February 1, 2023

Volume XIII, Number 32

Advertisement

January 31, 2023

Subscribe to Latest Legal News and Analysis

January 30, 2023

Subscribe to Latest Legal News and Analysis

Blockchain Developers Urge Congress – Be Bold About Data Privacy and Security

Crypto is dead or on life support, waiting for regulation to rid it of ‘crypto contagion.’  Meanwhile, blockchain technology – the virtual, public ledger technology that records crypto transactions – is very much alive, as evidenced by emerging applications in the healthcare, transportation, and real estate industries.1

Even crypto skeptics who mockingly blame “magical thinking” for infecting a generation of investors agree, at a minimum there is a potential legitimate use of crypto “as part of new payment systems using blockchain technology” for such things as “sending money internationally more efficiently and cheaply than current systems.”2 

For these and related reasons, last week twenty-eight technology organizations, including various blockchain alliances, implored US Lawmakers “for the sake of freedom and democracy” to defend privacy for everyday people, asserting that software developers in the US are “being chilled by clumsy, misguided legislative and regulatory actions.”3  

To be clear, it’s not as though lawmakers have been sitting on their hands.  In 2021, at least 45 states introduced or considered more than 250 data privacy and security bills, and 36 states enacted such bills.  In 2022, thirty-seven states addressed pending legislation regarding cryptocurrency, digital or virtual currencies and other digital assets.4  

In their letter, however, open source and decentralized project leaders focused not only on the right to privacy but also “the right to code” and asked lawmakers to:

  1. Oppose legislation that criminalizes writing code for privacy-preserving tools,

  2. Support tools that give individuals and communities control of their data,

  3. Allow for encryption and anonymity vs. pro-surveillance protections, and

  4. Encourage tools that safeguard data privacy and security. 

These are not new concerns.  On March 9, 2022, some of these were emphasized in the Executive Order on Ensuring Responsible Development of Digital Assets, which sought to ensure “that digital asset technologies and the digital payments ecosystem are developed, designed, and implemented” with privacy and security in their architecture.5 

The Executive Order also encouraged the heads of relevant agencies such as the Federal Trade Commission (FTC), “to ensure that digital assets do not pose undue risks to consumers, investors, or businesses, and to put in place protections as a part of efforts to expand access to safe and affordable financial services.”

On September 16, 2022, the White House went a step further, releasing a fact sheet titled First-Ever Comprehensive Framework for Responsible Development of Digital Assets which seeks to ensure similar rights to those being sought by the blockchain developers in their letter to lawmakers: “protect national security, respect human rights, and align with democratic values.”6  

In addition, the White House asked the FTC again to pursue enforcement actions against unlawful practices and to redouble its efforts to monitor consumer complaints and enforce against unfair, deceptive, or abusive practices.  Just over a month later, the FTC announced a decision it said would have a “100% chance of far-reaching” impact.7 

On October 24, 2022, the FTC announced a settlement against online alcohol delivery platform, Drizly, and its CEO for a data breach that exposed the information of 2.5 million consumers.  Drizly is relevant to the Executive Order and the Fact Sheet because it provides a roadmap for how to be bold about data privacy and security for open-source technology.

As highlighted in its press release, the FTC settlement with Drizly follows a recent FTC trend of “requiring a firm to minimize data collection” – to ensure companies only collect what they need – and a recent notice of proposed rules for commercial surveillance, “the business of collecting, analyzing, and profiting from information about people.”8 

As in Drizly, US lawmakers and technology organizations should be bold by at least adopting the conditions deemed necessary to anticipate the ‘technological shifts’ that impact the ‘right to code’ by doing the following:  

  • Implementing practices that reduce or prohibit the collection of consumer data that is not necessary for pre-specified business purposes;

  • Implementing a comprehensive security program that includes multifactor authentication and prevention mechanisms for unsecured data;

  • Implementing practices covered in past decisions which have emphasized conducting regular risk assessments and incident response planning; and

  • Creation of a public retention schedule for certain types of data, including timeframes for the eventual deletion of stored data.

At a minimum, organizations should adhere to the mandate included in recent FTC decisions that require organizations, “in light of any changes to operations or business arrangements” or “new or more efficient technological or operational methods,” to evaluate and adjust their security programs to address new and related risks.9 


FOOTNOTES

1  See, e.g., https://shelterzoom.com/https://dimo.zone/, and https://www.revvy.tech/.

2 Cryptocurrency – Cryptoscam – Why Regulation, Deposit Insurance, and Stability Matter by George Sutton (https://www.utahbar.org/wp-content/uploads/2023/01/2023_FINAL_01_Jan_Feb.pdf (at pages 18-26).  

3  https://www.fightforthefuture.org/news/2023-01-09-open-letter-for-the-sake-of-freedom-and-democracy-incoming-lawmakers-must-defend-privacy/

4  https://www.ncsl.org/research/financial-services-and-commerce/cryptocurrency-2022-legislation.aspx

5  https://www.whitehouse.gov/briefing-room/presidential-actions/2022/03/09/executive-order-on-ensuring-responsible-development-of-digital-assets/ 

6  https://www.whitehouse.gov/briefing-room/statements-releases/2022/09/16/fact-sheet-white-house-releases-first-ever-comprehensive-framework-for-responsible-development-of-digital-assets/ 

7  https://www.jdsupra.com/legalnews/ftc-announces-decision-with-a-100-9442008/  

8  https://www.ftc.gov/news-events/news/press-releases/2022/08/ftc-explores-rules-cracking-down-commercial-surveillance-lax-data-security-practices

9  https://www.ftc.gov/system/files/ftc_gov/pdf/2023185-drizly-combined-consent.pdf

© Polsinelli PC, Polsinelli LLP in CaliforniaNational Law Review, Volume XIII, Number 24
Advertisement
Advertisement
Advertisement

About this Author

 Matt A. Todd Houston Intellectual Property Lawyer Polsinelli
Shareholder

Matt Todd is an IP attorney at Polsinelli's Houston office. He counsels his clients on the impact of IP on all aspects of their businesses, from branding and marketing to growth, capitalization, e-commerce and privacy issues. 

Throughout his career, Matt has demonstrated his technological and legal skill in all aspects of domestic and international patent, trademark and copyright use, registration, enforcement, licensing and merchandising. In particular, he has significant experience in drafting and negotiating technology, IT, telecommunication...

713-374-1650
Romaine C. Marshall Shareholder Polsinelli PC
Shareholder

Data has been called the new oil or new gold, and the lifeblood of many organizations. Romaine helps organizations protect their data, continuity and reputations, from cybersecurity and data privacy incidents.

As a technology and data lawyer, Romaine has represented organizations during litigation involving injunction hearings, bench and jury trials, and investigations relating to data breaches, malware attacks, crypto and digital asset fraud, security misconfigurations, social engineering and other exploits. As organizations implement...

801-999-3505
Advertisement
Advertisement
Advertisement