Online privacy

Even if you didn’t commit a crime, and so no warrant has been issued (per your Fourth Amendment rights), the government can still take away your online anonymity, says a court. Even if all you did was use your First Amendment-protected right to speak about a private company online, the government can unmask you. This is what occurred in a ruling against Glassdoor, an online job-review website.

Judge Diane J. Humetewa of the US District Court for the District of Arizona ruled that the US Department of Justice can compel a private company—say, Facebook, Yelp, Twitter…—to give up your private information just because you expressed an opinion online. Glassdoor, which is a California-based company, has appealed the ruling to the Ninth Circuit Court of Appeals. If it stands, this case could crack the foundation of online freedom. How could a labor union organize if its members’ views, through no fault of their own, might be made public by the government? How could any whistleblower act with this threat being a real possibility?

In what they concede on the surface is a surprising alliance, major Internet service providers have aligned with the Federal Trade Commission and the Federal Communications Commission against AT&T Mobility over the issue of the FTC's ability to enforce edge provider privacy. That came in an amicus brief to the US Court of Appeals for the Ninth Circuit.

"At first glance, amici’s position might seem surprising—four leading corporations are arguing in favor of restoring the FTC’s authority to regulate their non-common carriage activities," they said. "On closer inspection, however, this position aligns with the companies’ desire to reinstate a predictable, uniform, and technology-neutral regulatory framework that will best serve consumers and businesses alike." Signing on to that brief were Charter, Comcast, Cox, and Verizon.

Federal Communications Commission Chairman Ajit Pai has circulated an item for a vote that provides guidance on the broadband privacy rules that were in effect before its 2016 privacy order, apparently. That is opposed to a brand new framework for rules.

That broadband privacy order, adopted last fall by a Democratic majority under former chairman Tom Wheeler and against the dissents of the current Republican majority, was invalidated earlier in 2017 by a Congressional Review Act (CRA) resolution, essentially with the blessing of Chairman Pai and acting Federal Trade Commission chair Maureen Ohlhausen. The CRA did not roll back FCC authority over internet-service provider broadband privacy, which it has had since the 2015 Open Internet order classified web access as a common-carrier service exempt from FTC oversight. But just what authority the FCC had has been a bit unclear since the agency’s common-carrier privacy regulations are tailored to phone service, stemming from an effort to prevent telcos from using information about who was changing to another carrier to try and incentivize them not to switch. Following that Open Internet order, the FCC had teamed with the FTC on a memorandum of understanding outlining how — in a generally worded document — they could, together, protect broadband privacy going forward.

[Commentary] There are steps Congress can and should take to improve consumer privacy. Here are three big ones.

First, Congress should repeal the common-carrier exemption.
Second, Congress should pre-empt the current patchwork of state privacy laws by setting a single standard to govern consumer privacy throughout the country.
Third, Congress should direct the FTC to update its current privacy regime and reconsider which types of data are sensitive.

[Tom Struble is a technology policy manager with the R Street Institute. Joe Kane is a tech policy associate at the R Street Institute.]

Apparently, an item Federal Communications Commission Chairman Ajit Pai has circulated for a vote on "Protecting the Privacy of Customers of Broadband and Other Telecommunications Services" essentially clarifies that the telecommunication customer proprietary network information (CPNI) privacy rules that were in effect before the Tom Wheeler FCC adopted a new broadband privacy regime are still in effect after that regime was nullified by Congress. It is a way to remind carriers that they are still responsible for submitting an annual certification of compliance with those CPNI privacy rules.

The item was described as administrative in nature and focused on voice privacy, rather than providing any new guidance on broadband privacy, apparently. In addition, the item dismisses petitions to reconsider the Wheeler-era rules, since they were mooted by the Congressional Review Act resolution. Chairman Pai has proposed reclassifying ISPs as information service providers, rather than telecoms, after which the Federal Trade Commission would reclaim its authority over broadband privacy, which it lost when ISPs were classified as common carriers in the 2015 Order. The FTC is prevented from enforcing regulations on common carriers.

Top AT&T DC executive Robert Quinn said his company is "very, very" supportive of a bill (The BROWSER Act) from House Communications Subcommittee Chairman Marsha Blackburn (R-TN) that would "harmonize" the enforcement of online privacy by Internet service providers and edge providers like Google and Facebook.

He said AT&T backed the bill for three main reasons. First, he said, it said everyone has to live under the same rules. Second, was putting all the regulation at the Federal Trade Commission, so it would be the same rules and the same regulator, rather than dividing it up between the FCC and FTC. Third, he said, the bill preempts state privacy laws, which means there aren't 50 different state regimes around privacy. "There is a rule that everyone has to live with" rather than a "patchwork" of rules.

The Department of Homeland Security is turning to data scientists to improve screening techniques at airports. On June 22, the department, working with Google, will introduce a $1.5 million contest to build computer algorithms that can automatically identify concealed items in images captured by checkpoint body scanners. The government is putting up the money, and the six-month contest will be run by Kaggle, a site that hosts more than a million data scientists that was recently acquired by Google. Although data scientists can apply any technique in building these algorithms, the contest is a way of capitalizing on the progress in a technology called deep neural networks, said the Kaggle founder and chief executive, Anthony Goldbloom. Neural networks are complex mathematical systems that can learn specific tasks by analyzing vast amounts of data.

House Communications Subcommittee Chairman Marsha Blackburn (R-TN) chastised Democratic Reps for not rallying around her internet privacy bill, after they criticized the GOP’s efforts to kill privacy restrictions earlier in 2017. At a House Commerce technology subcommittee hearing on broadband coverage, Democratic Reps criticized the committee’s leadership for not holding hearings on net neutrality, internet privacy or oversight for the FCC. "I will say to my colleagues that I would be happy to discuss my Browser Act on the privacy issue, and we have reached out to all of the Democratic offices in the House on this issue,” Chairman Blackburn responded, adding that she was “disappointed” by the lack of response to her outreach.

No matter what Americans do to protect their digital privacy, especially on our handheld devices, it’s impossible to keep up with new threats. Now, there’s a new risk to our privacy and security: Our cell phone numbers are being used increasingly by information brokers as the window to personal information that’s kept by nearly all corporations, financial institutions, and, yes, social media networks.

Among those sounding the alarm bell is private investigator and former FBI agent Thomas Martin, who recently wrote an article titled, “Your cell phone number is your new Social Security number.” Martin’s message was clear: We are way too lackadaisical about keeping our numbers private. “If someone you had just met asked you for your social security number, you would likely not give it to them. What if the same person asked you for your cell phone number? My guess is that you would readily tell them the ten-digit number,” he writes. Well, too many of us are likely to divulge our ten-digit number in a flash, as millions of us do in stores and online on a daily basis. Your cell phone number, unique to you, is the gateway to your identity. It provides an entrance to all the data contained on your phone, and can connect your other information to you – your email address, physical address—everything.

A Republican analytics firm's database of nearly every registered American voter was left vulnerable to theft on a public server for 12 days in June, according to a cybersecurity researcher who found and downloaded the trove of data. The lapse in security was striking for putting at risk the identities, voting histories and views of voters across the political spectrum, with data drawn from a wide range of sources including social media, public government records and proprietary polling by political groups.

Chris Vickery, a risk analyst at cybersecurity firm UpGuard, said he found a spreadsheet of nearly 200 million Americans on a server run by Amazon's cloud hosting business that was left without a password or any other protection. Anyone with Internet access who found the server could also have downloaded the entire file. The server contained data from Deep Root Analytics, which created a database of information from a variety of sources including the Republican National Committee, one of the company's clients. Deep Root Analytics used Amazon Web Services for server storage, and Vickery said he came up on the server's address as he scanned the Internet for unsecured databases.