The role that technology and the internet play in our daily lives and our democracy was profoundly illuminated this year. It began with the public defense of strong encryption waged by Apple and ended with a U.S. presidential election that shocked many, while elevating in the public conscious issues around cybersecurity, online harassment, “fake news,” and free speech. The importance of shaping sound tech policy has never been more important, and the Center for Democracy & Technology will continue to lead the way.
At CDT, we know that the best policy outcomes are achieved when diverse parties come together to seek genuine progress. We engage partners across political divides and across sectors. And while there are times different sides disagree, we continue to find that there is more that unites us than divides us, especially when we have an honest, respectful dialogue that is grounded in our shared values.
We always start with the fundamental belief that every person has the right to live with dignity. In the digital age, this means that you have the right to privacy, the right to freely express yourself online and off, and the right to live without the cloud of government surveillance looming over you. We believe that all these rights can be fully realized and that technology can be a positive force in making this happen. To achieve this vision, we must ensure that technological innovation addresses our biggest societal challenges, such as growing inequality among races, classes, and genders, and the weakening of core democratic institutions worldwide.
As you will see in this report, CDT’s team contributed to so many of the critical tech and internet policy debates and advancements in 2016. We could not do this without the support of individuals, foundations, and businesses, as well as our trusted allies in the civil liberties community. We look forward to working with you to shape a world where technology advances democratic values and empowers us all to enjoy our fundamental rights.
SHAPING STRONG BROADBAND PRIVACY RULES FOR INTERNET USERS
CDT influenced the creation of the FCC’s broadband privacy rules, which empower consumers to control how their personal information is shared. Broadband providers, who have direct access to some of our most personal digital information, now must get opt-in consent before using or sharing customer’s sensitive information. Even if they come under fire from different angles, we will defend them.
EMBEDDING PRIVACY INTO RESEARCH & DEVELOPMENT
In a first-of-its-kind partnership, CDT released a report with Fitbit about embedding strong privacy practices into the research and development (R&D) process. CDT examined Fitbit’s R&D process to help develop clear privacy guidelines and best practices for all wearable companies.
ADDRESSING THE ISSUE OF DATA ACCESS ACROSS BORDERS
In a case that has implications on both sides of the Atlantic, CDT filed a brief in support of Microsoft in its challenge to a US government demand for data the company had stored in Ireland. The Second Circuit agreed with Microsoft and CDT, stating that a US warrant should not reach this data, but instead follow the mutual legal assistance process.
INFLUENCING THE PRIVACY SHIELD AGREEMENT
When the EU-US agreement that governed data-flows between the two was nullified by a European Court―due to US government surveillance practices―CDT worked with stakeholders on both sides to help shape a new agreement that provided stronger privacy protections. While not perfect, the resulting Privacy Shield agreement has enabled data to keep flowing between the regions.
SOUND POLICIES FOR THE INDUSTRIES OF TOMORROW
Anticipating key policy issues before they fully emerge is a trademark of CDT. In 2016, we advanced new thinking on privacy and security around artificial intelligence and autonomous vehicles, while also creating a suite of resources for entrepreneurs and startups to help decode key privacy policies and laws that can impact their businesses.
OPPOSING GOVERNMENT EFFORTS TO MANDATE COMPANY MONITORING OF ONLINE CONTENT
Governments around the globe are stepping up their pressure on companies to take a more proactive role in monitoring or policing online content. We argued against the EU’s Code of Conduct for Illegal Hate Speech, which circumvents the vital role of courts in determining what speech violates the law. We also raised concerns about a corporate collaboration aimed at creating a “hash” database of online terrorist content, which could open the door for increased monitoring obligations from governments. Such government mandates for content policing are a clear threat to free speech online and create incentives for overblocking of lawful speech.
DEFENDING NET NEUTRALITY IN COURT
In 2015, the FCC enacted strong Open Internet rules that solidified net neutrality as a core foundation of the internet. CDT advocated for these strong Open Internet rules, and when they were challenged in the courts in 2016, we intervened in the case to support the rules. In US Telecom v. FCC, the DC Circuit agreed with us and ruled strongly in favor of preserving the Open Internet.
STOPPING THE GLOBAL EXPANSION OF “THE RIGHT TO BE FORGOTTEN”
When French data protection officials attempted to assert authority to censor search results around the world, CDT actively opposed these efforts and filed a joint amicus brief in the case. French authorities are taking an expansive read of the Google Spain v. AEPD and Mario Costeja Gonzales decision, which established the right of EU citizens to demand that search engines cease returning certain links to information about them in search results in EU member states. The French authorities are claiming jurisdiction over global search results; their argument that French law should bind everyone searching for information around the world would be a dangerous precedent for free expression online.
VOICING A STRONG NO ON PROPOSAL TO ASK FOR SOCIAL MEDIA IDENTIFIERS
In the summer of 2016, CDT was one of the first groups to actively oppose a proposal from the US government to ask visitors to the country to share information about their online presence on visa forms. We submitted comments, organized a coalition letter, and launched a social media campaign highlighting our free expression and privacy concerns.
PRIVACY GUIDELINES FOR DRONES
As drones become more ubiquitous, the need for strong privacy policies around their use has become essential. CDT was a key stakeholder in shaping the best practice guidelines that were released by the NTIA as part of its multistakeholder process. If applied, these guidelines protect individuals from drone operators’ ability to conduct widespread surveillance while still preserving First Amendment protections for use of drones by the media.
STANDING UP FOR STRONG ENCRYPTION IN OUR DEVICES
When the FBI sued Apple in an attempt to force the company to unlock the cellphone of a terror suspect, CDT supported the company’s stance in court: strong encryption must be protected and there must be no backdoors in our technology. Strong national security includes strong personal security, and we are proud to have fought back against this latest attempt to weaken encryption.
GETTING ECPA REFORM CLOSER TO THE FINISH LINE
The Electronic Communications Privacy Act (ECPA) was signed into law in 1986, well before the word “cloud” had anything to do with computing. CDT has led the push for ECPA reform to require a warrant for law enforcement to access user data stored in the cloud. The Email Privacy Act, which would do just that, passed by 419-0 in the House, but failed to garner enough support in the Senate.
STARTING THE DEBATE ON SECTION 702 SURVEILLANCE
Section 702 of the Foreign Intelligence Surveillance Act expires at the end of 2017, and CDT is proactively advocating for serious updates to the law, as opposed to straight reauthorization. Section 702 permits the US government to conduct broad surveillance of non-US persons abroad. We hosted a bipartisan House briefing, featuring Representatives Lofgren (D-CA) and Poe (R-TX), to start the conversation on our privacy and human rights considerations.
PROTECTING CYBERSECURITY RESEARCHERS
Cybersecurity researchers play a crucial role in reducing vulnerabilities in software, yet their work often falls into a legal gray zone because of copyright laws and other policies. CDT is conducting in-depth interviews with researchers and a broad review of the legal landscape to best determine how cybersecurity researchers can conduct their work. Without researchers’ efforts, the internet is less secure and we are all more vulnerable to hacking and breaches.
SUPPORTING MORE CYBER SECURE ELECTIONS
Our Chief Technologist Joseph Lorenzo Hall is one of the foremost experts on cybersecurity and elections, having done considerable work in California on voting machines and hacking. During the 2016 election cycle, he continued to advise different jurisdictions on the issue and was a go-to for media when questions of tampering with and hacking the election came to the fore.
HELPING PEOPLE BE MORE
Everyone should be doing more to take control of their personal cybersecurity, and to help, CDT created a series of online self-assessment quizzes. The first was debuted at SXSW and highlights the security risks associated with travel, especially international travel. The second quiz was geared towards activists and journalists, groups that face a heightened risk of cyber attacks.
SHEPHERDING A SUCCESSFUL IANA TRANSITION
After a highly politicized process, the IANA contract was officially transferred from the US government to ICANN. CDT was the leading voice for civil society throughout the process, ensuring that key functions of internet governance remain in the hands of a multistakeholder body and away from government control.
MAKING THE ENTIRE INTERNET MORE SECURE
Using HTTPS (the encrypted version of the web protocol) is a critical part of securing the entire internet. Two sectors were lagging behind in adoption―the news and adult entertainment industries―so we launched a project to increase adoptions among each. We worked closely with the Free Speech Coalition to make HTTPS a priority for its members and assisted news outlets such as Wired with their move to the secure protocol.
TECH PROM BRINGS TOGETHER THE TECH POLICY COMMUNITY
The movers and shakers of the tech policy space joined us for our annual dinner, Tech Prom, where we celebrated encryption and the right of individuals to private communications. With more than 1,000 attendees, this was our biggest Tech Prom yet. Thank you to all our supporters!
GROWING OUR REACH ON SOCIAL MEDIA
If you want the latest reports, posts, and calls to action from CDT, you should join the growing number of people that follow us on different social media platforms. We had a 167% growth in total reach on Facebook, a 16% increase in followers on Twitter, and a 33% increase in followers on LinkedIn
SPELLING OUT THE TECH POLICY PRIORITIES FOR THE NEXT ADMINISTRATION
Prior to the US election, CDT developed its tech and internet policy priorities for the incoming Administration. We delivered these recommendations directly to the Trump transition team and will advocate for their adoption. Our core messages are: there must be strong privacy protections for individuals, there cannot be backdoors in encryption, and policies should be aimed at cultivating the internet’s potential to strengthen and promote democracy and individual dignity.
TEX MEX MEETS TECH POLICY AT SXSW INTERACTIVE
Two of our favorite things came together in Austin when CDT attended SXSW Interactive: tex-mex and tech policy! We presented on five panels on topics from how to protect your digital legacy to addressing online extremist content, hosted a tech policy happy hour with the R Street Institute, and unveiled a cybersecurity self-assessment quiz at the CSM Passcode booth.
LAUNCHING A NEW ADVISORY COUNCIL AND REVITALIZING THE ACADEMIC FELLOWS PROGRAM
To bring new perspectives to our policy work andorganizational strategies, we established an Advisory Council with more than 60 members from diverse backgrounds and institutions. The Advisory Council is co-chaired by CDT founder Jerry Berman and Danny Weitzner. CDT has also reenergized our non-resident fellows program by adding new members and more directly engaging them in our core projects.
TALKING TECH ON OUR PODCAST
CDT’s podcast, Tech Talk, is now available on Soundcloud, iTunes, and Google Play and features more than 30 episodes on topics such as algorithmic fairness, cross-device tracking, education technology, and cyber bullying. Take a listen.
OPENING OUR NEW OFFICES IN DC
In February, we moved into our new offices at 1401 K Street NW. It is a bright, open design that is conducive to cross-project collaboration. We also have our signature long table to welcome all stakeholders to the core policy deliberations that often take place within our walls. In addition, to better reflect our open, inclusive, and collaborative style, CDT launched a refreshed logo and brand in 2017.
A Closer Look
FEATURE 1 OF 3
FOCUSING ON COMMUNITY, POWER, IDENTITY, AND SPEECH
CDT launched a long-term project on “community” online. We are exploring issues such as how communities form and grow, how personalization can lead to polarization, and the impact of web design and online architectures in fostering open and collaborative communities. Our goal is developing policy recommendations and best practices that will invigorate a greater sense of user engagement, empowerment, and membership in online communities.
We are examining the notion of “community” along several dimensions in order to better understand how different actors in the internet ecosystem shape the experience of users and groups. As we strive to answer the fundamental question – how does a network of individual speakers come to understand itself as a community online? – we are centering our work on three general themes:
Power. How do online platforms enable users to challenge or entrench traditional power structures and relationships online? How do different actors – governments, companies, and users – wield power over online communities?
Identity. How do individuals use online spaces to create, explore, and define singular or multiple identities, in the context of the existing power relationships?
Speech. How do content-promotion and content-enforcement mechanisms affect which individuals are heard?
As our work on these issues unfolds, we will be engaging diverse partners and bringing new perspectives to the table, with a goal of helping the internet truly be more inclusive and equitable. Issues we plan to explore in 2017 include online harassment, approaches to so-called fake news and government propaganda, and ongoing global efforts to censor speech online. We hope you’ll be a part of these important discussions.
FEATURE 2 OF 3
GROWING INFLUENCE IN THE EUROPEAN UNION
Brussels is a growing center of global tech and internet policy. The European Union makes key decisions that affect not just its own citizens, but also global norms on privacy, free expression online, net neutrality, government surveillance, data protection, and cross-border data flows. CDT has had a presence in Brussels since 2013, bringing our unique brand of pragmatic, inclusive advocacy to these important deliberations.
Early 2016 was dominated by negotiations between the European Union and United States to strike a new agreement to allow personal information to flow between the two economies, and hence enable digital commerce. The resulting agreement, the Privacy Shield, offers a partial but necessary response to broader issues of government surveillance practices in the US.
On the free expression front, CDT actively engaged in a number of critical policies. First, we cautioned against mandating online platforms to monitor or police user-generated content hosted on their sites. The European Commission’s core online platform policy statement of May 2016 steered clear of legislative mandates. However, in other initiatives, the EU targeted free expression and encouraged internet companies to step up policing of content that is viewed as illegal, harmful, or undesirable.
The EU developed a code of conduct on hate speech that forces internet companies to rapidly assess and remove alleged illegal hate speech. In a draft directive on audiovisual and media services, codes of conduct are proposed as a means to deal with both hate speech and content that is unsuitable for minors. Since 2015, the European police agency Europol has run an internet referral unit focused on flagging extremist content and requesting removal based on a company’s terms of service rather than the law.
CDT views all of these efforts as extreme threats to free expression, as the idea of “privatized law enforcement” gains a foothold and governments attempt to force intermediaries into the role of censors. We battle back by pushing for transparency, judicial oversight, and user rights to appeal. The fundamental principle must remain that courts, not companies, determine the boundaries of lawful expression online as well as offline.
Perhaps most concerning is a proposed directive on copyright in the digital single market, which if adopted would seriously erode intermediary liability and impose general monitoring obligations on internet platforms. It would also create a new neighboring right that would enable news publishers to control, license, and monetize links to their online content. The result of these proposals would be a breakdown of the way the internet currently functions, with intermediaries forced into a much more active role in limiting what users can see and create. The consequences for free expression and innovation and enterprise would be severe.
Finally, CDT is supporting a filing in the French State Council challenging an order from the French Data Protection Authority for search engines to implement so-called “Right To Be Forgotten” delisting on a global basis. This would mean that search engines must delist search results not only when searches are performed from a European location, but worldwide. Our brief, filed together with several other free expression advocacy groups, stresses that free expression restrictions in one country should not affect access to information in other countries. No country should have a veto over what citizens of other countries see online.
CDT continues to build its team and capability to influence policy at European and international levels.
FEATURE 3 OF 3
FAIRNESS AND ONLINE PERSONALIZATION
Personalization might be the gold standard of modern business models, but how do people really feel about the practice? Does it matter what traits companies use to target us? CDT partnered with a team from the UC Berkeley School of Information to answer these questions. Not surprisingly, people have strong feelings about what is fair when it comes to targeting them online, and we saw a major public policy battle in 2016 on this exact issue.
Funded by a grant from the Berkeley Center for Technology, Science, and Policy and the Berkeley Center for Long-Term Cybersecurity, the researchers looked at multiple contexts for personalization – search, pricing, advertising – as well as different data types, including race, gender, and location. Our research suggests that people are largely uncomfortable with personalization based on race and proxies thereof, regardless of the source and accuracy. On a scale of -3 to 3, with a negative score expressing an unfavorable view of personalization, the results for race-based personalization ranged from -0.29 to -1.66. People felt differently about personalization within these contexts, but no use of race-based data was viewed as fair.
Facebook faced a high-profile example of this discomfort when it announced a partnership with Universal Pictures to show different versions of the trailer for the movie “Straight Outta Compton” to groups of people with different “ethnic affinities.” In the wake of the announcement, journalists, civil rights advocates, and academics raised concerns about the risks of segregating our online experience based on interests related to ethnicity, and specifically the risks of allowing advertisers of credit, housing, and employment opportunities to target or exclude populations based on race. CDT worked with Facebook and a community of civil rights groups to help address these concerns, and the company recently announced they are making changes that ban the use of ethnic affinity for this category.
This type of research is another way CDT creates positive change. By demonstrating the real impact of automated personalization, we help companies understand that certain data types are likely to be viewed as unfair or inappropriate as the basis for certain decisions. Even more, good practices are good for business; companies do not want to alienate customers. Fairer and more transparent algorithmic decision-making will thus help shape a more equitable internet, which will be important to businesses and society as a whole.
CDT is committed to sound financial stewardship and transparency. We have received clean audits each year from an independent auditing firm and have the highest possible ratings from nonprofit watchdogs Charity Navigator and GreatNonprofits. Our profuse thanks to our 2016 donors who made our work possible. Visit cdt.org/financials for more info.
CDT HAD $5,591,243 IN EXPENSES:
THANK YOU TO OUR SUPPORTERS
Aboudi v. T-Mobile USA Cy Pres Award | Amazon | Anonymous Individual | Apple | Facebook | Ford Foundation | Google | Kaspersky Lab | MacArthur Foundation | Microsoft | Mozilla Foundation | Open Society Foundations | William and Flora Hewlett Foundation
AT&T |Cisco Systems | Palantir Technologies | Robert Wood Johnson Foundation via the Qualcomm Institute, University of California San Diego | Verisign | Yahoo!
Airbnb | Anonymous Foundation | Bertelsmann Foundation | BSA | The Software Alliance | Consumer Technology Association | Digital Trust Foundation | Ford Foundation-Media Democracy Fund Technology Exchange | Intel Corporation | Intuit | LinkedIn | LinkedIn User Privacy Litigation Cy Pres Award | Manatt, Phelps & Phillips | Nokia | Pitney Bowes | Qualcomm | Rapid7 | Twitter | Verizon Communications | Visa
Abdullah Byanooni v. Merrill Lynch Cy Pres Award | Allegro Group | American Express | Andrew Pincus | Arnold & Porter | Art Coviello | Brunswick Group | Covington & Burling | CTIA | Data Foundry | Davis Wright Tremaine |Dropbox | Expedia | Herb Block Foundation | Hogan Lovells | IBM | Jenner & Block | Kelley Drye & Warren | Mehlman Castagnetti Rosen Bingel & Thomas | Monument Policy Group | Mozilla | Netflix | Neustar | Nielsen | Perkins Coie | Promontory Financial Group | Sidley Austin | Software & Information Industry Association | The Walt Disney Company | Uber | WilmerHale | Wilson Sonsini Goodrich & Rosati | ZwillGen
THANK YOU TO OUR SUPPORTERS
21st Century Fox | Akin Gump | Alliance of Automobile Manufacturers | Alston & Bird | Annie Antón and Peter Swire | Black Rock Group | Black Rock Group | Bond & Associates | CenturyLink | Digital Context Next | eBay | Fenwick & West | Ghostery | Glen Echo Group | Holland & Knight | Huawei | Hunton & Williams | ICANN | Interactive Advertising Bureau | International Association of Privacy Professionals | Internet Society | Jochum Shore & Trossevin | Lisa Hayes and Tom Henneberg | Naspers | OneTrust | Pandora | PayPal | Starbucks Coffee Company | Steptoe & Johnson | StubHub | T-Mobile | U.S. Chamber of Commerce | Wilkinson Barker Knauer | Yelp
Activision | Blizzard | Caroline Elkin | David Vladeck | Deidre Mulligan | DLA Piper | Douglas Lowenstein | Eric Rescorla | Erika Rottenberg | Fertileland.com | James Halpert | King | Nuala O’Connor | Thomas Goldstein | William Bernstein
Bruce Heiman | Bruce Wonnacott | Carl and Jurate Landwehr | CloudFlare | Denis and Gail Hayes | Elaine Call | Harley Geiger | Jerry Berman | Jill Lesser | Judith Duavit Vazquez | Laura Borst | Leslie Harris | Linnea Solem | Mark Seifert | Markle Foundation | Paul Brigner | Public Interest Registry | Red Hat | Stanley J. and Laura G. Wiegand | The Raben Group
Board & Council
William Bernstein Manatt, Phelps & Philips, LLP
Julie Brill Hogan Lovells
Carl Landwehr George Washington University
Jill Lesser JAL Consulting, LLC
Douglas Lowenstein DSL Strategies, Inc.
Deirdre Mulligan CDT Board Chair; University of California
Nuala O’Connor Center for Democracy & Technology
Andrew Pincus Mayer Brown
Erika Rottenberg Twilio; Wix; LinkedIn (ret.)
Mark Seifert Brunswick Group
David Vladeck Georgetown University Law Center
Danny Weitzner MIT Internet Policy Research Initiative
Bob Boorstin Len Cali
Aimee Rogstad Guidera
Geo rey Stone
Peter Dengate Thrush
*organizations listed for identification purposes only