Online privacy

A communication breakdown and a vacationing employee were the reasons it took more than a week to close a leak that contained data belonging to 6 million Verizon customers, according to Chris Vickery, the cybersecurity researcher who discovered the breach. Verizon said recently that an employee at one of its vendors, NICE Systems, had accidentally made the data available to anyone who had the public link to the cloud.

[Commentary] Americans’ information independence is under attack, whether it’s the repeal of network neutrality or the repeal of broadband privacy protections. The Federal Communications Commission needs to listen and serve the American people, not special interests. I am committed to protecting both your privacy and the internet as we know it. A free and open internet is essential to our democracy, economy and modern way of life.

The Verizon debacle joins a lengthy list of incidents where companies and government agencies have accidentally published people’s confidential information, a problem that experts say may be getting harder to fix as more companies their storage to the cloud. Chris Vickery, director of cyber-risk research at UpGuard, found the Verizon data trove sitting in a critical data repository managed by a third vendor based in Israel. The repository had been misconfigured—a human error—leaving it unprotected. Thanks to a chronic shortage of skilled tech workers, it’s hard to find employees with the necessary skills and training to consistently avoid such mistakes, Vickery says. Tech workers setting up cloud systems or in-house servers can misunderstand the settings on the software they’re setting up, or cut corners to make data more easily accessible within the organization.

[Commentary] If there's anything lawmakers should have learned from activists over the past few years it's this: Do not make the internet angry.

In March, congressional Republicans once again felt the wrath of the internet community when they reversed the Federal Communications Commission’s broadband privacy rules. The blowback from the vote was massive, prompting members of Congress to hide from angry constituents. Now President Donald Trump and FCC Chairman Ajit Pai are digging even deeper and looking to overturn the historic 2015 Net Neutrality win. If they think the internet is going to take that sitting down, they have another think coming. The internet community and allied companies come together to remind President Trump, Chairman Pai and Congress that millions of people in America have made their support for net neutrality known. They know that the repeal of net neutrality means the end of real privacy protections, means paying more for worse service — and enables companies like AT&T, Comcast and Verizon to decide how you use the internet.

[Sandra Fulton is the government relations manager for Free Press Action Fund]

[Commentary] Could a consumer revolt against cable television rates before the 1992 election replay with digital data in the upcoming election cycle?

Rep Marsha Blackburn (R-TN), chair of the of the House Commerce Committee’s Subcommittee on Communications and Technology, introduced a bill that requires internet service providers to get opt-in consent from consumers before sharing sensitive personal information, and allow opt-out of sharing other information. Her abrupt and unconventional turn on internet privacy came after widespread public reaction to the congressional repeal of the Federal Communications Commission’s privacy rules.

Those who believe that the bill is not likely to pick up any legislative momentum might argue that general anxiety about digital trails left across the internet does not pack the political punch of rising cable rates that consumers could feel when they balanced their checkbooks each month. Blackburn’s bill also may be seen as a response to some of the edge providers that were most vocal in their objections to the repeal of the privacy rules.

The Republican-led Federal Communications Commission is preparing to overturn the two-year-old decision that invoked the FCC's Title II authority in order to impose net neutrality rules. It's possible the FCC could replace today's net neutrality rules with a weaker version, or it could decide to scrap net neutrality rules altogether. Either way, what's almost certain is that the FCC will eliminate the Title II classification of Internet service providers. And that would have important effects on consumer protection that go beyond the core net neutrality rules that outlaw blocking, throttling, and paid prioritization.

Without Title II's common carrier regulation, the FCC would have less authority to oversee the practices of Internet providers like Comcast, Charter, AT&T, and Verizon. Customers and websites harmed by ISPs would also have fewer recourses, both in front of the FCC and in courts of law. Title II provisions related to broadband network construction, universal service, competition, network interconnection, and Internet access for disabled people would no longer apply. Rules requiring disclosure of hidden fees and data caps could be overturned, and the FCC would relinquish its role in evaluating whether ISPs can charge competitors for data cap exemptions.

Rep Keith Ellison (D-MN), along with Reps Carol Shea-Porter (D-NH), Maxine Waters (D-CA), Eleanor Holmes Norton (D-DC), Jan Schakowsky (D-IL), Pramila Jayapal (D-WA), and Earl Blumenauer (D-OR), introduced the Online Privacy Act (HR 3175). This bill would re-instate the Federal Communications Commission’s original online privacy rule, which would prohibit Internet Service Providers (ISPs) from selling user browsing data.

“The Internet should be open and free for everyone – and every person who uses it should be able to do so without worrying what their service provider might be doing with their data,” Rep Ellison said. “Our government should work for us – the people – not massive telecom corporations. This bill would make sure that every American can get online without having their personal information sold to the highest bidder. And it will provide justice for those who already have had their information taken from them.”

The House of Representatives adopted the Email Privacy Act in February to modernize the protections afforded electronic communications that would require obtaining a search warrant in almost every case. That proposal met resistance in the Senate in 2016 when Attorney General Jeff Sessions, then a senator from Alabama, sought to add a provision allowing law enforcement to skip the warrant requirement in emergency situations. Whether the legislation can get through the current Senate is an open question, and it is not clear whether President Donald Trump would sign off if the Justice Department opposes the bill. That may mean the Supreme Court will have to establish the broad parameters of digital privacy while Congress tries to deal with the intricacies of a world of electronic communication that continues to evolve rapidly.

Devices connected to the internet, from cellphones to watches to personal training trackers that facilitate our personal habits and communications, are a fact of daily life, and the Supreme Court will have to start drawing clear lines around what types of electronic information are — and are not — protected by the Fourth Amendment. Simply asserting that there is a right to privacy does not provide much help in determining how far that protection should extend in a digital world.

Through years of rulemakings and enforcement actions, the Federal Communications Commission has developed the expertise necessary to protect consumer privacy on communications networks. Consumers are concerned about their ability to protect their personal privacy for themselves and their families. According to survey results released by the National Telecommunications Information Administration, a significant number of consumers avoid online activities because of privacy concerns. To foster security, opportunity, and development of the internet, the FCC must continue to have a strong role in protecting broadband privacy. As members of Congress continue to develop online privacy legislation, they should understand the important role the FCC plays in protecting consumer privacy on communications networks.

While many technology companies continue to step up their privacy game by adopting best practices to protect sensitive customer information when the government demands user data, telecommunications companies are failing to prioritize user privacy when the government comes knocking, an Electronic Frontier Foundation annual survey shows. Even tech giants such as Apple, Facebook, and Google can do more to fully stand behind their users.

EFF’s seventh annual “Who Has Your Back” report digs into the ways many technology companies are getting the message about user privacy in this era of unprecedented digital surveillance. The data stored on our mobile phones, laptops, and especially our online services can, when aggregated, paint a detailed picture of our lives—where we go, who we see, what we say, our political affiliations, our religion, and more. AT&T, Comcast, T-Mobile, and Verizon scored the lowest, each earning just one star. While they have adopted a number of industry best practices, like publishing transparency reports and requiring a warrant for content, they still need to commit to informing users before disclosing their data to the government and creating a public policy of requesting judicial review of all NSLs.