LETTER FROM OUR CEO

What an astounding year 2018 was for advancing the privacy rights of all. Few would have imagined that both the U.S. House and Senate would turn their attention to comprehensive federal privacy legislation. But as news broke of Cambridge Analytica’s targeting of voters, the EU’s General Data Protection Regulation rattled global businesses, and California passed a sweeping privacy law, the privacy landscape saw dramatic changes.

Even before any of these developments took place, the team at CDT rolled up our sleeves and started the hard work of crafting a privacy law that would put the rights of individuals first. We convened diverse stakeholders to craft our model bill, facilitating difficult conversations across sectors, party lines, and ideologies. Most importantly, we prioritized the voices of organizations and individuals working every day to address the real impact data can have on people and the harm it can do, especially to those who have been historically marginalized.

Our bill represents a fresh, aspirational approach to privacy, where some uses of data are always off-limits. We turned the old model of “notice and choice” on its head, recognizing that there are simply some rights we shouldn’t be able to sign away.

Of course, privacy legislation is just one part of our portfolio. Every day, the talented team at CDT works tirelessly to advocate for the digital rights of all, enabling new voices to be heard online, securing our election systems so people are confident their vote counts, and pushing back against government efforts to deploy invasive technologies that monitor citizens and visitors.

We take our advocacy to the halls of the European Parliament, the U.S. Capitol, statehouses, and the courts. We also go directly to companies, large and small, to influence how they develop and deploy technology that services democracy worldwide. We’re building bold new partnerships and striving for policy solutions.

Looking ahead, it’s clear that we must rethink the old paradigms governing our data-driven world and return power to the individual. The Center for Democracy & Technology is leading the way forward. We’re grateful to all of our partners and supporters who inspire us each day and make our work possible.


Nuala O’Connor

Highlights

2018

Opposing Laws that Chill Legal Speech

In attempting to address the serious issue of sex trafficking, Congress passed a law that has already had a chilling effect on online speech. FOSTA creates broad new categories of illegal speech and weakens strong liability protections for online content hosts, without evidence that it actually reduces trafficking. CDT actively opposed the law before it was passed and is an amicus in Woodhull v. U.S., which challenges the law on First Amendment grounds.

Suing the FCC for Repealing Net Neutrality Protections

CDT filed suit against the Federal Communications Commission over the agency’s plans to repeal net neutrality. Ensuring that all internet traffic is treated equally is good for both consumers and business, and CDT will continue working to protect an open internet.

Mitigating Bias in Mobile Health Apps

Mobile technology is putting health data directly in the hands of individuals, allowing them to gain new insight into their bodies and minds. These tools have the potential to improve personal health, yet many mHealth apps also carry risks of producing interventions based on biased data. In our paper, Healgorithms: Understanding the Potential for Bias in mhealth Apps, we uncover places of potential bias and offer recommendations for how to avoid them.

Applying a Human Rights Framework to Cross Border Data Demands

Proposals easing law enforcement access to data flowing across borders advanced in the U.S. and the European Union. CDT called on policymakers in Europe to amend the e-Evidence proposals to promote the human rights of European citizens and others with respect to their data. In the U.S., while we secured some improvements, CDT ultimately opposed the CLOUD Act because it did not require judicial authorization for law enforcement access to internet users’ data. Prior to the CLOUD Act making the case moot, CDT filed an amicus brief in U.S. v. Microsoft, calling for warrant requirements for data stored in another country.

Winning at the Supreme Court on Cell Location Information

In a victory for the Fourth Amendment, the Supreme Court found that a warrant is required when a suspect has a legitimate privacy interest in records held by a third party. In Carpenter v. U.S., the government obtained four months of cell-site location information while investigating a series of robberies, without getting a warrant. The Supreme Court decision was directly aligned with the amicus brief CDT filed in the case.

Focusing on the Tech for Good at Tech Prom

At our annual dinner, Tech Prom, Kickstarter Founder and Chairman Perry Chen was honored with the CDT Digital Visionary Award. Nearly 1,000 of the most influential minds from today’s tech policy world attended the event, which focused on how technology can be used for good.

Translating GDPR for Policymakers and Consumers

When the European Union’s General Data Protection Regulation (GDPR) took effect in May, policymakers in the U.S., as well as general consumers in both the U.S. and EU, wanted to know what it meant for U.S. companies and the data rights of global citizens. CDT was a leading voice in highlighting the benefits of the new law, while noting some shortfalls that could be addressed in future laws.

Discussing the Future of Speech Online

For the second year, CDT partnered with the Charles Koch Institute and the Freedom Forum Institute on a day-long symposium, The Future of Speech Online. 1A from WAMU and NPR joined as a partner for the event, which explored how online communities can create new connections and break down barriers, but can also spread misinformation and drive polarization. Speakers included MIT’s Ethan Zuckerman, former White House Deputy CTO Nicole Wong, and Shannon Watts of Moms Demand Action.

Stopping the Automation of Extreme Vetting

When U.S. Immigration and Customs Enforcement (ICE) announced that it was looking for machine-learning tools to continuously monitor U.S. visitors’ and immigrants’ social media posts to predict who should be allowed into the country and who should be deported, CDT aggressively opposed the effort. Working alongside other advocates, we influenced ICE’s final decision to not pursue an automated solution.

Improving Trust in VPNs

Virtual private networks (VPNs) are a tool for people wanting to take more control of their online privacy. But not all VPNs are created equal. To help consumers better assess their trustworthiness, CDT developed a series of questions and recommendations for VPN providers that, when addressed, serve as a strong signal for which VPN can be trusted with your personal browsing information.

Promoting Greater Transparency Around Online Content Moderation

Major tech companies make countless decisions each day about what user- generated content to remove or promote. To enhance the free expression rights of internet users, CDT has advocated for increased transparency around content moderation tools and policies, which culminated in significantly improved transparency practices from some major platforms.

Exploring the Limits of Automated Content Moderation

Today’s tools for automating social media content analysis have limited ability to parse the nuanced meaning of human communication. In our paper, Mixed Messages, we explain the capabilities and limitations of tools for analyzing the text of social media posts and other online content.

Saying No to the Unnecessary Collection of Social Media Identifiers

The U.S. State Department proposed collecting social media identifiers used in the last five years from 14.7 million immigrant and nonimmigrant visa applicants. CDT quickly filed and joined comments in opposition, highlighting its detrimental impact on free speech and association.

Bringing Tech Policy to Playlists

Now with more than 25,000 plays, CDT’s podcast, Tech Talk, brings hours of engaging and informative conversations about tech and internet policy. Tech Talk is available on SoundCloud, iTunes, and Google Play, as well as Stitcher and TuneIn.

Scooting Toward Better Privacy for Dockless Mobility

Dockless mobility services, such as scooters, generate a tremendous amount of data and are certain to serve as a template for cities racing to create new standards to collect and analyze mobility data. CDT is working to ensure that key privacy and security practices are part of these efforts.

Challenging the EU’s Approach to Online Terrorist Content

The European Commission released a draft regulation on preventing the dissemination of terrorist content online that has profound implications on free speech rights. The far- reaching proposal would regulate and restrict various types of online content, both legal and illegal, while mandating proactive monitoring and removal of content. CDT offered a series of recommendations to improve the proposed regulation and will continue to engage throughout the legislative process.

Informing Congress in the Wake of Cambridge Analytica

After the news that data from Facebook was shared with Cambridge Analytica and used for political profiling during the 2016 U.S. presidential election, Congress held hearings to uncover what happened and begin the process of addressing such data misuses. CDT was front and center during these hearings, testifying on key issues, preparing questions for members of Congress, and engaging the broader public in the debate through the media.

Protecting Security Researchers

Security researchers often need to circumvent digital locks to effectively do their job, but provisions of the Digital Millennium Copyright Act put such efforts in an uncertain legal zone. CDT asked the the U.S. Copyright Office to remove many of the limitations and conditions so that researchers could legally protect against flaws in everything from cars to medical devices. The Office granted most of our requested exemptions.

Addressing Privacy Concerns Around School Safety Proposals

In the wake of tragedy, Florida passed the Marjory Stoneman Douglas High School Public Safety Act. Aimed at improving school safety, it will lead to the collection and integration of large amounts of data without first proving this effective, establishing boundaries on its use, or articulating clear data protocols. CDT is working to educate policymakers on the privacy and security risks for students that can result from this type of legislation.

Supporting Strong Encryption in Australia

CDT has long advocated for strong encryption and against any mandated backdoors in technology for law enforcement. We took our advocacy efforts to Australia to oppose a controversial law that would mandate breaking encryption for law enforcement and intelligence access. Unfortunately, the law passed, but CDT will continue its staunch opposition to weakening encryption and putting the privacy and security of everyday citizens at risk.

Elevating Free Speech Concerns with the EU’s Copyright Directive

As part of its Digital Single Market Strategy, the European Parliament advanced a troubling copyright directive that would greatly impact the free speech rights of internet users. The proposed directive would mandate the use of content identification technology by intermediaries to prevent users from uploading unlicensed copyrighted content. CDT is one of the leading advocacy groups opposing this mandate, which will certainly lead to the censoring of legal speech.

A Closer Look

FEATURE  1 OF 3

ADVANCING A FEDERAL PRIVACY LAW TO PROTECT OUR DIGITAL RIGHTS

Privacy is a fundamental human right. Physical safety, free expression, access to justice, and economic security depend on it. For too long, Americans’ digital privacy has varied widely, hinging on the technologies and services we use, the companies that provide those services, and our capacity to navigate confusing notices and settings. It’s time for Congress to pass legislation providing comprehensive protections for personal information that can’t be signed away.

To advance this dialogue, CDT released a draft federal privacy bill for discussion, becoming the first and only civil society group to do so. CDT’s proposed federal privacy legislation is a novel approach that:

  • Puts the fundamental rights of individuals first,
  • Moves beyond the failed models of notice and choice,
  • Creates affirmative obligations for data protection, and
  • Tackles civil rights issues head-on.

We developed our proposal in consultation with other members of civil society, industry, and policymakers on both sides of the aisle and at every level of government. The bill rethinks the relationship between businesses and the people whose data they hold, and establishes sensible limits on data collection, use, and sharing so that people can entrust their data to companies without accepting unreasonable risk.

Designing meaningful, workable privacy protections is no easy task, but CDT is committed to making a rights-based federal privacy law in the United States a reality. We hope our draft proposal will inspire feedback and collaboration from all stakeholders and serve as a resource for decision makers who seek to rebalance our privacy ecosystem in favor of users.

FEATURE  2 OF 3

IMPROVING THE PRIVACY OF STUDENTS

Over the last decade, the education sector has embraced the power of data and technology to improve student outcomes, but its efforts to fulfill legal and ethical responsibilities have not always kept pace. When educators, administrators, and educational technology companies fail to meet their responsibilities to protect students’ privacy and appropriately use data about them, they jeopardize public trust and put individuals at risk.

To address these issues, CDT leveraged its longstanding expertise and expanded its focus on student privacy in 2018. We provide solutions-oriented resources for education practitioners and the technology providers who work with them. These resources center on the student, and balance the promises and pitfalls of education data and technology with protecting the privacy rights of students and their families.

In 2018, we hosted multi-stakeholder workshops that brought together education leaders, privacy and civil rights advocates, and the EdTech industry to develop solutions to student privacy challenges around important topics. These included balancing data deletion and retention and ensuring that data-driven school safety initiatives do not compromise students’ privacy and autonomy.

CDT also produced practical resources that education practitioners and the companies that work with them can use. To address the growing need for privacy capacity in education, we released a resource that describes the current status of chief privacy officers in education, how they can help, and practices that make them successful.

In 2019, we look forward to another year of advancing understanding, informed discussions, and practical solutions surrounding student privacy, including data portability for students who move, algorithmic decision- making in areas like school safety and early warning systems, and data integration for educating the whole child.

FEATURE  3 OF 3

MAKING THE 2018 MIDTERM ELECTION MORE SECURE

Core to a healthy democracy are free and secure elections. In recent years, sophisticated disinformation operations and aging computerized election infrastructure have eroded the confidence of voters, and placed core democratic principles at risk. CDT worked to address key election cybersecurity issues in 2018, including election official training, technical volunteer capacity building, and robust post-election auditing.

In preparation for November’s midterm elections, CDT brought our cybersecurity expertise to all levels of government. We conducted direct outreach to more than 300 state and local election officials, and produced usable cybersecurity materials tailored to the threats that election officials are likely to face and the tools they need to respond. On the global stage, we also worked to identify flaws in new voting systems used in places like the Democratic Republic of the Congo. When all was said and done, no major cyber-related incidents disrupted the vote during the 2018 U.S. midterm elections.

The 2018 elections demonstrated that modernizing election infrastructure and combating foreign disinformation will both be elevated priorities for the future. From high levels of humidity impacting the functioning of voting machines in New York to other voting machines flipping some selections in Texas, broken, missing, and flawed equipment dominated the headlines. These incidents resulted in long lines, distrustful voters, and in some cases, lawsuits challenging the validity of the outcome.

The November 2020 general election will come quickly, and CDT, state legislators, and local election officials are already preparing. In 2019, CDT is committed to helping state legislators and local election officials continue securing their elections and improving the voting experience. To set them up for success, we will convene election vendors and security researchers, provide commentary on state and federal legislation, and provide guidance for implementing post-election audits.

Financials

2018

CDT is committed to sound financial stewardship
and transparency. We have received clean audits each year from an independent auditing firm, and have the highest possible ratings from nonprofit watchdogs Charity Navigator and GreatNonprofits. Our profuse thanks to our 2018 donors who made our work possible. Visit cdt.org/financials for more information.

THANK YOU TO OUR SUPPORTERS


200k+

Amazon • Apple • Chan Zuckerberg Initiative DAF of the Silicon Valley Community Foundation • Facebook • Google • John D. and Catherine T. MacArthur Foundation • Microsoft • Verizon

100k+

Charles Koch Foundation • Democracy Fund • Ford Foundation • John Lilly & Kathy Howe • Oath • Open Society Foundations • Twitter

50k+

Amazon Web Services • Anonymous • Intel • Mayer Brown • Mozilla • Palantir • Niels Provos • Randy Reddig • Uber • Cameron Walters

25k+

Ancestry.com • Anonymous • AT&T • BSA | The Software Alliance • Consumer Technology Association • Dell • Jesse Dorogusker & Jennifer DiBrienza • DuckDuckGo • Intuit • N.P. et al v. Standard Innovation Corp. d/b/a We-Vibe cy pres • Tim O’Reilly & Jennifer Pahlka • Rapid7 • Robert Wood Johnson Foundation • R Street Institute • Samba TV • Symantec • Visa

THANK YOU TO OUR SUPPORTERS


10k+

Adam Albright • American Express • Anonymous • Arnold & Porter • Beard Family Charitable Gift Fund • Boies Schiller Flexner • Brunswick Group • CenturyLink • Civil Justice Reform Group • Comcast • Covington & Burling • Dropbox • Entertainment Software Association • Expedia • Frankfurt Kurnit Klein & Selz • Hogan Lovells • Internet Association • Ivan Krstic • Jenner & Block • JPMorgan Chase • Kaspersky Lab • Kelley Drye & Warren • Kelson Foundation • Latham & Watkins • Longhill Charitable Foundation • Lyft • Manatt, Phelps & Phillips • Mehlman Castagnetti Rosen & Thomas • Monument Advocacy • Mostyn Foundation • National Retail Federation • Netflix • Neustar • Perkins Coie • Andrew Pincus • Promontory Financial Group • Red Hat • Russell Reynolds Associates • Andrew Sutherland • Twilio • UnitedHealth Group • Verisign • The Walt Disney Company • Wilmer Cutler Pickering Hale and Dorr • Wilson Sonsini Goodrich & Rosati • Yelp Foundation • ZwillGen

5k+

121 Strategies & Government Relations • Activision Blizzard • Akin Gump • Anonymous • Annie Anton & Peter Swire • Banner & Witcoff • William Bernstein • Booz Allen Hamilton • Julie Brill • Charles Koch Institute • CompTIA • Computer & Communications Industry Association • Democracy Fund • DLA Piper • Gemalto • Lisa Hayes & Tom Henneberg • Jim Halpert • Huawei Technologies USA • Interactive Advertising Bureau • International Association of Privacy Professionals • Katten Muchin Rosenman • Carl & Jurate Landwehr • LinkedIn • Loeb & Loeb • Mastercard • Nuala O’Connor & Peter Bass • Partnership on AI • Postmates • Public Affairs Council • Ropes & Gray • Salesforce • Starbucks • T-Mobile • TwinLogic Strategies • Univision Communications / Fusion Media Group • Wilkinson Barker Knauer • Yoti

THANK YOU TO OUR SUPPORTERS


2.5k+

American Tower • Brookings Institution • Data Quality Campaign • Denis & Gail Hayes • Todd Hinnen • ICANN • Internet Society • Kevin Laughlin • Sidley Austin • Steptoe & Johnson • Stiftung Neue Verantwortung • The German Marshall Fund of the United States • David Vladeck

1k+

Alexander von Humboldt Institute for Internet and Society • American Bar Association • David Ascher • Tyler Bosmeny • Joyce Brocaglia • Brothers Industry Fund of the Goldman Sachs Philanthropy Fund • Daniel Carroll • Clearforce • Davis Wright Tremaine • Paul Diaz • Ditchley Foundation • Future of Privacy Forum • Rafael Garcia • Goldstein & Russell • Goodwin Procter • Britanie Hall • Christopher L. & Sherrie G. Hall • Leslie Harris • Bruce Heiman • Peter Hustinx • Internet Archive • Cameron Kerry • Kountoupes Denham • Lafayette Strategies • Barbara Lawler • Travis LeBlanc • Gary McGraw & Amy Barley • Edward McNicholas • Bruce Mehlman • David Mindell • Eric & Lauren Muhlheim • Deirdre Mulligan • John Penney B. & Julie M. Rousseau • Public Interest Registry • Alan Raul • Reed Smith • Eric Rescorla • Philippa Scarlett • Jeffrey Silverman • Timothy Sparapani • Wireless Infrastructure Association • Josh Wiseman • Yale University • Yelp

REVENUE


IN 2018, CDT HAD $6,378,835 IN REVENUE:

CDT REVENUE

EXPENSES


IN 2018, CDT HAD $5,823,058 IN EXPENSES:

CDT EXPENSES

Board & Council

BOARD MEMBERS*

William Bernstein (Chair)
Manatt, Phelps & Phillips, LLP

Julie Brill
Microsoft

Alan Davidson
Mozilla Corporation

Edward Felten
Princeton University

Peter Hustinx
The Netherlands

Carl Landwehr
George Washington University

Travis LeBlanc
Cooley LLP

Bruce Mehlman
Mehlman Castagnetti Rosen & Thomas

Su-Lin Cheng Nichols
Lafayette Strategies

Nuala O’Connor
Center for Democracy & Technology

Andrew Pincus
Mayer Brown

Philippa Scarlett
White House (former)

Mark Seifert
Brunswick Group

David Vladeck
Georgetown University Law Center

ADVISORY COUNCIL

John Bailey
Stephen Balkam
Alvaro Bedoya
Alyssa Betz
Mark Bohannon
Catherine Brooks
J. Becky Burr
Jon Callas
Dan Caprio
Cordell Carter III
Pablo Chavez
Soraya Chemaly
Alissa Cooper
Maura Corbett
Bob Corn-Revere
Laura Cox Kaplan
James Dempsey
Peter Dengate
Nicholas Diamand
Patrick Dolan
Erin Egan
Caroline Elkin
Donna Epps
Nick Feamster
Harley Geiger
Michael Gottlieb
Marc Groman
Jim Halpert
Mona Hamdy
Leslie Harris
Jessica Herrera-Flanigan
Todd Hinnen
Jane Horvath
Gus Hosein
Fred Humphries
Brian Huseman
Christopher Kelly
Cameron Kerry
Karen Kornbluh
Adam Kovacevich
Nancy Libin, Co-Chair
Elliot Maxwell
Stephanie Martz
Caroline Mccarthy
Deven Mcgraw
Katie Moussouris
Eric Muhlheim
Michael Nelson
David Olive
Chan Park
Lydia Parnes
Michael Petricone
Renate Samson
Ari Schwartz
Jonah Seiger
Jon Selib
Nico Sell
Tim Sparapani
Anne Toth
Tokë Vandervoort
Justin Weiss
Danny Weitzner, Co-Chair
Heather West
Christopher Wolf
Jessie Woolley-Wilson


*Organizations listed for identification purposes only.