Earlier this month, Engine held its first briefing of the year: a conversation around the ways that startups are harnessing big data to drive innovation and develop targeted solutions for some of society’s greatest challenges. The event was headlined by Reps. Blake Farenthold (R-TX) and Derek Kilmer (D-WA), who were joined by a distinguished panel of startup leaders and policy analysts.
Engine Statement on House Passage of Email Privacy Act
Today, the U.S. House of Representatives passed the widely supported, broadly bipartisan Email Privacy Act, making this the second consecutive year that this common-sense update to the Electronic Communications Privacy Act (ECPA) has passed the House. The bill makes a critical update to existing digital privacy laws that clarifies that law enforcement must obtain a warrant—except in certain clearly defined emergencies—before accessing an individual's electronic communications.
Engine Welcomes House Reintroduction of the Email Privacy Act
Engine commends Congressman Kevin Yoder (R-KS), Congressman Jared Polis (D-CO), Congressman Bob Goodlatte (R-VA), Congressman John Conyers (D-MI), and the bill’s other cosponsors for today’s reintroduction of the Email Privacy Act, legislation that would make critical reforms to our nation’s outdated outdated digital privacy laws.
2016 Year in Review: Privacy + Security
Privacy and security issues were top of mind for policymakers once again in 2016: the Apple-FBI battle pushed questions around encryption to the forefront; massive data breaches and cyberattacks called attention to cybersecurity issues; uncertainty around data transfers between the U.S. and EU persisted; and the heated debate around government access to digital communications thrust electronic privacy reform back into the spotlight. But even with all of these prominent debates, 2016 did not see much actual legislative movement. It’s unclear what will come to pass next year, but we are hopeful that any policies Congress or the new Administration pursue take into account the unique needs and realities of the evolving startup ecosystem.
Startup News Digest 12/23/16
A Big Year for Startup Policy in 2016. The Startup News Digest will be taking a hiatus over the holidays, but you can still get your startup policy fill on our blog. Yesterday, we began publishing Year in Review posts on some of 2016’s most notable debates in tech and entrepreneurship. Watch this space for reports on capital access, intellectual property, net neutrality, emerging technologies, and more over the coming days. Thanks for all of your support in 2016, and we’ll catch you in the new year!
Republicans Release Their Party Platform
As the Republican National Convention kicked off this Monday, the GOP also released the final draft of their party’s platform. The platform, which was written with input from the party’s base sourced via www.platform.gop, included generous mentions of issues important to the startup community.
Statement on Approval of EU-U.S. Privacy Shield Agreement
In the months since the original Safe Harbor agreement was invalidated by the European Court of Justice, the startup community has been in legal limbo awaiting resolution. The approval of this revised trans-Atlantic data-transfer framework brings much needed certainty for American startups with European users.
40 Startups Tell Congress: Encryption Matters
Tech Companies Take Stock of the Brexit
As the dust settles from last week’s stunning Brexit vote, the broader tech community, which staunchly supported remaining a part of the European Union (EU), is taking stock of the potential repercussions of the decision. While the United Kingdom (UK) and the EU still have to negotiate the exact terms of the deal (assuming the British can cobble together a new government committed to the Brexit), uncertainty surrounds several key issues important to the tech community.
Engine Statement on House Passage of Email Privacy Act
Today, the U.S. House of Representatives passed the widely supported, broadly bipartisan Email Privacy Act by a unanimous vote of 419-0. The bill would make long overdue updates to the Electronic Communications Privacy Act (ECPA) to bring our digital privacy laws into the 21st century. Specifically, the bill would clarify that law enforcement must obtain a warrant—except in certain clearly defined emergencies—before accessing individuals’ electronic communications.
The Tech Community Is Mobilizing Against the Burr-Feinstein Encryption Bill
It is hard to overstate how incredibly dangerous and foolish the Burr-Feinstein “Compliance with Court Orders Act of 2016” draft legislation is and even harder to believe it was coauthored by California’s senior senator, Dianne Feinstein, D-Calif., and Sen. Richard Burr, R-N.C.
Engine Statement on House Judiciary Committee Approval of ECPA Reform Bill
Apple, Encryption, and the Future of Digital Security
This week, a U.S. District Court judge ruled that Apple must assist the Federal Bureau of Investigation (FBI) by providing technical assistance to help the Bureau unlock the iPhone used by one of the San Bernardino shooters. While a resolution to this litigation is far off (due to likely appeals), the case has suddenly catapulted the debate over privacy, security, and encryption into the headlines of nearly every major news outlet in the United States and beyond. And though this case is specific to Apple—the manufacturer and licensor of the hardware and embedded software—the ramifications of the final decision in the case may have a profound impact, both in the technology industry and beyond.
While this isn’t the first time that policymakers have grappled with serious questions related to encryption and digital security—just last year, the White House backed away from a proposal seeking “backdoors” into encrypted devices after a multitude of stakeholders spoke out about the dangers of such anti-security measures—it is likely the most difficult case yet involving such issues. Certainly, the FBI has a strong interest in thoroughly investigating terrorist activity and preventing such acts in the future. Technology companies also care deeply about stopping criminal activity, which is why this is such a difficult problem: though the FBI’s request is tailored to investigating a specific terrorist activity, it will ultimately weaken security standards and may lead to serious vulnerabilities that will put countless consumers at risk.
In the past, Apple has cooperated with law enforcement to unlock phones in order to gain access to information, at least when doing so was technologically feasible. This situation is slightly different, as the court order requires Apple to create an entirely new version of Apple’s operating system (OS) to allow the government to circumvent security features that Apple built into its OS to prevent brute force attacks. This software will effectively make brute force attacks on encrypted devices possible—whether it’s the FBI attempting to brute force the phone or anyone else that has access to the software. Though the FBI says it intends to use this modified OS in this situation only, the spate of high-profile hacks and data breaches over the past year (including a breach of sensitive government information) should cast doubt on any such guarantees.
And, while some may argue that Apple’s strong opposition to the FBI’s request in this case demonstrates that any future requests for similar security circumvention activities will be limited to only the most extreme circumstances, that only holds true if the company being tasked with providing access to encrypted information has the resources to mount such a robust legal challenge. The startups that are responsible for so much of the tech sector’s growth have nowhere near the legal resources needed to fight spurious requests for dangerous encryption backdoors. Establishing a precedent that obligates companies to undermine the security measures that keep millions of consumers and their data safe from criminals will only increase the chances that these security circumvention technologies are employed in spurious cases or, worse, fall into the wrong hands.
Law enforcement is fully justified in attempting to do everything possible to prevent future terrorist attacks, just as Apple is fully justified in arguing that what the FBI wants could have serious negative repercussions for the security of its users. But, the security vulnerabilities that could arise by forcing Apple to undermine the strong encryption technologies it has built into its products should make anyone think twice about establishing such a dangerous precedent.
EU and U.S. Policymakers Agree on Safe Harbor 2.0, Ending Months of Uncertainty for Startups
The European Court of Justice’s rejection last October of the European Commission’s so-called “safe harbor” agreement with the U.S. forced many American startups to grapple with a difficult choice: spend considerable time and money trying to find a different mechanism to legally import EU consumer data or sit tight and hope regulators worked it out before member states started filing lawsuits. Neither option was particularly appealing, and thankfully, the EC’s announcement this morning that negotiators had reached a framework agreement on Safe Harbor 2.0 (rebranded as “Privacy Shield”) removes some of the uncertainty startups have faced over the past three months. But does this tentative framework provide the future-proof, legal certainty that is essential for startups operating in the EU?
For those of you who are just tuning in, here’s a quick refresher: the EU’s Data Protection Directive imposes certain obligations on how entities in different countries can handle data from EU consumers. To help streamline compliance, the EC and U.S. entered into an agreement that allowed U.S. companies to self-certify compliance with the Directive and thereby legally transfer data across the Atlantic. This system worked quite well in facilitating EU-U.S. data flows, until the ECJ issued a ruling in October that U.S. laws permitting the NSA to conduct mass surveillance of consumer data violated the Data Protection Directive, thereby voiding the safe harbor and opening up the door to potential legal action against companies that continued to import EU consumer data without a different legal justification.
Policymakers in the EC and the U.S. Department of Commerce promptly got to work on a new safe harbor agreement but faced considerable time pressure, as European Data Protection Agencies were set to commence enforcement proceedings against non-compliant companies if the parties could not reach an agreement by January 31. Crafting an important international agreement in such a relatively short time frame was a challenging endeavor, and as Sunday’s deadline approached, the possibility of a world without safe harbor began to set in.
For many U.S. companies that had previously relied on the safe harbor, failing to finalize a new agreement would be an inconvenience, but hardly insurmountable. Large multinationals had many alternative data transfer pathways at their disposal, like Binding Corporate Rules or Model Contractual Clauses. Others could simply set up servers overseas and process EU consumer data locally. But, these strategies were only feasible for those with enormous financial resources and a legal staff sufficient to navigate 28 different state data agencies and regulations—resources that small, cash-strapped startups just don’t have.
Consequently, startups faced a much more dire situation, and many simply had no idea how to proceed. Some mature, better-funded startups followed the lead of larger tech companies, working up model contract clauses, often at the behest of international partners that wouldn’t proceed without such agreements. Other hoped that updates to their privacy policies and consent processes would suffice, though this was something of a legal gamble and a potential disruption to business (how many consumers enjoy having to click through new popup consent forms?). Some companies, devoid of other sensible options, planned to continue business as usual, expecting that policymakers would eventually craft a solution and hoping they were too small to draw the ire of member state regulators if no agreement could be reached.
The EC’s Tuesday announcement of a “political agreement” was therefore met with cautious optimism and relief. The hard work that the EC and the U.S. Department of Commerce put in over the past few months paid off, pulling out an agreement at the eleventh hour and returning stability and some certainty to the international data flows that make the Internet work. Going forward, consumers and companies on both sides of the Atlantic should hope that this newly formulated “Privacy Shield” will provide a simple, well-defined framework for data exchange, so long as it remains in force. But this difficult experience should serve as a reminder of how the heavy burden of regulatory uncertainty often falls hardest on the smallest players. Startups that made user security and privacy a central part of their companies were nevertheless caught in an international dispute between national governments and multinational companies with few feasible options to stay square with laws that quickly became unclear. In the end, the drama surrounding Safe Harbor 2.0 is both a win for prompt, sensible policymaking and a lesson of how policy disputes can impact the startup sector in unexpected ways.
Startup News Digest: 1/22/2015
Our weekly take on some of the biggest stories in startup and tech policy.
Safe Harbor Agreement Nears Deadline. With a January 31st deadline looming, there is more pressure than ever for the U.S. and EU to wrap up negotiations around a “Safe Harbor 2.0” agreement. In a letter sent to U.S. and EU leaders last Friday, industry stakeholders emphasized that “the consequences could be enormous for the thousands of businesses and millions of users impacted” if a deal is not reached. But another setback came this week when the Senate Judiciary Committee postponed consideration of the Judicial Redress Act. The bill, which would extend rights to judicial redress to citizens of the EU and other designated countries, is seen as essential to advancing an updated safe harbor agreement. This delay makes it even less likely that a deal will be reached in time, the ramifications of which could disproportionately impact startups.
Another Proposal to Weaken Encryption. Another week, another misguided state bill seeking to weaken encryption. The legislation comes from a California Assemblymember whose proposal would prohibit the sale of smartphones in the state with unbreakable encryption. A similar New York bill requiring a “backdoor” for encrypted technologies was covered in last week's digest. In an opinion piece, Christian Dawson of the i2Coalition does a good job breaking down why policies like these would stifle the Internet economy. He writes, “If the U.S. government were to institutionalize backdoors, it would be a heavy burden to businesses, and an operational lift that would likely force a large number of small companies to shut their doors.” We couldn’t agree more.
Verizon Joins the Zero Rating Crowd. Tuesday morning, Verizon announced a new sponsored data program, FreeBee Data, renewing debate around “zero rating” programs and whether they violate net neutrality principles. Under the FreeBee program, content providers have the option to pay Verizon a fee to exempt their content from customers’ monthly data caps. Verizon is the third wireless provider to offer a cap-exempt data program—AT&T has been running a similar sponsored data program since 2014 and T-Mobile has its own video-specific service, BingeOn (which has come under intense fire in recent weeks). The FCC’s Open Internet rules don’t explicitly outlaw “zero rating” programs, but the agency reviews them on a case-by-case basis whether the service harms consumers or businesses. They recently requested meetings with both AT&T and T-Mobile on their programs, and have said that they were notified by Verizon about FreeBee. We’re tracking.
A Grim Outlook for Startup Financing? Recent turbulence in the global stock market may have an impact on 2016 startup financing, the Washington Post reported this week. Volatility in the public markets has many investors considering whether some growing tech startups have been overvalued, a concern that's "likely to trigger a wider pause, denying funds for the innovators that disrupt industries and create new markets." Not good. And while 2015 was a banner year for VC investment, with $72.3 billion going into venture-backed companies in the U.S., (the highest since the dot-com boom), activity slowed by the fourth quarter, suggesting changing investor sentiment. Further, tech IPOs were significantly down in 2015 as companies are treading cautiously into the public markets. 2016 may prove to be an especially important year for policy that promotes greater capital access.
VC Sets New Diversity Standards. Kapor Capital, a longtime leader in its commitment to diversity in the tech industry, announced a new set of standards for its portfolio companies this week. TechCrunch calls it a “a four-part roadmap for startups to foster diverse and inclusive cultures early on.” This commitment will soon become one of the terms in all Kapor’s future investment agreements. Portfolio companies will be required to establish diversity and inclusion goals, invest in tools and resources that assist in mitigating bias, organize volunteer opportunities for employees, and participate in Kapor’s diversity and inclusion workshops. Way to put their money where their mouth is!
Startup News Digest: 1/15/2016
Our weekly take on some of the biggest stories in startup and tech policy.
Obama’s Final SOTU. President Obama addressed Congress Tuesday evening in his seventh and final State of the Union, which included a few nods to the tech industry and startups, too. He remarked on some upcoming proposals from the White House, including a push to bring computer science education to more schools. The president also spoke of the country's rich history of innovation, as well as the challenges workers face in the new technology-driven economy. "In this new economy, workers and start-ups and small businesses need more of a voice, not less. The rules should work for them."
Encryption Debate Continues. A new bill was introduced in the New York State Assembly this week that would essentially disable strong encryption on all smartphones sold in the state. If passed, it would be the first state law requiring a “backdoor” for encrypted technologies—something that is not only constitutionally questionable, but also not technically feasible without undermining the security of the system as a whole. The tech industry has been pushing back against these “backdoors” at all levels of government. Just last week at a counterterrorism discussion between high-level federal officials and tech leaders, Apple CEO Tim Cook called on the administration to issue a statement defending the use of unbreakable encryption. The White House has yet to take an official position on encryption.
New Regs and Report for Ride-Sharing in NYC. The New York City Council will soon introduce new legislation regulating for-hire vehicles, the Wall Street Journal reported last week. The proposed legislation would require for-hire vehicle services such as Uber and Lyft to make their cars more accessible to the disabled, among other regulations that may address surge pricing. These new laws could be introduced as soon as next week, following today’s release of the highly anticipated traffic congestion report from the Mayor's office. The study, which examines the impact of new ride-sharing services on the city’s traffic, was commissioned by New York City Mayor Bill de Blasio last summer after proposals to cap the number of for-hire vehicles were defeated. We’ve just started digging into it, but among other things, it claims “For-hire vehicles are a vital part” of the city’s transportation mix and does not blame any one company for local congestion. We’ll be watching whether the report’s findings will influence the city council’s new legislation.
Big News for Autonomous Vehicles. 2016 is shaping up to be the year of the autonomous vehicle. At last week’s Consumer Electronics Show, a number of automakers announced their forays into this rising market. Then, on Thursday the Obama Administration unveiled plans to include $4 billion for autonomous vehicle R&D in the proposed 2017 budget. The Administration also promised to issue regulatory guidance for companies around compliance with safety standards within six months. The federal government has remained relatively hands off in this new market, but the Administration’s announcement this week represents a new level of involvement and a huge win for proponents of this growing technology.
The Size of the Sharing Economy. The results are in. A recent and first-of-its-kind poll conducted this fall found 44 percent of American adults have participated in the sharing and on-demand economy—that's over 90 million people who've booked a room on Airbnb, hopped in an Uber, or ordered groceries from Instacart. The poll also found that 22 percent of American adults have offered goods or services through these new platforms in exchange for income. And despite a spate of recent lawsuits over worker classification, the vast majority of these workers describe their experiences as positive.
The State of Computer Science. Code.org, a national organization dedicated to expanding computer science education, published its 2015 report, revealing K-12 student enrollment in computer sciences courses is growing nationwide. Today, 25 percent of U.S. schools teach computer science and programming and several major school districts including New York and Chicago have made recent pledges to the subject in every school. Computer science is also the fastest-growing AP course of the past decade.
Americans Online. Last week, the Federal Communications Commission released updated numbers on broadband access in the U.S. While the percentage of Americans with access to advanced broadband has improved over the past year, there are still 34 million Americans (or about 10 percent of the country) who lack access to broadband at sufficient speeds. While this report suggests improvements in the broadband ecosystem, more needs to be done to connect the 34 million currently cut off from broadband opportunity.
2015 Year in Review: Regulating the New Economy
This post is one in a series of reports on significant issues for startups in 2015. In the past year, the startup community’s voice helped drive notable debates in tech and entrepreneurship policy, but many of the tech world’s policy goals in 2015, such as immigration and patent reform, remain unfulfilled. Check back for more year-end updates and continue to watch this space in 2016 as we follow policy issues affecting the startup community.
by Anna Duning and Evan Engstrom
The ever-increasing pace of technological development and expanding reach of innovative enterprises into well-regulated industries has put considerable strain on the nation’s policymaking apparatus. As new technologies (such as recreational drones) become more popular and new platforms integrate everyday activities (such as transit) with technology, policymakers are faced with difficulties in crafting forward-thinking policies or adapting existing regimes to new technologies. In 2015, we saw this phenomena play out in a variety of ways all across the country at the municipal, state, and federal levels.
New Devices, New Rules
In 2015, the drone market grew exponentially, with more than 400,000 drones sold. The increasing presence of unmanned aircrafts—and the corresponding rise in reports of rogue drones posing safety hazards to commercial aircrafts and stoking privacy concerns—prompted the Feds to introduce new regulations for recreational drones this year. The Federal Aviation Administration, along with the Transportation Security Administration, ultimately came up with a drone registry for hobbyists, requiring recreational pilots enter their devices into a new national database. Commercial drones from the likes of Google, Amazon, and even Wal-Mart are also expected to take to the skies in the new year. These companies have all been part of a lobbying effort to keep new regulations limited and reasonable.
As the age of widely-available autonomous vehicles nears (Tesla says within two years), state lawmakers are grappling with how to establish the appropriate safety and regulatory standards for what will surely be one of the most disruptive technologies deployed in recent memory. Cybersecurity, accident liability, and basic road rules are all pressing concerns. Several states have already approved the testing of autonomous vehicles with varying degrees of regulations. Most recently, California introduced proposed rules that would require a licensed driver to be present in the vehicle. This requirement could limit some of the more promising uses of these new vehicles (such as transportation for the young or disabled) and even threaten the vehicle’s safety, but the state will take comments before instituting the final standards. We’ll be monitoring closely as state governments continue craft new regulations. These new rules won’t just impact the big manufacturers, as autonomous vehicles could spawn an entirely new sector of startups creating software for these cars.
Blockchain Rising
Though Bitcoin and the blockchain technology that powers it are relatively old developments by tech standards (2009!), cryptographically-secure distributed ledger technologies came to the attention of the mainstream in a big way this year, drawing interest from large financial institutions and regulators alike. While this increased scrutiny may rankle some of Bitcoin’s techno-libertarian old guard, the relatively cautious approach policymakers have taken to regulating the Bitcoin sector is a promising sign for the future growth of cryptocurrencies and blockchain technologies.
As Federal regulators have been content to monitor the development of cryptocurrencies, state policymakers have taken more proactive steps to regulate the sector. New York enacted its BitLicense rules this summer, which obligate financial intermediaries that hold or control virtual currencies on behalf of New York residents to obtain a license and follow certain customer monitoring and reporting requirements. The rules were meant to apply to just those companies that handle funds on behalf of customers and not impact software developers and entrepreneurs that don’t actually control customer money, but since the Bitcoin system looks so radically different from traditional financial systems, the rules necessarily have created some confusion as to how they will apply in practice. Fortunately, New York regulators appear to be cognizant of the need to avoid overregulating this nascent industry and will hopefully work to rectify any overbroad regulatory issues that may arise. As other states begin to consider regulations like New York’s regime (California for one debated a similar Bitcoin license bill this year before it died in the legislature), the need for a more uniform Federal standard will quickly become a priority for the sector. With more and more money pouring into blockchain startups ($500 million in 2015 alone), digital currency regulation will likely become a more pressing issue in 2016 and beyond.
The New Sharing/Gig/On-Demand Economy
No one seems to have agreed upon the best term to describe the collection of technology startups building platforms that connect customers to workers, homeowners, and drivers. Call it the sharing economy, the gig economy, or the on-demand economy; regardless, this new technology is shaking up well-established industries and the regulatory frameworks in which they’ve long operated.
Startups including Uber, Lyft, TaskRabbit, Handy, and Instacart (to name just a few) are restructuring how a wide variety of services are provided, and with that, challenging the existing labor standards that by and large rely on two narrow designations—employee or independent contractor. Many of these companies now face a slew of lawsuits about that classification, including a class action against Uber in California. Just weeks ago, Seattle became the first city in the nation to allow on-demand drivers to unionize. This legislation, too, will likely be contested in courts. The outcomes of these cases could dramatically reshape the 1099 economy and will surely impact the startups who’ve built their companies around existing worker classification rules. We’ll be paying close attention as they’re debated into 2016 and beyond.
Beyond the labor market, many of these startups are providing new (and in many ways, better, faster, and more efficient) services within highly regulated industries. This year, ridesharing companies, came up against major challenges in cities throughout the world. The New York City Council proposed rules this summer that could have put a freeze on all for-hire vehicles. Another requirement—that ride-sharing apps pass government approval before making changes—was also floated, though ultimately struck down. Meanwhile, San Francisco voted on a ballot proposition to limit Airbnb rentals in the company’s home city, a measure that ultimately failed, but cost the company $8 million to fight.
Ultimately, the trend of startups beginning to compete in heavily-regulated sectors of the economy accelerated in 2015 faster than many had predicted, resulting in an all too common struggle to fit the square peg of new innovations into the round hole of existing regulations. Not surprisingly, given the slow pace at which our nation’s regulatory bodies operate, the many policy debates that came to the fore in 2015 are nowhere near resolution. Next year will almost certainly see these policy debates escalate, and it is imperative that the startup community engage in this policymaking to ensure that the incredible potential of new technologies isn’t stifled by ill-fitting regulations.
Startup Policy Digest: 12/18/2015
Our weekly take on some of the biggest stories in startup and tech policy.
CISA Sneaks into Omnibus. As Congress scrambled to clear its legislative calendar before leaving DC for the year, it packed a bunch of unrelated bills together into a 2,000 page omnibus spending bill that will need to pass in order to adequately fund the government. This potpourri approach to legislation raises serious concerns about government transparency and access, as all but the most well-connected groups are effectively blocked from the closed-door dealmaking that resulted in the omnibus. This year’s omnibus produced one notably terrible outcome: the resurrection of the much-maligned Cyber Intelligence Sharing Act (CISA), which is meant to allow companies to share information on cyber attacks with government in order to help prevent future hacks. Critics argue that the bill creates more problems than it solves by jeopardizing user privacy, incentivizing companies to secretly monitor user activity, and allowing the government to obtain consumer data without a warrant. With the ECJ’s nullification of the EU/U.S. data transfer safe harbor so fresh in policymakers’ minds, it is a particularly inopportune time to pass a bill that many believe is effectively an expansion of government surveillance authority.
EU Sets New Data Privacy Rules. On Tuesday, the European Parliament and Council effectively agreed upon a negotiated version of the EU Data Protection Reform originally drafted in 2012. The measures will be formally adopted in early 2016 and go into effect in 2018. US businesses are concerned with several of the law’s provisions that make compliance challenging and also expensive. Among their concerns: Companies that violate the rules could face fines of up to 4 percent of global sales; the law also formalizes the “right to be forgotten” statute, allowing users to not only correct inaccurate personal data, but also the right to remove irrelevant or outdated information; the age of consent for data processing is set at 16 years; companies must alert authorities within three days of a reported data breach; and larger “data-processing” companies must designate a data protection officer.
An Uber Union? Seattle has become the first city in the nation to allow on-demand drivers for companies like Uber and Lyft to unionize. The legislation, passed by Seattle’s city council on Monday, is seen as a test case for the changing 21st century workforce and will likely be contested in court. While some have argued that the new policy conflicts with federal law and raises antitrust concerns, others insist that the local law has teeth. Regardless of its merits, the law further complicates the broader debate around worker classification in the emerging “gig economy” and whether policies can support both innovation and workers.
California’s New Self-Driving Car Laws. A month after a study by California’s Department of Motor Vehicles, the state released proposed rules for driverless cars. Some of the rules came as no surprise to driverless car manufacturers such as Google, Tesla, and Ford: consumers must receive special training certificates and the autonomous vehicles must meet certain cybersecurity standards. However, one proposal, if passed, could significantly impede innovations in this emerging industry. The California DMV wants a licensed driver present in the vehicle, preventing the kinds of functions—package-delivering vehicles or transportation for the blind—that could truly revolutionize transit. This rule also complicates the liability question by making the licensed driver legally on the hook for any accidents. Google, on the other hand, has thus far stated that it is willing to take responsibility for any accidents on the road. There’s still room for debate though; these rules open for public comment next month.
BingeOn? Maybe Not Says FCC. In its net neutrality rules from earlier this year, the FCC declined to enact a flat ban on “zero rating” programs whereby ISPs exempt certain data from user data caps. Instead the FCC decided to tackle such issues on a case-by-case basis. Since then, ISPs have begun to test the FCC’s willingness to regulate data exemption policies, such as T-Mobile’s Music Freedom and BingeOn plans. While T-Mobile’s programs do not implicate the most concerning net neutrality problems by allowing any music or video streaming company to take advantage of the data exemption without payment, some net neutrality advocates have taken aim at T-Mobile’s policy of throttling all video traffic regardless of whether it is a part of the BingeOn program. FCC Chairman Tom Wheeler has previously applauded T-Mobile’s programs as creative, pro-consumer innovations, but now, the FCC wants to take a closer look. With the Commission’s data cap inquiry and the DC Circuit’s pending decision on the validity of the FCC’s net neutrality, 2016 looks to be an important year for the future of the open Internet.
Drone Registration Goes Live. The Federal Aviation Administration unveiled new recreational drone requirements this week. Starting December 21, drone hobbyists must register their unmanned aircrafts and pay a $5 fee through a new FAA web page. The registration requirements represent a mostly uncontroversial attempt to maintain safety and accountability in national airspace as more and more drones populate the skies.
GOP Misses on Tech Issues. While many observers called this week’s Republican debate the most “substantive” yet, tech experts heard uninformed positions and misconstrued information on issues such as surveillance, the operation of the Internet, and encryption. For instance, Gov. Kasich inaccurately assumed that encryption prevented law enforcement from collecting information that could have foiled the San Bernardino shootings. Yet, whether encryption played any role in law enforcement’s access to important digital communications has not been confirmed. Meanwhile, Mr. Trump suggested that parts of the Internet should be “closed,” a preposterous suggestion that would not only hinder communication amongst bad guys, but also the good guys who drive ambulances, operate hospitals, and alert the world to vital information. Such superficial positions on high-impact tech policy are disconcerting - legislating these areas will require thoughtful (and, frankly, more complicated) solutions.
Prisoners Turned Coders. San Quentin State Prison just graduated 21 inmates from its tech incubator, which teaches inmates to code as well as the skills it takes to design and pitch a business to investors and peers. The program, made possible by The Last Mile organization, has become so popular that inmates are requesting transfers to San Quentin. Next up: A new program from The Last Mile will provide inmates with paid coding jobs for businesses outside prison walls.
CISA Resurrected: Bad Policy, Broken Process
News yesterday that a dormant and much maligned cybersecurity bill—the Cyber Information Sharing Act—had not only resurfaced but was on a fast track towards becoming law by virtue of being appended to a large spending bill came as an unfortunate surprise for the tech sector, privacy advocates, and anyone who cares in transparent policymaking. In the last few weeks of 2015, all of Congress’s remaining legislative capacity was directed towards passing the bloated mish-mash of policies known as the “omnibus.” In theory, the omnibus is a “must-pass” spending bill (“must-pass” in the sense that signing it into law is necessary in order to fund the government) that combines a number of different appropriations bills into one, streamlining what could otherwise be a tedious effort to pass spending bills piece-by-piece. But, in what has become a commonplace practice in DC, this year’s omnibus crams in piles of unrelated legislation (more than 2,000 pages in all), effectively ensuring the passage of controversial bills that would likely have faltered if exposed to the normal legislative process, public debate, or a straightforward Presidential veto.
Ultimately, this means that groups and individuals without significant influence or lobbying power often find themselves pushed out of closed-door conversations about what unrelated bills get appended to the omnibus. While this closed process doesn’t always result in terrible legislation (the removal of anti-net neutrality riders to this year’s omnibus being a prime example of good policy emerging from the omnibus mess), when bad legislation does find its way into the omnibus, it’s almost impossible to get it out. It is through just this backwards process that the ill-fated Cyber Information Sharing Act (CISA) found its way into the omnibus and on a seemingly unstoppable course towards a Presidential signature.
CISA essentially creates a framework for companies to collect and share user data with government in a way that may circumvent basic privacy protections. While the bill is supposed to help government and industry cooperate to prevent cyber attacks like the high-profile hacks that targeted Sony, Target, and the federal Office of Personnel Management, critics argue that the bill creates more problems than it solves by jeopardizing user privacy, incentivizing companies to secretly monitor user activity, and allowing the government to obtain consumer data without a warrant. By moving CISA through the omnibus, these critics have been shut out of the recent negotiations. It’s no surprise then that the language that ultimately made it into the omnibus is worse in terms of privacy protections than other iterations of the bill.
For startups, CISA’s inclusion in the omnibus is bad for a few reasons. First, enacting significant legislation via amendment to unrelated must-pass bills limits the voice of small business in government. As this becomes more commonplace, startups who do not have the resources or relationships to participate in closed-door discussions are boxed out. Second, any bill that weakens privacy protections for user data threatens to undermine consumer confidence in Internet services. This, in turn, decreases the market for startups that provide such services. Finally, considering the European Court of Justice recently invalidated a crucial safe harbor by which US companies—startups included—were permitted to import EU consumer data precisely because of US laws that gave government access to user data without any real privacy protections, pushing a bill like CISA only threatens to make things harder for US companies operating overseas.
As policymakers consider a variety of cybersecurity and privacy issues, it’s crucial that the startups and technologists that understand how key technologies actually work are a part of these conversations. Congress’s decision to move CISA through the omnibus spending bill is a move in the wrong direction for the startup sector’s participation in DC.
Startup News Digest: 12/11/2015
Our weekly take on some of the biggest stories in startup and tech policy.
Net Neutrality Has its Day in Court. The net neutrality debate that has dominated tech policy headlines for the past two years finally got its day in court last Friday. A panel of three judges from the DC Circuit heard oral arguments in the lawsuit brought by a consortium of ISPs to invalidate the FCC’s net neutrality rules. Proponents of the FCC’s rules came away from the hearing fairly optimistic. A majority of judges seemed to side with the FCC in the most crucial aspect of the dispute: whether or not the Commission had adequate authority to reclassify Internet access as a “telecommunications service.” The court pushed back more significantly on the FCC’s authority to reclassify mobile broadband and the adequacy of the notice the FCC provided about the final rules it adopted. While we remain optimistic about the Court’s ultimate decision, the net neutrality debate will almost certainly not go away when the Court issues its ruling early next year. It seems likely that the case will ultimately end up before the Supreme Court, and Congress continues to ponder whether it should pass anti-net neutrality legislation.
Feinstein Wants Tech to Report Terrorist Activity. As terrorists attempt to use Internet platforms to mobilize followers, disseminate propaganda, and coordinate attacks, working to diminish militants’ capacity to organize through social media is critical. But the Requiring Reporting of Online Terrorist Activity Act, introduced by Senator Dianne Feinstein (D-CA) earlier this week, is not the answer. The bill would require tech companies to report “any terrorist activity” that they have knowledge of to law enforcement. This obligation seems innocuous on its face, but as often happens, difficulties arise in determining how to actually apply this standard. Emma elaborates on all of the reasons the bill’s controversial (and previously rejected) framework could potentially do more harm than good here.
Computer Science in Classrooms. An education bill signed into law on Thursday acknowledges computer science as a foundational academic subject. By doing so, the bill puts computer science “on equal footing with other subjects when state and local policymakers decide how to dole out federal funds.” This new designation could potentially accelerate computer science's introduction into classrooms across the U.S. and ultimately help address the country's growing tech talent shortage.
Bill Would Cut Back H-1Bs. Senators Bill Nelson (D-FL) and Jeff Sessions (R-AL) introduced a bill this week that would reduce the number of H-1B visas available by 15,000 and also modify the way those visas are allocated—requiring they go to workers who will earn the highest wages. The H-1B program allows companies to hire foreign high-skilled employees, including those with expertise in science, engineering, and computer programming. While these visas are highly coveted within the tech industry, accounts of program abuse have galvanized members of Congress to restructure the program. “This bill directly targets outsourcing companies that rely on lower-wage foreign workers to replace equally-qualified U.S. workers,” Sen. Nelson said in a statement. While attempting to prevent bad practices by specific outsourcing companies, this bill would unduly harm the wider tech industry by further limiting global talent from contributing to U.S. companies, big and small. 2015 saw a record number of H-1B applications: 233,000 for the current 85,000 spots.
Investment Crowdfunding for Tech? Not So Fast. An article in this week’s Wall Street Journal highlighted a few of the shortcomings of investment crowdfunding, a new fundraising tool for startups made legal last month with the release of SEC rules. Those rules contain numerous burdensome requirements for companies raising equity from the crowd, potentially deterring high-growth technology startups. For instance, once a company takes on over 500 investors or grows to a certain size, it must file regular disclosures with the SEC: “It is all the pain of an IPO without the benefits of the IPO.” We’ve previously detailed some of the other issues with those rules, concluding that policymakers must continue to work to lower the cost of raising seed capital through crowdfunding or the impact of investment crowdfunding for startups will be modest.
What We Heard in Iowa: Earlier this week, Engine teamed up with the Technology Association of Iowa to discuss technology policy with Iowa entrepreneurs, caucus goers and two of the 2016 presidential candidates in Cedar Rapids. As the Cedar Rapids Gazette reported, the candidates agreed that education is “vital to innovation” but, not surprisingly, disagreed on the federal government’s role. O’Malley’s address focused on his track record as governor of Maryland. While Fiorina took a different approach, focusing on national security and technology “as a tool and a weapon” in those efforts. The forum offered a glimpse on where at least two candidates stand on a handful of important tech issues and as we look to 2016, we hope to hear a lot more.
Patent Suits Cost Universities. Universities have been getting more involved in patent reform policy and a recent Brookings article explains why. Its author also emphasizes that universities are turning observers off by engaging in offensive litigious actions, which is seen as contrary to the public mission of a university. Furthermore, it doesn’t make sense for universities to be involved in patent reform conversations since universities as a group do not have a financial interest in patenting: 87 percent of tech transfer offices operate in the red. Since there is a false belief among some that without patents there would be no innovation, it is important that the public voice of universities acknowledge “that the debate on the impact of patents on innovation is not settled and that this impact cannot be observed in the aggregate, but must be considered in the context of each specific economic sector, industry, or even market.”
Where are the Women in Tech? A new list was published on the “Best Cities for Women in Tech” and Washington, DC topped it, with women making up about 37 percent of the tech workforce (New York, NY comes in at number five and San Francisco, CA at 23). Kansas City, Missouri (at number two) was one of the only two cities in the study where women in tech don’t face a gender pay gap. Recruitment of women and underrepresented groups in the tech community remains a large part of the diversity conversation: language used in outreach and job descriptions could be turning well-qualified applicants off from even applying. One startup, Textio, is trying to address this problem with their product that “applies a form of artificial intelligence (AI) called natural language processing (NLP) to study the verbiage in documents” and can help highlight words with certain negative connotations.