Categories

  • All
  • cybersecurity
  • data collection & retention
  • innovation
  • open Internet
  • surveillance

SB 840

Lawful Use of Drone Surveillance

Rating

2 out of 5 Rating

Our Take

This bill expands the situations under which a drone can capture images without committing a crime. Specifically, it now expressly adds telecommunications companies and insurance companies to the list of entities that are exempted from the criminal prohibition if they use a drone to capture images under the newly listed circumstances. Although this is an expansion, the changes are probably innocuous and justified in some instances. The objection we have is that the bill did not amend the law to cut back on the extent to which the border is a constitution and privacy-free zone, where law enforcement has a virtual free reign to overfly private property, take images and invade the property owners’ privacy without consent. We rate the bill a 2 since it did not remove an existing but substantial privacy problem.

Last Action

SB 840 was signed by the Governor on June 9. Effective September 1, 2017.

Link to Bill Text →

HB 3491

Defines Biometric Identifier and Protects Individual Privacy

Rating

4 out of 5 Rating

Our Take

This bill updates the definition of "biometric identifier" to include more than just iris scan, fingerprint, voiceprint, or record of hand or face geometry as is currently outlined in the Texas Government Code. It also ensures people have the ability to choose whether or not they want to provide a biometric identifier to a government agency, unless the agency has the statutory authority to bypass consent. We believe this bill makes an effort to protect privacy and gives people the power to choose what identification information they provide. Among those bills likely dead this session because of lack of floor consideration.

Last Action

HB 3491 is dead. The bill did not pass the House.

Link to Bill Text →

SB 532

Promotes Cybersecurity and Mandates Reporting on the State’s Technology Infrastructure

Rating

3 out of 5 Rating

Our Take

The bill attempts to address a significant problem. State agency information systems are not sufficiently secure from cyberattacks. While the legislation takes good steps toward addressing this problem it does so by expanding the power and authority of the Department of Information Resources, which does not have the technical expertise to oversee the problem. DIR’s practices and systems – including the site for agency reporting of breaches – are also outdated and insecure. Further, this job should have been given to some other entity that is not captured and controlled by the larger vendors and sufficiently motivated to ensure that all agency systems are indeed properly secured. The fact that oversight is given to DIR leads us to assign a lower rating than would otherwise be the case.

Last Action

Signed by the Governor on June 9th. Effective September 1, 2017.

Link to Bill Text →

HB 3274

Establishes Chief Innovation & Technology Officer for the Department of Information Resources

Rating

2 out of 5 Rating

Our Take

The House Committee substitute legislation mandates the appointment of a chief innovation and technology officer to the Department of Information Resources, where that person will oversee technology matters for the state. Overall, this is a disappointing development as the new language reduces the position to a bureaucratic appointment in an agency, and moves it from the Office of the Governor. The duties of the position outlined involve improving and overseeing state agencies' online processes and other procedures using technology. The bill states the officer shall "work to establish this state as a new frontier for innovation and technology." We'd have liked to see other duties included in this bill, such as the promotion of the state's technology industry. It's policy like this that proves Texas is not prepared to take technology serious.

Last Action

HB 3274 is dead.

Link to Bill Text →

SB 451 & HB 2551

Prohibits Local Governments from Banning Short-Term Rentals

Rating

4 out of 5 Rating

Our Take

These bills attempt to prohibit local governments from banning short-term rentals, otherwise known as the HomeAway or Airbnb bill. As strong advocates of privacy and the innovation economy in all its forms, the decision to rent a property and for how long should be that of the property owner - not government. However, this bill is not deregulatory in nature, and leaves ample opportunity for local governments to limit or even ban short-term rentals on the basis of "noise" and "nuisance". These kinds of loopholes are what governments use to determine economic winners and losers. While we'd prefer to see these vague terms eliminated or more clearly defined in an effort to limit innovation interference by local government, that may be too much. To be clear, this bill doesn't have a direct effect on technology, as short-term rentals are primarily marketed and arranged online. This bill does impact online services and how they evolve in the state, as well as technology innovation as a whole.

Last Action

These bills are dead.

Link to Bill Text →

SB 1713

Enforces Payment of State Use Taxes

Rating

5 out of 5 Rating

Our Take

This bill is an attempt to compel a host of online entities to pay local sales taxes, that have so far managed to avoid doing so. While we score this a 5, we will play close attention so as to assure the sales tax does not become an attempt to stifle innovation.

Last Action

This bill is dead.

Link to Bill Text →

HB 2087

Limits Distribution of Students’ Personally Identifiable Information

Rating

4 out of 5 Rating

Our Take

This bill has a laudable objective: the protection of student’s privacy and sensitive personal information that is gathered or used in the education context. For the most part its provisions are appropriately limited to that object and do not extend to digital services or applications outside of the formal education context. The bill also correctly incorporates and defers to federal student privacy laws and the Electronic Communications Privacy Act. Overall this is a good bill. The only issue we see is that in some places students that are not emancipated (and are therefore still without legal capacity) can nonetheless effectively waive privacy without parent involvement. In other words certain entities that have gathered or have access to student school purpose Personally Identifiable Information (PII) are allowed to use or disclose student PII through “consent” of the student alone and without the parent’s knowledge. Admittedly this is not entirely unprecedented, but it can and likely will lead to situations where the parent would have declined and may strenuously object. Despite this concern we rate the bill a 4.

Last Action

HB 2087 was signed by the Governor on June 1. Effective September 1, 2017.

Link to Bill Text →

HB 100

Prohibits Local Government from Regulating Ride-Sharing & Imposes State Regulations

Rating

4 out of 5 Rating

Our Take

This bill is one of the legislative efforts designed to prohibit local government from banning transportation network companies such as Uber and Lyft. The preemption of local regulation is laudable, but it replaces local regulation with a type of state-level regulation through the Department of Licensing and Regulation. The department does not have rate or pricing oversight, but it does oversee certain activity, including some reporting requirements. We believe the better approach would have been a purely statutory regime without administrative agency oversight. Any required reports could easily be handled through submission to the legislature and on the provider’s web site. Although we have some concerns we rate the bill a 4.

Last Action

HB 100 passed both chambers and was signed into law on May 29, 2017.

Link to Bill Text →

SB 113 & HB 3931

Prohibits Local Governments from Regulating Ride-Sharing Companies

Rating

5 out of 5 Rating

Our Take

These bills prohibits local governments from banning transportation network companies such as Uber and Lyft. Ultimately, the bill preempts entry/exit and rate regulation of transportation networking companies and other more traditional competitors, but does not simultaneously subject them to regulation by a state agency. While this is clearly a political issue waged between state and local government, we score this bill high, as the local policy was clearly an organized effort to stifle innovation in an industry that needs more competition, not protection. Our support for this bill is mostly based on the defense of innovation. Among those bills likely dead this session because of lack of floor consideration.

Last Action

These bills are dead.

Link to Bill Text →

HB 2450 & SB 1823

Extends Authority to Issue Cell Phone Warrants

Rating

1 out of 5 Rating

Our Take

These bills would expand who can issue a warrant for cell phones from judges to include magistrates (JP’s). At present only judges may do so. Under current law an officer may search a telephone or device only if it was reported stolen by the owner or possessor. This bill would allow that officer to search the device if they reasonably believe it was stolen. The bill limits the good-faith search to "only the contact list information, photographs, social media account information, and e-mail account information necessary to identify the owner of the telephone or device." HB 2450 & SB 1823 lower burdens on Law Enforcement Authorities and increases access. As an organization that has been a longtime proponent of privacy, and speaking out against government overreach, we believe this language is unnecessary and goes too far. Among those bills likely dead this session because of lack of floor consideration.

Last Action

These bills are dead.

Link to Bill Text →

SB 1203

Redefines Online Service Provider & Shortens Deadline to Respond to Legal Action

Rating

1 out of 5 Rating

Our Take

This bill is driven by special concerns relating to sex offenses. But the effort runs headlong into serious conflict with existing federal law and other state laws that are consistent with federal law and address the same topic. The original version of the law is applied only to an “Internet Service Provider” – a company that provides access to the Internet, and not to other online service providers. The expansion in coverage leads to multiple direct conflicts with the federal Stored Communications Act (codified at 18 U.S.C. Chapter 121 §§ 2701–2712) and the Texas version of the federal SCA contained in Article 18.20, Code of Criminal Procedure. It imposes standards, obligations, procedures and penalties that are different from and go beyond those in the federal and state stored communications laws. Providers are unlikely to recognize these provisions as binding and will probably claim that the bills’ provisions are vague or pre-empted to the extent they are inconsistent with the stored communications laws. The bill is unenforceable. We rate the bill at 1 only because our scoring system does not contemplate a 0 or negative scores.

Last Action

SB 1203 passed both chambers and was signed by the Governor on May 22. Effective September 1, 2017.

Link to Bill Text →

HB 2192

Mandates State Agency Security Assessments

Rating

4 out of 5 Rating

Our Take

The bill requires state agencies to conduct a self-security assessment and report every five years. The bill is similar to others filed this session. In our opinion none are as comprehensive as HB 8. Among those bills likely dead this session because of lack of floor consideration.

Last Action

HB 2192 is dead.

Link to Bill Text →

HB 1898

Mandates a Study on State Agency Digital Storage Practices

Rating

4 out of 5 Rating

Our Take

Simply mandates a study by the state on practices and costs of data storage by state agencies. While the study is a good idea, we do wish there was some consideration to the quality of the storage facilities, and security measures. As a company that is well aware of what good storage encompasses, simply having a data center isn't enough, and with our data being collected daily, these facilities should move up in significance. The bill is similar to others filed this session. In our opinion none are as comprehensive as HB 8. Among those bills likely dead this session because of lack of floor consideration.

Last Action

This bill is dead.

Link to Bill Text →

SB 1020

Creates Criminal Offenses for Cybercrime

Rating

2 out of 5 Rating

Our Take

This is the companion bill to HB 9 in the house. As we note in that analysis, the sentiment of the bill is laudable, however there are several significant problems. The bills create three new cybercrimes: electronic access interference, electronic data tampering and electronic data alteration. The electronic data tampering provisions inadvertantly outlaw cookies and beacons. The most problematic is the electronic altering portion, since it also unintentionally criminalizes virtually all Internet companies because they routinely alter the form or content of customer data while in transit in some fashion. All of the problems can be remedied while still preserving the sponsors' intent to capture third party interlopers, not service providers that operate within industry norms. Our concerns stem from consequences we believe are unintended by the authors of the bill. If our concerns are addressed, the score of this bill will shoot up dramatically. Until then, we will be following this bill closely. Among those bills likely dead this session because of lack of floor consideration.

Last Action

This bill is dead.

Link to Bill Text →

HB 9

Creates Criminal Offenses for Cybercrime

Rating

5 out of 5 Rating

Our Take

The bill will create two new criminal offenses: electronic access interference and electronic data tampering. Anyone who intentionally interrupts or suspends access to a computer system or network without the consent of the owner could be prosecuted for electronic access interference, a third-degree felony. The bill would also make altering data as it transmits between two computers in a computer network or system without the effective consent of the owner a punishable criminal offense, as well as introducing malware onto a computer or a computer network or system. The punishment for electronic data tampering would range from a misdemeanor to a felony with the punishment level based on intent, the type of system or network involved, and the amount of pecuniary loss. We had concerns with the original language of the bill, and some of its definitions, however the committee’s substitute language has addressed those concerns. Data Foundry fully supports HB 9 in its updated form.

Last Action

Passed both chambers and signed by Governor Abbott on June 12. Effective September 1, 2017.

Link to Bill Text →

HB 8

Sets Checks & Balances for State Technology Policies

Rating

5 out of 5 Rating

Our Take

Overall a very good bill that addresses a number of issues by setting checks and balances for technology policies that were largely left ignored in the past. From requiring a cybersecurity assessment and review process from a number of different agencies, to requiring the destruction of materials containing PII, this bill is essentially a housecleaning project that is finally getting the attention it deserves, and we are happy to see it with such a low bill number, so as to assure some level of commitment.

Last Action

HB 8 was signed by the Governor on June 12th. Effective September 1, 2017.

Link to Bill Text →

SB 281

Limits Collection & Retention of Biometric Identifiers

Rating

4 out of 5 Rating

Our Take

A good privacy bill, but raises some concerns regarding potential overreach. Biometrics is just another tool at the disposal of many companies, and we believe that any legislation that regulates the commercial use of biometric identifiers should be a balance between consumer protection and technological innovation. Any policy written shouldn't prohibit biometric data collection where there is no harm, and where users are notified. We hope legislators consider this when debate begins. Among those bills likely dead this session because of lack of floor consideration.

Last Action

This bill is dead.

Advocate Reviews

Link to Bill Text →

HB 1605

Mandates Cybersecurity Evaluation & Report Every 2 Years

Rating

4 out of 5 Rating

Our Take

Essentially an attempt to elevate cybersecurity in Texas by providing assessments every other year, as well as a funding mechanism to generate funding to counter a cyber security breach that would require immediate action. Earlier versions of the bill were not clear as to which agency will oversee the effort, but the authorities have been clarified as the Speaker and standing committee with primary jurisdiction over state government operations.

Last Action

HB 1605 is dead.

Link to Bill Text →

HB 788

Funding the Electric Grid Security Advisory Committee

Rating

5 out of 5 Rating

Our Take

As a companion bill, this will establish the mechanism needed to pay for the Electric Grid Security Advisory Committee created in HB 787. Among those bills likely dead this session because of lack of floor consideration.

Last Action

This bill is dead.

Link to Bill Text →

HB 787

Electric Grid Security Advisory Committee

Rating

5 out of 5 Rating

Our Take

A necessary assessment bill that should provide good data for the state to develop a protection and response plan. This bill would create an Electric Grid Security Advisory Committee to assess the electric grid in Texas and assess whether further efforts are needed to secure the electric grid and associated computer systems and networks against damage, including the threat of electromagnetic pulse or other attacks and natural threats, including solar flares.

Last Action

This bill is dead.

Link to Bill Text →

HB 106

Lawful Use of Drone Surveillance

Rating

4 out of 5 Rating

Our Take

Good bill that has some clarification concerns. This bill properly criminalizes the use of prohibited images. However, despite the "intent" element, it is not clear how much this bill would protect a person or company that publishes or otherwise distributes a prohibited image unknowingly. We would like to see language that clears this up for a higher ranking.

Last Action

This bill is dead.

Link to Bill Text →

HB 105

Excluding Internet Access from Sales Tax

Rating

5 out of 5 Rating

Our Take

Great bill that will remove Internet access service from the list of taxable services, thus making it tax free. Although it does clarify that other taxable services provided over Internet access are still taxable. Among those bills likely dead this session because of lack of floor consideration.

Last Action

HB 105 is dead.

Link to Bill Text →

SB 91

Retaining Data from License Plate Readers

Rating

1 out of 5 Rating

Our Take

There was hope this bill would be different from past attempts by placing some importance on people's privacy, but sadly that is not the case. This bill is terrible because it limits the purpose of ALPRs, and retention of information to 1 year, under the extremely vague auspices of "law enforcement purposes." Sadly this bill mirrors Russia's oppressive Yarovaya Package more than a law from Texas.

Last Action

This bill is dead.

Link to Bill Text →

SB 83

Protecting Energy Infrastructure from Cyberattacks

Rating

3 out of 5 Rating

Our Take

While a good start in the right direction, the scope of "critical infrastructure" is concerning in that the bill's language could be interpreted to also apply to private parties that self generate, rather than just those whose facilities are used to deliver power to, or over the grid. Private generators should not be required to comply with those mandates. Clarification or closing the loop will increase this rating.

Last Action

This bill is dead.

Link to Bill Text →

SB 180 & HB 305

Student Cyberbullying

Rating

2 out of 5 Rating

Our Take

While cyber bullying is abhorrent behavior, legislating this type of passion-issue tends to lead to more trouble than ever anticipated. Our concern is that this bill could lead to unchecked demands for disclosure of private information on anyone. Removing or closing the loop on privacy concerns would increase the rating dramatically. Among those bills likely dead this session because of lack of floor consideration.

Last Action

These bills are dead.

Link to Bill Text →

SB 179 & HB 306

Student Cyberbullying – Criminal Offense

Rating

2 out of 5 Rating

Our Take

While cyber bullying is abhorrent behavior, legislating this type of passion-issue tends to lead to more trouble than ever anticipated. Our concern is that this bill could lead to unchecked demands for disclosure of private information on anyone. Removing or closing the loop on privacy concerns would increase the rating dramatically.

Last Action

SB 179 passed both chambers and was signed by Governor Abbott on June 9. Effective September 1, 2017.

Link to Bill Text →