Privacy and security issues were top of mind for policymakers once again in 2016: the Apple-FBI battle pushed questions around encryption to the forefront; massive data breaches and cyberattacks called attention to cybersecurity issues; uncertainty around data transfers between the U.S. and EU persisted; and the heated debate around government access to digital communications thrust electronic privacy reform back into the spotlight. But even with all of these prominent debates, 2016 did not see much actual legislative movement. It’s unclear what will come to pass next year, but we are hopeful that any policies Congress or the new Administration pursue take into account the unique needs and realities of the evolving startup ecosystem.
A Big Year for Startup Policy in 2016. The Startup News Digest will be taking a hiatus over the holidays, but you can still get your startup policy fill on our blog. Yesterday, we began publishing Year in Review posts on some of 2016’s most notable debates in tech and entrepreneurship. Watch this space for reports on capital access, intellectual property, net neutrality, emerging technologies, and more over the coming days. Thanks for all of your support in 2016, and we’ll catch you in the new year!
As the Republican National Convention kicked off this Monday, the GOP also released the final draft of their party’s platform. The platform, which was written with input from the party’s base sourced via www.platform.gop, included generous mentions of issues important to the startup community.
In the months since the original Safe Harbor agreement was invalidated by the European Court of Justice, the startup community has been in legal limbo awaiting resolution. The approval of this revised trans-Atlantic data-transfer framework brings much needed certainty for American startups with European users.
As the dust settles from last week’s stunning Brexit vote, the broader tech community, which staunchly supported remaining a part of the European Union (EU), is taking stock of the potential repercussions of the decision. While the United Kingdom (UK) and the EU still have to negotiate the exact terms of the deal (assuming the British can cobble together a new government committed to the Brexit), uncertainty surrounds several key issues important to the tech community.
Today, the U.S. House of Representatives passed the widely supported, broadly bipartisan Email Privacy Act by a unanimous vote of 419-0. The bill would make long overdue updates to the Electronic Communications Privacy Act (ECPA) to bring our digital privacy laws into the 21st century. Specifically, the bill would clarify that law enforcement must obtain a warrant—except in certain clearly defined emergencies—before accessing individuals’ electronic communications.
It is hard to overstate how incredibly dangerous and foolish the Burr-Feinstein “Compliance with Court Orders Act of 2016” draft legislation is and even harder to believe it was coauthored by California’s senior senator, Dianne Feinstein, D-Calif., and Sen. Richard Burr, R-N.C.
This week, a U.S. District Court judge ruled that Apple must assist the Federal Bureau of Investigation (FBI) by providing technical assistance to help the Bureau unlock the iPhone used by one of the San Bernardino shooters. While a resolution to this litigation is far off (due to likely appeals), the case has suddenly catapulted the debate over privacy, security, and encryption into the headlines of nearly every major news outlet in the United States and beyond. And though this case is specific to Apple—the manufacturer and licensor of the hardware and embedded software—the ramifications of the final decision in the case may have a profound impact, both in the technology industry and beyond.
While this isn’t the first time that policymakers have grappled with serious questions related to encryption and digital security—just last year, the White House backed away from a proposal seeking “backdoors” into encrypted devices after a multitude of stakeholders spoke out about the dangers of such anti-security measures—it is likely the most difficult case yet involving such issues. Certainly, the FBI has a strong interest in thoroughly investigating terrorist activity and preventing such acts in the future. Technology companies also care deeply about stopping criminal activity, which is why this is such a difficult problem: though the FBI’s request is tailored to investigating a specific terrorist activity, it will ultimately weaken security standards and may lead to serious vulnerabilities that will put countless consumers at risk.
In the past, Apple has cooperated with law enforcement to unlock phones in order to gain access to information, at least when doing so was technologically feasible. This situation is slightly different, as the court order requires Apple to create an entirely new version of Apple’s operating system (OS) to allow the government to circumvent security features that Apple built into its OS to prevent brute force attacks. This software will effectively make brute force attacks on encrypted devices possible—whether it’s the FBI attempting to brute force the phone or anyone else that has access to the software. Though the FBI says it intends to use this modified OS in this situation only, the spate of high-profile hacks and data breaches over the past year (including a breach of sensitive government information) should cast doubt on any such guarantees.
And, while some may argue that Apple’s strong opposition to the FBI’s request in this case demonstrates that any future requests for similar security circumvention activities will be limited to only the most extreme circumstances, that only holds true if the company being tasked with providing access to encrypted information has the resources to mount such a robust legal challenge. The startups that are responsible for so much of the tech sector’s growth have nowhere near the legal resources needed to fight spurious requests for dangerous encryption backdoors. Establishing a precedent that obligates companies to undermine the security measures that keep millions of consumers and their data safe from criminals will only increase the chances that these security circumvention technologies are employed in spurious cases or, worse, fall into the wrong hands.
Law enforcement is fully justified in attempting to do everything possible to prevent future terrorist attacks, just as Apple is fully justified in arguing that what the FBI wants could have serious negative repercussions for the security of its users. But, the security vulnerabilities that could arise by forcing Apple to undermine the strong encryption technologies it has built into its products should make anyone think twice about establishing such a dangerous precedent.
The European Court of Justice’s rejection last October of the European Commission’s so-called “safe harbor” agreement with the U.S. forced many American startups to grapple with a difficult choice: spend considerable time and money trying to find a different mechanism to legally import EU consumer data or sit tight and hope regulators worked it out before member states started filing lawsuits. Neither option was particularly appealing, and thankfully, the EC’s announcement this morning that negotiators had reached a framework agreement on Safe Harbor 2.0 (rebranded as “Privacy Shield”) removes some of the uncertainty startups have faced over the past three months. But does this tentative framework provide the future-proof, legal certainty that is essential for startups operating in the EU?
For those of you who are just tuning in, here’s a quick refresher: the EU’s Data Protection Directive imposes certain obligations on how entities in different countries can handle data from EU consumers. To help streamline compliance, the EC and U.S. entered into an agreement that allowed U.S. companies to self-certify compliance with the Directive and thereby legally transfer data across the Atlantic. This system worked quite well in facilitating EU-U.S. data flows, until the ECJ issued a ruling in October that U.S. laws permitting the NSA to conduct mass surveillance of consumer data violated the Data Protection Directive, thereby voiding the safe harbor and opening up the door to potential legal action against companies that continued to import EU consumer data without a different legal justification.
Policymakers in the EC and the U.S. Department of Commerce promptly got to work on a new safe harbor agreement but faced considerable time pressure, as European Data Protection Agencies were set to commence enforcement proceedings against non-compliant companies if the parties could not reach an agreement by January 31. Crafting an important international agreement in such a relatively short time frame was a challenging endeavor, and as Sunday’s deadline approached, the possibility of a world without safe harbor began to set in.
For many U.S. companies that had previously relied on the safe harbor, failing to finalize a new agreement would be an inconvenience, but hardly insurmountable. Large multinationals had many alternative data transfer pathways at their disposal, like Binding Corporate Rules or Model Contractual Clauses. Others could simply set up servers overseas and process EU consumer data locally. But, these strategies were only feasible for those with enormous financial resources and a legal staff sufficient to navigate 28 different state data agencies and regulations—resources that small, cash-strapped startups just don’t have.
Consequently, startups faced a much more dire situation, and many simply had no idea how to proceed. Some mature, better-funded startups followed the lead of larger tech companies, working up model contract clauses, often at the behest of international partners that wouldn’t proceed without such agreements. Other hoped that updates to their privacy policies and consent processes would suffice, though this was something of a legal gamble and a potential disruption to business (how many consumers enjoy having to click through new popup consent forms?). Some companies, devoid of other sensible options, planned to continue business as usual, expecting that policymakers would eventually craft a solution and hoping they were too small to draw the ire of member state regulators if no agreement could be reached.
The EC’s Tuesday announcement of a “political agreement” was therefore met with cautious optimism and relief. The hard work that the EC and the U.S. Department of Commerce put in over the past few months paid off, pulling out an agreement at the eleventh hour and returning stability and some certainty to the international data flows that make the Internet work. Going forward, consumers and companies on both sides of the Atlantic should hope that this newly formulated “Privacy Shield” will provide a simple, well-defined framework for data exchange, so long as it remains in force. But this difficult experience should serve as a reminder of how the heavy burden of regulatory uncertainty often falls hardest on the smallest players. Startups that made user security and privacy a central part of their companies were nevertheless caught in an international dispute between national governments and multinational companies with few feasible options to stay square with laws that quickly became unclear. In the end, the drama surrounding Safe Harbor 2.0 is both a win for prompt, sensible policymaking and a lesson of how policy disputes can impact the startup sector in unexpected ways.
Our weekly take on some of the biggest stories in startup and tech policy.
Safe Harbor Agreement Nears Deadline. With a January 31st deadline looming, there is more pressure than ever for the U.S. and EU to wrap up negotiations around a “Safe Harbor 2.0” agreement. In a letter sent to U.S. and EU leaders last Friday, industry stakeholders emphasized that “the consequences could be enormous for the thousands of businesses and millions of users impacted” if a deal is not reached. But another setback came this week when the Senate Judiciary Committee postponed consideration of the Judicial Redress Act. The bill, which would extend rights to judicial redress to citizens of the EU and other designated countries, is seen as essential to advancing an updated safe harbor agreement. This delay makes it even less likely that a deal will be reached in time, the ramifications of which could disproportionately impact startups.
Another Proposal to Weaken Encryption. Another week, another misguided state bill seeking to weaken encryption. The legislation comes from a California Assemblymember whose proposal would prohibit the sale of smartphones in the state with unbreakable encryption. A similar New York bill requiring a “backdoor” for encrypted technologies was covered in last week's digest. In an opinion piece, Christian Dawson of the i2Coalition does a good job breaking down why policies like these would stifle the Internet economy. He writes, “If the U.S. government were to institutionalize backdoors, it would be a heavy burden to businesses, and an operational lift that would likely force a large number of small companies to shut their doors.” We couldn’t agree more.
Verizon Joins the Zero Rating Crowd. Tuesday morning, Verizon announced a new sponsored data program, FreeBee Data, renewing debate around “zero rating” programs and whether they violate net neutrality principles. Under the FreeBee program, content providers have the option to pay Verizon a fee to exempt their content from customers’ monthly data caps. Verizon is the third wireless provider to offer a cap-exempt data program—AT&T has been running a similar sponsored data program since 2014 and T-Mobile has its own video-specific service, BingeOn (which has come under intense fire in recent weeks). The FCC’s Open Internet rules don’t explicitly outlaw “zero rating” programs, but the agency reviews them on a case-by-case basis whether the service harms consumers or businesses. They recently requested meetings with both AT&T and T-Mobile on their programs, and have said that they were notified by Verizon about FreeBee. We’re tracking.
A Grim Outlook for Startup Financing? Recent turbulence in the global stock market may have an impact on 2016 startup financing, the Washington Post reported this week. Volatility in the public markets has many investors considering whether some growing tech startups have been overvalued, a concern that's "likely to trigger a wider pause, denying funds for the innovators that disrupt industries and create new markets." Not good. And while 2015 was a banner year for VC investment, with $72.3 billion going into venture-backed companies in the U.S., (the highest since the dot-com boom), activity slowed by the fourth quarter, suggesting changing investor sentiment. Further, tech IPOs were significantly down in 2015 as companies are treading cautiously into the public markets. 2016 may prove to be an especially important year for policy that promotes greater capital access.
VC Sets New Diversity Standards. Kapor Capital, a longtime leader in its commitment to diversity in the tech industry, announced a new set of standards for its portfolio companies this week. TechCrunch calls it a “a four-part roadmap for startups to foster diverse and inclusive cultures early on.” This commitment will soon become one of the terms in all Kapor’s future investment agreements. Portfolio companies will be required to establish diversity and inclusion goals, invest in tools and resources that assist in mitigating bias, organize volunteer opportunities for employees, and participate in Kapor’s diversity and inclusion workshops. Way to put their money where their mouth is!
Our weekly take on some of the biggest stories in startup and tech policy.
Obama’s Final SOTU. President Obama addressed Congress Tuesday evening in his seventh and final State of the Union, which included a few nods to the tech industry and startups, too. He remarked on some upcoming proposals from the White House, including a push to bring computer science education to more schools. The president also spoke of the country's rich history of innovation, as well as the challenges workers face in the new technology-driven economy. "In this new economy, workers and start-ups and small businesses need more of a voice, not less. The rules should work for them."
Encryption Debate Continues. A new bill was introduced in the New York State Assembly this week that would essentially disable strong encryption on all smartphones sold in the state. If passed, it would be the first state law requiring a “backdoor” for encrypted technologies—something that is not only constitutionally questionable, but also not technically feasible without undermining the security of the system as a whole. The tech industry has been pushing back against these “backdoors” at all levels of government. Just last week at a counterterrorism discussion between high-level federal officials and tech leaders, Apple CEO Tim Cook called on the administration to issue a statement defending the use of unbreakable encryption. The White House has yet to take an official position on encryption.
New Regs and Report for Ride-Sharing in NYC. The New York City Council will soon introduce new legislation regulating for-hire vehicles, the Wall Street Journal reported last week. The proposed legislation would require for-hire vehicle services such as Uber and Lyft to make their cars more accessible to the disabled, among other regulations that may address surge pricing. These new laws could be introduced as soon as next week, following today’s release of the highly anticipated traffic congestion report from the Mayor's office. The study, which examines the impact of new ride-sharing services on the city’s traffic, was commissioned by New York City Mayor Bill de Blasio last summer after proposals to cap the number of for-hire vehicles were defeated. We’ve just started digging into it, but among other things, it claims “For-hire vehicles are a vital part” of the city’s transportation mix and does not blame any one company for local congestion. We’ll be watching whether the report’s findings will influence the city council’s new legislation.
Big News for Autonomous Vehicles. 2016 is shaping up to be the year of the autonomous vehicle. At last week’s Consumer Electronics Show, a number of automakers announced their forays into this rising market. Then, on Thursday the Obama Administration unveiled plans to include $4 billion for autonomous vehicle R&D in the proposed 2017 budget. The Administration also promised to issue regulatory guidance for companies around compliance with safety standards within six months. The federal government has remained relatively hands off in this new market, but the Administration’s announcement this week represents a new level of involvement and a huge win for proponents of this growing technology.
The Size of the Sharing Economy. The results are in. A recent and first-of-its-kind poll conducted this fall found 44 percent of American adults have participated in the sharing and on-demand economy—that's over 90 million people who've booked a room on Airbnb, hopped in an Uber, or ordered groceries from Instacart. The poll also found that 22 percent of American adults have offered goods or services through these new platforms in exchange for income. And despite a spate of recent lawsuits over worker classification, the vast majority of these workers describe their experiences as positive.
The State of Computer Science. Code.org, a national organization dedicated to expanding computer science education, published its 2015 report, revealing K-12 student enrollment in computer sciences courses is growing nationwide. Today, 25 percent of U.S. schools teach computer science and programming and several major school districts including New York and Chicago have made recent pledges to the subject in every school. Computer science is also the fastest-growing AP course of the past decade.
Americans Online. Last week, the Federal Communications Commission released updated numbers on broadband access in the U.S. While the percentage of Americans with access to advanced broadband has improved over the past year, there are still 34 million Americans (or about 10 percent of the country) who lack access to broadband at sufficient speeds. While this report suggests improvements in the broadband ecosystem, more needs to be done to connect the 34 million currently cut off from broadband opportunity.
This post is one in a series of reports on significant issues for startups in 2015. In the past year, the startup community’s voice helped drive notable debates in tech and entrepreneurship policy, but many of the tech world’s policy goals in 2015, such as immigration and patent reform, remain unfulfilled. Check back for more year-end updates and continue to watch this space in 2016 as we follow policy issues affecting the startup community.
by Anna Duning and Evan Engstrom
The ever-increasing pace of technological development and expanding reach of innovative enterprises into well-regulated industries has put considerable strain on the nation’s policymaking apparatus. As new technologies (such as recreational drones) become more popular and new platforms integrate everyday activities (such as transit) with technology, policymakers are faced with difficulties in crafting forward-thinking policies or adapting existing regimes to new technologies. In 2015, we saw this phenomena play out in a variety of ways all across the country at the municipal, state, and federal levels.
New Devices, New Rules
In 2015, the drone market grew exponentially, with more than 400,000 drones sold. The increasing presence of unmanned aircrafts—and the corresponding rise in reports of rogue drones posing safety hazards to commercial aircrafts and stoking privacy concerns—prompted the Feds to introduce new regulations for recreational drones this year. The Federal Aviation Administration, along with the Transportation Security Administration, ultimately came up with a drone registry for hobbyists, requiring recreational pilots enter their devices into a new national database. Commercial drones from the likes of Google, Amazon, and even Wal-Mart are also expected to take to the skies in the new year. These companies have all been part of a lobbying effort to keep new regulations limited and reasonable.
As the age of widely-available autonomous vehicles nears (Tesla says within two years), state lawmakers are grappling with how to establish the appropriate safety and regulatory standards for what will surely be one of the most disruptive technologies deployed in recent memory. Cybersecurity, accident liability, and basic road rules are all pressing concerns. Several states have already approved the testing of autonomous vehicles with varying degrees of regulations. Most recently, California introduced proposed rules that would require a licensed driver to be present in the vehicle. This requirement could limit some of the more promising uses of these new vehicles (such as transportation for the young or disabled) and even threaten the vehicle’s safety, but the state will take comments before instituting the final standards. We’ll be monitoring closely as state governments continue craft new regulations. These new rules won’t just impact the big manufacturers, as autonomous vehicles could spawn an entirely new sector of startups creating software for these cars.
Though Bitcoin and the blockchain technology that powers it are relatively old developments by tech standards (2009!), cryptographically-secure distributed ledger technologies came to the attention of the mainstream in a big way this year, drawing interest from large financial institutions and regulators alike. While this increased scrutiny may rankle some of Bitcoin’s techno-libertarian old guard, the relatively cautious approach policymakers have taken to regulating the Bitcoin sector is a promising sign for the future growth of cryptocurrencies and blockchain technologies.
As Federal regulators have been content to monitor the development of cryptocurrencies, state policymakers have taken more proactive steps to regulate the sector. New York enacted its BitLicense rules this summer, which obligate financial intermediaries that hold or control virtual currencies on behalf of New York residents to obtain a license and follow certain customer monitoring and reporting requirements. The rules were meant to apply to just those companies that handle funds on behalf of customers and not impact software developers and entrepreneurs that don’t actually control customer money, but since the Bitcoin system looks so radically different from traditional financial systems, the rules necessarily have created some confusion as to how they will apply in practice. Fortunately, New York regulators appear to be cognizant of the need to avoid overregulating this nascent industry and will hopefully work to rectify any overbroad regulatory issues that may arise. As other states begin to consider regulations like New York’s regime (California for one debated a similar Bitcoin license bill this year before it died in the legislature), the need for a more uniform Federal standard will quickly become a priority for the sector. With more and more money pouring into blockchain startups ($500 million in 2015 alone), digital currency regulation will likely become a more pressing issue in 2016 and beyond.
The New Sharing/Gig/On-Demand Economy
No one seems to have agreed upon the best term to describe the collection of technology startups building platforms that connect customers to workers, homeowners, and drivers. Call it the sharing economy, the gig economy, or the on-demand economy; regardless, this new technology is shaking up well-established industries and the regulatory frameworks in which they’ve long operated.
Startups including Uber, Lyft, TaskRabbit, Handy, and Instacart (to name just a few) are restructuring how a wide variety of services are provided, and with that, challenging the existing labor standards that by and large rely on two narrow designations—employee or independent contractor. Many of these companies now face a slew of lawsuits about that classification, including a class action against Uber in California. Just weeks ago, Seattle became the first city in the nation to allow on-demand drivers to unionize. This legislation, too, will likely be contested in courts. The outcomes of these cases could dramatically reshape the 1099 economy and will surely impact the startups who’ve built their companies around existing worker classification rules. We’ll be paying close attention as they’re debated into 2016 and beyond.
Beyond the labor market, many of these startups are providing new (and in many ways, better, faster, and more efficient) services within highly regulated industries. This year, ridesharing companies, came up against major challenges in cities throughout the world. The New York City Council proposed rules this summer that could have put a freeze on all for-hire vehicles. Another requirement—that ride-sharing apps pass government approval before making changes—was also floated, though ultimately struck down. Meanwhile, San Francisco voted on a ballot proposition to limit Airbnb rentals in the company’s home city, a measure that ultimately failed, but cost the company $8 million to fight.
Ultimately, the trend of startups beginning to compete in heavily-regulated sectors of the economy accelerated in 2015 faster than many had predicted, resulting in an all too common struggle to fit the square peg of new innovations into the round hole of existing regulations. Not surprisingly, given the slow pace at which our nation’s regulatory bodies operate, the many policy debates that came to the fore in 2015 are nowhere near resolution. Next year will almost certainly see these policy debates escalate, and it is imperative that the startup community engage in this policymaking to ensure that the incredible potential of new technologies isn’t stifled by ill-fitting regulations.
Our weekly take on some of the biggest stories in startup and tech policy.
CISA Sneaks into Omnibus. As Congress scrambled to clear its legislative calendar before leaving DC for the year, it packed a bunch of unrelated bills together into a 2,000 page omnibus spending bill that will need to pass in order to adequately fund the government. This potpourri approach to legislation raises serious concerns about government transparency and access, as all but the most well-connected groups are effectively blocked from the closed-door dealmaking that resulted in the omnibus. This year’s omnibus produced one notably terrible outcome: the resurrection of the much-maligned Cyber Intelligence Sharing Act (CISA), which is meant to allow companies to share information on cyber attacks with government in order to help prevent future hacks. Critics argue that the bill creates more problems than it solves by jeopardizing user privacy, incentivizing companies to secretly monitor user activity, and allowing the government to obtain consumer data without a warrant. With the ECJ’s nullification of the EU/U.S. data transfer safe harbor so fresh in policymakers’ minds, it is a particularly inopportune time to pass a bill that many believe is effectively an expansion of government surveillance authority.
EU Sets New Data Privacy Rules. On Tuesday, the European Parliament and Council effectively agreed upon a negotiated version of the EU Data Protection Reform originally drafted in 2012. The measures will be formally adopted in early 2016 and go into effect in 2018. US businesses are concerned with several of the law’s provisions that make compliance challenging and also expensive. Among their concerns: Companies that violate the rules could face fines of up to 4 percent of global sales; the law also formalizes the “right to be forgotten” statute, allowing users to not only correct inaccurate personal data, but also the right to remove irrelevant or outdated information; the age of consent for data processing is set at 16 years; companies must alert authorities within three days of a reported data breach; and larger “data-processing” companies must designate a data protection officer.
An Uber Union? Seattle has become the first city in the nation to allow on-demand drivers for companies like Uber and Lyft to unionize. The legislation, passed by Seattle’s city council on Monday, is seen as a test case for the changing 21st century workforce and will likely be contested in court. While some have argued that the new policy conflicts with federal law and raises antitrust concerns, others insist that the local law has teeth. Regardless of its merits, the law further complicates the broader debate around worker classification in the emerging “gig economy” and whether policies can support both innovation and workers.
California’s New Self-Driving Car Laws. A month after a study by California’s Department of Motor Vehicles, the state released proposed rules for driverless cars. Some of the rules came as no surprise to driverless car manufacturers such as Google, Tesla, and Ford: consumers must receive special training certificates and the autonomous vehicles must meet certain cybersecurity standards. However, one proposal, if passed, could significantly impede innovations in this emerging industry. The California DMV wants a licensed driver present in the vehicle, preventing the kinds of functions—package-delivering vehicles or transportation for the blind—that could truly revolutionize transit. This rule also complicates the liability question by making the licensed driver legally on the hook for any accidents. Google, on the other hand, has thus far stated that it is willing to take responsibility for any accidents on the road. There’s still room for debate though; these rules open for public comment next month.
BingeOn? Maybe Not Says FCC. In its net neutrality rules from earlier this year, the FCC declined to enact a flat ban on “zero rating” programs whereby ISPs exempt certain data from user data caps. Instead the FCC decided to tackle such issues on a case-by-case basis. Since then, ISPs have begun to test the FCC’s willingness to regulate data exemption policies, such as T-Mobile’s Music Freedom and BingeOn plans. While T-Mobile’s programs do not implicate the most concerning net neutrality problems by allowing any music or video streaming company to take advantage of the data exemption without payment, some net neutrality advocates have taken aim at T-Mobile’s policy of throttling all video traffic regardless of whether it is a part of the BingeOn program. FCC Chairman Tom Wheeler has previously applauded T-Mobile’s programs as creative, pro-consumer innovations, but now, the FCC wants to take a closer look. With the Commission’s data cap inquiry and the DC Circuit’s pending decision on the validity of the FCC’s net neutrality, 2016 looks to be an important year for the future of the open Internet.
Drone Registration Goes Live. The Federal Aviation Administration unveiled new recreational drone requirements this week. Starting December 21, drone hobbyists must register their unmanned aircrafts and pay a $5 fee through a new FAA web page. The registration requirements represent a mostly uncontroversial attempt to maintain safety and accountability in national airspace as more and more drones populate the skies.
GOP Misses on Tech Issues. While many observers called this week’s Republican debate the most “substantive” yet, tech experts heard uninformed positions and misconstrued information on issues such as surveillance, the operation of the Internet, and encryption. For instance, Gov. Kasich inaccurately assumed that encryption prevented law enforcement from collecting information that could have foiled the San Bernardino shootings. Yet, whether encryption played any role in law enforcement’s access to important digital communications has not been confirmed. Meanwhile, Mr. Trump suggested that parts of the Internet should be “closed,” a preposterous suggestion that would not only hinder communication amongst bad guys, but also the good guys who drive ambulances, operate hospitals, and alert the world to vital information. Such superficial positions on high-impact tech policy are disconcerting - legislating these areas will require thoughtful (and, frankly, more complicated) solutions.
Prisoners Turned Coders. San Quentin State Prison just graduated 21 inmates from its tech incubator, which teaches inmates to code as well as the skills it takes to design and pitch a business to investors and peers. The program, made possible by The Last Mile organization, has become so popular that inmates are requesting transfers to San Quentin. Next up: A new program from The Last Mile will provide inmates with paid coding jobs for businesses outside prison walls.
News yesterday that a dormant and much maligned cybersecurity bill—the Cyber Information Sharing Act—had not only resurfaced but was on a fast track towards becoming law by virtue of being appended to a large spending bill came as an unfortunate surprise for the tech sector, privacy advocates, and anyone who cares in transparent policymaking. In the last few weeks of 2015, all of Congress’s remaining legislative capacity was directed towards passing the bloated mish-mash of policies known as the “omnibus.” In theory, the omnibus is a “must-pass” spending bill (“must-pass” in the sense that signing it into law is necessary in order to fund the government) that combines a number of different appropriations bills into one, streamlining what could otherwise be a tedious effort to pass spending bills piece-by-piece. But, in what has become a commonplace practice in DC, this year’s omnibus crams in piles of unrelated legislation (more than 2,000 pages in all), effectively ensuring the passage of controversial bills that would likely have faltered if exposed to the normal legislative process, public debate, or a straightforward Presidential veto.
Ultimately, this means that groups and individuals without significant influence or lobbying power often find themselves pushed out of closed-door conversations about what unrelated bills get appended to the omnibus. While this closed process doesn’t always result in terrible legislation (the removal of anti-net neutrality riders to this year’s omnibus being a prime example of good policy emerging from the omnibus mess), when bad legislation does find its way into the omnibus, it’s almost impossible to get it out. It is through just this backwards process that the ill-fated Cyber Information Sharing Act (CISA) found its way into the omnibus and on a seemingly unstoppable course towards a Presidential signature.
CISA essentially creates a framework for companies to collect and share user data with government in a way that may circumvent basic privacy protections. While the bill is supposed to help government and industry cooperate to prevent cyber attacks like the high-profile hacks that targeted Sony, Target, and the federal Office of Personnel Management, critics argue that the bill creates more problems than it solves by jeopardizing user privacy, incentivizing companies to secretly monitor user activity, and allowing the government to obtain consumer data without a warrant. By moving CISA through the omnibus, these critics have been shut out of the recent negotiations. It’s no surprise then that the language that ultimately made it into the omnibus is worse in terms of privacy protections than other iterations of the bill.
For startups, CISA’s inclusion in the omnibus is bad for a few reasons. First, enacting significant legislation via amendment to unrelated must-pass bills limits the voice of small business in government. As this becomes more commonplace, startups who do not have the resources or relationships to participate in closed-door discussions are boxed out. Second, any bill that weakens privacy protections for user data threatens to undermine consumer confidence in Internet services. This, in turn, decreases the market for startups that provide such services. Finally, considering the European Court of Justice recently invalidated a crucial safe harbor by which US companies—startups included—were permitted to import EU consumer data precisely because of US laws that gave government access to user data without any real privacy protections, pushing a bill like CISA only threatens to make things harder for US companies operating overseas.
As policymakers consider a variety of cybersecurity and privacy issues, it’s crucial that the startups and technologists that understand how key technologies actually work are a part of these conversations. Congress’s decision to move CISA through the omnibus spending bill is a move in the wrong direction for the startup sector’s participation in DC.
Our weekly take on some of the biggest stories in startup and tech policy.
Net Neutrality Has its Day in Court. The net neutrality debate that has dominated tech policy headlines for the past two years finally got its day in court last Friday. A panel of three judges from the DC Circuit heard oral arguments in the lawsuit brought by a consortium of ISPs to invalidate the FCC’s net neutrality rules. Proponents of the FCC’s rules came away from the hearing fairly optimistic. A majority of judges seemed to side with the FCC in the most crucial aspect of the dispute: whether or not the Commission had adequate authority to reclassify Internet access as a “telecommunications service.” The court pushed back more significantly on the FCC’s authority to reclassify mobile broadband and the adequacy of the notice the FCC provided about the final rules it adopted. While we remain optimistic about the Court’s ultimate decision, the net neutrality debate will almost certainly not go away when the Court issues its ruling early next year. It seems likely that the case will ultimately end up before the Supreme Court, and Congress continues to ponder whether it should pass anti-net neutrality legislation.
Feinstein Wants Tech to Report Terrorist Activity. As terrorists attempt to use Internet platforms to mobilize followers, disseminate propaganda, and coordinate attacks, working to diminish militants’ capacity to organize through social media is critical. But the Requiring Reporting of Online Terrorist Activity Act, introduced by Senator Dianne Feinstein (D-CA) earlier this week, is not the answer. The bill would require tech companies to report “any terrorist activity” that they have knowledge of to law enforcement. This obligation seems innocuous on its face, but as often happens, difficulties arise in determining how to actually apply this standard. Emma elaborates on all of the reasons the bill’s controversial (and previously rejected) framework could potentially do more harm than good here.
Computer Science in Classrooms. An education bill signed into law on Thursday acknowledges computer science as a foundational academic subject. By doing so, the bill puts computer science “on equal footing with other subjects when state and local policymakers decide how to dole out federal funds.” This new designation could potentially accelerate computer science's introduction into classrooms across the U.S. and ultimately help address the country's growing tech talent shortage.
Bill Would Cut Back H-1Bs. Senators Bill Nelson (D-FL) and Jeff Sessions (R-AL) introduced a bill this week that would reduce the number of H-1B visas available by 15,000 and also modify the way those visas are allocated—requiring they go to workers who will earn the highest wages. The H-1B program allows companies to hire foreign high-skilled employees, including those with expertise in science, engineering, and computer programming. While these visas are highly coveted within the tech industry, accounts of program abuse have galvanized members of Congress to restructure the program. “This bill directly targets outsourcing companies that rely on lower-wage foreign workers to replace equally-qualified U.S. workers,” Sen. Nelson said in a statement. While attempting to prevent bad practices by specific outsourcing companies, this bill would unduly harm the wider tech industry by further limiting global talent from contributing to U.S. companies, big and small. 2015 saw a record number of H-1B applications: 233,000 for the current 85,000 spots.
Investment Crowdfunding for Tech? Not So Fast. An article in this week’s Wall Street Journal highlighted a few of the shortcomings of investment crowdfunding, a new fundraising tool for startups made legal last month with the release of SEC rules. Those rules contain numerous burdensome requirements for companies raising equity from the crowd, potentially deterring high-growth technology startups. For instance, once a company takes on over 500 investors or grows to a certain size, it must file regular disclosures with the SEC: “It is all the pain of an IPO without the benefits of the IPO.” We’ve previously detailed some of the other issues with those rules, concluding that policymakers must continue to work to lower the cost of raising seed capital through crowdfunding or the impact of investment crowdfunding for startups will be modest.
What We Heard in Iowa: Earlier this week, Engine teamed up with the Technology Association of Iowa to discuss technology policy with Iowa entrepreneurs, caucus goers and two of the 2016 presidential candidates in Cedar Rapids. As the Cedar Rapids Gazette reported, the candidates agreed that education is “vital to innovation” but, not surprisingly, disagreed on the federal government’s role. O’Malley’s address focused on his track record as governor of Maryland. While Fiorina took a different approach, focusing on national security and technology “as a tool and a weapon” in those efforts. The forum offered a glimpse on where at least two candidates stand on a handful of important tech issues and as we look to 2016, we hope to hear a lot more.
Patent Suits Cost Universities. Universities have been getting more involved in patent reform policy and a recent Brookings article explains why. Its author also emphasizes that universities are turning observers off by engaging in offensive litigious actions, which is seen as contrary to the public mission of a university. Furthermore, it doesn’t make sense for universities to be involved in patent reform conversations since universities as a group do not have a financial interest in patenting: 87 percent of tech transfer offices operate in the red. Since there is a false belief among some that without patents there would be no innovation, it is important that the public voice of universities acknowledge “that the debate on the impact of patents on innovation is not settled and that this impact cannot be observed in the aggregate, but must be considered in the context of each specific economic sector, industry, or even market.”
Where are the Women in Tech? A new list was published on the “Best Cities for Women in Tech” and Washington, DC topped it, with women making up about 37 percent of the tech workforce (New York, NY comes in at number five and San Francisco, CA at 23). Kansas City, Missouri (at number two) was one of the only two cities in the study where women in tech don’t face a gender pay gap. Recruitment of women and underrepresented groups in the tech community remains a large part of the diversity conversation: language used in outreach and job descriptions could be turning well-qualified applicants off from even applying. One startup, Textio, is trying to address this problem with their product that “applies a form of artificial intelligence (AI) called natural language processing (NLP) to study the verbiage in documents” and can help highlight words with certain negative connotations.
Our weekly take on some of the biggest stories in startup and tech policy.
Trade Secrets Bill Resurfaces. On Wednesday, the Senate Judiciary Committee held a hearing on the Defend Trade Secrets Act (DTSA), a bill purportedly meant to help curb international trade secret theft by creating a federal cause of action for trade secret appropriation. However, like most intellectual property laws, trade secret litigation is rife with abuse as companies regularly use trade secret claims to stifle competitors and hinder employee movement. The proposed legislation would exacerbate these problems by creating an ex parte seizure procedure whereby a party can—without detailed factual inquiry and without a presentation of both sides of the case—ask a judge to seize a defendant’s property. In this regard, the DTSA goes well beyond what state trade secret law provides, making it a potent tool for incumbents to use the courts to unfairly hinder legitimate competition. And, international trade secret thieves will be able to avoid this federal law as they have avoided prior state laws by simply being outside of the US, it’s hard to see how this bill would actually address the problem it claims to address.
Net Neutrality Hearing. The DC Circuit Court of Appeals heard oral arguments today in the challenge to the FCC’s net neutrality rules. A group of telecom companies filed suit against the FCC shortly after the Commission issued its net neutrality rules this spring, arguing that the decision to reclassify violated administrative rules and exceeded the FCC’s delegated authority. While most net neutrality supporters believe that the Commission’s rulemaking is likely to withstand legal challenge, the DC Circuit is notoriously unpredictable. The hearing itself was not broadcast due to the DC Circuit’s strict rules on recording proceedings, so we’ll have to wait for reports from those in the room to get a read on how the judges received each side’s arguments. We’ll be tracking closely.
Starting Up the Broadband Economy. In an op-ed in re/code, Engine Policy Director Evan Engstrom elaborates on why policies that encourage a competitive broadband market are essential to the continued success of the startup economy. Increasing competition ensures America’s entrepreneurs can use their limited funds to build their businesses, rather than lining the pockets of a few huge incumbent providers. There is still a long way to go towards a robust, healthy Internet ecosystem. But we are working to ensure that startup voices are heard and that real reform happens now.
Trouble for ECPA Reform? The broadly supported Email Privacy Act ran into opposition from law enforcement authorities at a House Judiciary Committee hearing on Tuesday. Calls for an emergency exception and a carve out for civil agencies are nothing new, but they are preventing the committee’s chairman, Rep. Bob Goodlatte, from backing the legislation. Despite being one of the most popular bills in Congress with over 300 bipartisan cosponsors, it won’t move until Rep. Goodlatte gives the go-ahead. We’re tracking.
Add “Lobbying” to List of Startup CEO Responsibilities. Engaging with lawmakers is just another part of being a startup leader now, reports the New York Times. “In addition to knowing the language of computer code, founders are speaking the language of Washington, keenly aware of the potential regulatory battles that could be on the horizon.” In a shift from the historical status quo, startups are no longer eschewing politics, but increasingly embracing a dialogue with D.C. instead.
Patent Lawsuits Filed Set New Record. On November 30, 257 new patent litigation cases were filed—a new one day record. Furthermore, 196 of these cases were filed in the Eastern District of Texas, a notoriously plaintiff (and troll) friendly court. This is clear proof of forum shopping and further evidence that patent reform legislation should also address venue abuse. The mass amount of filings are likely tied to the fact that December 1 marks the effective date of significant changes in the Federal Rules of Civil Procedure for patent cases—i.e. going forward, plaintiffs may be required to provide more information in their initial claims.
Women in STEM. Michelle Lee, the Director of the US Patent Office, authored an op ed in which she cites a study that found that only 15% of all inventors are women. She writes, “The lack of gender parity is not just a social issue, it is an economic imperative.” In response, the Patent Office has launched, in partnership with Invent Now, an “All in STEM” initiative to get more girls interested in STEM and more women in flourishing STEM careers. Meanwhile, the latest diversity numbers from tech companies demonstrate the continuing need: women employed globally by Microsoft decreased from 29% to 26.8%.
Cities and Innovation Ecosystems. It takes years for cities to build up a “critical mass” of tech companies and workers to the likes of the Bay Area. But in some of the nation’s smaller cities, the environment has proven conducive to small companies and large companies cooperating in a way that has become engrained in the DNA of Silicon Valley—where startups are built off the API of large companies and interoperability is part of the culture. A recent report by the World Bank discusses what factors affect the growth of entrepreneurship ecosystems across different cities.
Conversations Around Capital Access. Before taking a break for Thanksgiving, Engine attended a forum hosted by the SEC on capital access issues for startups. Participants honed in on the JOBS Act rules: how they’re playing out in practice and whether there are policy modifications that could facilitate their success. Read Emma’s run-down of the discussions here.
Our weekly take on some of the biggest stories in startup and tech policy.
Encryption Debates Resurface. Last week’s terrorists attacks in Paris reignited debates over encryption. Officials suspect the attackers may have used encrypted messaging systems to coordinate the plots, (though nothing has been confirmed.) Policymakers are again considering whether the law should require tech companies create “backdoors” for law enforcement, making it easier for officials to track and disrupt threats. Many in the tech community, including Apple, have publicly opposed such backdoors for government, arguing these restricted access points could make their systems more vulnerable.
$100 Million in Grants for Tech Training. This week, White House representatives were in Baltimore to announce the expansion of its TechHire initiative with the launch of a $100 million grant competition. TechHire, which launched in March, involves education and employer partnerships in dozens of regions across the U.S., all dedicated to training, recruiting, and placing more Americans in tech jobs. Awards from this new grant will go to programs across the country that serve Americans who face barriers to entering the tech sector, whether those are educational, geographical or income-based.
Startup Equity in Highway Bill. A little known piece of startup-friendly legislation has made its way onto the highway bill, the massive federal transportation bill that lawmakers in the House and Senate are scrambling to finalize. This unrelated legislation is the RAISE Act, which would more easily allow startup employees to sell company equity to accredited investors. In October, the House passed the bill unanimously, but it hasn’t yet made its way to the Senate floor. We won’t know until December whether these new rules will remain in the highway bill - federal funding for roads has been extended to December 4 while Congress hashes out the details of the new bill.
Chicago Limits Drones. Chicago’s city council passed a bill banning certain uses of drones. The first bill of its kind, the rules will potentially hinder hobbyist use. Chicago’s ordinance, in line with FAA regulations, prohibits drones from flying above 400 feet, flying within five miles of and flying over schools, churches, hospitals, police stations, and any private property without consent. Chicago has experienced some uncomfortably close encounters with drones: one crashed Midway airport’s runway and another flew frightening close to crowds gathered at Lollapalooza.
Patent Reform will Encourage Innovation. Executive Director Julie Samuels was featured in a series of perspectives on patent reform in the Washington Post. Her perspective: if Congress does not pass patent reform legislation, patents will inhibit the innovation they set out to incentivize. Innovative inventors and young companies are being threatened by “patent trolls” that are wielding bad patents, frivolous infringement allegations, and exploiting loopholes in an expensive patent litigation system. Unfortunately, legislation that would help relieve startups and stop trolls is stalled in Congress - largely because of incumbent interests, e.g. the pharmaceutical industry (PhRMA). The bottom line: the one-size-fits-all patent system that has long worked for PhRMA is not working for software.
ICYMI: November is National Entrepreneurship Month. In other news from the White House, President Obama has issued an official presidential proclamation designating the month of November as National Entrepreneurship Month. “Since our Nation's founding, our progress has been fueled by an inherent sense of purpose and ingenuity in our people. Americans have more opportunities now than ever before to carry forward this legacy - to create something, to raise capital in creative ways, and to pursue aspirations,” states the proclamation. While we’re always celebrating the work of entrepreneurs, it’s great to see policymakers and organizations across the country rally behind them this month.
Our weekly take on some of the biggest stories in startup and tech policy.
More Eyes on EU Data Laws. Congress examined international data issues at two separate hearings this week, covering everything from cross-border data flows to U.S. surveillance reform. But the main focus was the recent EU safe harbor decision. Negotiators have until the end of January 2016 to find a replacement for safe harbor. However, businesses of all sizes are already beginning to weigh whether they should simply move their data to European servers over concerns that alternative compliance mechanisms may not be valid. We’ve noted on our blog (and others agree), forced data localization would be incredibly costly - especially for smaller companies - and would have a chilling effect on internet innovation. We’re tracking.
Pros and Cons in SEC’s Crowdfunding Rules. The release of the SEC’s long-awaited investment crowdfunding rules is a huge victory in itself: it facilitates an entirely new form of fundraising for cash-strapped startups. But, are the rules themselves any good? We’ve written previously about changes we wanted to see to the proposed crowdfunding framework, and the SEC’s rules incorporate a few of the items on our wishlist. Specifically, funding portals are now allowed to subjectively decide whether or not to list certain companies on their platforms and may take an equity stake in issuers, too. But, while the new rules ease some of the high disclosure burdens of the proposed framework, they do not go far enough to make investment crowdfunding affordable for small companies. A more detailed look here.
Comprehensive Immigration Reform: Not Happening. Earlier this week, newly elected Speaker of the House Paul Ryan confirmed a suspicion most immigration reform advocates have sensed for years now: that the House will once again refuse to consider comprehensive immigration reform legislation. “I do not believe we should advance comprehensive immigration legislation with a president who’s proven himself untrustworthy on this issue,” Speaker Ryan announced emphatically on “Meet the Press” and repeated in an op-ed Tuesday. But while we won’t expect to see immigration reform on the legislative agenda, we at least expect to hear about it in the 2016 election cycle.
Anti-Airbnb Measures Fails in SF. On Tuesday, San Francisco voters struck down a measure that aimed to curb Airbnb rentals (and those offered by other homesharing services) in their city, where the convoluted conflict between tech and housing is alive and well. Winning the the vote 55-45, Airbnb far outspent its opposition with an $8 million television, billboard, and canvassing campaign against the measure. Among the lessons learned from its victory? Airbnb representatives have said its user base of hosts and guests is willing and ready to mobilize on the company’s behalf, a movement we could see in more cities as Airbnb and other companies come up against new regulatory challenges.
Internet for Everyone in Arkansas. The Arkansas legislature has promised it will have a plan to deliver high speed broadband access to every home, business, and institution in the state by October 2016. The “call to action” was inspired by similar broadband expansion efforts in nearby states like Kentucky and Tennessee. Arkansas’ House speaker noted that broadband “has become the 4th rail of economic development. It is just as important as your transportation infrastructure, your educational and workforce infrastructure, your tax structure.” We couldn’t agree more and are pleased to see states acting to ensure all of their citizens have access this essential resource.
Former Twitter Engineer: Diversity is Difficult. An essay by a former lead engineer at Twitter is gaining momentum and attention, highlighting the challenges the tech industry continues to confront in making its workforce more inclusive. Leslie Miley recounts his efforts to increase employee diversity at the company, describing frustrating conversations with senior engineers who referred to diversity efforts as “lowering the bar.” The tipping point for Miley was when he pitched his proposal for hiring a ”Diversity Engineering Manager” and was met with suggestions from higher-ups that underscored “the unconscious tendency to ignore the complex forces of history, colonization, slavery and identity.” It was the culmination of these conversations and the refusal by leadership to acknowledge their own “blind spots” that drove Miley to leave.
Podcasting Tech Policy on a16z. Engine Executive Director, Julie Samuels, spoke with Techdirt’s Mike Masnick and the host of the Andreessen Horowitz podcast earlier this week. Together, they covered a “whirlwind tour of current policy issues in tech - from patents and IP in China to cybersecurity, privacy, and Safe Harbor in Europe…And the gig economy, talent, and immigration.” That’s a lot of tech policy, and all in under 60 minutes. Listen here!
#VetsWhoTech. In anticipation of veterans day, Engine is highlighting the success stories of veterans who’ve made strides as developers and founders in the tech industry. These stories showcase the great potential of this community to become leaders in the industry, as well as the ways in which government support for their efforts is falling short. Follow the series on Medium.