Categories

  • All
  • cybersecurity
  • data collection & retention
  • innovation
  • surveillance
  • transparency

HB 3453

Requires a Warrant for Cell Location Information, Protects Innocent Third Parties

Rating

5 out of 5 Rating

Our Take

This is the companion bill to SB 2093. It requires law enforcement to obtain a probable cause warrant before collecting cell site location information via cell site simulators (StingRays) and before collecting communications data from service providers. While the bill protects privacy and helps prevent the collection and retention of data from innocent third parties, it also helps law enforcement by establishing clear guidelines and allowing for the collection of location information in emergency situations when time is of the essence, such as Amber and Silver Alerts. The bill also makes it illegal for citizens to use cell site simulators without the consent of those whose data and communications they are intercepting. This bill has garnered support from a wide community, including crime victim advocates, privacy advocates and law enforcement.

Link to Bill Text →

SB 2093

Requires a Warrant for Cell Location Information, Protects Innocent Third Parties

Rating

5 out of 5 Rating

Our Take

This bill requires law enforcement to obtain a probable cause warrant before collecting cell site location information via cell site simulators (StingRays) and before collecting communications records from service providers. While the bill protects privacy and helps prevent the collection and retention of data from innocent third parties, it also helps law enforcement by establishing clear guidelines and allowing for the collection of location information in emergency situations when time is of the essence, such as Amber and Silver Alerts. The bill also makes it illegal for citizens to use cell site simulators without the consent of those whose data and communications they are intercepting. This bill has garnered support from a wide community, including crime victim advocates, privacy advocates and law enforcement.

Last Action

Passed the Senate

Link to Bill Text →

HB 2789

Creates a Criminal Offense for Transmission of Sexually Explicit Visual Material

Rating

1 out of 5 Rating

Our Take

This bill creates a criminal offense of unlawful electronic transmission of sexually explicit visual material. This bill is another attempt to criminalize a specific form of doxing - Internet posting of intimate graphic images without consent of the person depicted. While this kind of activity is wholly undesirable, and civil suits for privacy invasion may not provide full relief, it is highly likely this bill will be held unconstitutional for the same reason as past criminalization efforts. The bill language is likely overbroad and covers protected activity. It does not contain a requirement for intent to harm. Finally, the bill would outlaw "simulated" images or conduct because of the incorporation by reference to the current definition of "sexual conduct" in PC Sec. 21.16(3). Although "deepfake" "doxing" also presents a serious risk of embarrassment and confusion (and a "false light" privacy invasion in many jurisdictions but not Texas) this too raises constitutional concerns under Ashcroft v. Free Speech Coalition (2002).

Link to Bill Text →

SB 936

Implements a New Cybersecurity Monitor for the Electric Grid

Rating

5 out of 5 Rating

Our Take

This is one of several bills addressing the cybersecurity of the electric grid that makes salutary improvements. It implements a new cybersecurity monitor through ERCOT and the Public Utility Commission for the cybersecurity of the electric grid.

Link to Bill Text →

SB 838

Requires Large Government Agencies to Broadcast Open Meetings Online

Rating

5 out of 5 Rating

Our Take

This bill implements new standards for internet broadcasting of open meetings for executive or legislative agencies that receive appropriations of greater than $40 million a year and have 250 or more employees. This bill continues the salutary trend toward public access to streamed and stored audio/video recordings of state and local government bodies' open meetings. The coverage to only larger agencies is a minus, and may cause smaller agencies that already stream and store open meetings to quit doing so. One hopes that over time all state and local bodies subject to the Open Meetings Act are required to post, stream and store.

Link to Bill Text →

SB 782

Allows Peace Officers to View Body Camera Recordings

Rating

5 out of 5 Rating

Our Take

The bill allows a peace officer involved in an event recorded by that peace officer's body camera to access the recording prior to any required statement about the incident. This bill institutes a rational outcome, and protects due process. Peace officers should be able to view these recordings in order to refresh recollection and obtain better perspective after experiencing potentially traumatic, split second events. Peace officers should not be subjected to a "gotcha" by forcing the officer to make a statement before being confronted with impeachment or other information that might conflict with the officer's human perceptions during moments of extreme danger or stress.

Link to Bill Text →

SB 373

Requires Online Posting of Meeting Materials from Regional Mobility Authorities

Rating

5 out of 5 Rating

Our Take

This bill continues the salutary trend toward public access to streamed/stored audio and video recordings of state and local government bodies' open meetings. It requires regional mobility authorities to provide internet access to meetings of the board of directors as well as have their agenda and other materials online.

Link to Bill Text →

HB 1784

Creates a Position for State Information Governance Coordinator

Rating

5 out of 5 Rating

Our Take

This bill creates a new state information governance coordinator at the State Library and Archives Commission. The position will help ensure all state agencies comply with and increase retention and awareness of the state's record management programs. If passed, the bill will help improve records retention, security, and public access to information held by the state government.

Link to Bill Text →

HB 1700

Restricts Government Employees from Withholding Public Information on Private Devices

Rating

5 out of 5 Rating

Our Take

The bill sets new standards and parameters for public information in the possession, custody, or control of a current or former officer or employee of a governmental body and creates a criminal offense if that public information is mishandled. This bill fills a gap in the public information laws resulting from current or former government employees putting public information on private devices and avoiding disclosure in response to open record requests.

Link to Bill Text →

HB 1631

Prohibits Local Law Enforcement’s Use of Red Light Cameras

Rating

5 out of 5 Rating

Our Take

Prohibits the use of red light cameras by local law enforcement agencies and authorizes the attorney general to enforce the prohibition. It also prohibits local agencies from using any evidence from red light cameras to issue criminal or civil citations.

Link to Bill Text →

HB 904

Requires UTSA to Conduct a Study on Cyberattacks against Financial Institutions

Rating

2 out of 5 Rating

Our Take

A study and recommendations on this topic may well be appropriate. But it is not clear why the University of Texas at San Antonio (UTSA), as opposed to some other authority, oversee it. Despite the provision requiring financial institutions to cooperate and provide information, other laws may limit the extent to which financial institutions can provide personally identifiable information to a university. There may be more flexibility if the study is overseen by a consortium of regulators rather than limiting their role to consultation. The bill uses the definition of "sensitive personal information" in Section 521.053, Business & Commerce Code. This may be too limited, in that it appears to relate to sensitive information about natural persons and may not include sensitive information involving incorporated entities.

Link to Bill Text →

SB 119

Establishes Retailer State Use Tax

Rating

3 out of 5 Rating

Our Take

The bill states that a business with $100,000 or more of deliveries in the state or more than 200 transactions in the state are considered to be engaging in business in Texas. Because of court cases, this bill was inevitable. The limits seem low and may impact small businesses, but most of the newly captured entities will be primarily located in other states so this will garner additional revenue without impacting state-based small businesses. The bill will raise the price of goods to Texas residents that pay the tax. Additional sales tax revenues will be applied to property tax relief.

Link to Bill Text →

HB 353

Requires a Warrant to Obtain Cell Site Information from Providers

Rating

3 out of 5 Rating

Our Take

This bill regulates law enforcement's demands for and use of mobile service provider location information and requires a warrant. The definition of cell site information (for cell site simulators) does not properly describe how the devices work or how they are configured and used by law enforcement. The same applies to the definition of cell site simulator device. The bill would allow any "authorized peace officer" to obtain a warrant. In Texas only a few of the larger agencies actually have them, and the statute should restrict to only those that have them and have received proper training. The standard for application and grant of use is also too lenient and does not actually use a probable cause standard. The authorized period of use (90 days) is too long. There is a requirement of mandatory notice to the subject, and law enforcement cannot obtain sealed warrants. The "immediate life-threatening situation as defined by Article 18A.201" would not allow use for things like Amber or Silver Alerts. The requirements for deleting irrelevant information are too permissive for what can be kept and allow information obtained pursuant to one warrant to be used against a different person, using a "reasonable suspicion" standard that is lower than probable cause.

Link to Bill Text →

HB 352

Regulates Use of Cell Site Simulators & Requires a Warrant

Rating

3 out of 5 Rating

Our Take

This bill regulates law enforcement's use of cell site simulators and requires a warrant. We rate this bill a 3 because it is well-intentioned but flawed. Both HB 352 and HB 353 contain a definition for "cell site information" but they use that defined term for different purposes. The definition of "cell site information" is too limited. Providers derive identity and location through additional means, including by accessing the GPS capability in mobile devices. The reference to only ECS and RCS might exclude some cell companies if they are only offering basic voice service. The bill does not sufficiently distinguish between historical CSLI, real-time CSLI, prospective CSLI or tower dumps, and therefore does not address issues particular to each. The requirement to get a traditional 18.02 search warrant is cumbersome and will sometimes prevent issuance when one is appropriate. The bill does not protect innocents whose information is gathered.

Link to Bill Text →

HB 459

Mandates Video Surveillance in Day Care Centers

Rating

2 out of 5 Rating

Our Take

This bill mandates video surveillance in day care centers in each area occupied by children. It does not require day care centers to operate video recording equipment where children are not present. The bill is well-intentioned but flawed. Although it is meant to provide monitoring as a means to protect children, it could lead to victimization and harm. The bill purports to require confidentiality, but the protections are inadequate. It does not address problems created by the fact that many, if not most, video monitoring systems have built-in Internet connectivity and (like a host of IOT devices) can be easily hacked. There are no meaningful security requirements or penalties for unauthorized release or viewing.

Link to Bill Text →

HB 181 & HB 682

Establishes a Pilot Program for Digital State Identification

Rating

2 out of 5 Rating

Our Take

These bills are identical and would require the Department of Public Safety to implement a new digital identification mobile app as a pilot program. This is merely a pilot to obtain information and test the concept. The DPS rules will be key to its value and policy implications, especially in terms of security and privacy, along with concerns regarding 4th and 5th Amendment issues. If the legislation specifically forbade a requirement that the mobile app rely on biometric identifiers (that could, in turn lead to 4th and 5th Amendment concerns) the score would be higher.

Link to Bill Text →

SB 59

Allows Unmanned Aircraft to Capture Images

Rating

1 out of 5 Rating

Our Take

Unmanned aircraft licensed by the Federal Aviation Administration may capture images while delivering consumer goods as needed for "navigation" and "public safety." This bill would allow Amazon and other website commerce operators that employ drones to capture images during operation. The bill does not contain any limitations on the post-operation use of the captured images, or include any protections against privacy invasions over private property. As written the drone operator could monetize the images without restraint, and use the information gleaned from the images for any purpose. This bill would significantly contribute to Surveillance Capitalism.

Link to Bill Text →

SB 77

Restricts Use of Traffic Surveillance Cameras

Rating

5 out of 5 Rating

Our Take

This bill prohibits the use of fixed (and not hand-held) traffic surveillance technology that takes a photographic or digital image of a motor vehicle operator or license plate as a means to enforce traffic laws. The bill contains a Toll Enforcement Exemption and allows handheld or mounted devices operated by law enforcement officers and vehicles. We rate this bill a 5 because it places restrictions on how images captured from red-light cameras can be used.

Link to Bill Text →

HB 318

Requires Agencies to Live Stream Meetings

Rating

5 out of 5 Rating

Our Take

This bill requires all state agencies receiving more than $40 million in appropriations in a fiscal year to live stream their meetings and then post a recording of these meetings on their website within 7 days. We rate this bill a 5 because it provides more transparency into state government.

Link to Bill Text →

SB 78

Allows Authorities to Use Automatic License Plate Readers

Rating

3 out of 5 Rating

Our Take

This bill allows automatic license plate readers to be used on a limited basis by law enforcement agencies and municipal parking enforcement authorities. It sets parameters on how readers may be used and what must be done with the data after its use. Prohibits the sale and use of the information for commercial purposes. The bill is scored a 3 because it takes a decent stab at limiting indiscriminate law enforcement use of automatic licence plate readers and tries to prohibit commercialization of the resulting information. The score would be higher if the language on commercial use was made stronger to prevent evasion. As written it does not completely prohibit sharing of the information with large databases operated by companies like Vigilant, TransUnion and Motorola or purchase of ALR information from those databases.

Link to Bill Text →

SB 76

Creates Grid Security Council

Rating

4 out of 5 Rating

Our Take

This is the Senate companion bill to HB 400. It would create a Grid Security Council to assist and work with PUC (Public Utility Council) regarding utility network security. This bill is rated a 4 because it properly reflects increasing cybersecurity threats.

Link to Bill Text →

HB 400

Creates Grid Security Council

Rating

4 out of 5 Rating

Our Take

This bill would create a Grid Security Council to assist and work with PUC (Public Utility Commission) regarding utility network security. We rate this bill a 4 because it properly reflects increasing cybersecurity threats.

Link to Bill Text →

SB 64

Enhances State Cybersecurity Measures

Rating

5 out of 5 Rating

Our Take

This bill calls for strategies to incentivize institutions of higher ed to develop degree programs in cybersecurity. It adds "cybersecurity event" to definition of "disaster" and requires retirement system, public junior colleges to comply with cybersecurity standards. It provides information security assistance to small state agencies and local governments through DIR, provides an exception to Public Information Act to certain cybersecurity information, requires DIR to provide analysis of state agency efforts to address risks and vulnerabilities, and requires additional reporting by DIR and state agencies regarding vulnerabilities. It treats ERCOT as a state agency for purposes of cybersecurity matters and tasks PUC with additional responsibilities and oversight regarding utility cybersecurity. This bill is rated a 5 because it is a proper response to increasing cybersecurity threats.

Link to Bill Text →

HB 350

Adds to Composition of the Cybersecurity Council

Rating

4 out of 5 Rating

Our Take

Increases the composition of the Cybersecurity Council by adding "one member who is an employee of the Elections Division of the Office of Secretary of State." This bill has a score of 4 because it is a proper response to increasing cybersecurity threats and makes sense given recent concerns about election issues.

Link to Bill Text →