Online privacy

[Commenary] On June 19, California Assemblymember Ed Chau introduced a bill to give people in that state the broadband privacy rights that they lost in Congress. This legislation has all of the key elements that are needed to protect broadband users’ privacy.

States have long recognized the importance of protecting privacy. There’s no federal law that requires commercial websites to post their privacy policies, but California and Delaware require it. There are state laws protecting the privacy of e-book users, and on biometrics, monitoring of employees’ e-mail, data security, and much more. The California Broadband Internet Privacy Act is another example of states leading the way. Consumer Federation of America strongly endorses it.

Your Wi-Fi router, sitting in the corner of your home accumulating dust and unpatched security flaws, provides an attractive target for hackers. Including, according to a new WikiLeaks release, the CIA.

On June 15, WikiLeaks published a detailed a set of descriptions and documentation for the CIA's router-hacking toolkit. It's the latest drip in the months-long trickle of secret CIA files it's called Vault7, and it hints at how the agency leverages vulnerabilities in common routers sold by companies including D-Link and Linksys. The techniques range from hacking network passwords to rewriting device firmware to remotely monitor the traffic that flows across a target's network. After reading up on them, you may find yourself itching to update your own long-neglected access point.

If you’re one of the many people filing comments on the Federal Communications Commission plan to gut network neutrality rules, be aware that your e-mail address and any other information you submit could be made public. There’s nothing nefarious going on, but the FCC’s privacy policy could lead people to believe that e-mail addresses will be kept secret if they file comments on FCC proceedings.

The commission’s privacy policy has a section titled “Comments,” which says the following: "Prior to commenting, you will be prompted to login, either by providing your e-mail address, or by linking your comment to an existing account on a popular website such as Google, Facebook, Flickr, Instagram or Twitter. While your e-mail address will not be made public, if you login with a social media service, your picture, as well as a link to your profile will be posted alongside your comment." However, this privacy policy applies not to comments on FCC proceedings but to comments on blog posts, such as those posted by Chairman Ajit Pai. When you go to submit comments on the net neutrality plan—or any other FCC proceeding—you are told the following: “You are filing a document into an official FCC proceeding. All information submitted, including names and addresses, will be publicly available via the web.”

Mounting security concerns surrounding the proliferation of wireless devices is renewing a long-running internet privacy debate. Traditional partisan rifts over regulation of private companies exploded at a hearing of the House Commerce Subcommittee on Communications and Technology.

Democrats were still steaming about repeal in late March of Federal Communications Commission’s broadband privacy rules, passed by Congress and signed by President Donald Trump, under the guise of the Congressional Review Act (CRA), aimed at eliminating regulations considered burdensome by Republicans. The FCC’s privacy rule did not outline specific security measures for ISPs but recommended they follow a cybersecurity framework set by the National Institute of Standards and Technology and gave the FCC oversight over complaints of security breaches. “When Congress repealed privacy rules in the CRA, they also removed security measures,” said Rep. Mike Doyle (D-PA), the ranking Democrat on the subcommittee. The since-repealed FCC privacy rules included a provision requiring that internet service providers take “reasonable” measures to protect user data, such as Social Security numbers and health information.

New to the Federal Communications Commission’s list of items on circulation an un-docketed item on protecting the privacy of customers of broadband and other telecommunications services; implementation of the Telecommunications Act of 1996; and telecommunications carriers' use of CPNI and other customer information.

[Commentary] The Supreme Court recently agreed to hear Carpenter v. United States, a case on whether the Fourth Amendment protects historical cell-site records. In this post, I want to focus on a small but potentially important part of the Carpenter litigation: How should an originalist Justice vote in the case?

There are many different flavors of originalism, of course, and originalist arguments often can be used to argue for different outcomes. But in this post I want to discuss one originalist argument that I think is significant. Let’s start with the obvious: The Framers could not have imagined a world of cell-site records. And the original public meaning of the Fourth Amendment is open to a wide range of interpretations at different levels of generality. With that said, the text of the Fourth Amendment does have an important clue about what the Fourth Amendment was originally understood to mean that might be important to the Carpenter case.

[Kerr is the Fred C. Stevenson Research Professor at The George Washington University Law School]

The world’s 3.6 billion internet users depend on computer algorithms to sort through the vast ocean of information available online. Algorithms follow a set of programmed instructions to transform data into a form that humans can understand, deciding everything from the content of social media feeds to the creditworthiness of borrowers. Though algorithms handle digital data, their decisions also have consequences in the analog world.

In May, a homeowner in Illinois filed a lawsuit against the real estate data website Zillow, alleging that their home value estimator tool significantly undervalued her home and impeded its sale. To protect European citizens when their data is used in “automated decisionmaking”, the European Union enacted new data protection rules last year. This kind of scrutiny may increase with a greater reliance on algorithms to make sense of online data.

Public Knowledge joined Consumer Federation of America, Center For Digital Democracy, Consumer Action, Consumer Federation of California, and Privacy Rights Clearinghouse in a letter urging Federal Trade Commission Acting Chairman Maureen Ohlhausen to protect consumer privacy.

Acting Chairman Ohlhausen has made numerous statements indicating she is eager to demonstrate the ability of the FTC to protect consumer privacy in the telecommunications sector. The 9th Circuit’s recently vacated decision allows the FTC to go forward on enforcement actions concerning the non-common carrier activities of communications providers. Addressing our complaint provides the FTC an immediate opportunity to clarify whether the FTC does or does not have the authority to protect our digital privacy. In a recent Harvard-Harris poll, 9 in 10 Americans think they have less privacy today than they did 10 years ago, and 90% agree that companies have more access to their personal information than they are comfortable with. Americans need to know what protections they can count on, and they need to know now. We encourage FTC Acting Chairman Ohlhausen to let Americans know where their online privacy protections stand by responding to our complaint.

Consumers aren’t comfortable with their data being collected by smart TVs, according to a survey conducted by Videa, Cox Media’s automated ad platform. The survey found that 48 percent of consumers said they were somewhat, mostly or completely uncomfortable with advertisers collecting Smart TV data. Only 39 percent said they are somewhat, mostly or completely comfortable with their data being collected by advertisers. The answer most given, at 21 percent of respondents, was that they were completely uncomfortable with the data collection.

[Commentary] On May 18, House Communications Subcommittee Chairman Marsha Blackburn (R-TN) introduced the BROWSER Act (H.R. 2520), legislation that would apply privacy regulations to both Internet service providers (ISPs) and edge providers (e.g., Netflix and Facebook). Most notably, the bill would require companies to obtain users' permission before sharing their sensitive information, including web-browsing history, with advertisers. The legislation is surprising, as it comes just weeks after Blackburn led the vote to repeal the Federal Communications Commission’s privacy protections for broadband subscribers. Below we unpack the BROWSER Act and take a look at what to expect in the weeks ahead.