The House Judiciary Committee should let USA Patriot Act Section 215 expire unless Congress makes significant changes, 30 advocacy groups wrote Monday. “NSA shuttered the [call detail records] program in late 2018, and has yet to offer evidence that it provides significant intelligence value." Color of Change, Demand Progress and Free Press Action signed.
Facebook will no longer suggest to users which friends to tag in photos via face-scanning technology, the social network announced Tuesday. So-called “tag suggestions” has been at the center of a lawsuit involving alleged facial recognition technology abuses (see 1908080056). The platform’s “face recognition” technology will now be available to all users with the ability to opt out, Facebook said. That feature allows users to be notified when their photos are used by other people.
Junk faxes "are a nuisance that can cost recipients potentially significant time and money" and "should be prevented," said Mastercard, backing AmeriFactors's July petition to find faxes from online fax services aren't the same as those received on phone fax machines. The Telephone Consumer Protection Act "is only meant to prevent the sending of junk faxes to traditional fax machines, as evidenced by the plain language of the statute," Mastercard reported its lawyers telling Chief Patrick Webre and others in the Consumer and Governmental Affairs Bureau. Most who receive faxed documents get them via online fax services, viewing them "via email, mobile applications, or via an online portal," the company said, posted Friday. Harms TCPA was "designed to address -- the shifting of advertising costs to consumers in the form of the costs of paper and ink/toner and the tying up of telephone lines ... have been eliminated," it said in docket 05-338: Granting the petition will "curb rampant litigation abuse." AmeriFactors also supports other such liability limitation requests (see 1904090049).
AT&T, not the Commerce Department, will operate FirstNet, and will collect, maintain and transmit personal identifying information over it, so Commerce has no legal obligation to prepare a privacy impact assessment (PIA) and couldn't meaningfully do one. So said AT&T in a 2nd U.S. Circuit Court of Appeals amicus brief Thursday (docket 18-2819, in Pacer) backing Commerce. The appeal involves a lower court's dismissal of a Freedom of Information Act suit accusing the agency of improperly denying documents about the FirstNet contract awarded to the carrier (see 1809260014). AT&T said it has no legal obligation to prepare a PIA because it's not an agency nor a party in the case. It said 2002 E-Government Act Section 208, requiring PIAs for new data collection, applies only to agencies and no court has read it as applying to a private entity's collection and dissemination of personal information. The 2nd Circuit Thursday also granted an appellant-plaintiff motion to file a late opposition to AT&T's motion to file the amicus brief. Oral argument is this week.
The FTC added Charter Communications to its list of companies from which it's getting data on broadband customer data collection and sharing (see 1903260072). The agency said Thursday the move came as it was honing its privacy practice requests by also withdrawing its AT&T and Verizon requests and sending orders to AT&T advertising subsidiary AppNexus and Verizon ad subsidiaries Verizon Online and Oath America. Commissioners approved the moves unanimously.
Understanding how tech companies use application programming interfaces helps comprehension about privacy and related issues, American Enterprise Institute's Shane Tews noted Wednesday. Since Cambridge Analytica breached Facebook data, "there has been a revamping of the relationships between websites or applications that use API data," she wrote: EU's general data protection regulation "also forced a rethinking of data collection." Tews seeks "transparent policies on data exchange." She blogged that "policymakers considering legislation and regulation around the use of data must understand how data is used to enhance user experiences."
PayPal should change its Venmo payment service’s privacy settings, urged Mozilla and the Electronic Frontier Foundation in an open letter Wednesday. “Make transactions private by default and give users privacy settings for their friend lists.” With users unable to hide their friend lists, “anyone can uncover who you pay regularly, creating a public record of your personal and professional community,” EFF said. The company didn’t comment.
The Secure Telephone Identity Governance Authority (STI-GA) signed a contract with iconectiv to be STI policy administrator, it said Tuesday. It said iconectiv will be charged with enforcing STI-GA rules to make operational the signature-based handling of asserted information using tokens (Shaken) framework for call authentication. Its enforcement duties will be ensuring STI certificates go to only authorized service providers.
Facebook employees were aware of Cambridge Analytica and other companies suspected of data scraping as early as September 2015, show internal documents the platform released Friday. An email chain among Facebook employees details how the company was addressing data scraping claims about third-party developers matching social media data to voter files. A few months later, an alleged relationship between Cambridge Analytica and Sen. Ted Cruz, R-Texas's presidential campaign was reported. “We suspect many of these companies are doing similar types of scraping, the largest and most aggressive on the conservative side being Cambridge Analytica,” a Facebook employee wrote Sept. 22, 2015. The email describes the research firm as a “sketchy (to say the least) data modeling company that has penetrated our market deeply.” Various employees question whether such data scraping methods comply with platform policy, with one writing, “I imagine it would be 'very' difficult to engage in data-scraping activity as you described while still being compliant.” Facebook released the documents through agreement with Washington, D.C., Attorney General Karl Racine (D), who's suing the platform over related data privacy allegations (see 1907010066). Racine “fought to make this document public because we believe the American people have a right to know what and when Facebook knew about its data security weaknesses,” a spokesperson said in a statement: According to the documents, employees “were raising alarms about political partners and doubts about their compliance with Facebook’s data policies as far back as September 2015.” Facebook wasn’t aware that researcher Aleksandr Kogan sold data to Cambridge Analytica until December 2015, Vice President Paul Grewal wrote: “That is a fact that we have testified to under oath, that we have described to our core regulators, and that we stand by today.” An employee shared unsubstantiated rumors from a Cambridge Analytica competitor in September 2015 about the data scraping, he said, arguing the document provides no substantively new information.