logging in or signing up Enterprise2006 Fenwick Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 68 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: October 30, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Legal, Policy and Regulatory Issues: Legal, Policy and Regulatory Issues EDUCAUSE Enterprise 2006 Tracy Mitrano Cornell UniversityBig “P” and Little “p” Policy: Big “P” and Little “p” Policy Big “P” policy involves external issues, such as national security, electronic surveillance laws, privacy, or digital copyright. USA-Patriot Act http://www.cit.cornell.edu/oit/policy/PatriotAct/ Digital Copyright http://www.cit.cornell.edu/oit/policy/copyright/ Privacy in the Electronic Realm http://www.cit.cornell.edu/oit/policy/privacy/ CALEA: Communications Law Enforcement Assistance Act http://www.cit.cornell.edu/oit/policy/calea/Little “p” Policy: Little “p” Policy Little “p” policy is institutional policy. Preservation and protection of institutional interests and assets If your policy does not stand up to this test, best to rethink Cornell Model Centralized University Policy Office http://www.policy.cornell.edu/ Famous “policy on policies!” http://www.policy.cornell.edu/vol4_1.cfm Balance of statement and procedure At the institutional level of procedure, but not backlineGo to law school, Tracy!: Go to law school, Tracy! Relationship between higher education and the government, market, social norms and technology is growing increasingly complicated and will become even more so given the international nature of communication’s technologies.Why so much legal and regulatory activity?: Why so much legal and regulatory activity? Information technologies driving force of American (and global) economy since 1990’s Personal computer + network systems = communications Innovation offers untapped potential New distribution methods Entertainment media Publishing Communications Education, too!Transformative Effects on…: Transformative Effects on… Revenue Commercialization of the Internet since going public in early 1990’s created new business models Google and advertising Merchandise distribution, I.e. shopping! Amazon Buying and bargaining eBay Government In the midst of a historic national deficit, watch for an Internet tax sometime near you soon!…the Law and Regulatory Issues: …the Law and Regulatory Issues Copyright, Copyright, Copyright When I went to law school and walked uphill both ways… Digital Millennium Copyright Act 1998 Section 512: Notice and take down Section 1201: Anti-circumvention February 2003: Senate Hearings First letters to the presidents Verizon “fast-track” litigation Law suits against individuals Action against Internet 2 Second letter to presidents regarding subnets and filtering, , !: , , ! Current litigation Google Library Project If there is ever a case to test fair use in the new electronic age, this is the one! American Association of Publishers v. Shhhhhhhh Current legislative reform Orphan works Finally a boon to and for higher education!! Institutional Policy Response: Institutional Policy Response Statement X complies with all copyright laws. Procedure DMCA E-Reserves Course management systems Intellectual Property of the University and its employees, students and facultyElectronic Surveillance: Electronic Surveillance USA-Patriot Act Amended the Electronic Communications Privacy Act By lowering the evidentiary standard for voicemail and call records I.e. network flow logs Legal backdrop for the collection of call records from major communications providers Below probable cause = file a paper with a clerkInstitutional Policy Response: Institutional Policy Response Statement “All roads lead to Rome” I.e. counsel Cornell University Policy 4.13, Acceptance of Legal Papers http://www.policy.cornell.edu/vol4_13.cfm Unit Protocol in order to get to Rome Cornell Information Technologies http://www.cit.cornell.edu/oit/policy/memos/PatriotAct.htmlCALEA: CALEA Originally passed by Congress in 1994 Main provisions: Automated, remote access of telephone communications to FBI under warranted access FBI oversight of new telephony technologies to ensure access compliance *Data network explicitly exempted from legislationDOJ to FCC: DOJ to FCC In 2003/4 the Department of Justice sends word to the Federal Communications Commission requesting that the FCC use administrative law to amend CALEA in order to to lift the exemption on data networks.Legislative v. Administrative Law: Legislative v. Administrative Law This action first raises the procedural question of whether it is appropriate to use administrative law to amend legislative law. Not entirely unusual No clear standard or criteria Although the Broadcast Flag decision indicates a tightening of scope of administrative rule-making Just because it is done doesn’t make it right! Senator Leahy of Vermont has objected to CALEA on precisely these grounds.Administrative Law: Rule-Making: Administrative Law: Rule-Making FCC has followed traditional administrative law “rule-making,” notice and comment, in order to advance the agenda the DOJ set forth with its original request. EDUCAUSE organized a “Coalition” of higher education and library groups in order to respond to the original notice published in the Federal Register in 2004.August 2005: August 2005 Attempts to exempt higher education and libraries from this regulation failed. In August of 2005 the FCC published notice in the Federal Register that the law would go into effect in 90 days, and compliance would be required within 18 months. New Call for Comment: New Call for Comment At the same time, the FCC appended a narrow notice and comment on three specific questions. These questions are, or may be construed as, pertinent to higher education. Comment period ended on November 12, 2005Two-Pronged Action: Two-Pronged Action Respond to the FCC notice and comment: Any college or university (or any person or entity); http://www.cit.cornell.edu/oit/policy/calea/ Legal Action Challenging the procedure of administrative verses legislative activity Jurisdiction and scope of the F.C.C.Conclusion of Notice and Comment: Conclusion of Notice and Comment F.C.C. just released conclusion Higher education not exempt High level language which resolves roughly: Commodity connection **But not commensurate with general upgrades: Implementation still required by May 14, 2007 Mark Luker, Vice President of Policy, EDUCAUSE: Mark Luker, Vice President of Policy, EDUCAUSE Although VOIP is treated separately in CALEA, the orders also cover all forms of communication over facilities-based broadband networks that provide connections with the Internet. This includes email, IM, chat, etc. Based on the arguments in court, on-campus communications that do not cross the campus/Internet gateway may turn out to be exempt, but this has not yet been stated in an order by the FCC.Possible Institutional Policy Response: Possible Institutional Policy Response Set up a protocol for communication between law enforcement and institution to provide information expeditiously TBA: I2/EDUCAUSE Security Task Force, Law and Policy Team will publish a protocol on its web site soon Begin to think (seriously) about authentication policies/practices for your college or university?Be that as it may: Legal Challenge: Be that as it may: Legal Challenge Oral arguments heard May 5, 2006 "Your argument makes no sense," Edwards told Jacob Lewis, an associate general counsel with the FCC. "I'm sorry I'm not making myself clear," Lewis said. "You're making yourself very clear. That's the problem," Edwards replied. We shall see what we shall see…(August 2006) But even if overturned, the battle might be won and not the war DOJ already has turned to the Congress What must be done? Reasonable to expect technological ease for warrants But not impede research innovation: here is where higher education must take a leading role in the negotiation. Privacy Laws…: Privacy Laws… Health Insurance Portability Act Financial Services Act GLBA **Both have explicit and security and privacy regulations Family Education Rights Privacy Act Pre-existing, so it has not caught up yet Got a campus hotel with cable or movies? Video Recording Act Cable ActInstitutional Policy Response: Institutional Policy Response Complementary Privacy and Security Programs organized around the following five categories: Policy Risk Assessment/Operations Training for personnel Education for all users Enforcement Examples: Examples Cornell Security Program http://www.cit.cornell.edu/oit/policy/security.html Cornell (nascent) Privacy Program http://www.cit.cornell.edu/oit/policy/privacy.html IT Policy Framework http://www.cit.cornell.edu/oit/policy/framework-chart.htmlData Breach Notification: Data Breach Notification Laws in several states California and New York, notably Federal one is one the way, currently several offerings Common characteristics Name + SSN, bank routing, credit card or other financial transaction numbers Must notify, individually, or in bulk numbers with web sites, etc. Encryption is a safe harborHelp is on the Way!: Help is on the Way! I2/EDUCAUSE Security Task Force, Law and Policy Team Tool Bar http://www.educause.edu/DataIncidentNotificationToolkit/9320 TBA: Insurance/Notification Company suggestions TBA: Diagnostics for legal standard “reasonable belief data accessed by an unauthorized person.”The Older I Get the Smarter My Father Gets…:-): The Older I Get the Smarter My Father Gets…:-) Back in the spring of 1981 President Sproull offered sage advice about the relationship of higher education to government and other aspects of American society such as the market, social norms and technology.Conclusion: Conclusion We, as custodians of higher education in this challenging age, must examine the issues, distinguish between where we should exhibit leadership and where in the name of our missions we must remain resolute in our values and traditions in order to preserve our institutions for the better of American, and the future of a global society. You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
Enterprise2006 Fenwick Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINTLite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 68 Category: Entertainment License: All Rights Reserved Like it (0) Dislike it (0) Added: October 30, 2007 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... Premium member Presentation Transcript Legal, Policy and Regulatory Issues: Legal, Policy and Regulatory Issues EDUCAUSE Enterprise 2006 Tracy Mitrano Cornell UniversityBig “P” and Little “p” Policy: Big “P” and Little “p” Policy Big “P” policy involves external issues, such as national security, electronic surveillance laws, privacy, or digital copyright. USA-Patriot Act http://www.cit.cornell.edu/oit/policy/PatriotAct/ Digital Copyright http://www.cit.cornell.edu/oit/policy/copyright/ Privacy in the Electronic Realm http://www.cit.cornell.edu/oit/policy/privacy/ CALEA: Communications Law Enforcement Assistance Act http://www.cit.cornell.edu/oit/policy/calea/Little “p” Policy: Little “p” Policy Little “p” policy is institutional policy. Preservation and protection of institutional interests and assets If your policy does not stand up to this test, best to rethink Cornell Model Centralized University Policy Office http://www.policy.cornell.edu/ Famous “policy on policies!” http://www.policy.cornell.edu/vol4_1.cfm Balance of statement and procedure At the institutional level of procedure, but not backlineGo to law school, Tracy!: Go to law school, Tracy! Relationship between higher education and the government, market, social norms and technology is growing increasingly complicated and will become even more so given the international nature of communication’s technologies.Why so much legal and regulatory activity?: Why so much legal and regulatory activity? Information technologies driving force of American (and global) economy since 1990’s Personal computer + network systems = communications Innovation offers untapped potential New distribution methods Entertainment media Publishing Communications Education, too!Transformative Effects on…: Transformative Effects on… Revenue Commercialization of the Internet since going public in early 1990’s created new business models Google and advertising Merchandise distribution, I.e. shopping! Amazon Buying and bargaining eBay Government In the midst of a historic national deficit, watch for an Internet tax sometime near you soon!…the Law and Regulatory Issues: …the Law and Regulatory Issues Copyright, Copyright, Copyright When I went to law school and walked uphill both ways… Digital Millennium Copyright Act 1998 Section 512: Notice and take down Section 1201: Anti-circumvention February 2003: Senate Hearings First letters to the presidents Verizon “fast-track” litigation Law suits against individuals Action against Internet 2 Second letter to presidents regarding subnets and filtering, , !: , , ! Current litigation Google Library Project If there is ever a case to test fair use in the new electronic age, this is the one! American Association of Publishers v. Shhhhhhhh Current legislative reform Orphan works Finally a boon to and for higher education!! Institutional Policy Response: Institutional Policy Response Statement X complies with all copyright laws. Procedure DMCA E-Reserves Course management systems Intellectual Property of the University and its employees, students and facultyElectronic Surveillance: Electronic Surveillance USA-Patriot Act Amended the Electronic Communications Privacy Act By lowering the evidentiary standard for voicemail and call records I.e. network flow logs Legal backdrop for the collection of call records from major communications providers Below probable cause = file a paper with a clerkInstitutional Policy Response: Institutional Policy Response Statement “All roads lead to Rome” I.e. counsel Cornell University Policy 4.13, Acceptance of Legal Papers http://www.policy.cornell.edu/vol4_13.cfm Unit Protocol in order to get to Rome Cornell Information Technologies http://www.cit.cornell.edu/oit/policy/memos/PatriotAct.htmlCALEA: CALEA Originally passed by Congress in 1994 Main provisions: Automated, remote access of telephone communications to FBI under warranted access FBI oversight of new telephony technologies to ensure access compliance *Data network explicitly exempted from legislationDOJ to FCC: DOJ to FCC In 2003/4 the Department of Justice sends word to the Federal Communications Commission requesting that the FCC use administrative law to amend CALEA in order to to lift the exemption on data networks.Legislative v. Administrative Law: Legislative v. Administrative Law This action first raises the procedural question of whether it is appropriate to use administrative law to amend legislative law. Not entirely unusual No clear standard or criteria Although the Broadcast Flag decision indicates a tightening of scope of administrative rule-making Just because it is done doesn’t make it right! Senator Leahy of Vermont has objected to CALEA on precisely these grounds.Administrative Law: Rule-Making: Administrative Law: Rule-Making FCC has followed traditional administrative law “rule-making,” notice and comment, in order to advance the agenda the DOJ set forth with its original request. EDUCAUSE organized a “Coalition” of higher education and library groups in order to respond to the original notice published in the Federal Register in 2004.August 2005: August 2005 Attempts to exempt higher education and libraries from this regulation failed. In August of 2005 the FCC published notice in the Federal Register that the law would go into effect in 90 days, and compliance would be required within 18 months. New Call for Comment: New Call for Comment At the same time, the FCC appended a narrow notice and comment on three specific questions. These questions are, or may be construed as, pertinent to higher education. Comment period ended on November 12, 2005Two-Pronged Action: Two-Pronged Action Respond to the FCC notice and comment: Any college or university (or any person or entity); http://www.cit.cornell.edu/oit/policy/calea/ Legal Action Challenging the procedure of administrative verses legislative activity Jurisdiction and scope of the F.C.C.Conclusion of Notice and Comment: Conclusion of Notice and Comment F.C.C. just released conclusion Higher education not exempt High level language which resolves roughly: Commodity connection **But not commensurate with general upgrades: Implementation still required by May 14, 2007 Mark Luker, Vice President of Policy, EDUCAUSE: Mark Luker, Vice President of Policy, EDUCAUSE Although VOIP is treated separately in CALEA, the orders also cover all forms of communication over facilities-based broadband networks that provide connections with the Internet. This includes email, IM, chat, etc. Based on the arguments in court, on-campus communications that do not cross the campus/Internet gateway may turn out to be exempt, but this has not yet been stated in an order by the FCC.Possible Institutional Policy Response: Possible Institutional Policy Response Set up a protocol for communication between law enforcement and institution to provide information expeditiously TBA: I2/EDUCAUSE Security Task Force, Law and Policy Team will publish a protocol on its web site soon Begin to think (seriously) about authentication policies/practices for your college or university?Be that as it may: Legal Challenge: Be that as it may: Legal Challenge Oral arguments heard May 5, 2006 "Your argument makes no sense," Edwards told Jacob Lewis, an associate general counsel with the FCC. "I'm sorry I'm not making myself clear," Lewis said. "You're making yourself very clear. That's the problem," Edwards replied. We shall see what we shall see…(August 2006) But even if overturned, the battle might be won and not the war DOJ already has turned to the Congress What must be done? Reasonable to expect technological ease for warrants But not impede research innovation: here is where higher education must take a leading role in the negotiation. Privacy Laws…: Privacy Laws… Health Insurance Portability Act Financial Services Act GLBA **Both have explicit and security and privacy regulations Family Education Rights Privacy Act Pre-existing, so it has not caught up yet Got a campus hotel with cable or movies? Video Recording Act Cable ActInstitutional Policy Response: Institutional Policy Response Complementary Privacy and Security Programs organized around the following five categories: Policy Risk Assessment/Operations Training for personnel Education for all users Enforcement Examples: Examples Cornell Security Program http://www.cit.cornell.edu/oit/policy/security.html Cornell (nascent) Privacy Program http://www.cit.cornell.edu/oit/policy/privacy.html IT Policy Framework http://www.cit.cornell.edu/oit/policy/framework-chart.htmlData Breach Notification: Data Breach Notification Laws in several states California and New York, notably Federal one is one the way, currently several offerings Common characteristics Name + SSN, bank routing, credit card or other financial transaction numbers Must notify, individually, or in bulk numbers with web sites, etc. Encryption is a safe harborHelp is on the Way!: Help is on the Way! I2/EDUCAUSE Security Task Force, Law and Policy Team Tool Bar http://www.educause.edu/DataIncidentNotificationToolkit/9320 TBA: Insurance/Notification Company suggestions TBA: Diagnostics for legal standard “reasonable belief data accessed by an unauthorized person.”The Older I Get the Smarter My Father Gets…:-): The Older I Get the Smarter My Father Gets…:-) Back in the spring of 1981 President Sproull offered sage advice about the relationship of higher education to government and other aspects of American society such as the market, social norms and technology.Conclusion: Conclusion We, as custodians of higher education in this challenging age, must examine the issues, distinguish between where we should exhibit leadership and where in the name of our missions we must remain resolute in our values and traditions in order to preserve our institutions for the better of American, and the future of a global society.