Facebook wants to shift to a more “privacy-focused messaging and social networking platform,” blogged CEO Mark Zuckerberg Wednesday. Zuckerberg envisions a platform where communication shifts to private, encrypted services with data that remains secure and eventually disappears. “Private messaging, ephemeral stories, and small groups are by far the fastest growing areas of online communication,” Zuckerberg wrote, saying he wants the company to shift from a “town square” to more of a “living room.”
NSA’s telecom surveillance program under the USA Freedom Act hasn’t been used for the “past six months,” and the administration might not ask Congress to renew the expiring program, said an adviser for Rep. Kevin McCarthy, R-Calif., during a podcast released Saturday. It’s unclear if the administration wants to activate the program again, said Luke Murry, McCarthy’s national security adviser. Sen. Ron Wyden, D-Ore., said Tuesday NSA’s implementation of phone record dragnet changes has been “fundamentally flawed.” He asked that Congress refuse to reauthorize the program and that the administration permanently end it. NSA, the Office of the Director of National Intelligence and McCarthy’s office didn’t comment.
The Senate Commerce Committee bipartisan working group’s goal is to negotiate privacy legislation differences “in the next month,” Sen. Jerry Moran, R-Kan., told us Tuesday. The group includes Moran, Commerce Chairman Roger Wicker, R-Miss., Sen. Richard Blumenthal, D-Conn., and Sen. Brian Schatz, D-Hawaii. Staffers for the lawmakers are exploring privacy principles and specific legislative provisions, Moran, Schatz and Blumenthal told us. “There is no deadline, but I am encouraging, pushing that this be addressed, that we get to the point at which the senators can sit down and try to resolve any additional, remaining differences in the next month,” Moran said. The group is in more advanced discussions than “principles,” Wicker told us. It hasn’t reached the point where draft legislation is circulating, Blumenthal told us. Staff is weighing principles and “specific provisions,” he said, noting draft legislation can’t be written with principles. “There’s no deadline. We want to get it right,” Blumenthal told us. “We have to make it bipartisan. We have to get the Republican leadership.” Wicker was asked whether he has a privacy hearing in mind for April. “I don’t know that we’ve scheduled that, but we’re going to have lots more witnesses on data privacy,” he told reporters. The committee received criticism from privacy and consumer groups when an initial list for its first privacy hearing of the year featured an all-industry panel (see 1902220041).
Companies are struggling with "unwarranted litigation risk" and bigger hurdles communicating with customers, which points to the FCC needing to provide guidance on application of key terms in the Telephone Consumer Protection Act, Charter Communications, Comcast and Cox representatives told an aide to FCC Chairman Ajit Pai, recounted a docket 18-152 ex parte posting Monday. They urged the agency to make clear that equipment should be classified as an automatic telephone dialing system under the TCPA only if it can generate numbers randomly or sequentially and is used that way without human intervention. They said the FCC should make clear a call's intended recipient is the "called party" until the caller is told the number has been reassigned, and should clarify rules governing revocation of consent.
Comments are due April 3, replies May 3, on a rulemaking on curbing spoofed robocalls launched by FCC commissioners 5-0 last month (see 1902140039). That's after expected publication in Monday's Federal Register.
Washington state privacy bills cleared key House and Senate panels before a Friday deadline to get bills out of fiscal committees. The House Appropriations Committee voted 19-11 Friday to pass HB-1854, and 18 of 24 Senate Ways and Means Committee members voted for SB-5376. Privacy advocates have concerns about both bills but slightly prefer the House version; Microsoft more strongly supports the Senate bill (see 1902280050).
The FCC reminded telecom carriers and VoIP providers of Friday's deadline to file annual certifications of compliance with rules prohibiting unauthorized access, use or disclosure of customer proprietary network information. "Protection of CPNI is of paramount importance, as it includes sensitive personal information that carriers collect about their customers during the course of their business relationship (e.g., telephone numbers of calls made and received; the frequency, duration, location, and timing of such calls; and any services purchased by the consumer, such as call waiting and voicemail)," said an Enforcement Bureau advisory Thursday in docket 06-36.
Sen. Catherine Cortez Masto, D-Nev., introduced a privacy bill Thursday that would make companies get opt-in consent for collecting and disseminating precise location data. The Data Privacy Act also would require “reasonable” data collection, processing, storage and disclosure. It would prohibit data practices that discriminate against people for political and religious beliefs, barring “deceptive” data practices. There are no co-sponsors.
Owners of musical.ly, a video social networking app now called TikTok, reached a record $5.7 million settlement with the FTC over claims the company illegally collected children’s personal data, the agency announced Wednesday. It’s the largest civil penalty the FTC, whose members unanimously approved, has collected under the Children’s Online Privacy Protection Act. Musical.ly failed to seek parental consent for collecting names, email addresses and other data from users younger than 13, the FTC alleged in a complaint filed by DOJ. “We take enforcement of COPPA very seriously, and we will not tolerate companies that flagrantly ignore the law,” Chairman Joe Simons said in a statement. “These practices reflected the company’s willingness to pursue growth even at the expense of endangering children,” said Commissioners Rohit Chopra and Rebecca Kelly Slaughter. They said executives should face more accountability in future cases. The company has implemented changes that now direct TikTok users into “age-appropriate” app sections, it said: “The new environment for younger users does not permit the sharing of personal information, and it puts extensive limitations on content and user interaction.” Sen. Ed Markey, D-Mass., urged future “higher monetary penalties that will actually [incentivize] COPPA compliance.” More than 200 million worldwide users, 65 million registered in the U.S., downloaded the app. Accounts were publicly available by default, the FTC said, and public reports show adults contacted children through the app. The app includes a feature that lets users discover other users within a 50-mile radius. App operators received thousands of complaints from parents that their underage children had accounts, the FTC said. “This case should put tech companies on notice that continued disregard for COPPA will result in penalties and consumer mistrust that can seriously impact their business,” said Common Sense Media CEO Jim Steyer.
Three Senate Republicans want to know why Google didn't disclose to consumers that the Nest Secure home security system has a hidden mic, they wrote CEO Sundar Pichai Monday. Consumers are increasingly concerned about the ability of large tech companies to collect and use personal data without consent, said the letter from Senate Commerce Chairman Roger Wicker, Miss.; Communications Subcommittee Chairman John Thune, S.D.; and Manufacturing Subcommittee Chairman Jerry Moran, Kan. “It is critically important that companies like Google be completely transparent with consumers, and provide full disclosure of all technical specifications of their products at the point of sale." Google’s “failure to disclose a microphone within its Nest Secure product raises serious questions about its commitment to consumer transparency and disclosure.” They asked Google to address by March 12 questions on whether a mic has always been a component of Nest Secure, when and how Google became aware that a mic wasn’t listed on the system’s technical specifications; what Google has done to inform buyers the device contains a previously undisclosed mic; Google's process for developing tech specs, when the error occurred and actions to prevent such an error in other products; whether Google is aware of any third-party using the mic for unauthorized purposes; and if the company is aware of similar omissions in its other products. The committee requested an in-person briefing by March 29. Google didn't comment Tuesday.