Online privacy

[Commentary] It is this committee’s mission to protect consumers, and in the coming months, we will be taking a more expansive look at the online experience to ensure safety, security, and an unfiltered flow of information. Recently, the Equifax data breach compromised the personal information of 145 million Americans, including social security numbers, addresses, credit card numbers, and more. This committee held a hearing on the breach and will continue to deeply scrutinize the staggering amount of personal information changing hands online and the business practices surrounding those transactions.

My colleagues and I will hold a separate hearing to assess identity verification practices, and determine whether they can be improved to protect personal data on the web even after a consumer’s information has been breached. These hearings are just the start of a long-term, thoughtful, and research-focused approach to better illuminate how Americans’ data is being used online, how to ensure that data is safe, and how information is being filtered to consumers over the web. While technology is responsible for a lot of positive change in our world, malignant behavior online can have consequences that are not fully disclosed to the American people.

At this moment, AI is at the center of every business conversation. Companies, governments, and researchers are obsessed with data. Not surprisingly, so are adversarial actors.

We are currently seeing an evolution in how data is being manipulated. If we believe that data can and should be used to inform people and fuel technology, we need to start building the infrastructure necessary to limit the corruption and abuse of that data — and grapple with how biased and problematic data might work its way into technology and, through that, into the foundations of our society.

[Commentary] One of the biggest cases for the US Supreme Court’s current term could mark a watershed moment for the Fourth Amendment. In Carpenter v. United States, the court will consider whether police need probable cause to get a search warrant to access cell site location information (CSLI), data that's automatically generated whenever a mobile phone connects to a cell tower. Not only does this case offer a chance to protect privacy rights for cell phones, Carpenter also provides an opportunity to reevaluate an antiquated legal theory, called the third-party doctrine, that underpins many government surveillance programs.

If the Supreme Court rules that CSLI falls outside the Fourth Amendment, warrantless searches will inevitably lead to wrongful seizures.

[Nick Sibilla is a legislative analyst at the Institute for Justice, a libertarian-leaning public interest law firm.]

Social media has become an integral part of everyday life for individuals around the world. In light of the growing role of online communication, the Department of Homeland Security (DHS) implemented a notable change to its collection and record-keeping of social media information and search results of non-US persons (naturalized citizens, green card holders, immigrant visa holders, asylees, special immigrant juveniles, and student visa holders) in the United States. Per a notice issued in September, the information will be stored in DHS’ visa and immigration history records for each individual, also known as “Alien Files” or “A-Files.” Given the serious threats to freedom of association and privacy posed by this practice, OTI has signed onto a coalition letter expressing concern regarding DHS practices around social media collection and retention.

A coalition of right-leaning groups is pressing Congress to act on legislation that would create a new legal framework that allows law enforcement to access US electronic communications held on servers abroad. The bipartisan bill, called the International Communications Privacy Act (ICPA), has been introduced by Reps Doug Collins (R-GA) and Hakeem Jeffries (D-NY) in the House and Sens Orrin Hatch (R-UT), Chris Coons (D-DE), and Dean Heller (R-NV) in the Senate.

The bill seeks to clarify the process by which law enforcement obtains electronic data on US citizens for investigations, regardless of the location of the communications. It would require law enforcement agencies to obtain a warrant for all content. It would also allow law enforcement to, in certain circumstances, obtain electronic communications on foreign nationals. On Oct 25, right-leaning organizations including Americans for Tax Reform and the R Street Institute wrote to leaders of the House and Senate Judiciary Committees pressing them to swiftly consider the bill.

When a California state legislator proposed new broadband privacy rules that would mirror the federal rules previously killed by Congress, broadband industry lobbyists got to work. The lobbyists were successful in convincing the state legislature to let the bill die without passage in Sept, leaving Internet users without stronger rules protecting the privacy of their Web browsing histories.

The week of Oct 23, the Electronic Frontier Foundation (EFF) released documents that lobbyists distributed to lawmakers before the vote. The EFF described one as "an anonymous and fact-free document the industry put directly into the hands of state senators to stall the bill" and the other as "a second document that attempted to play off fears emerging from the recent Charlottesville attack by white supremacists." The California bill, introduced by Assembly-member Ed Chau (D-Monterey Park), was modeled on now-defunct Federal Communications Commission rules and would have required Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing and application usage histories.

For around $1,000, anyone can buy online ads that could allow them to track which apps you use, where you spend money, and your location, new research suggests. Privacy concerns have long swirled around how much information online advertising networks collect about people’s browsing, buying, and social media habits—typically to sell you something. But could someone use mobile advertising to learn where you go for coffee? Could a burglar establish a sham company and send ads to your phone to learn when you leave the house? Could a suspicious employer see if you’re using shopping apps on work time? The answer is yes, at least in theory.

The Federal Trade Commission is providing additional guidance on how the Children’s Online Privacy Protection Rule applies to the collection of audio voice recordings by organizations covered by the law, which requires certain operators of commercial websites or online services to obtain parental consent before collecting personal information from children under 13. The FTC updated the COPPA Rule in 2013, adding several new types of data to the definition of personal information, including a photograph, video or audio file that contains a child’s image or voice, to data already covered, such as a name, address or Social Security number. This update has prompted some questions about the application of this requirement when a child’s voice is collected for the sole purpose of instructing a command or request.

In a new policy enforcement statement, the FTC noted that the COPPA rule requires websites and online services directed at children to obtain verifiable parental consent before collecting an audio recording. The Commission, however, recognizes the value of using voice as a replacement for written words in performing search and other functions on Internet-connected devices. The FTC will not take an enforcement action against an operator for not obtaining parental consent before collecting the audio file with a child’s voice when it is collected solely as a replacement of written words, such as to perform a search or to fulfill a verbal instruction or request – as long as it is held for a brief time and only for that purpose.

[Commentary] Congress is considering sensible reforms to ensure that Fourth Amendment warrant requirements apply to incidental and “about” collection. We believe that Section 702 authorities are important to our national security. But the unanimous opinion of the Review Group stands since 2013: Judges should approve Fourth Amendment search warrants before searching the communications of Americans.

[Peter Swire is the Elizabeth and Tommy Holder Chair of Law and Ethics at the Georgia Tech Scheller College of Business, and served as one of five members of President Obama's Review Group on Intelligence and Communication Technology. Dick Clarke is CEO of Good Harbor]

If, like an ever-growing majority of people in the U.S., you own a smartphone, you might have the sense that apps in the age of the pocket-sized computer are designed to keep your attention as long as possible. You might not have the sense that they’re manipulating you one tap, swipe, or notification at a time. But Tristan Harris thinks that’s just what’s happening to the billions of us who use social networks like Facebook, Instagram, Snapchat, and Twitter, and he’s on a mission to steer us toward potential solutions—or at least to get us to acknowledge that this manipulation is, in fact, going on.

Harris, formerly a product manager turned design ethicist at Google, runs a nonprofit called Time Well Spent, which focuses on the addictive nature of technology and how apps could be better designed; it pursues public advocacy and supports design standards that take into account what’s good for people’s lives, rather than just seeking to maximize screen time. He says he’s moving away from Time Well Spent these days (his new effort is as yet unnamed), trying to hold the tech industry accountable for the way it persuades us to spend as much time as possible online, with tactics ranging from Snapchat’s snapstreaks to auto-playing videos on sites like YouTube and Facebook.