Online privacy

A rift is growing between the tech industry and civil society, and "it will probably only continue to get more pronounced," says Craig Aaron of Free Press. "Companies like Google and Facebook have amassed so much power over what we watch see and read every day. If you're a true public interest group that worries about media power like we do, you have to have an eye on these guys." One major flash point: privacy. Then there are antitrust issues, many of which got their start in governmental oversight.

After years of largely avoiding regulation, businesses like Facebook, Google and Amazon are a focus of lawmakers, some of whom are criticizing the expanding power of big tech companies and their role in the 2016 election.

The attacks cover a smattering of issues as diverse as antitrust, privacy and public disclosure. They also come from both sides, from people like Stephen Bannon, President Trump’s former chief strategist, as well as Sen Elizabeth Warren (D-MA). Many of the issues, like revising antitrust laws, have a slim chance of producing new laws soon. But they have become popular talking points nonetheless, amplified by a series of missteps and disclosures by the companies. The companies, recognizing the new environment in Washington, have started to fortify their lobbying forces and recalibrate their positions.

This spring, the government announced a change to the way the National Security Agency collects information targeting foreigners, using the telecom backbone in what it calls "upstream" collection. Whereas for 10 years, the agency had sucked up communications mentioning a target's selector—say, collecting all e-mails sent to someone in this country that include Osama bin Laden's phone number in the body of the e-mail—in April it stopped doing so domestically (though it will still do tons of it in collection overseas). Not long after the announcement, the government released documents explaining why it had dropped this kind of collection, which it calls "about" collection. Those documents amounted to a confession that the NSA failed to follow rules the Foreign Intelligence Surveillance Court put in place in 2011 to ensure upstream collection complied with the Fourth Amendment.

There was a stink, at the time, accusing the Obama Administration of using Section 702 of FISA—which only permits the government to target foreigners—of using it to spy on Americans for five years. Those accusations were, technically, true (the NSA attributed such spying to technical failures, not legal ones). But the truth is far more troubling. In fact, from 2004 to 2016, the NSA was always engaging in collection the FISC would go on to deem unauthorized. For 12 years, under both the Bush and Obama Administrations, the NSA was collecting information that, if retained, would break the law. But under the current presiding judge, overseeing the plans of the Trump Administration, NSA will be allowed to keep such data, a change from her three predecessors.

A group of digital advertising and marketing organizations has come together to condemn Apple for what the coalition says is a “unilateral and heavy-handed approach” to user privacy on Mac. The group fears that Apple, which has started taking more extreme measures to reduce ad tracking on both the mobile and now desktop versions of Safari, is unfairly exercising its muscle in a way that could snuff out an entire segment of the ad industry.

The open letter, published by six leading advertising trade groups, is in response to a new macOS feature Apple calls Intelligent Tracking Prevention, or ITP. Introduced back at WWDC in June, ITP uses machine learning algorithms to identify tracking behavior on the company’s Safari browser, like the presence of persistent cookies from third-party ad networks, and imposes a strict 24-hour time limit on those tracking tools’ lifespans. Apple unveiled the new feature by saying, “It’s not about blocking ads, but your privacy is protected.”

Imagine you've been detained at customs, waiting to cross the border. Or maybe you've been pulled over for a traffic violation. An officer waves your cellphone at you. “Look at this. Is this yours?” he asks. Before you can respond, a tiny infrared sensor in the phone has scanned your face. Matching those readings against the copy of your face that is stored in its archive, the phone concludes that its owner is trying to unlock it. The device lowers its defenses, surrendering its contents in moments to the law enforcement officer holding your phone. “You have to work pretty hard to get me to put my fingerprint on a reader,” said Chris Calabrese, vice president for policy at the Center for Democracy and Technology. “You have to work less hard to put a phone in front of somebody's face.”

Apple on Tuesday (Sept. 12) unveiled its new FaceID facial recognition technology for the iPhone X—the successor to the iPhone TouchID fingerprint scanner. The company says FaceID is 20 times more secure than TouchID, and can be used for unlocking apps and using ApplePay. Still, this kind of technology (which you can read more about here) raises a lot of questions. Here’s what we’re wondering:
Where will the data be stored?
What are the legal implications of opening your phone with your face?
What else will Apple use the data for, even if it’s just on our phones?
Who else will have access to those sensors?
Does facial recognition this effective really make sense in real-life scenarios?

How can we reduce the consequences for consumers and companies when the next breach happens? We can pass national data breach legislation. A national standard would not have prevented the Equifax breach, but it would clarify for consumers and companies the types of information subject to protection and the penalties for failing to do so.

While respecting the valuable role of the states, we clearly need a basic federal standard to ensure that all Americans can expect adequate data protection allowing companies to better deploy security and training so that the next breach is less damaging for consumers. Sen Mark Warner (D-VA) has not only renewed the call for national data breach legislation, but also asked the important question “is it time to rethink data protection policies dealing with these large, centralized sets of highly sensitive data on millions of Americans?” The answer to Senator Warner’s question is yes.

The massive data breach at credit reporting firm Equifax has put the company in the cross-hairs of congressional committees and one of the nation’s most aggressive attorneys general, while fueling a new push for stronger protections on Americans’ personal information. Even the Trump administration, which has advocated slashing government rules, has indicated new regulations might be needed. The revelation that a hack of Equifax’s computer system exposed the Social Security numbers and birth dates of as many as 143 million people also could scuttle Republican efforts to limit the liability faced by credit reporting companies and other financial firms in disputes with consumers. The scale of the latest in a series of high-profile data breaches has refocused attention on the role of the three major credit reporting companies — Equifax, Experian and TransUnion — as repositories of a trove of sensitive data. “This debacle should be a wake-up call to both consumers and policymakers about the industry's broad reach,” said Rohit Chopra, a senior fellow at the Consumer Federation of America.

Executives from a Los Angeles-based tech company said they are weighing whether to fight a judge's order to provide prosecutors with e-mail addresses and other information from people who visited an anti-Trump website in the months leading to Inauguration Day. The company, DreamHost, filed a motion with District of Columbia Superior Court Judge Robert E. Morin recently requesting that he put his order on hold while they consider whether to appeal. But prosecutors, concerned that such a delay could hinder their cases against dozens charged in Inauguration Day riots, have asked the judge to force DreamHost to turn over the data immediately.

In a year where DreamHost was looking forward to celebrating its 20th anniversary, the company instead has been propelled into a high-profile privacy rights case as a result of managing the server for a website that authorities say facilitated Inauguration Day rioting. DreamHost co-founder and co-Chief Executive Dallas Kashuba said in an interview that the potential implications go beyond this case. He said there is concern among tech companies that Internet users could become fearful of visiting websites if they know government authorities can monitor such information.

Google has appealed a record $2.9 billion fine from the European Union over its comparative shopping service, the EU Court of Justice announced. The EU’s enforcement wing, the European Commission, issued the massive penalty in June, accusing Google of boosting its own comparative shopping tool in its search results at the expense of other services. “What Google has done is illegal under EU antitrust rules,” said EU Commissioner Margrethe Vestager at the time. “It denied other companies the chance to compete on the merits and to innovate. And most importantly, it denied European consumers a genuine choice of services and the full benefits of innovation."