In the months leading up to his inauguration, President Barack Obama, like any modern lawyer, refused to give up his BlackBerry, much to the chagrin of aides who stressed that presidential e-mails were a potential legal and security risk. However, the problem was resolved and Obama will be given a smart phone with enhanced security features.
More than any president of recent memory, technology was a key element to his campaign promises. The new administration has made numerous statements about how technology will make government more transparent and how the country’s infrastructure requires innovation to move into the new century. This emphasis is echoed by commentators, and interest groups such as the Business Software Alliance, which has suggested that information technology and modern advances should be the cornerstone of some of the biggest projects in the coming years, namely, education, health care, the environment and economic stimulus.
This article will discuss several of the major technology-related initiatives of the new administration and the legal issues inherent in such proposals.
ELECTRONIC HEALTH RECORDS
Obama has proposed investing $50 billion over the next five years to expand the adoption of health care information technologies, including the wide use of electronic medical records. Moving from paper-based record keeping to a health care IT system reportedly will, among other things, reduce medical errors and drive down health care costs resulting from inefficiency and duplicative care. It will also purportedly improve public health reporting and the coordination of care and information among hospitals, laboratories and physician offices via an effective nationwide infrastructure for the secure and authorized exchange of patient information.
However, there are numerous barriers to expanding the use of electronic medical records. First, providers may be reticent to implement heath care IT systems because up-front costs can run between $25,000 to $45,000 per physician, with cost savings often inuring to health insurers or other entities. Some commentators have suggested that doctors need financial incentives, akin to the higher reimbursement rates given to Medicare doctors to use e-prescriptions, or targeted subsidies to offset the initial investment, similar to an existing New York City health department program that encourages physicians to participate in a citywide electronic health project.
Second, health care IT systems must be interoperable nationwide to facilitate the seamless sharing of medical records or lab results. In this regard, Obama previously stated that he wished to make the Veterans Health Administration a model in the use of health care IT, and recently, one enhanced version of the VHA’s electronic medical records software, known as VistA, was released under the open source Eclipse Public License.
Third, doctors and technicians will require training on any new digitized system to prevent delays and errors. Lastly, there are outstanding privacy issues concerning electronic medical records, including minimum data security and breach notification standards, a statutory right to consumer privacy of electronic health information (which may or may not pre-empt certain state privacy laws), clarification of covered entities under HIPAA to include additional handlers of electronic medical records, and standards for the sharing of health data.
Proponents of “net neutrality” remain committed to an Internet where all content is given equal access, as opposed to a system that offers preferential treatment for certain data and application transmissions. Opponents, however, contend that the heightened sophistication and size of the type of files being exchanged, particularly video files, have resulted in increased costs to ISPs for providing the necessary bandwidth. In addition, opponents urge a “hands off” approach, contending that there is no need for regulation mandating net neutrality and other Internet governance issues because market forces, in conjunction with existing antitrust regulations, are already sufficient.
Obama supports net neutrality regulation to bolster the basic premise that ISPs should be prohibited from privileging certain Web site content over others and that new competitors should have the same opportunities to reach wider audiences online. Indeed, U.S. Sen. Byron Dorgan, D-N.D., a sponsor of a previous net neutrality bill, plans to reintroduce a revised bill granting the Federal Communications Commission authority to police net neutrality violations, given the Obama administration’s favorable stance on the issue.
Some commentators predict that net neutrality legislation will wait for the outcome of the FCC/Comcast dispute. In August 2008, the FCC ruled that Comcast had unduly interfered with users’ rights to Internet content and applications of their choice when it monitored customers’ usage and selectively blocked certain BitTorrent peer-to-peer Internet traffic to allegedly ease network congestion. See In Re Formal Complaint of Free Press and Public Knowledge Against Comcast Corporation for Secretly Degrading Peer-to-Peer Applications .
The FCC stated that it had authority to enforce a “national Internet policy” and “preserve and promote the open and interconnected nature of the public Internet.” Since the ruling, Comcast announced plans to limit residential Internet usage and has appealed the order to the D.C. Circuit Court of Appeals, arguing that the FCC lacks authority to enforce its net neutrality principles without specific congressional authority.
If the appeals court upholds the FCC’s authority to enforce its net neutrality principles, then Congress and the new administration may hold off and allow the FCC to adjudicate any violations on a case-by-case basis; if the decision is overturned, interest in net neutrality legislation may be revitalized.
In late 2008, Congress passed the Pro-IP Act, which, among other things, enhanced the remedies for certain copyright infringement and counterfeit goods claims and created a new position within the Executive Office of the President, namely the intellectual property enforcement coordinator, or IP czar. Obama will appoint the first IP czar, who will be responsible for, among other duties, reporting to the Congress and president about the effectiveness of the government’s domestic and international IP enforcement policies, chairing a committee to coordinate interagency anti-counterfeiting efforts, and reworking any regulatory weaknesses in IP enforcement. Similarly, Obama has also pledged to name the country’s first chief technology officer.
According to Obama’s campaign Web site, the CTO would be charged with several duties, including directing the modernization of agency IT infrastructures and ensuring the transparency and accessibility of government records by establishing centralized electronic depositories for lobbying and campaign finance reports, and posting transcripts of agency meetings and non-emergency bills online for public comment.
During the last Congress, many unsuccessful patent reform proposals were launched that touched on issues such as the quality of issued patents, the calculation of damages in patent litigation, the definition of willful infringement and streamlined processes for patent re-examination.
On Obama’s campaign Web site, patent reform is listed as one of the president’s IP-related goals. Among the list of proposals, he advocates increasing the Patent and Trademark Office’s budget for patent examinations and opening up the examination process to a so-called “public peer review” to help weed out weaker patents that might otherwise spur litigation and discourage future innovation.
PRIVACY AND DATA SECURITY
According to a recent survey, since 2007 there has been almost a 50 percent increase in reported data security breaches at businesses, government agencies and educational institutions. Companies and other entities that handle sensitive consumer information are also faced with an increasingly complicated compliance task.
At least 44 states and the District of Columbia have enacted data security breach notification laws that require, under varying standards, that companies that suffer a qualifying breach of certain consumer personal information notify affected persons. Currently, there is no national data security breach notification law, but the new administration has expressed support for passing such legislation.
Several senators have expressed a desire to reintroduce data breach notification bills that died in the last Congress, yet the scope of such a new law remains uncertain. For example, would a federal law contain a “risk of harm” trigger, that is, a provision that excuses notification for technical breaches of a system that do not reasonably seem likely to subject affected customers to a risk of criminal activity? Another open question is to what extent, if any, would a federal law pre-empt existing state notification laws.
The Obama administration has also pledged to strengthen privacy protections for the digital age, increase funding for Federal Trade Commission enforcement efforts, and step up efforts to discourage cybercriminals by combating spyware, phishing schemes and other Internet-related privacy hazards.
Federal spyware bills have died in the last three Congresses. The outlook for passage of a new comprehensive spyware bill with notice and consent provisions and a “Good Samaritan” provision that would limit remedies against antispyware software developers is mixed, particularly given Congress’ recent cybercrime amendments. The cybercrime amendments, contained in H.R. 5938, 110th Cong., 2nd Sess. (2008), among other things, increased the capabilities of the federal government to prosecute those behind malicious spyware, enabled identity theft victims to obtain restitution for the time and money expended in clearing up their credit, and criminalized the use of malicious spyware and keylogging software that caused computer damage.
Another possible privacy initiative is online behavioral advertising, an issue addressed by the FTC and the last Congress. Generally speaking, behavioral advertising is the tracking of a consumer’s online activities (e.g., search engines queried and Web pages visited and content viewed) in order to deliver advertising targeted to the individual consumer’s interest.
In theory, consumers would view ads that appeal to their interests, thereby allowing companies to better reach their target markets. For social networking sites, behavioral advertising can serve as an additional revenue source.
Still, some advocates have claimed that such advertising threatens individual privacy and have called for user opt-out protections.
In late 2007, the FTC staff issued a set of proposed principles to encourage development of self-regulation for online behavioral advertising, as well as address consumer privacy concerns over personal data collected by social networking and other Web sites. A full report is expected sometime this year.
Behavioral advertising on the ISP level has also become an emerging issue. In 2008, NebuAd, an online advertising company, in conjunction with several ISPs, began a behavioral advertising program, allegedly without the consent or knowledge of the ISPs’ users.
The program ended when Congress began to make inquiries. Subsequently, during a Senate committee hearing on behavioral targeting, many leading ISPs agreed, in principle to stop the practice and only engage in behavioral targeted advertising with the affirmative consent of users.
While the Obama administration has not specifically professed a position on behavioral advertising, Congress will likely monitor this issue and determine whether the industry’s self-regulatory efforts offer sufficient consumer protections, or whether a data privacy bill authorizing stronger FTC regulation of the online advertising industry is required.
In the end, the new administration has expressed a desire to tackle other, larger privacy issues that purportedly affect the national economy and homeland security. For example, the Obama Web site lists several initiatives in this regard, including protecting the IT infrastructure from cybercriminals and coordinating a national cyberpolicy that works to shield federal agencies and private entities from attacks and data theft.
Moreover, the administration may look to update the federal electronic privacy, computer crime and surveillance laws, as well as examine the growing concern over the security of electronic data and computer laptops during border searches, in response to the 9th U.S. Circuit Court of Appeals ruling in United States v. Arnold . Regarding border searches of electronic devices, a bill, H. R. 239, has been introduced in the new Congress, which would, among other things, limit border searches of digital electronic devices to those under reasonable suspicion.
This article originally appeared in The New York Law Journal, a Legal affiliate . •