Online privacy

Soon after President Donald Trump took office with a pledge to cut regulations, Republicans in Congress killed an Obama-era rule restricting how broadband companies may use customer data such as web browsing histories. But the rule may be finding new life in the states. Lawmakers in almost two dozen state capitols are considering ways to bolster consumer privacy protections rolled back with President Trump's signature in April. The proposals being debated from New York to California would limit how AT&T, Verizon, and Comcast use subscribers' data.

The privacy rule is just one example of states resisting policy changes wrought under the Trump administration. 35 states are pressing for the right to enforce laws guaranteeing internet service speeds live up to advertisements. "If the federal government lags, the states have to lead. And that's what we're doing," said Tim Kennedy, a Democratic New York state senator. Kennedy introduced a bill to prohibit internet service providers from selling customer web searches, social media histories and other personal information to third parties -- the crux of the nixed federal regulation.

An interview with Vint Cerf, the co-creator of tech that makes the internet work.

Cerf said, "My biggest concern is to equip the online netizen with tools to protect himself or herself, to detect attempts to attack or otherwise harm someone. The term 'digital literacy' is often referred to as if you can use a spreadsheet or a text editor. But I think digital literacy is closer to looking both ways before you cross the street. It’s a warning to think about what you’re seeing, what you’re hearing, what you’re doing, and thinking critically about what to accept and reject...Because in the absence of this kind of critical thinking, it’s easy to see how the phenomena that we’re just now labeling fake news, alternative facts [can come about]. These [problems] are showing up, and they’re reinforced in social media."

Officials in nearly every state say they cannot or will not turn over all of the voter data President Trump’s voting commission is seeking, dealing what could be a serious blow to Trump’s attempts to bolster his claims that widespread fraud cost him the popular vote in November.

The commission’s request for a massive amount of state-level data last week included asking for all publicly available information about voter rolls in the states, such as names of all registrants, addresses, dates of birth, partial Social Security numbers and other data. It immediately encountered criticism and opposition, with some saying it could lead to an invasion of privacy and others worrying about voter suppression. The states that won’t provide all of their voter data grew to a group of at least 44 by Wednesday, including some, such as California and Virginia, that said they would provide nothing to the commission. Others said they are hindered by state laws governing what voter information can be made public but will provide what they can.

The operators of a lead generation business have agreed to settle charges brought by the Federal Trade Commission that the company misled consumers into filling out loan applications and sold those applications – including consumers’ sensitive data – to virtually anyone willing to pay for the leads.

In its complaint, the FTC alleges that Blue Global Media, LLC and its CEO Christopher Kay operated dozens of websites that enticed consumers to complete loan applications that the defendants then sold as “leads” to a variety of entities without regard for how the information would be used or whether it would remain secure. The websites, which operated under such names as 100dayloans.com, 1hour-advance.com, cashmojo.com and clickloans.net, offered services to consumers seeking a variety of loans, including payday and auto loans. The company claimed it would search a network of 100 or more lenders, and connect each loan applicant to the lender that would offer them the best terms.

The FTC charged that, in reality, the defendants:

• sold very few of the loan applications to lenders;
• did not match applications based on loan rates or terms; and
• sold the loan applications to the first buyer willing to pay for them.

Access Now and the Electronic Frontier Foundation are among those signing onto an amicus brief supporting Facebook in its efforts to protect the anonymity of its users and alert them if they are under investigation. According to Access Now, the government, which is investigating Trump inauguration protests that turned violent, has requested that Facebook unmask the identities of three users under a gag order, which means the company can't tell the people in question about the warrants. "First, the non-disclosure order is both a prior restraint and a content-based restriction on speech and is therefore subject to the most demanding First Amendment scrutiny," the groups write. "Second, the underlying warrants are apparently calculated to invade the right of Facebook's users to speak and associate anonymously on a matter of public interest."

On the surface, the investigation was routine. Federal agents persuaded a judge to issue a warrant for a Microsoft e-mail account they suspected was used for drug trafficking. But US-based Microsoft kept the e-mails on a server in Ireland. Microsoft said that meant the e-mails were beyond the warrant’s reach. A federal appeals court agreed. Late in June, the Trump administration asked the Supreme Court to intervene. The case is among several legal clashes that Redmond (WA)-based Microsoft and other technology companies have had with the government over questions of digital privacy and authorities’ need for information to combat crime and extremism.

Privacy law experts say the companies have been more willing to push back against the government since the leak of classified information detailing America’s surveillance programs. Another issue highlighted in the appeal is the difficulty that judges face in trying to square decades-old laws with new technological developments. In the latest case, a suspected drug trafficker used Microsoft’s email service. In 2013, federal investigators obtained a warrant under a 1986 law for the e-mails themselves as well as identifying information about the user of the e-mail account. Microsoft turned over the information, but went to court to defend its decision not to hand over the e-mails from Ireland.

A US judge has dismissed nationwide litigation accusing Facebook of tracking users' internet activity even after they logged out of the social media website. In a decision late on June 30, US District Judge Edward Davila in San Jose (CA) said the plaintiffs failed to show they had a reasonable expectation of privacy, or that they suffered any "realistic" economic harm or loss.

The plaintiffs claimed that Facebook violated federal and California privacy and wiretapping laws by storing cookies on their browsers that tracked when they visited outside websites containing Facebook "like" buttons. But the judge said the plaintiffs could have taken steps to keep their browsing histories private, and failed to show that Facebook illegally "intercepted" or eavesdropped on their communications. "The fact that a user's web browser automatically sends the same information to both parties," meaning Facebook and an outside website, "does not establish that one party intercepted the user's communication with the other," Davila wrote.

The Federal Communications Commission has adopted the order clarifying that the rules on phone privacy are back in effect and dismissing as moot challenges to the telecom broadband privacy rules Congress nullified through a Congressional Review Act resolution. The vote was unanimous but with commissioner Mignon Clyburn dissenting in part and with a lot to say about what she viewed as the remaining lack of clarity about broadband privacy protections.

FCC Chairman Ajit Pai circulated the item earlier this month, which also reminds telecoms of their annual privacy compliance certification obligations. The FCC went straight to an order rather than putting the item out for notice and comment, explaining that "because we are simply recognizing the effect of the resolution of disapproval, we find that notice and public procedure are unnecessary to reflect this action in the Code of Federal Regulations."

[Commentary] The online privacy debate belongs in the halls of Congress, with Republicans and Democrats forging a consensus on how best to protect and empower consumers. I know members on both sides genuinely share concerns about protecting Americans' privacy. The BROWSER Act's opt-in regime will give consumers greater control over how their sensitive personal information is shared and establish regulatory consistency by treating Internet service providers and "edge" providers the same. Having two cops on the beat enforcing different sets of rules isn't fair to anybody and will lead to less certainty when it comes to protecting the privacy of Americans.

Broadband privacy sparked the latest Federal Communications Commission dustup. At issue was an FCC order making it clear the 2016 broadband privacy regulations are gone from the agency rule book, as required by a congressional resolution of disapproval back in March. FCC Commissioner Mignon Clyburn used her partial dissent as an opportunity to argue the Republican majority is willing to leave broadband customers without privacy protections. FCC Chairman Pai took issue with that, saying he brought the “ministerial” item to a vote at her request, but she offered no suggested changes. “I am therefore perplexed by her decision to dissent in part,” Chairman Pai said. “When a commissioner does not share her concerns about an item until after she casts her vote, it makes it difficult to work together to find common ground.”