What an astounding year 2018 was for advancing the privacy rights of all. Few would have imagined that both the U.S. House and Senate would turn their attention to comprehensive federal privacy legislation. But as news broke of Cambridge Analytica’s targeting of voters, the EU’s General Data Protection Regulation rattled global businesses, and California passed a sweeping privacy law, the privacy landscape saw dramatic changes.
Even before any of these developments took place, the team at CDT rolled up our sleeves and started the hard work of crafting a privacy law that would put the rights of individuals first. We convened diverse stakeholders to craft our model bill, facilitating difficult conversations across sectors, party lines, and ideologies. Most importantly, we prioritized the voices of organizations and individuals working every day to address the real impact data can have on people and the harm it can do, especially to those who have been historically marginalized.
Our bill represents a fresh, aspirational approach to privacy, where some uses of data are always off-limits. We turned the old model of “notice and choice” on its head, recognizing that there are simply some rights we shouldn’t be able to sign away.
Of course, privacy legislation is just one part of our portfolio. Every day, the talented team at CDT works tirelessly to advocate for the digital rights of all, enabling new voices to be heard online, securing our election systems so people are confident their vote counts, and pushing back against government efforts to deploy invasive technologies that monitor citizens and visitors.
We take our advocacy to the halls of the European Parliament, the U.S. Capitol, statehouses, and the courts. We also go directly to companies, large and small, to influence how they develop and deploy technology that services democracy worldwide. We’re building bold new partnerships and striving for policy solutions.
Looking ahead, it’s clear that we must rethink the old paradigms governing our data-driven world and return power to the individual. The Center for Democracy & Technology is leading the way forward. We’re grateful to all of our partners and supporters who inspire us each day and make our work possible.
Opposing Laws that Chill Legal Speech
In attempting to address the serious issue of sex trafficking, Congress passed a law that has already had a chilling effect on online speech. FOSTA creates broad new categories of illegal speech and weakens strong liability protections for online content hosts, without evidence that it actually reduces trafficking. CDT actively opposed the law before it was passed and is an amicus in Woodhull v. U.S., which challenges the law on First Amendment grounds.
Suing the FCC for Repealing Net Neutrality Protections
Mobile technology is putting health data directly in the hands of individuals, allowing them to gain new insight into their bodies and minds. These tools have the potential to improve personal health, yet many mHealth apps also carry risks of producing interventions based on biased data. In our paper, Healgorithms: Understanding the Potential for Bias in mhealth Apps, we uncover places of potential bias and offer recommendations for how to avoid them.
Applying a Human Rights Framework to Cross Border Data Demands
Proposals easing law enforcement access to data flowing across borders advanced in the U.S. and the European Union. CDT called on policymakers in Europe to amend the e-Evidence proposals to promote the human rights of European citizens and others with respect to their data. In the U.S., while we secured some improvements, CDT ultimately opposed the CLOUD Act because it did not require judicial authorization for law enforcement access to internet users’ data. Prior to the CLOUD Act making the case moot, CDT filed an amicus brief in U.S. v. Microsoft, calling for warrant requirements for data stored in another country.
Winning at the Supreme Court on Cell Location Information
In a victory for the Fourth Amendment, the Supreme Court found that a warrant is required when a suspect has a legitimate privacy interest in records held by a third party. In Carpenter v. U.S., the government obtained four months of cell-site location information while investigating a series of robberies, without getting a warrant. The Supreme Court decision was directly aligned with the amicus brief CDT filed in the case.
When the European Union’s General Data Protection Regulation (GDPR) took effect in May, policymakers in the U.S., as well as general consumers in both the U.S. and EU, wanted to know what it meant for U.S. companies and the data rights of global citizens. CDT was a leading voice in highlighting the benefits of the new law, while noting some shortfalls that could be addressed in future laws.
Discussing the Future of Speech Online
For the second year, CDT partnered with the Charles Koch Institute and the Freedom Forum Institute on a day-long symposium, The Future of Speech Online. 1A from WAMU and NPR joined as a partner for the event, which explored how online communities can create new connections and break down barriers, but can also spread misinformation and drive polarization. Speakers included MIT’s Ethan Zuckerman, former White House Deputy CTO Nicole Wong, and Shannon Watts of Moms Demand Action.
Stopping the Automation of Extreme Vetting
When U.S. Immigration and Customs Enforcement (ICE) announced that it was looking for machine-learning tools to continuously monitor U.S. visitors’ and immigrants’ social media posts to predict who should be allowed into the country and who should be deported, CDT aggressively opposed the effort. Working alongside other advocates, we influenced ICE’s final decision to not pursue an automated solution.
Improving Trust in VPNs
Virtual private networks (VPNs) are a tool for people wanting to take more control of their online privacy. But not all VPNs are created equal. To help consumers better assess their trustworthiness, CDT developed a series of questions and recommendations for VPN providers that, when addressed, serve as a strong signal for which VPN can be trusted with your personal browsing information.
Promoting Greater Transparency Around Online Content Moderation
Major tech companies make countless decisions each day about what user- generated content to remove or promote. To enhance the free expression rights of internet users, CDT has advocated for increased transparency around content moderation tools and policies, which culminated in significantly improved transparency practices from some major platforms.
Exploring the Limits of Automated Content Moderation
Today’s tools for automating social media content analysis have limited ability to parse the nuanced meaning of human communication. In our paper, Mixed Messages, we explain the capabilities and limitations of tools for analyzing the text of social media posts and other online content.
Saying No to the Unnecessary Collection of Social Media Identifiers
The U.S. State Department proposed collecting social media identifiers used in the last five years from 14.7 million immigrant and nonimmigrant visa applicants. CDT quickly filed and joined comments in opposition, highlighting its detrimental impact on free speech and association.
Bringing Tech Policy to Playlists
Now with more than 25,000 plays, CDT’s podcast, Tech Talk, brings hours of engaging and informative conversations about tech and internet policy. Tech Talk is available on SoundCloud, iTunes, and Google Play, as well as Stitcher and TuneIn.
Scooting Toward Better Privacy for Dockless Mobility
Challenging the EU’s Approach to Online Terrorist Content
The European Commission released a draft regulation on preventing the dissemination of terrorist content online that has profound implications on free speech rights. The far- reaching proposal would regulate and restrict various types of online content, both legal and illegal, while mandating proactive monitoring and removal of content. CDT offered a series of recommendations to improve the proposed regulation and will continue to engage throughout the legislative process.
Informing Congress in the Wake of Cambridge Analytica
After the news that data from Facebook was shared with Cambridge Analytica and used for political profiling during the 2016 U.S. presidential election, Congress held hearings to uncover what happened and begin the process of addressing such data misuses. CDT was front and center during these hearings, testifying on key issues, preparing questions for members of Congress, and engaging the broader public in the debate through the media.
Protecting Security Researchers
Security researchers often need to circumvent digital locks to effectively do their job, but provisions of the Digital Millennium Copyright Act put such efforts in an uncertain legal zone. CDT asked the the U.S. Copyright Office to remove many of the limitations and conditions so that researchers could legally protect against flaws in everything from cars to medical devices. The Office granted most of our requested exemptions.
Addressing Privacy Concerns Around School Safety Proposals
In the wake of tragedy, Florida passed the Marjory Stoneman Douglas High School Public Safety Act. Aimed at improving school safety, it will lead to the collection and integration of large amounts of data without first proving this effective, establishing boundaries on its use, or articulating clear data protocols. CDT is working to educate policymakers on the privacy and security risks for students that can result from this type of legislation.
Supporting Strong Encryption in Australia
CDT has long advocated for strong encryption and against any mandated backdoors in technology for law enforcement. We took our advocacy efforts to Australia to oppose a controversial law that would mandate breaking encryption for law enforcement and intelligence access. Unfortunately, the law passed, but CDT will continue its staunch opposition to weakening encryption and putting the privacy and security of everyday citizens at risk.
Elevating Free Speech Concerns with the EU’s Copyright Directive
As part of its Digital Single Market Strategy, the European Parliament advanced a troubling copyright directive that would greatly impact the free speech rights of internet users. The proposed directive would mandate the use of content identification technology by intermediaries to prevent users from uploading unlicensed copyrighted content. CDT is one of the leading advocacy groups opposing this mandate, which will certainly lead to the censoring of legal speech.
A Closer Look
FEATURE 1 OF 3
ADVANCING A FEDERAL PRIVACY LAW TO PROTECT OUR DIGITAL RIGHTS
Privacy is a fundamental human right. Physical safety, free expression, access to justice, and economic security depend on it. For too long, Americans’ digital privacy has varied widely, hinging on the technologies and services we use, the companies that provide those services, and our capacity to navigate confusing notices and settings. It’s time for Congress to pass legislation providing comprehensive protections for personal information that can’t be signed away.
To advance this dialogue, CDT released a draft federal privacy bill for discussion, becoming the first and only civil society group to do so. CDT’s proposed federal privacy legislation is a novel approach that:
Puts the fundamental rights of individuals first,
Moves beyond the failed models of notice and choice,
Creates affirmative obligations for data protection, and
Tackles civil rights issues head-on.
We developed our proposal in consultation with other members of civil society, industry, and policymakers on both sides of the aisle and at every level of government. The bill rethinks the relationship between businesses and the people whose data they hold, and establishes sensible limits on data collection, use, and sharing so that people can entrust their data to companies without accepting unreasonable risk.
Designing meaningful, workable privacy protections is no easy task, but CDT is committed to making a rights-based federal privacy law in the United States a reality. We hope our draft proposal will inspire feedback and collaboration from all stakeholders and serve as a resource for decision makers who seek to rebalance our privacy ecosystem in favor of users.
FEATURE 2 OF 3
IMPROVING THE PRIVACY OF STUDENTS
Over the last decade, the education sector has embraced the power of data and technology to improve student outcomes, but its efforts to fulfill legal and ethical responsibilities have not always kept pace. When educators, administrators, and educational technology companies fail to meet their responsibilities to protect students’ privacy and appropriately use data about them, they jeopardize public trust and put individuals at risk.
To address these issues, CDT leveraged its longstanding expertise and expanded its focus on student privacy in 2018. We provide solutions-oriented resources for education practitioners and the technology providers who work with them. These resources center on the student, and balance the promises and pitfalls of education data and technology with protecting the privacy rights of students and their families.
In 2018, we hosted multi-stakeholder workshops that brought together education leaders, privacy and civil rights advocates, and the EdTech industry to develop solutions to student privacy challenges around important topics. These included balancing data deletion and retention and ensuring that data-driven school safety initiatives do not compromise students’ privacy and autonomy.
In 2019, we look forward to another year of advancing understanding, informed discussions, and practical solutions surrounding student privacy, including data portability for students who move, algorithmic decision- making in areas like school safety and early warning systems, and data integration for educating the whole child.
FEATURE 3 OF 3
MAKING THE 2018 MIDTERM ELECTION MORE SECURE
Core to a healthy democracy are free and secure elections. In recent years, sophisticated disinformation operations and aging computerized election infrastructure have eroded the confidence of voters, and placed core democratic principles at risk. CDT worked to address key election cybersecurity issues in 2018, including election official training, technical volunteer capacity building, and robust post-election auditing.
In preparation for November’s midterm elections, CDT brought our cybersecurity expertise to all levels of government. We conducted direct outreach to more than 300 state and local election officials, and produced usable cybersecurity materials tailored to the threats that election officials are likely to face and the tools they need to respond. On the global stage, we also worked to identify flaws in new voting systems used in places like the Democratic Republic of the Congo. When all was said and done, no major cyber-related incidents disrupted the vote during the 2018 U.S. midterm elections.
The 2018 elections demonstrated that modernizing election infrastructure and combating foreign disinformation will both be elevated priorities for the future. From high levels of humidity impacting the functioning of voting machines in New York to other voting machines flipping some selections in Texas, broken, missing, and flawed equipment dominated the headlines. These incidents resulted in long lines, distrustful voters, and in some cases, lawsuits challenging the validity of the outcome.
The November 2020 general election will come quickly, and CDT, state legislators, and local election officials are already preparing. In 2019, CDT is committed to helping state legislators and local election officials continue securing their elections and improving the voting experience. To set them up for success, we will convene election vendors and security researchers, provide commentary on state and federal legislation, and provide guidance for implementing post-election audits.
CDT is committed to sound financial stewardship
and transparency. We have received clean audits each year from an independent auditing firm, and have the highest possible ratings from nonprofit watchdogs Charity Navigator and GreatNonprofits. Our profuse thanks to our 2018 donors who made our work possible. Visit cdt.org/financials for more information.
THANK YOU TO OUR SUPPORTERS
Amazon • Apple • Chan Zuckerberg Initiative DAF of the Silicon Valley Community Foundation • Facebook • Google • John D. and Catherine T. MacArthur Foundation • Microsoft • Verizon
Charles Koch Foundation • Democracy Fund • Ford Foundation • John Lilly & Kathy Howe • Oath • Open Society Foundations • Twitter
Amazon Web Services • Anonymous • Intel • Mayer Brown • Mozilla • Palantir • Niels Provos • Randy Reddig • Uber • Cameron Walters
Ancestry.com • Anonymous • AT&T • BSA | The Software Alliance • Consumer Technology Association • Dell • Jesse Dorogusker & Jennifer DiBrienza • DuckDuckGo • Intuit • N.P. et al v. Standard Innovation Corp. d/b/a We-Vibe cy pres • Tim O’Reilly & Jennifer Pahlka • Rapid7 • Robert Wood Johnson Foundation • R Street Institute • Samba TV • Symantec • Visa
THANK YOU TO OUR SUPPORTERS
Adam Albright • American Express • Anonymous • Arnold & Porter • Beard Family Charitable Gift Fund • Boies Schiller Flexner • Brunswick Group • CenturyLink • Civil Justice Reform Group • Comcast • Covington & Burling • Dropbox • Entertainment Software Association • Expedia • Frankfurt Kurnit Klein & Selz • Hogan Lovells • Internet Association • Ivan Krstic • Jenner & Block • JPMorgan Chase • Kaspersky Lab • Kelley Drye & Warren • Kelson Foundation • Latham & Watkins • Longhill Charitable Foundation • Lyft • Manatt, Phelps & Phillips • Mehlman Castagnetti Rosen & Thomas • Monument Advocacy • Mostyn Foundation • National Retail Federation • Netflix • Neustar • Perkins Coie • Andrew Pincus • Promontory Financial Group • Red Hat • Russell Reynolds Associates • Andrew Sutherland • Twilio • UnitedHealth Group • Verisign • The Walt Disney Company • Wilmer Cutler Pickering Hale and Dorr • Wilson Sonsini Goodrich & Rosati • Yelp Foundation • ZwillGen
121 Strategies & Government Relations • Activision Blizzard • Akin Gump • Anonymous • Annie Anton & Peter Swire • Banner & Witcoff • William Bernstein • Booz Allen Hamilton • Julie Brill • Charles Koch Institute • CompTIA • Computer & Communications Industry Association • Democracy Fund • DLA Piper • Gemalto • Lisa Hayes & Tom Henneberg • Jim Halpert • Huawei Technologies USA • Interactive Advertising Bureau • International Association of Privacy Professionals • Katten Muchin Rosenman • Carl & Jurate Landwehr • LinkedIn • Loeb & Loeb • Mastercard • Nuala O’Connor & Peter Bass • Partnership on AI • Postmates • Public Affairs Council • Ropes & Gray • Salesforce • Starbucks • T-Mobile • TwinLogic Strategies • Univision Communications / Fusion Media Group • Wilkinson Barker Knauer • Yoti
THANK YOU TO OUR SUPPORTERS
American Tower • Brookings Institution • Data Quality Campaign • Denis & Gail Hayes • Todd Hinnen • ICANN • Internet Society • Kevin Laughlin • Sidley Austin • Steptoe & Johnson • Stiftung Neue Verantwortung • The German Marshall Fund of the United States • David Vladeck
Alexander von Humboldt Institute for Internet and Society • American Bar Association • David Ascher • Tyler Bosmeny • Joyce Brocaglia • Brothers Industry Fund of the Goldman Sachs Philanthropy Fund • Daniel Carroll • Clearforce • Davis Wright Tremaine • Paul Diaz • Ditchley Foundation • Future of Privacy Forum • Rafael Garcia • Goldstein & Russell • Goodwin Procter • Britanie Hall • Christopher L. & Sherrie G. Hall • Leslie Harris • Bruce Heiman • Peter Hustinx • Internet Archive • Cameron Kerry • Kountoupes Denham • Lafayette Strategies • Barbara Lawler • Travis LeBlanc • Gary McGraw & Amy Barley • Edward McNicholas • Bruce Mehlman • David Mindell • Eric & Lauren Muhlheim • Deirdre Mulligan • John Penney B. & Julie M. Rousseau • Public Interest Registry • Alan Raul • Reed Smith • Eric Rescorla • Philippa Scarlett • Jeffrey Silverman • Timothy Sparapani • Wireless Infrastructure Association • Josh Wiseman • Yale University • Yelp
IN 2018, CDT HAD $6,378,835 IN REVENUE:
IN 2018, CDT HAD $5,823,058 IN EXPENSES:
Board & Council
William Bernstein (Chair) Manatt, Phelps & Phillips, LLP
Julie Brill Microsoft
Alan Davidson Mozilla Corporation
Edward Felten Princeton University
Peter Hustinx The Netherlands
Carl Landwehr George Washington University
Travis LeBlanc Cooley LLP
Bruce Mehlman Mehlman Castagnetti Rosen & Thomas
Su-Lin Cheng Nichols Lafayette Strategies
Nuala O’Connor Center for Democracy & Technology
Andrew Pincus Mayer Brown
Philippa Scarlett White House (former)
Mark Seifert Brunswick Group
David Vladeck Georgetown University Law Center
J. Becky Burr
Cordell Carter III
Laura Cox Kaplan
Nancy Libin, Co-Chair
Danny Weitzner, Co-Chair
*Organizations listed for identification purposes only.