With implementation of secure handling of asserted information using tokens (Shaken) and secure telephone identity revisited (Stir) call authentication not where it should be, rules to require it could be coming, FCC Chairman Ajit Pai said Thursday at the Robocall Symposium of the New England States, per prepared remarks. He's "generally been pleased" with progress, but it's not enough. He said staff "is actively working on developing regulations to make this happen" and there could be a vote on the new rules if the deadline isn't met. Pai previously warned of a mandate in 2020 if Shaken/Stir deployment isn't voluntarily completed this year (see 1907110023).
Industry would benefit if the FTC had more rulemaking authority to provide clarity and could do more policymaking like the FCC, FTC Commissioner Rebecca Kelly Slaughter told FCC Commissioner Jessica Rosenworcel on a podcast released Thursday. With fewer limits on rulemaking, the FTC could provide clearer rules for industry, so businesses wouldn’t have to guess and fall “afoul of enforcement action,” Slaughter said. She sought more resources, noting the FTC had about 50 percent more employees at the start of the Reagan administration. “And that's not an accident, right?” Slaughter said. “We were systematically downsized in order to limit our effectiveness and limit our enforcement.” She said the agency could be doing more with its existing resources. She noted her dissent on the FTC’s $5 billion privacy settlement with Facebook, which she said wasn’t a strong enough deterrent to bad behavior. The agency hears a lot of concerns about manipulative ads, Slaughter said, which are enabled by personal data and personalized advertising. It can be useful for giving consumers what they want, but there's risk of propaganda messages reaching certain audiences, said Slaughter, a Democrat like Rosenworcel. “We've seen a lot of literature, recently, about white supremacist recruitment, targeting teenage boys.” The FTC member noted consumers have very little information about who collects data and how it’s collected, shared and used.
The Senate Judiciary Tech Task Force meets 4 p.m. Thursday to discuss ethical uses of consumer data, co-Chair Marsha Blackburn, R-Tenn., told us Wednesday. Panelists are Ancestry Chief Privacy Officer Eric Heath and Global Blockchain Business Council CEO Sandra Ro, an aide said.
U.S. government searches of international travelers’ phones and laptops without warrant or probable cause violate the Fourth Amendment, U.S. District Court in Boston ruled Tuesday. Alasaad v. McAleenan involved controversial airport searches by Customs and Border Protection and Immigration and Customs Enforcement. The American Civil Liberties Union, Electronic Frontier Foundation and ACLU of Massachusetts filed the lawsuit. “This is a great day for travelers who now can cross the international border without fear that the government will, in the absence of any suspicion, ransack the extraordinarily sensitive information we all carry in our electronic devices," said EFF Senior Staff Attorney Sophia Cope. The Department of Homeland Security didn't comment.
CTA is reviewing iFlytek, which CNET reported was on the list to attend CES 2020, the group said about Chinese surveillance companies flagged for human rights violations. “It’s something we’re continuing to look into,” CES Executive Vice President Karen Chupka told us Thursday. The association didn't comment on Hikvision’s Ezviz, which CNET also singled out. Chupka also reviewed other CES 2020 plans (see 1911080045).
Congress should pass legislation addressing deepfakes because crimes like revenge porn are destroying lives, Rep. Yvette Clarke, D-N.Y., said during an interview with The Communicators, to be online Friday and on C-SPAN this weekend. “It’s important the American people know these are deceptive uses of videos,” she said, voicing support for her Deep Fake Accountability Act (HR-3230). She argued Silicon Valley companies aren’t hiring a diverse workforce, which bakes discrimination into the system through algorithms and other tools. She credited the EU for setting up guardrails around data management, an area where she said the U.S. is lagging. She urged the administration to do more to protect U.S. networks from bad actors like Huawei. She said she wouldn’t own a Huawei phone. Most asked whether they'd own such a phone by the program answer no.
San Francisco Superior Court should order Facebook comply with an investigatory subpoena about alleged data privacy violations, California Attorney General Xavier Becerra (D) said Wednesday. Allegations involve the company’s Cambridge Analytica privacy breach. The subpoena was issued in June, and Facebook provided “inadequate responses” and failed to “provide, or even search for, responsive documents among the communications of the company’s senior executives,” Becerra said. Responding to a second subpoena, the platform “provided no answers to 19 out of 27 written interrogatories, provided a partial response to six, and produced no documents in response to six document requests,” the AG said. The company has “cooperated extensively" with California’s investigation, said Vice President-State and Local Policy Will Castleberry in a statement. “We have provided thousands of pages of written responses and hundreds of thousands of documents.”
DOJ should stop requesting government back doors and “discouraging” online encryption, Sen. Ron Wyden, D-Ore., and Rep. Anna Eshoo, D-Calif., wrote Attorney General William Barr Thursday, citing Barr’s request that Facebook forgo end-to-end encryption across its services (see 1910040035). “Your proposal will not meaningfully address the problem of [child sexual abuse imagery], because illegal content will simply move to the dark web and to foreign commercial providers that are beyond the reach of U.S. law enforcement, while exposing millions of law-abiding Americans to new cybersecurity threats from stalkers, hackers and other criminals,” they wrote Barr. DOJ didn’t comment.
Companies should put an individual or group in charge of creating and maintaining a privacy program, the FTC told the National Institute of Standards and Technology Thursday, at the deadline for comments on NIST’s effort to develop a “voluntary privacy framework” for companies (see 1909090061). In a 5-0 vote, the FTC recommended “a comprehensive risk assessment as a necessary first step before making decisions about which privacy controls should be implemented.” The agency also recommended NIST “consider including a more robust discussion” about ensuring consumers understand company data privacy practices, “including reviewing whether a company’s actual data practices align with consumer expectations and public-facing statements.” Microsoft urged NIST to include informative references to help “address interoperability requirements with other privacy regimes around the world.” The company’s previous response recommended the framework be interoperable with other global approaches, forward-looking and risk-based and outcome-focused. The Software & Information Industry Association suggested the framework be adaptable “to help companies execute and record compliance programs for diverse data privacy laws and regulations -- a vital feature due to the evolving privacy regulatory landscape in the United States and globally.”