News & Insights


June 13, 2016

Data, Privacy & Security Practice Report – June 13, 2016

State Attorneys General And Consumer Advocates Push For Privacy Protections In FCC’s Set-Top Box Plan – On June 3, a group of 15 state attorneys general and the consumer advocacy group Consumer Watchdog each filed letters with the Federal Communications Commission (the “FCC”) urging the FCC to incorporate more stringent consumer protection provisions in its proposal to expand access to TV set-top boxes to thirdparty providers.

Earlier this year, on February 18, 2016, the FCC proposed a rule intended to make it easier for companies, other than cable or satellite television providers, to sell set-top boxes that can be used with consumers’ cable and satellite television services.  In its Notice of Proposed Rulemaking, the FCC observed that the consumer protection statutes that govern set-top boxes provided by cable and satellite television providers (known as multichannel video programming distributors, or “MVPDs”) do not apply to set-top boxes provided by third parties.  To address this discrepancy, the FCC proposed having the third-party providers certify to the MVPDs that their devices or software protected consumers’ privacy to the same extent that federal law requires of cable and satellite providers.  Only then would the MVPDs be required to provide television subscription information to the third-party providers.

However, this proposal quickly drew criticism.  In an April 22, 2016 comment letter, the Federal Trade Commission (the “FTC”) expressed concern that the FCC’s proposal did not do enough to protect consumers’ privacy.  Therefore, the FTC recommended that the FCC impose an additional requirement: that the third-party set-top box providers be required to provide short, easy to understand, consumer-facing statements about their promise to comply with the same privacy obligations  that apply to MVPDs.  Those public promises would then be enforceable under the FTC’s Section 5 authority if the third-party set-top box providers violated their obligations under the pledge.

Recently, Consumer Watchdog met with individuals from the FCC to discuss the set-top box plan.  While the group supports the plan to let viewers access their pay-TV programming on third-party devices, it also noted that it opened up an “enormous opportunity for abuse of consumers’ privacy by data collectors.”  For that reason, the group urged the FCC to agree to the FTC’s proposal. 

Finally, a group of 15 state attorneys general have also filed a comment letter urging the FCC to adopt the FTC’s proposal.  In their letter, the attorneys general noted that, in addition to allowing for enforcement by the FTC, requiring consumer-facing statements would enhance enforcement of any potential privacy violations as violations of state unfair, deceptive or abusive acts and practices laws.  The attorneys general also noted that it was “critical” that the FCC’s actions not have preemptive effect on state laws protecting consumer privacy.

Reporter, Ashley Guffey, Atlanta, + 1 404 572 2763,

DOJ Criminal Chief Continues Push For More Access To Encrypted Data – On June 6, 2016, during a speech at a Cybercrime Symposium co-organized by the Centers for Strategic and International Studies and the Department of Justice’s (“DOJ”) Computer Crime and Intellectual Property Section, Assistant Attorney General Leslie Caldwell continued to push for access by law enforcement to encrypted data.  In her remarks, Caldwell highlighted that public policy makers – and not the private sector – should decide whether, and to what extent, law enforcement should have access to encrypted data that could be evidence in criminal investigations.  Caldwell also reiterated the DOJ’s position that law enforcement should be able to subpoena and collect data from U.S. companies for investigations, regardless of whether the data is stored in the U.S. or abroad. 

During extensive remarks on a variety of cyber issues, Caldwell commented that while technology and the internet have provided significant benefits to the global economy, they also have brought risks that “criminals have been able to turn the advantages of the internet against us.”  She noted the threat of the development of “warrant-proof encryption, ” where a service provider has developed encryption “in a way that prevents them from producing stable, unencrypted information even if they are served with a valid court order.”  According to Caldwell, such “warrant-proof encryption” has, in many circumstances, thwarted the prosecution of crimes, and “pose[s] an undeniable and growing threat to…law enforcement’s ability to protect the American public.”  Caldwell has previously called access by law enforcement to encrypted information “essential” to national security interests.  

Concerning gaining access to data physically stored outside the borders of the U.S., Caldwell emphasized that the DOJ opposes “legislation that conditions our ability to get data based on where the data is located.”  One of the proposed reforms to the Electronic Communications Privacy Act (the “ECPA”) is called the Law Enforcement Access to Data Stored Abroad Act of 2015 (the “LEADS Act”).  If passed, the LEADS Act would limit the ability of U.S. law enforcement personnel to compel electronic communications service providers to turn over user data if doing so could run afoul of foreign law or if the data was not related to a U.S. citizen.  After passing the U.S. House of Representatives last month, the updates to the ECPA (including the LEADS Act) have stalled in the Senate Judiciary Committee.

Reporter, Ehren K. Halse, San Francisco, +1 415 318 1216,


Chris Burris Presents At Law Symposium On Sunday, June 12, Atlanta Special Matters and Government Investigations partner Chris Burris was a featured speaker at the U.S. Naval War College’s Yankee Operational Law Training Symposium.  Chris’s presentation, entitled “Between a Rock and a Hard Place: The Private Sector’s Role in Government Collection of Third Party Consumer Information,” provided government attorneys with an overview of the legal, business, and strategic issues that corporations and other private sector entities consider when faced with government requests for third party customer information.  The Yankee Operational Law Training Symposium is an annual event held at the U.S. Naval War College in Newport, Rhode Island, designed to provide training and continuing legal education to military judge advocates and civilian government attorneys.