Digital Discourse / Archives for privacy

Is it Time for the FTC to Hit the Reset Button on Privacy?

March 6, 2013 By

Several years ago, my spouse was the victim of ID theft.  It was a frightening, invasive, time-consuming process to get to the bottom of what happened, and to fix it.  She is far from the only one, however, to be victimized by identity theft.

In 2012, the Federal Trade Commission received 369,132 complaints about identity theft – or 18% of all consumer complaints reported to the FTC.  This marked the thirteenth year in a row that identity theft topped the list of consumer complaints to the FTC.

Lately, the FTC has been heavily focused on issues such as “comprehensive online data collection.” And while the issues raised by data collection practices merit attention, the persistent scourge that is identity theft is receiving far less focus than it deserves.  So this begs the question, as the FTC welcomes a new Chairwoman in Edith Ramirez and establishes a new agenda for 2013:  Is it time for the FTC to hit the reset button?

The FTC has a real opportunity to refocus on what is undoubtedly a difficult issue – identity theft – a very real problem that creates a significant risk of fraud and monetary harm.  They could do this by analyzing the most pressing privacy issues facing consumers — the current online threats and vulnerabilities, the security protocols that can reduce the likelihood of identity theft, and ways that consumers can be empowered to protect themselves from identity thieves.

Yes, it is time for the FTC to hit the reset button, and focus on one of the greatest threats facing consumers today:  Identity theft.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPubPolicy.

Share|
Filed Under: Policy, Policy - Privacy Tagged With: , ,

FTC: Don’t Confuse Mobile with Personal

February 1, 2013 By

SIIA is supportive of the FTC’s effort to provide guidance for the multistakeholder approach to mobile privacy protection being led by the NTIA.

Today’s mobile guidance report from the FTC provides some useful input to that end. However, SIIA continues to strongly disagree with some of the high-level conclusions reached by the Commission. Particularly, SIIA strongly disagrees with the FTC’s conclusion that “[m]ore than other types of technology, mobile devices are typically personal to an individual, almost always on, and with the user.”

While this may be true when applied to smartphones and the model for their use today, SIIA strongly believes that this vision misses the mark for tablets, and it most certainly inaccurately portrays the evolving nature of Internet-based technology and new-age devices. On the contrary, SIIA is confident that the larger trend in technology with products and services offered seamlessly across a wide range of platforms and devices, coupled with the increasing saturation of Internet-powered devices reflects the shift to an environment where devices are less “personal” and less linked to a particular individual than personal computers.

For instance, just several years after the introduction of the tablet computer, and less than a decade after the introduction of the the modern smartphone, it is not uncommon for a household to have a wide range of internet-connected devices, with perhaps the majority of those devices being mobile devices shared by numerous users.

SIIA believes that the FTC’s fundamental misunderstanding about the increasing personalization of devices sets an inappropriate basis on which to build a foundation of privacy practices, either voluntary or mandatory. In order to develop an effective privacy framework for rapidly evolving technology, it is critical that we fully understand how this evolution is taking place, and all the opportunities that this innovation brings.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy. Follow the SIIA public policy team on Twitter at @SIIAPubPolicy.

Share|
Filed Under: Policy, Policy - Privacy Tagged With: , ,

SIIA Welcomes State Department’s Interventions on Cloud Computing and Privacy

December 14, 2012 By

Last week U.S. Ambassador to the European Union, William Kennard, addressed Forum Europe’s 3rd Annual European Data Protection and Privacy Conference, and responded to the myth that the U. S. system of government access to information is a threat to the privacy rights of citizens of the other countries. He was especially effective in rebutting concerns directed at cloud computing, where the misconception has developed that information stored in cloud computing servers can be accessed by the U.S. government without any effective privacy controls.

His intervention is a welcome attempt to set the record straight before these erroneous beliefs become widespread and entrenched.  It was accompanied the release of State Department white paper that dispels the misconceptions about the U.S. legal system and government access to information.

The fact is that the U.S. has a well-developed and established system to protect individual liberties from government intrusion.  We have a general distrust of a powerful government and are suspicious of anything that advances the growth of government power.  Our bias is in favor of a limited government that lets people chose their own good in their own way.  As a result we are far less tolerant of government intrusion into our private lives than other countries, and have set up a system whereby the U.S. extends privacy protections to non-U.S. citizens as well.

At the same time, the U.S. is more tolerant of the use of information for innovative and productive use by businesses than other countries, to our great advantage in the race for economic growth, business development and job creation.  Our system of protecting the individual privacy in the business context shows that this can be done while maintaining strong and effective protections for consumer privacy. This system also respects the rights of non-U.S. consumers established in other privacy regimes.

None of this means that the U.S. system is perfect.  We think that steps can be taken to improve the consumer privacy system for mobile app notifications and are actively working with the U.S. Commerce Department and other stakeholders on a voluntary code of conduct and an effective system of screen notices.  We have joined with others in the Digital Due Process Coalition to modernize the 1986 U.S. Electronic Communications Privacy Act, which needs updating to fit the realities of email and document storage in the cloud.

But the need for these reforms does not suggest that the current U.S. system is a threat to privacy or justifies a move away from cloud computing as a way to avoid government scrutiny.  Ambassador Kennard is to be commended for his strong defense of the U.S. approach to privacy in the cloud.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow the SIIA Public Policy team on Twitter at @SIIAPolicy

Share|
Filed Under: Policy, Policy - Cloud Computing, Policy - Privacy Tagged With: , ,

Mobile Privacy: Congress Should Give Multistakeholder Discussions More time

December 6, 2012 By

Today,  the Senate Judiciary Committee is scheduled to consider legislation sponsored by Senator Al Franken (D-MN), the Location Privacy Protection Act of 2011 (S.1223), that would require app providers to seek affirmative “opt-in” consent from consumers before using their location information.

As with all consumer privacy issues, users trust in mobile app privacy is absolutely critical.  Without consumer trust, demand stalls, innovations is stifled and neither businesses nor users interests are served.  Straight-up, a lack of trust is a lose-lose. However, multistakeholder discussions have been ongoing since June of this year, engaging a wide range of industry and civil society in an effort, led by the Department of Commerce NTIA, to develop a voluntary code of conduct for mobile app transparency in information collecting.

This flexible, consensus process is also better able to ensure that policies are not technology or platform specific.  That is, at a time of increasing convergence, where “applications” are seamlessly offered across a wide range of devices, fixed laws such as this would stifle technological evolution by creating a distinct privacy regime based on a specific type of device.

SIIA is very supportive of the effort and confident that it can succeed if given time.  Consumers and businesses are in this together, dependent on each other as this new mobile ecosystem continues to evolve.  With the right consensus-driven framework, mobile app privacy can be a win-win for users and businesses.

Rather than considering rigid legislative mandates on the mobile app industry, Congress should continue to explore how to support this industry.  The House Energy and Commerce Committee did just that earlier this year by holding a hearing focused on this innovative industry and how it can spur economic and job growth.

Recommendations are good.  Consumer self-help is good.  But the world is looking to us to show that self-regulation can work as a viable alternative to government mandates.  To allow the multistakeholder efforts on mobile transparency to falter now would confirm their belief that only the government can set the rules of the road in this area.  It is time for the industry to step up and make progress on setting its own rules of the road. If we don’t we have only ourselves to blame if state, national or international governments feel compelled to step in to protect the public.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Policy, Policy - Privacy Tagged With: ,

COPPA Rulemaking Goes Far Beyond Congressional Intent; Will Harm American Innovation

September 24, 2012 By

SIIA today filed comments with the Federal Trade Commission regarding its notice of proposed rulemaking on the Children’s Online Privacy Protection Act (COPPA). SIIA expressed significant concern that the FTC is creating a burdensome regulatory framework that goes well beyond congressional intent.

The FTC’s proposed COPPA rulemaking takes the effort to protect online privacy and turns it into a harmful barrier to American innovation. For years, we’ve worked closely with industry and government to advance online privacy and security. We’re confident that, with smart regulation and public-private cooperation, both the goal of protecting online privacy of children and the goal of business innovation can be served. Unfortunately, what we’re currently seeing from the FTC is an overly broad and unworkable regulatory framework for implementing COPPA.

To read SIIA’s full comments, please click here. In its comments, SIIA states:

“We are supportive of the goals of the Commission to protect children from third-party plug-ins, social networks and any other third party service that collects personal information.

“However, the inappropriately broad expansion of the statute’s definition of personal information, combined with the increasingly broad definitions of ‘operator’ and ‘web site or online service directed to children’… create a broad regulatory framework that dramatically exceeds the scope of COPPA and will most certainly stifle innovative Internet-based offerings-not just for sites and services directed at children under 13, but much more broadly.”

SIIA addresses six specific areas of concern:

1. Expansion of “Personal Information” to include persistent identifiers creates an unworkable regulatory construct.

2. Modification to the rule’s definition of “operator” is overly-broad, and it places an unworkable responsibility on operators of sites and services well beyond the scope of COPPA.

3. Proposal to make third parties qualify as “operators” under COPPA by creating a “reason to know” standards is an inappropriately broad expansion of the statute and impractical.

4. Requirement for operators of “child-friendly mixed audience sites” to take an affirmative step to attain actual knowledge of child users would inappropriately expand the scope of COPPA.

5. Application platforms should not be characterized as “operators” under COPPA, but the Revised NPRM leaves this unclear.

6. The broad regulatory construct proposed in the Revised NPRM is likely to challenge application of COPPA to Internet-based educational materials and services.

Ken WaschKen Wasch is President of SIIA.

Share|
Filed Under: Policy, Policy - Privacy Tagged With: ,

Mobile Privacy: Time for Collaboration, Not Legislation

September 12, 2012 By

Representative Ed Markey’s proposed mobile legislation, scheduled to be introduced today, is the wrong way to go. It would impose rigid privacy rules on the mobile industry that can only lead to stagnation and a loss of innovative dynamism.

And what a loss that would be for such a dynamic, growing industry. According to a recent study, there were over 44,000 app-related positions open in the U.S. in the last quarter of 2011, and overall, there were 45 percent more open app positions than in the previous year. Based on this number, the study found the app economy firms represented 311,000 jobs. Using a standard multiplier, this number grew to nearly a half a million jobs created by the app economy in both direct and indirect jobs since 2007.

Rather than overregulating an industry that holds such potential for economic growth, Congress should be following the House Energy and Commerce Committee’s lead in supporting the industry. The Committee is holding a hearing today focused on apps and where the jobs are.

So if legislation isn’t the answer, what should be done?  Over the summer, the National Telecommunications and Information Administration (NTIA) launched an effort to nudge stakeholders into adopting codes of conduct for mobile transparency.  SIIA was supportive of this effort and remains so.  But after several meetings it appears that things may be starting to drift. Some scheduled meetings have been postponed. Fortunately, discussions between various industry stakeholders, as well as discussion between industry and consumer watchdogs, are ongoing.

The industry needs to get the substantive mobile transparency discussion moving again, if not through NTIA action then separately.

It’s also important to remember that consumers are not passive victims.  If they think they are being abused, they have a healthy capacity for self-defense. As the New York Times wrote last week “many consumers seem to be already taking steps to guard their personal information from data-grabbing apps. A study by the Pew Research Center, released Wednesday, found that among Americans adults who use smartphone apps, half had decided not to install applications on their mobile phones because they demanded too much personal information. Nearly a third uninstalled an application after learning that it was collecting personal information “they didn’t wish to share.” And one in five turned off location tracking “because they were concerned that other individuals or companies could access that information.”

This is good.  In the absence of government mandates, and industry codes of conduct, consumers are doing some sensible things to protect themselves.  But the lack of consumer trust is troubling and can only inhibit growth in the market.  If consumers just say no, the whole industry suffers.

The FTC is trying to help with some guidance.  Last week it published its recommendations for mobile application developers, suggesting that companies seek “express agreement” for consumer data they collect and share.  Nothing is binding on companies, however, and there is no indication that these recommendations are forming the core of industry codes of conduct or best practice.

Recommendations are good.  Consumer self-help is good.  But the world is looking to us to show that self-regulation can work as a viable alternative to government mandates.  To allow the multi-stakeholder efforts on mobile transparency to falter now would confirm their belief that only the government can set the rules of the road in this area.  It is time for the industry to step up and make progress on setting its own rules of the road.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology. Follow the SIIA Public Policy team on Twitter at @SIIAPolicy

Share|
Filed Under: Mobility, Policy, Policy - Privacy, Software Tagged With: , ,

Mobile Payments Get Currency

April 25, 2012 By

The FTC is looking at mobile payments this Thursday, an event that caps several weeks of intense attention to this innovative new technology by policymakers. In March the House Financial Services Committee and the Senate Banking Committee held hearings. And the Internet Caucus held a Congressional briefing, which I chaired.

Several years ago a study by ITIF highlighted mobile payment’s opportunities for efficiencies, growth and innovation. It wondered why it hadn’t taken off in the US, the way it had in other jurisdictions such as Japan and Korea. Since then Square, Intuit, Google, ISIS, PayPal have all ramped up their efforts to bring the new service to consumers and retailers in an attractive easy to use package. The majority of Americans will be embracing mobile payments by 2020, a Pew Internet study found last week.

The benefits are enormous. Mobile payment technology means faster checkout, more through put for merchants, the opportunity to send and receive offers and promotions, greater security, and a platform for new innovative services that haven’t been created yet.

It is worth pausing on the benefits of increased security. Unlike traditional magnetic stripe payment card transactions, mobile payments use a different security code for each transaction. Even if the transaction data is compromised, it cannot be used to make a counterfeit card that would work at the point of sale. This takes the merchant system out of harm’s way and reduces risk to cardholders. Mobile payments implemented on a smartphone can also be protected by a password or PIN number, adding barriers to illicit use of a lost or stolen phone. If asked to choose based on security, shoppers would be smart to use mobile payments over traditional cards.

Some have suggested that mobile payments create increased privacy risks because new information would be available to new players. But these risks are speculative and are being addressed in advance by market players who design their systems to be privacy-protective. They know that the market will only work on the basis of trust, careful handling of personal information, and a compelling user experience.

Mobile payment providers collect location information from their users, but only with affirmative consent. Product specific information isn’t collected at all and so cannot be added to a consumer profile to target ads. Cell phone and email information are available to mobile payment service providers at the time of sign up, but are not transferred to third parties such as retailers. Mobile payment services are savvy enough to avoid the mistake of allowing secret, undesirable acquisition of contact information by third parties. Under the Google Wallet rules, for example, contact information could not be disclosed to a retailer for marketing or advertising purposes without affirmative consent.

The privacy default for mobile payments is that consent is needed for any sharing of consumers’ personal information for marketing purposes. Industry participants have set up their systems with this requirement for consent as the default. This privacy-by-default approach renders concerns about privacy violations more theoretical than real. Mobile payment users can feel confident that they can enjoy the conveniences and added security and usefulness of mobile payments without worrying about privacy violations.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.

Share|
Filed Under: All About Mobile, Government, Mobility, Policy, Policy - Cybersecurity, Policy - Privacy, Software, Software Events Tagged With: , , ,
« Older Posts
Newer Posts »