Constitutional Challenge To PRISM Program Survives, For Now

The United States Court of Appeals for the Third Circuit has decided to allow a Fourth Amendment challenge to the National Security Agency’s “PRISM” program to proceed. In Schuchardt v. President of the United States, the court found that the plaintiff had sufficiently pleaded his standing to bring the claims, distinguishing other decisions ‒ including the Supreme Court’s decision in Clapper v. Amnesty International USA ‒ that dismissed claims based on allegations of dragnet government surveillance. But the court also noted the limits of its ruling, suggesting it does not expect the case to survive for long.

Federal Financial Regulators Propose Enhanced Cybersecurity Standards

The Federal Reserve System, the Comptroller of the Currency, and the Federal Deposit Insurance Corporation have jointly issued an advance notice of proposed rulemaking regarding enhanced cybersecurity standards for large and interconnected financial institutions. The standards aim at increasing the resilience of these institutions, as well as reducing the impact on the financial system as a whole in the event of a cyber-attack. The proposal addresses five categories of cyber standards: cyber risk governance, cyber risk management, internal dependency management of business assets, external dependency management of interconnections with outside suppliers, and incident response, cyber resilience, and situational awareness. Comments on this proposal are due January 17, 2017.

UK Surveillance Tribunal Finds Lack Of Public Disclosure Can Invalidate Bulk Surveillance

The UK Investigatory Powers Tribunal ("IPT"), an independent court established in 2000 to hear complaints about surveillance by UK public authorities, decided, in a case brought by Privacy International, that bulk surveillance by UK intelligence services violated UK and European law until 2015, because the existence of the bulk surveillance had not been disclosed to the public. In practice, the IPT's decision does not require UK authorities to restrict their bulk surveillance practices more strictly than they currently do. But it does state an important principle that undisclosed surveillance powers are not consistent with European law.