Digital Discourse / Archives for privacy

Mobile Payments Get Currency

April 25, 2012 By

The FTC is looking at mobile payments this Thursday, an event that caps several weeks of intense attention to this innovative new technology by policymakers. In March the House Financial Services Committee and the Senate Banking Committee held hearings. And the Internet Caucus held a Congressional briefing, which I chaired.

Several years ago a study by ITIF highlighted mobile payment’s opportunities for efficiencies, growth and innovation. It wondered why it hadn’t taken off in the US, the way it had in other jurisdictions such as Japan and Korea. Since then Square, Intuit, Google, ISIS, PayPal have all ramped up their efforts to bring the new service to consumers and retailers in an attractive easy to use package. The majority of Americans will be embracing mobile payments by 2020, a Pew Internet study found last week.

The benefits are enormous. Mobile payment technology means faster checkout, more through put for merchants, the opportunity to send and receive offers and promotions, greater security, and a platform for new innovative services that haven’t been created yet.

It is worth pausing on the benefits of increased security. Unlike traditional magnetic stripe payment card transactions, mobile payments use a different security code for each transaction. Even if the transaction data is compromised, it cannot be used to make a counterfeit card that would work at the point of sale. This takes the merchant system out of harm’s way and reduces risk to cardholders. Mobile payments implemented on a smartphone can also be protected by a password or PIN number, adding barriers to illicit use of a lost or stolen phone. If asked to choose based on security, shoppers would be smart to use mobile payments over traditional cards.

Some have suggested that mobile payments create increased privacy risks because new information would be available to new players. But these risks are speculative and are being addressed in advance by market players who design their systems to be privacy-protective. They know that the market will only work on the basis of trust, careful handling of personal information, and a compelling user experience.

Mobile payment providers collect location information from their users, but only with affirmative consent. Product specific information isn’t collected at all and so cannot be added to a consumer profile to target ads. Cell phone and email information are available to mobile payment service providers at the time of sign up, but are not transferred to third parties such as retailers. Mobile payment services are savvy enough to avoid the mistake of allowing secret, undesirable acquisition of contact information by third parties. Under the Google Wallet rules, for example, contact information could not be disclosed to a retailer for marketing or advertising purposes without affirmative consent.

The privacy default for mobile payments is that consent is needed for any sharing of consumers’ personal information for marketing purposes. Industry participants have set up their systems with this requirement for consent as the default. This privacy-by-default approach renders concerns about privacy violations more theoretical than real. Mobile payment users can feel confident that they can enjoy the conveniences and added security and usefulness of mobile payments without worrying about privacy violations.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.

Share|
Filed Under: All About Mobile, Government, Mobility, Policy, Policy - Cybersecurity, Policy - Privacy, Software, Software Events Tagged With: , , ,

In Comments on NTIA Multistakeholder Privacy Process, SIIA Applauds Government’s Role as Convener; Calls for Collaboration Instead of Legislation

April 2, 2012 By

Today the Software & Information Industry Association submitted comments to the Department of Commerce regarding the National Telecommunications and Information Administration (NTIA) “Multistakeholder Process to Develop Consumer Data Privacy Codes of Conduct.”

SIIA applauds the NTIA’s process of bringing together relevant parties in order to gather their collective expertise, and reiterated its call for a collaborative, rather than legislative, approach to addressing consumer data privacy. We believe that the proposed multistakeholder process can contribute significantly to the mutual recognition of data privacy regimes, including the European Union’s proposed data protection regulations.

SIIA looks forward to actively participating on behalf of our members and the industry broadly.

In its submission, SIIA says, “As highlighted by the Privacy and Innovation Blueprint, voluntary, enforceable codes of conduct are the appropriate approach for privacy protections because they develop faster and provide more flexibility than legislation or regulation. SIIA also concurs that the Government’s role in this process is primarily as a coordinator, acting as an active convener of the many stakeholders that share the interest of continued development of the digital marketplace.”

“The Federal Trade Commission has substantial authority to take action against actors it thinks has violated its privacy policies and is able to enforce a company’s promise to abide by a code of conduct through its authority to prevent deceptive practices.  As a result, SIIA believes that the multistakeholder process can and should proceed in the absence of new privacy legislation.”

SIIA goes on to make recommendations in several specific areas, and also calls on NTIA to adhere to several key principles while undertaking the multistakeholder process, including: 1) maintaining a commitment to openness and transparency of process and decision-making; 2) ensuring that the Department of Commerce plays an active role as convener; 3) enforcing a structure that has a timeline for deliverables, clear criteria for what counts as consensus and a division that allows progress to be made in sub-groups, and; 4) ensuring a process that is open to all affected parties, but does not preclude the submission of draft documents for review by the group.

For a copy of SIIA’s complete comments to the agency, click here.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Policy, Policy - Privacy Tagged With:

SIIA Welcomes New FTC Privacy Report

March 26, 2012 By

SIIA welcomes today’s clarification of the FTC’s policies in the area of online privacy. This clarification is especially important because of the FTC’s substantial authority to bring cases against the companies it claims are in violation of its policies. SIIA has long supported a collaborative, public-private approach as the best way to ensure consumer privacy, and we cannot endorse the report’s call for new legislation. In light of the FTC’s substantial authority in this area, we do not believe there is a need for new privacy legislation.

Read today’s coverage of SIIA’s stance:

FTC Report Calls for Transparency, Stops Short on Do Not Track Law – E-Commerce Times

FTC privacy: Key excerpts from the report – Washington Post

FTC Pushes ‘Do Not Track’ Privacy Option for Consumers – National Journal

FTC Chairman: Do-Not-Track Law May Not Be Needed – PC World

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.

Share|
Filed Under: Policy, Policy - Privacy Tagged With: ,

Digital Policy Roundup: Administration Seeks Input on Data Privacy, Cyber Legislative Proposals Proliferate and NIST Releases Draft Security Guidance with Cloud and Mobile Implications

March 6, 2012 By

Administration Seeks Input on Data Privacy

As a follow-up to the release of the White House Privacy Report, the DOC National Telecommunications and Information Administration (NTIA) has formally requested comment on what issues should be addressed through the privacy multi-stakeholder process, as well as procedures to foster the development of these codes. Comments are due by March 26th.

Consistent with indications from Administration officials, the Federal Register Notice explains that while the NTIA plans to facilitate the development of enforceable codes of conduct that implement the full Consumer Privacy bill of Rights proposed in the Report, as a start to the process “NTIA seeks to conduct a privacy multi-stakeholder process focused on a definable area where consumers and businesses will receive the greatest benefit in a reasonable timeframe.”

Among the list of potential topics, the list of potential topics supplied by NTIA includes: mobile apps and associated issues, cloud computing services, accountability mechanisms, online services directed towards children and teens, trusted identity systems, such as NSTIC, and data collection from various technologies.

Cyber Legislative Proposals Proliferate

Following the release last week of a new cybersecurity legislative proposal, the Secure IT Act, offered by Sens. John McCain (R-Ariz.), Kay Bailey Hutchison (R-TX) and several other Republicans, Reps. Mary Bono Mack (R-CA) and Marsha Blackburn (R-TN) announced Monday their intention to introduce companion legislation. Sponsors have offered the legislation as an alternative to the Cybersecurity Act (S. 2105), introduced last month by Sens. Joe Lieberman (I-CT) and Susan Collins (R-ME), that would not give the Homeland Security Department the power to require critical computer systems to meet certain security standards, and both bills propose to enhance cybersecurity information sharing, reform FISMA, increase cybersecurity R&D and enhance cybercrime enforcement.

And at a time when cybersecurity is becoming an increasingly partisan issue, House E&C Subcommittee Chair Greg Walden (R-OR), in conjunction with the upcoming hearing on Wednesday, announced the formation of a bipartisan Communications and Technology Cybersecurity Working Group, which will include Reps. Lee Terry (R-NE), Anna Eshoo (D-CA), Doris Matsui (D-CA), Bob Latta (R-OH), Michael Doyle (D-PA) and Adam Kinzinger (R-IL).

NIST Security Guidance with Implications on Cloud and Mobile

Last Wednesday, NIST released a draft revision to Federal Guidelines on Security and Privacy Controls for Federal Information Systems and Organizations. Known as SP 800-53, the recent revision results from a year-long initiative to update the content of the security controls catalog and the guidance for selecting and specifying security controls for federal information systems and organizations, seeking to handle “insider threats, supply chain risk, mobile and cloud computing technologies, and other cyber security issues.” In announcing the document, NIST highlighted that “in most instances, with the exception of the new privacy appendix, the new controls and enhancements are not labeled specifically as “cloud” or “mobile computing” controls or placed in one section of the catalog. Rather, the controls and enhancements are distributed throughout the control catalog in various families and provide specific security capabilities that are needed to support those new computing technologies and computing approaches.

Indian Gov. Adopts New Localization Procurement Rule

India has recently approved a new procurement rule that imposes a preference for domestically manufactured electronic products. Specifically, the rule creates a 30% domestic content requirement on an ill-defined range of electronic products and services. Not only does the rule explicitly target laptops and computers, but it could also extend to any software, application or electronic content that the Indian government might deem to be covered. SIIA is working with other leading trade associations to urge the U.S. government to engage strongly with the government of India to rollback this protectionist policy.


Learn more about key policy developments affecting the software and digital content communities with Digital Policy Roundup.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Digital Policy Roundup, Policy Tagged With: , , ,

Digital Policy Roundup: Privacy: Administration Releases Long-Awaited Privacy Report, Highlights DNT Agreement

February 28, 2012 By

Last Thursday, The Obama Administration released its long awaited Privacy Whitepaper proposing a framework for consumer privacy in the digital age. The whitepaper calls for both a “Privacy Bill of Rights,” as well as an announcement of the Administration’s intention to lead a multistakeholder processes to implement general principles for particular sectors or contexts.

In conjunction with the release of the Report, the Administration cited an agreement by members of the Digital Advertising Alliance (DAA) to comply when consumers choose to opt out of tracking as an “example of the value of industry leadership as a critical part of privacy protection going forward.” In response to this report, SIIA issued a statement of support for the goal to adopt voluntary, industry-specific privacy guidelines while cautioning that one-size-fits-all privacy laws or regulations would inhibit innovation, without establishing the most effective privacy protection for the public.

Cloud Computing: US-China Seminar
The U.S. Department of Commerce and the Chinese Ministry of Industry and Information Technology (MIIT) will co-host a Cloud Computing Seminar under the auspices of the Joint Commission on Commerce and Trade (JCCT) Information Industry Working Group (IIWG) on April 19 in Beijing, China. The seminar presents U.S. and Chinese industry and government leaders with the opportunity to discuss trends and challenges in cloud computing in each country, including the government’s role in cloud computing promotion, business models and technologies, data privacy and cross-border data flows, and the regulatory environment for cloud computing services.

This event is being coordinated by USITO, SIIA’s partner organization in China, so please follow-up with SIIA for more information.

ACTA: EU Puts Agreement on Hold
Following the mass protests against ACTA in Europe, several EU member states, including Poland, Latvia and the Czech Republic, withdrew their intent to ratify ACTA or delayed the decision in their national parliaments. Last week, pursuant to a request by the European Trade Commissioner, the EC put the ACTA ratification process on hold and referred the treaty to the European Court of Justice to determine if it is compatible with EU law.


Learn more about key policy developments affecting the software and digital content communities with Digital Policy Roundup.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Digital Policy Roundup Tagged With: ,

Reply to Chertoff: Do Not Let the Perfect be the Enemy of the Good on Privacy and the Cloud

February 10, 2012 By

In his recent op-ed (Cloud computing and the looming global privacy battle, February 9, 2012), Michael Chertoff properly worries about privacy in the cloud. But he’s wrong to think that all problems are equally important or that they all must be solved at once.

We shouldn’t wait for harmonized privacy regimes before making progress on cross border data flows. The priority going forward should be a system of clear and simple procedures that allow global companies to comply with substantively different privacy regimes. In the absence of simple compliance procedures, millions of dollars will be spent on unnecessary bureaucratic paper shuffling instead of on productive investments that can generate economic growth and jobs. Eliminating this waste must be a priority, especially given the worldwide economic challenges.

One way forward is through international agreements that put streamlined compliance procedures in place. To accomplish this, countries have to be willing to approve data transfers across borders when companies demonstrate that they are in compliance with local rules. Mechanisms adopted by the Asia Pacific Economic Cooperation group move in this direction. Proposals tabled in the Trans Pacific Partnership trade discussions also contain this key idea. And the European Union’s proposed data protection regulation provides that compliance can be based on contracts, binding corporate rules or codes of conduct approved by single EU member regulator.

Deep integration of privacy regimes is a worthy, but distant goal. Fostering interoperability and cross border data flows are urgent immediate needs. We shouldn’t let the perfect be the enemy of the good.

Mark MacCarthy, Vice President, Public Policy at SIIA, directs SIIA’s public policy initiatives in the areas of intellectual property enforcement, information privacy, cybersecurity, cloud computing and the promotion of educational technology.

Share|
Filed Under: All About the Cloud, Cloud Computing, Policy, Policy - Privacy, Public Sector Innovation Summit, Software Tagged With: ,

Digital Policy Roundup: Facebook, Cyber Security and Small Businesses Dominate the Hill

November 30, 2011 By

Headlining the day, the FTC announced that Facebook agreed to settle the Commission’s charges that it deceived consumers. The proposed settlement requires Facebook to take several steps to enhance its privacy practices, including the terms for which it provides notice to consumers and provides for consent for information sharing, and it would require the Company to undergo privacy audits over the next two decades. The settlement underscores the need for broad privacy legislation, this is further confirmation that the FTC’s long-standing authority over unfair or deceptive trade practices is sufficient for providing thorough enforcement in the privacy arena.

Keeping the cybersecurity train moving forward in the House, and keeping consistent with the House Cybersecurity Task Force goal to address cyber on an individual basis within the committees of jurisdiction, there are two cyber developments scheduled for this week. First Intelligence Committee Chairman Mike Rogers (R-MI) and Ranking Member Dutch Ruppersberger (D-MD) will unveil new bipartisan cybersecurity legislation on Wednesday to provide the government “the authority to share classified cyber threat information on potential attacks with approved American companies.”

And on Thursday, the House Small Business Committee will hold a cyber hearing on protecting small businesses, where Phyllis Schneck, Vice President for McAfee, Inc., will be testifying on behalf of SIIA. The hearing will also include testimony from Task Force leader Rep. Mac Thornberry (R-TX), highlighting the recent recommendations of the House Task Force.

David LeDuc is Senior Director, Public Policy at SIIA. He focuses on e-commerce, privacy, cyber security, cloud computing, open standards, e-government and information policy.

Share|
Filed Under: Court Cases, Digital Policy Roundup, Policy, Security, Software Tagged With: , ,
« Older Posts
Newer Posts »