Policy Blog Templates (39)

SIIA Leads Industry Letter on Federal Cybersecurity Risk and Resilience

In a letter addressed to Executive Branch Leaders, the Software & Information Industry Association (SIIA) leads organizations in urging federal agencies to take proactive steps to reduce cybersecurity risks highlighted by the Cyber Safety Review Board’s (CSRB) review. The letter emphasizes the need for a multi-vendor approach to enhance security resilience, advocating for increased vendor diversity and the adoption of open-source software to mitigate the concentration of risk associated with single-vendor reliance, in alignment with Senators Schmitt and Wyden’s recommendations and the 2021 Executive Order on Promoting Competition in the American Economy.

Full Letter Here

Policy Blog Templates (36)

SIIA Joins Organizations in Urging Prompt U.S. Action Against Canada’s Digital Services Tax

The Software & Information Industry Association (SIIA) joined 10 other organizations in urging the U.S. to take prompt action against Canada’s imminent implementation of a three percent digital services tax (DST), which will primarily impact U.S. firms. With the DST set to become law through Bill C-59, the tax is estimated to cost U.S. exporters and the tax base up to $2.3 billion annually and lead to significant job losses. The organizations argue that the retroactive nature of the tax undermines tax certainty and deters investment, emphasizing that the USTR should initiate dispute settlement procedures under the USMCA. The letter highlights the broader negative implications of the DST on U.S. startups, small businesses, and consumers, and urges a robust response to protect U.S. business interests and uphold international tax agreements.
Policy Blog Templates (71)

SIIA Joins Organizations in Letter Urging Stronger Federal Preemption in APRA

SIIA joins organizations in urging Congress to strengthen the American Privacy Rights Act (APRA) ahead of its full Committee markup. The coalition emphasizes the need for a uniform national privacy standard, criticizing APRA for its inadequate federal preemption of state privacy laws. The letter argues that without full preemption, the legislation will contribute to the existing patchwork of state laws, causing confusion for consumers and hindering economic growth. The organizations advocate for a comprehensive federal data privacy law that fully preempts state laws to protect consumers and provide businesses with clarity on compliance.
Policy Blog Templates (17)

New Research Shows KOSA’s Long-Standing Issues Are Cause for Serious Concern

In Washington, elected officials in Congress are considering a number of bills aimed at protecting children’s privacy online. Of course, making the internet a safer place for children is a worthwhile goal, but not every kids’ online safety proposal is equal. Unfortunately, one measure that fundamentally misses the mark – the Kids Online Safety Act (KOSA) – has gained some traction in the House of Representatives, where the bill is expected to receive a markup in the House Energy and Commerce Committee this month. While it’s essential for Congress to find a solution to protect children online, it is equally important for our elected leaders to consider the ramifications of sweeping privacy legislation and fix the problem in the right way.

New research from academics at the Center for Information Technology Policy at Princeton University, the Center for Information, Technology, and Public Life at UNC Chapel Hill, and the Sanford School of Public Policy at Duke University highlights the concerns with KOSA and other child online safety legislation (COSL). As the report summarizes:

“COSL poses enormous potential risks to privacy and free expression, and will limit youth access to social connections and important community resources while doing little to improve the mental health of vulnerable teenagers. Ultimately, legislation like KOSA is an attempt to regulate the technology industry when other efforts have failed, using moral panic and for-the-children rhetoric to rapidly pass poorly-formulated legislation.”

What’s notable about this conclusion is that the authors believe that “reform of social platforms and regulation of technology is needed.” They call for a range of policy solutions, such as limits on advertising, data collection, and tools for parents and young people, which align with SIIA’s own Child and Teen Privacy and Safety Principles. They also call for rebuilding social fabric, increasing access to mental health resources, and conducting outreach. In other words, this is not a report that advocates for a hands-off approach to online safety.

One of the most serious issues with KOSA that the report highlights is the bill’s “duty of care” standard, which would require companies to take down content deemed as “harmful” to children. KOSA’s duty of care standard would be enforced by the Federal Trade Commission (FTC), putting questions about what content qualifies as “harmful” in the hands of political appointees who might enforce the bill based on their political leanings. KOSA has been met with pushback from groups like the Center for Democracy and Technology and the American Civil Liberties Union over concerns that the bill’s duty of care standard could be used to censor legitimate speech. Additionally, groups representing vulnerable communities have warned that the bill could be weaponized by bad actors to force companies to take down content from LGBTQ+ or religious groups.

And although KOSA was drafted to safeguard children’s privacy online, the bill may actually force kids and teenagers to give up personally identifiable information in order to access the internet. Experts have warned that KOSA effectively mandates age verification, which would force companies to collect more data about children than they currently do in order to identify minors and restrict content based on age. Unfortunately, that outcome is counterproductive to KOSA’s intended goal.

While leaders in Washington should support legislative proposals that promote online safety, KOSA remains a deeply flawed bill. Ultimately, lawmakers must consider how KOSA’s serious, long-standing issues pose a real threat to the problem they’re trying to solve.

Policy Blog Templates (35)

SIIA’s Letter on AI Regulation and Access Control Exemptions in Singapore

The Software & Information Industry Association (SIIA) appreciates Singapore’s efforts in AI regulation, which align with the risk-based approach of the U.S. SIIA members actively use AI across various sectors, investing significantly in its development. However, SIIA emphasizes that AI must comply with existing legal frameworks and intellectual property rights, recognizing risks like privacy and ethical concerns. While supporting many of Singapore’s AI policies, SIIA expresses concern over a proposed exemption to access control measures, fearing it could undermine licensing markets for computational data analysis and intellectual property rights, urging a careful, evidence-based approach to policy changes.