch that provides the best chance for future government action on privacy online. Comments are being taken on each report, and must be submitted by late January.

The FTC report was released on December 1. Titled “Protecting Consumer Privacy in an Era of Rapid Change,” the report provides a detailed history of the Commission’s activities in the area of online privacy, including the two models that guide their enforcement actions – notice-and-choice (consumers must be given notice and choice when their information is collected) and harm-based (actions caused specific kinds of harm to consumers). Recognizing that the landscape of information collection is changing rapidly, the Commission believes a new consumer privacy framework is in order. It’s outlined on page ix (13 in the digital copy) and explained in further detail starting on page 39 (53 in the digital copy). The basic principles are:

  • Companies should integrate privacy into their regular business operations (a Privacy by Design approach)
  • Consumer choice needs to be presented in a more streamlined fashion than current practice
  • Companies should increase the transparency all of their data practices, including those in the parts of their business that don’t engage with consumers directly

Of particular note is the FTC’s recommendation to adopt a Do-Not-Track capability, perhaps in a browser setting, that would provide the kind of online protection comparable to the Do-Not-Call registry to prevent calls from telemarketers.

The Commerce Department’s IPTF released its report on December 16. The Task Force is coming from a slightly different perspective than the Commission. The Commerce Department’s mission is to support domestic commercial activity, so the Task Force wants to make sure privacy can be protected without undue burden to companies. The Commission is more concerned with ensuring proper trade practices and protecting consumer interests.

That said, both reports emphasize following at least some of what are considered fair information practice principles (FIPPs). The FTC considers those to be notice, choice, consent, access, security and enforcement. Other constructions of FIPs (which informed the USACM privacy policy) include guidance on data minimization and data retention.

The IPTF report focuses on FIPPs in several of its recommendations (described in further detail in Appendix A, with related questions for which the Task Force seeks public comment):

  • Adopt a baseline commercial data privacy framework (which the report calls a Dynamic Privacy Framework) built on an expanded set of FIPPs.
  • FIPPs regarding enhancing transparency; encouraging greater detail in purpose specifications and use limitations; and fostering the development of verifiable evaluation
    and accountability should receive high priority.
  • Voluntary, enforceable codes of conduct should address emerging technologies and issues not covered by current application of baseline FIPPs. To encourage the development of such codes, the Administration should consider a variety of options, including (a) public statements of Administration support; (b) stepped up FTC enforcement; and © legislation that would create a safe harbor for companies that adhere to appropriate voluntary, enforceable codes of conduct that have been developed through open, multistakeholder processes.
  • Using existing resources, the Commerce Department should establish a Privacy Policy Office (PPO) to serve as a center of commercial data privacy expertise. The proposed PPO would have the authority to convene multi-stakeholder discussions of commercial data privacy implementation models, best practices, codes of conduct, and other areas that would benefit from bringing stakeholders together; and it would work in concert with the Executive Office of the President as the Administration?s lead on international outreach on commercial data privacy policy. The PPO would be a peer of other Administration offices and components that have data privacy responsibilities; but, because the PPO would focus solely on commercial data privacy, its functions would not overlap with existing Administration offices. Nor would the PPO would have any enforcement authority.
  • The FTC should remain the lead consumer privacy enforcement agency for the U.S. Government.
  • The U.S. government should continue to work toward increased cooperation among privacy enforcement authorities around the world and develop a framework for mutual recognition of other countries? commercial data privacy frameworks. The United States should also continue to support the APEC Data Privacy Pathfinder project as a model for the kinds of principles that could be adopted by groups of countries with common values but sometimes diverging privacy legal frameworks.
  • Consideration should be given to a comprehensive commercial data security breach framework for electronic records that includes notification provisions, encourages companies to implement strict data security protocols, and allows States to build upon the framework in limited ways. Such a framework should track the effective protections that have emerged from State security breach notification laws and policies.
  • A baseline commercial data privacy framework should not conflict with the strong sectoral laws and policies that already provide important protections to Americans, but rather should act in concert with these protections.
  • Any new Federal privacy framework should seek to balance the desire to create uniformity and predictability across State jurisdictions with the desire to permit States the freedom to protect consumers and to regulate new concerns that arise from emerging technologies, should those developments create the need for additional protection under Federal law.
  • The Administration should review the Electronic Communications Privacy Act (ECPA), with a view to addressing privacy protection in cloud computing and location-based services. A goal of this effort should be to ensure that, as technology and market conditions change, ECPA continues to appropriately protect individuals? expectations of privacy and effectively punish unlawful access to and disclosure of consumer data.

Again, both reports have requested public comment. Check the relevant notices for the IPTF and FTC reports for specific instructions.

PCAST Issues Report on NITRD program

On December 16 the President’s Council of Advisers on Science and Technology (PCAST) issued the latest in its Congressionally required assessments of the Networking and Information Technology Research and Development program (NITRD). The report is now available at:


You can watch the webcast of the report release here: http://www.tvworldwide.com/events/pcast/101216/

If you want to review a condensed version of the report, check out the press release or this briefing from Ed Lazowska, one of the co-chairs of the report, at the November PCAST meeting.

The introductory letter in the report offers a good summary of the report’s conclusions (NIT – Networking and Information Technology):

“PCAST finds that NITRD is well coordinated and that the U.S. computing research community, coupled with a vibrant NIT industry, has made seminal discoveries and advanced new technologies that are helping to meet many societal challenges. Importantly, however, PCAST also finds that a substantial fraction of the NITRD multi-agency spending summary represents spending that supports R&D in other fields, rather than spending on R&D in the field of NIT itself. As a result, the Nation is actually investing far less in NIT R&D than the $4 billion-plus indicated in the Federal budget. To achieve America?s priorities and advance key research frontiers to support economic competitiveness in NIT, this report calls for a more accurate accounting of this national investment and recommends additional investments in NIT R&D, including research in networking and information technology for health, energy and transportation, and cyber-infrastructure, among others.”

The conclusions about how NITRD money is spent is not an allegation of inappropriate spending. The finding is that NITRD spending is not typically reported with sufficient detail to ensure that the funds are spent on research and development in NIT. What they find is a lot of spending on infrastructure and applications of NIT that should really count as infrastructure and applications spending in other fields.

The report recommendations are spread across several areas:

Helping Achieve America’s Priorities (NIT work directed toward health care, transportation, security, education, etc.)
Investing in Research Frontiers (includes HPC, trustworthy systems, cybersecurity, scalable systems)
Technological and Human Resources (focused on research infrastructure and relevant STEM education)
NITRD Coordination Process and Structure (strengthen the coordination capacity of NITRD and its coordinating office, and expand the reach of the program)

Chief Technology Officer Vivek Kundra indicated that they were seeking public comment on the report, though the official Federal Register notice has not been published yet. According to this page from the NITRD website, comments are due January 31.

Computer Science Education Week Extends Its Reach

This is a repost from Blog@CACM, the blog connected to Communications of the ACM It was written by Debra Richardson, Chair of the 2010 Computer Science Education Week, and ACM Director of Public Policy Cameron Wilson.

The 2nd annual Computer Science Education Week (CSEdWeek) wrapped up last week, and thanks to some incredible partner support and engagement from the computing community it was a smashing success. With a new website providing targeted resources and more than 270 CSEdWeek-related events and activities we were able to engage students, parents, teachers and the computing community around the world.

What started out last year as an idea by Professor Joel Adams (Calvin College) has grown into a full fledged community effort supported by the United States Congress. This year’s effort, Chaired by Debra Richardson (one of the authors of this article), was a collaborative effort of the Association for Computing Machinery (ACM), National Science Foundation (NSF), Computer Science Teachers Association (CSTA), National Center for Women & IT (NCWIT), WGBH, Computing Research Association (CRA), Anita Borg Institute for Women in Technology (ABI), Microsoft, Google, SAS, Intel, and the Defense Advanced Research Projects Agency (DARPA). CSEdWeek is also a major awareness building activity of a new coalition called Computing in the Core, a non-partisan advocacy coalition of associations, corporations, scientific societies, and other non-profits that strive to elevate computer science education to a core academic subject in K-12 education.

This year we asked the computing community and our partners to get out in their communities and spread the word about the impact of computing and the dire need for better computer science education. They answered the call. We had a diversity of pledges from around the world to hold events and carry out activities.

Here is a small sampling:

  • The University of California, Berkley hosted more than 250 students at an all-day event featuring activities and speakers
  • In Woodridge, Illinois a teacher launched a tech club in her junior high school
  • Microsoft in Cambridge, MA hosted 50 technology- and accounting-focused high school students
  • A K-12 teacher in India conducted an activity called Inter-House Computer Science Quiz, which was designed by students to test the level of computer science knowledge in high school students.
  • The ACM Student Chapter at The City University of New York (CUNY) visited the CUNY High Performance Computing Center
  • Multiple campuses of the University of Toronto hosted approximately 340 9th grade students and their teachers for a full-day event exploring computer science with hands-on workshops and large-group sessions.

The Canadian universities were particularly active, with more than 25 campuses hosting CSEdWeek events ranging from computing camps to public videos and various student competitions to CSUnplugged sessions.

We also saw some major national coverage of CSEdWeek this year. The White House blog featured CSEdWeek as story of the week and tweeted a celebratory message in binary! The US Secretary of Education, Arne Duncan, highlighted CSEdWeek on his blog. And our major corporate partners spread the word with Microsoft’s CTO, Google’s Director of Education, and SAS’s CEO highlighting computer science education week to their employees, customers, and the public at large.

CSEdWeek received almost 1700 pledges of support from 45 states in the US (in addition to DC, Guam and Puerto Rico) and 34 other countries. 45% of the pledges came from Massachusetts and California, while the highest pledging cities included Marlborough and Shrewsbury, Massachusetts and Irvine, California. Over 33% of the support pledges came from K-12 students, 17% from college students, and 15% from K-12 teachers. These statistics indicate that we achieved our goal of engaging students and teachers as well as the computing community around the world.

These were all noteworthy accomplishments for CSEdWeek, which is really still in its infancy, but our work isn’t over. We need the computing communities support and engagement over the next 12 months in building to next year’s celebration to make it even bigger. There a few things you can still do to support CSEdWeek:

  • Pledge your support for CSEdWeek;
  • Become a supporter and get involved with Computing in the Core, which will do outreach on K-12 issues throughout the year review;
  • If you held an event or did an activity for the week tell us your story (and if you held an event or did an activity and didn’t pledge, go ahead and pledge first and then tell us your story);
  • Check out the resources we have complied to showcase computer science education; and,
  • Review the events held this year and begin planning for what you might do during CSEdWeek 2011.

Thank you to all those involved in this year’s celebration, and we look forward to even bigger and better CSEdWeek in 2011!

White House Issues Federal IT Reform Plan

Last Thursday the national Chief Information Officer (CIO), Vivek Kundra, issued an implementation plan for reforming federal information technology. It’s a very detailed effort, and some parts of the plan will require Congressional authorization. The full plan is available online.

As Mr. Kundra explains in a blog post, the plan comes as part of an ongoing effort by the Office of Management and Budget to take a close look at federal information technology projects to try and rein in cost overruns and other wasteful spending. The results he lists so far are notable:

The bottom line is that we?ve reduced lifecycle cost by $1.3 billion, and cut the time for delivery of functionality down by more than half, from two to three years down to an average of 8 months.

In reviewing 38 total projects, we have significantly accelerated delivery in 12 projects, with increased functionality coming online every few quarters rather than every few years, and reduced the scope or terminated 15 others, achieving a total of $3 billion in lifecycle budget reductions.

The plan represents an acceleration of present efforts to review, change or terminate existing projects, many of them within the next 18 months. Perhaps the most significant part of the plan is a shift of computing to ‘the cloud,’ where each agency would move three services it provides to the cloud within 18 months (2 of them within 12 months). Depending on the nature of the services and anticipated demand, the clouds used could be commercially available, developed and operated by the federal government, or in conjunction with state and local agencies. Ensuring security of these clouds and the privacy of the associated data should be foremost on the minds of agency staff as they effect this transition. Unfortunately, privacy is not mentioned in that section of the plan.

The move to the cloud represents the biggest technology shift in the plan. Most of the plan is focused on management reform, either through changes to the processes of federal information technology (IT) management; adjustments in hiring and training of IT professionals; and better coordination of technology cycles, the federal budget, and procurement practices. It’s this last category that will require the most collaboration with Congress, and represents perhaps the biggest challenges and the biggest savings for the government.

The parts of the plan that do not need Congressional approval will move forward right away. You should be able to monitor at least some of the progress via the CIO’s website as well as various information technology dashboards either currently established or soon to be developed. Some of the deadlines for the plan are six months from now, so this should be a busy area of activity almost immediately.