![Default Article Featured Image_laptop-newspaper-global-article-090623[95].jpg](https://images.contentstack.io/v3/assets/bltd4dd5b2d705252bc/blt61f52659e86e1227/64ff207a8606a815d1c86182/laptop-newspaper-global-article-090623[95].jpg?width=3840&quality=75&format=pjpg&auto=webp)
As Sen. Joe Simitian (D-Palo Alto) approaches his term limit in California’s State Senate this year, he says it will be essential that his legislative peers who remain pick up the proverbial privacy torch. It’s a cause he’s spent a considerable amount of time on during his legislative career, after all. But he notes some concern that privacy is becoming less of a legislative focus in California.
Those who’ve worked closely with Simitian during his 12-year tenure say they will particularly miss his ability to take seemingly abstract privacy concerns and present them as “these-affect-you-everyday” problems to his legislative peers, and they agree that others will need to pick up the slack.
“As I walk out the door, there are fewer members today than a few years ago who are spending significant time on these privacy issues,” Simitian says.
Championing privacy efforts wasn’t necessarily something Simitian set out to do when he was first elected. But a significant focus on privacy issues at the time he entered the legislature in 2000 and his subsequent work chairing a select committee on privacy allowed Simitian to do some exploring on the topic. By virtue of being “a Silicon Valley guy,” Simitian found that the privacy issues of the day were of particular interest to him.
“It was both a fascinating and challenging venue, frankly, to work on privacy issues. One thing led to another, and I built on that body of work,” Simitian explains.
He would go on to draft or pass legislation on topics including online privacy, anti-spam, identity theft and RFID, among others.
Simitian’s Senate term began in 2004 when he was elected to represent California’s 11
th
District, which includes portions of San Mateo, Santa Clara and Santa Cruz. In that time, and in the years prior when he served as a state assemblyman, he passed privacy bills on issues ranging from library records to electronic toll collection to malicious e-personation. Simitian was perhaps most notably responsible for AB 700 (the twin companion of SB 1386), which would lay the foundation for data breach notification legislation in almost every other state in the nation. It required entities with databases of sensitive personal or financial information to disclose when a breach occurred. It was that work which won him the recognition in 2003 as one of “Scientific American’s 50” leaders in science and technology.
The 2011 Data Breach Notification Law built on that earlier effort and
“core content” requirements for data breach notification, including that those affected be informed of such details as the type and time of the breach as well as the phone number of the credit reporting agencies those affected may turn to for help. The bill also required public agencies and individuals “to send an electronic copy of the breach notification to the attorney general and the California Office of Privacy Protection” if more than 500 are affected.
Prior to that, Simitian gained recognition among privacy advocates for passing bills such as AB 1219 in 2001, which established procedures for victims of identity theft, 2010’s Electronic Toll Collection Privacy, which established protections for drivers’ data, and 2009’s Education Data Access, which protects student privacy while allowing researchers and others to access data, among others.
Though California’s constitution provides individuals with the right to privacy, it was at times difficult to convince legislators of privacy’s significance, especially stacked up against competing priorities, Simitian recalls.
“One thing I’ve learned is that it’s difficult but important to make these issues more tangible for both the public, but also for members of the legislature to wrap their arms around,” Simitian says. “For a lot of people, these issues are abstract, and to be an effective advocate on privacy issues, you have to make these issues real and tangible in a legislative context but also in terms of working with the public and helping them understand the news.”
Lobbyist Lenny Goldberg, who’s worked with Simitian on “virtually every one of his privacy issues,” recalls one time that Simitian did just that.
At the time, Simitian was pushing for an RFID bill in the midst of state plans to equip driver’s licenses with RFID tags, but he struggled to generate support for a cause with seemingly little relevance.
Calling upon a local hacker, Simitian handed over a couple of his colleagues’ RFID cards and, within seconds, the cards were handed back to him.
“I’m done,” the hacker says. Having used a laptop computer and some blank ID cards, he had gained access to the same access points as Simitian and his legislative peers.
Summoning a nearby security agent, Simitian and the hacker tested the experiment at a restricted-access point. Flashing one of the cloned cards in front of the RFID scanner, the door popped open.
When Simitian brought the cloned cards and the story of his experiment to the Senate floor to illustrate the risks inherent in RFID technology, his peers expressed doubt at the experiment’s legitimacy, arguing that it had been controlled and wasn’t likely in real-life situations. In response, Simitian had the hacker walk the hallways of the legislature, randomly scanning cards without contact.
“The guy was able to drive right into the members’ parking lot with a conned ID,” Goldberg recalls, emphasizing, “The Capitol Garage, which is supposed to be secure.”
It’s this sort of show-don’t-tell tactic that makes Simitian great at gaining support and momentum, Goldberg says.
“He made it very real. That’s one thing with these privacy issues, they can be very abstract and there’s this attitude of, ‘You have no privacy, get over it.’ Joe was always able to hone in on specifics and make these issues real for members.”
“He really has a knack for doing that,” adds Valerie Small Navarro of California’s American Civil Liberties Union. “It’s hard to bring some of these concepts to life instead of this sort of cerebral, ‘This is important, you should care about it.’ In terms of consumer privacy rights, he’s one of the privacy champions and gurus.”
The RFID stunt gained Simitian and the topic some publicity and led to meaningful talks with industry, Goldberg says, but in the end, Gov. Arnold Schwarzenegger vetoed the bill at the urging of a powerful tech company.
Lee Tien of the Electronic Frontier Foundation (EFF), who’s worked closely with Simitian over the years, says the EFF has always found the senator to be a “very thoughtful legislator” and, as Silicon Valley’s representative, a natural fit when it comes to privacy and technology issues.
The EFF most recently worked with Simitian on a bill to protect the privacy of data collected by law enforcement and other government agencies using license plate recognition technology.
In California, there’s significant pressure to promote technological innovation in order to foster a healthy economy, Tien notes, but the trick is to balance the benefits technology delivers with consumer privacy rights—a thin line Simitian has walked well.
“He’s been a pretty forceful advocate,” Tien says.
Deirdre Mulligan, a professor of law at the UC Berkeley School of Information, says Simitian is a “visionary” on privacy and a “phenomenal public servant.” Her path crossed his when the two worked together on Simitian’s data breach notification law in the early 2000s, while Simitian was still an assemblyman. He was exploring facts and conducting hearings ahead of proposing the legislation and sought Mulligan’s advice.
“He was at the forefront of being able to move public policy goals in really constructive and innovative ways,” Mulligan says. “Many of the things he’s done ended up being incredibly important, especially with data breach notification laws, which have caught on internationally.”
“His departure will be mourned,” adds the ACLU’s Navarro, who’s worked with Simitian on a number of initiatives, including license plate technology, cab surveillance cameras and RFID tags. “Privacy really is not a Republican or Democratic issue. Especially in California, it’s a fundamental issue for everyone. I think people will step up to the plate, but he came to it with just a passion, a vigor and an enthusiasm.”
“It’s definitely the case that you need to have these kinds of privacy champions in the legislature,” says the EFF’s Tien. “We’re going to have to hope that other legislators will take up that challenge.”
He added that as long as privacy issues are hitting the headlines, legislators will continue to take interest.
“The question is, how well can they actually execute?”
