Over a decade ago, President Clinton ordered the Department of Defense to discontinue “Selective Availability”, the intentional degrading of the civilian Global Positioning System signal, in an effort to allow all businesses and residents in America to have access to the numerous benefits of location-based technology. This has been an enormously successful policy decision that has unleashed a wide range of innovations for consumers and businesses that use geo-location data in sectors as diverse as transportation, agriculture and public safety. Today location can be determined on mobile devices, with various degrees of precision, from a variety of data including GPS, cell towers, Wi-Fi signals, and IP addresses. Unfortunately Congressional legislation would prohibit companies from collecting or using location information from electronic devices without first obtaining consent from the user might stall many of these benefits.
This bill in question is the Location Privacy Protect Act of 2012 which passed the Senate Judiciary Committee in late December. This legislation would require any company that discloses geo-location information collected from an electronic device to another entity, including its affiliates, to identify these entities and obtain user consent. This is particularly … Read the rest
The Federal Trade Commission (FTC) released its staff report yesterday on facial recognition technologies where it warned of potentially “significant privacy concerns” and called on companies to respect the privacy interests of consumers by implementing FTC-recommended “best practices.”
First, as I have written before, policymakers should not create technology-specific rules for facial recognition. Facial recognition technology belongs to a larger class of biometric technology that should be treated the same. In addition, facial recognition has many benefits, from improving security to automating tasks to personalizing transactions.
That said, there is nothing wrong with the federal government working with industry and advocacy groups to develop voluntary best practices that protect privacy and spur innovation. But these best practices should be based on sound knowledge, such as a clear understanding of technology and an accurate representation of the world. What I’d like to address here is the myth, repeated in the FTC report, that facial recognition technology “may end the ability of individuals to remain anonymous in public places.” The FTC identifies this particular privacy risk as one of the major privacy concerns of the technology. However, contrary to the FTC’s … Read the rest
A survey funded by Nokia and conducted at the Berkeley Center for Law and Technology shows what has become increasingly apparent to those who follow this line of research: some of the most prominent academic researchers have ceased to retain even a veneer of objectivity in their research on privacy. The authors, Chris Hoofnagle, Jennifer Urban and Su Li, state that their survey shows that “Americans have a low level of knowledge about [Do Not Track], but prefer that it mean that websites do not collect tracking data.”
I won’t mince words here: this is shoddy research.
There are two main survey questions in their study related to Do Not Track (for more on this proposal and why it is a bad idea, see this or this). The first is a question about whether people have even heard of the Do Not Track proposal. The survey question reads, “Policymakers are considering creating a ‘do not track’ option for the internet. Have you heard of proposals for a ‘do not track’ system, or not?” Thirteen percent of respondents indicated that they had heard of the proposal; eighty-seven percent had not. … Read the rest
As this is a presidential election year, it’s not surprising that the the “silly season” of politics has been extended into the baseball playoffs. A group of political extremists organized by the Competitive Enterprise Institute (CEI) has filed a complaint with the FCC over the privacy disclosures for an old consumer broadband measurement program. This isn’t the program that the Commission conducts every year with Sam Knows that leads to an annual report comparing actual broadband speeds to advertised ones, but to a program that was developed by the National Broadband Plan some three years ago to provide the team with a snapshot of performance.
The letter has me wondering whether the advocates: (a) Have just come out of a three year coma; and (b) Have any idea at all about how the Internet works. There are also some distortions of law that will slap attorneys in the face. Please read the letter, but sit down first so you don’t hurt yourself rolling on the floor laughing at its circular logic.
Like many government programs that collect information that might be considered personal and sensitive, the FCC’s broadband measurement program … Read the rest
Many elected officials are in favor of more online privacy…except when it comes to how they use data to target voters and raise money. While neither presidential candidate has made online privacy issues a part of his campaign, the debate over privacy is certainly a hot topic in Washington. In addition, both the Obama and Romney campaigns have released mobile apps, and transparency of mobile apps have been the focus of the initial multistakeholder processes for privacy initiated by the NTIA. With that in mind, I decided to investigate the privacy practices of the two presidential campaign websites.
There are some clear differences between the privacy policies on the campaign websites. For example, the Obama for America website has much more detailed disclosure of its practices and uses of information. Perhaps this is not surprising since transparency is one of the key principles in the Obama Administration’s proposed Consumer Privacy Bill of Rights. The Obama for America campaign also appears to be using more services that collect and use data on its website.
In contrast, the Romney for President campaign website has fewer cookies and a shorter, less-detailed privacy … Read the rest
The Wall Street Journal (WSJ) reports that the Federal Trade Commission (FTC) is close to reaching a record settlement with Google for the charge that it tracked Apple Safari web browser users. Google had earlier signed a 20-year consent decree in which it agreed not to misrepresent its privacy practices to consumers. Tracking Apple Safari users appears to be in violation of that agreement because Google had posted a statement in its online help center stating that these Safari users would not be tracked. The WSJ reports that Google will pay a penalty of $22.5 million, a record fine for the FTC.
When this issue first came out I wrote a post in which I argued:
“As always, the FTC can and should investigate if it discovers legitimate concerns about the business practices of a particular company. But companies should not face punitive sanctions for actions that do not cause consumer harm and are taken in good faith. To do so would discourage the type of fast-paced innovation that has defined the remarkable progress of the Internet era.”
I stand by these comments today. It’s always good to see … Read the rest
The Gramm-Leach-Bliley privacy notices illustrate how misguided privacy regulations tend to be in the United States. Rather than provide any actual benefit to consumer privacy, they just serve to raise costs. And the costs of all of these privacy notices add up. According to a 2009 report from the FDIC, approximately … Read the rest
On May 26, the new EU-mandated “Cookie Law” will go into effect in the UK. This law requires that websites give users the ability to opt-out of all tracking. The UK and Ireland took this a step further and require users to opt-in. Website owners in the UK that fail to comply with the law will face fines up to £500,000.
Over time, I also … Read the rest
This week the FTC released its much anticipated report on consumer privacy, “Protecting Consumer Privacy in an Era of Rapid Change”. The report is an update to the preliminary staff report released in December 2010 which laid out the FTC’s proposed framework for privacy. In the new report, the FTC lays out a set of principles for consumer privacy and calls on Congress to implement privacy legislation using the framework laid out in this report. While the report does provide a comprehensive discussion of many of the major privacy challenges, too often the report sides with privacy advocates at the expense of competition and innovation.
One important change in the new report is that the FTC has proposed that its privacy framework apply to all commercial entities that collect or use consumer data, except those who collect data on fewer than 5,000 consumers. The FTC exempts small businesses from the privacy framework because of the potential burden that would be imposed on them. However, larger businesses would face similar burdens and these costs would ultimately be passed on to consumers.
Read the rest
Various news outlets recently published articles discussing an emerging trend in hiring practices where employers are asking potential employees for their social network or email account credentials so that they can review the potential hire’s private online profile. Not surprisingly, many people have objected to this practice, noting the intrusiveness of the request and the inherit coerciveness of asking for this information during a job interview. In response, Sen. Blumenthal (D-CT) announced yesterday that he was planning to introduce legislation to prohibit employers from asking potential employees for their social network login credentials.
Privacy activists often argue that government should concern itself with the mechanics of how the private sector manages data rather than prevent harmful uses of data, as the Blumenthal legislation attempts to do. However, this is like asking legislators to write laws that restrict how people move their arms and legs, rather than writing laws that prohibit assault and battery. The reality is that privacy regulations, no matter how well-intentioned, cannot guarantee privacy or prevent accidental disclosures or theft of personal data. As I have argued before, legislators should focus on restricting uses of data that harm individuals (e.g., credit discrimination), rather than restricting particular technologies or practices (e.g., behavioral targeting). Instead of fruitlessly trying to lock down data, legislators should focus on creating protections to minimize or eliminate harm to consumers if private data becomes public.
Read the rest