There’s Bipartisan Agreement that Remote ID Is Taking Way Too Long

Last week, the Department of Transportation’s Report on Significant Rulemakings revealed that the timing for issuance of the Federal Aviation Administration’s (FAA) Notice of Proposed Rulemaking (NPRM) on Remote ID for unmanned aircraft systems (UAS, or drones) had slipped again, this time from September to December 2019. Speaking at a conference in Seattle yesterday, FAA Chief Counsel Arjun Garg emphasized that the FAA remained committed to issuing the Remote ID NPRM as soon as possible, but that they “want to get it done right,” and no one would benefit from an NPRM that failed to address all of the relevant issues. 

NIST Releases a Preliminary Draft of its Privacy Framework

Slightly shy of a year from kicking off the Privacy Framework effort, the National Institute of Standards and Technology (NIST) has released a preliminary draft of the document, entitled NIST Privacy Framework:  A Tool for Improving Privacy Through Enterprise Risk Management (Draft Framework or Draft).  This Draft comes amidst a continued flurry of privacy activity at both the state and federal levels.  

Megan Brown Co-Authors National Security Institute’s New Law and Policy Paper on ‘Privacy Regulation and Unintended Consequences for Security’

Megan L. Brown, partner in Wiley Rein’s National Security, Privacy, Cyber & Data Governance, and Telecom, Media & Technology practices, co-authored a new law and policy paper published today by the National Security Institute (NSI) at George Mason University’s Antonin Scalia Law School. The paper is co-authored with NSI Visiting Fellow James B. Burchfield.

Ninth Circuit Opens the Floodgates to Privacy Litigation

On Thursday, the Ninth Circuit—in Patel v. Facebookissued an opinion in a much-watched privacy class action suit, inviting more litigation over claimed privacy violations.  The court allowed a class action suit to go forward where plaintiffs had alleged that Facebook violated Illinois’ privacy law by scanning individuals’ faces from photographs uploaded to the social network on an opt-out basis.  In a sweeping decision, the court held that the statutory violation was, itself, a concrete injury sufficient to satisfy the traditional constitutional requirement of Article III standing.  This case will grease the wheels on the deluge of no-harm privacy class action lawsuits.

CFPB Highlights Innovative Uses of Data and Machine Learning in Credit

On Tuesday, the Consumer Financial Protection Bureau (CFPB) released a noteworthy blog post providing an update on key findings about the use of alternative data for credit access in connection with the Bureau’s first no-action letter (NAL). The post, written by top agency officials, discusses a NAL that the CFPB issued in September 2017 to Upstart Network, Inc., a company with an online lending platform that utilizes “alternative data” and machine learning to make credit decisions.

NIST Releases Draft IoT Security Baseline

This week, the National Institute of Standards and Technology (NIST) released NISTIR 8259, a draft of the long awaited[1] “Core Cybersecurity Feature Baseline for Securable IoT Devices.”  The publication (the baseline draft) proposes a voluntary, flexible, minimum set of “baseline of cybersecurity features based on common cybersecurity risk management approaches as a starting point for manufacturers.”  (p. 1).  We expect it to shape standards of care and regulatory expectations for manufacturers and sellers of all connected devices. For stakeholders, and others, there are multiple opportunities for engagement.  NIST is holding a workshop on the baseline on August 13.  Comments for the baseline draft are due September 30. 

It Turns Out that Using Drones to Smuggle Drugs is Illegal

In an innovative use of existing criminal statutes, the US Attorney for the Middle District of Georgia has secured a guilty plea from a man accused of planning to use an unmanned aircraft system (UAS or drone) to smuggle marijuana into a state prison.  The crime?  A federal charge under 49 USC § 46306 (b)(6) and (c)(2), which makes it unlawful to “knowingly and willfully operate[] or attempt[] to operate an aircraft eligible for registration knowing that” the aircraft is not registered, and which imposes a five year prison sentence if the offense is “related to transporting a controlled substance by aircraft.”