Device searches by Customs and Border Protection more than doubled in FY 2016 over the prior fiscal year and are continuing to rise, show agency figures released Tuesday. In the first six months of FY 2017, electronic devices of nearly 15,000 international travelers to the U.S. were searched, and in recent months, the monthly total was higher than that of the year-ago period. CBP said the searches affected less than 0.0008 percent of the nearly 190 million travelers who have come this fiscal year. In FY 2016, electronic devices of more than 19,000 travelers -- representing 0.005 percent of the 391 million travelers -- were searched, while in FY 2015 that number was about 8,500 travelers, or 0.002 percent of 383 million travelers. Privacy and civil liberties groups have criticized the policy and practice (see 1703170019 and 1702210007). In Congress, lawmakers have introduced legislation that would require law enforcement to get a warrant based on probable cause before they could search a U.S. person's device (see 1704050030).

The FCC posted the illegal robocalls NPRM and notice of inquiry approved by commissioners Thursday (see 1703230035). “We begin a process to facilitate voice service providers’ blocking of illegal robocalls, which represent an annoyance -- and often worse -- for consumers,” the notice in docket 17-59 said. “We propose rules that would allow providers to -- on their customers’ behalf -- block the illegal robocalls that can bombard their phones at all hours of the day, in some cases luring consumers into scams (e.g., when a caller claims to be collecting money owed to the Internal Revenue Service) or leading to identity theft.” Comments will be due 45 days after publication in the Federal Register, replies 30 days later.

Last week’s WikiLeaks disclosure that the CIA worked secretly with U.K. authorities in 2014 to hack Samsung smart TVs and turn them into covert microphones (see 1703070047) sparked the first known complaint Tuesday, that from a Long Beach, New York, resident who alleged the voice recognition feature on Samsung smart TVs violates federal privacy statutes. Joshua Siegel bought several Samsung smart TVs “and kept them in personal and private areas of his home, including his bedroom and living areas,” said the complaint (in Pacer), filed in U.S. District Court in Newark, New Jersey, the district where Samsung Electronics America is headquartered in Ridgefield Park, New Jersey. Siegel was unaware his family’s “private conversations in their home could be hacked by third parties due to Samsung’s reckless and/or negligent failure to protect that private, sensitive data and recordings,” said the complaint, which seeks class-action status. The “degree” of the company's “lack of adequate protection” was revealed publicly when WikiLeaks said Samsung smart TVs “were in fact being used by outside parties to spy on Samsung customers’ private conversations,” said the complaint. Samsung declined comment Tuesday. Samsung responded to the WikiLeaks report a day later with a statement that it was “urgently looking into the matter,” and that “protecting consumers’ privacy and the security of our devices is a top priority at Samsung” (see 1703080014).

Developers may not use Facebook or Instagram data for surveillance tools under language added Monday to the social sites’ platform policies, Facebook said in a post. “Our goal is to make our policy explicit,” the company said. “Over the past several months we have taken enforcement action against developers who created and marketed tools meant for surveillance, in violation of our existing policies; we want to be sure everyone understands the underlying policy and how to comply.”

A group of 21 Senate Republicans will join Sen. Jeff Flake, R-Ariz., in his introduction Tuesday of his Congressional Review Act resolution of disapproval to kill the FCC’s ISP privacy rules, said his aides, who had predicted the resolution may be coming this soon (see 1703060041). The text of the resolution -- which would kill the regulations and prevent the FCC from developing substantially similar ones -- is barely more than one page. The backers include GOP Whip John Cornyn, R-Texas, along with the others expected, but also Senate Commerce Committee Chairman John Thune, R-S.D., and other senior Republicans such as Sen. Orrin Hatch, R-Utah. Co-sponsors include Sen. Shelley Moore Capito, R-W.Va., Dean Heller, R-Nev., and Ted Cruz, R-Texas. Industry groups including the Chamber of Commerce, NCTA, USTelecom and CTA wrote Senate Commerce leaders backing the CRA. “If Congress employs the CRA to disapprove the rule, customers will still enjoy reasonable privacy protections under Section 222 of the Communications Act,” they said. The resolution “will reverse the FCC's broad regulatory overreach and restore certainty and consistency with privacy guidelines established by the Federal Trade Commission,” CTA President Gary Shapiro said in a statement. The heads of the 21st Century Privacy Coalition, which consists of communications companies, lauded the introduction. The FCC's "rules deviate substantially from the FTC's successful privacy model and are fatally flawed" and the "resolution will give the Administration the opportunity to hit the reset button and develop a holistic approach to privacy for the entire internet ecosystem that benefits consumers," said co-chairs Jon Leibowitz, a former FTC chairman, and Mary Bono, a former House GOP lawmaker. Capitol Hill Democrats and public interest groups called the CRA destructive (see 1702270035). House Communications Subcommittee Chairman Marsha Blackburn, R-Tenn., is leading efforts in the lower chamber on the CRA resolution. “We continue to discuss the issue with our colleagues in the Senate and are exploring all options moving forward,” a GOP House aide said.

Data broker and analytics companies are being urged by a coalition of civil liberties and privacy organizations not to share people's personal information that they collect with the Trump administration because it refused to rule out creating a database of Muslims. The coalition said Sunday it sent a six-page letter to nearly 50 data brokers, saying they "must not be complicit" in President Donald Trump's deportation and detention immigration policies, which could be a "disaster for human rights." The letter noted Trump's executive order restricting travel to the U.S. from seven Muslim-majority nations, which is being challenged in court. The administration is expected to unveil a revamped order this week (see 1702160059). The letter said some data brokers like Acxiom, CoreLogic and Recorded Future said they won't help build a registry. It said that even if a few companies agree to provide data or services identifying Muslims or immigrants and that data were misused, "the human rights consequences could be enormous." The letter asks the companies to disclose whether they have refused to share data with the government and also to make a pledge not to share data that could lead to such violations. Some signatories: Amnesty International, Center for Democracy & Technology, Electronic Frontier Foundation, New America's Open Technology Institute, World Privacy Forum and Alvaro Bedoya, executive director of Georgetown Law Center on Privacy & Technology. The White House didn't comment.

If a company threatens legal action or bars a consumer's legitimate online review of a product or service, it can be disciplined by the FTC and state attorneys general, said the commission in a blog post that outlined staff guidance on how to comply with the Consumer Review Fairness Act that was passed into law in December. "It's illegal to ban honest reviews," the FTC tweeted Wednesday, a day after the post. The bipartisan law, which was heavily supported by industry and consumer groups (see 1612150021 and 1512150012), prevents businesses from using nondisparagement or gag clauses to prohibit consumers from sharing negative opinions about a company's conduct, product or service in online reviews, social media posts and uploaded photos and videos. The blog post offered information about specific conduct barred by the law, penalties for violations and what companies can do to protect themselves from "inappropriate or irrelevant content."

Vizio's settlement with the FTC over allegations the smart TV maker collected viewing data on 11 million consumers without their consent or knowledge (see 1702060042 and 1702070024) "highlights the importance of providing thorough consumer disclosures," wrote Wiley Rein attorneys Megan Brown and Madi Lottenbach in a Tuesday blog post. They said it "remains unclear" to what extent consumers "reasonably expect" their demographics, location and viewing habits will be recorded and used by TV and streaming device makers, software developers and the advertising industry. The lawyers wrote that some consumers have IoT privacy and security concerns that could result in increased regulatory oversight. They cited acting FTC Chairman Maureen Ohlhausen's concurring statement in the settlement that it's the first time the commission has said viewing activity is "sensitive information" and the experts said further clarity may be needed about what causes "substantial injury."

Public Knowledge hailed the FTC on its settlement agreement with Vizio (see 1702060042) for “stepping in to protect consumers’ privacy in this clear case of deception,” Policy Fellow Dallas Harris said in a Monday statement. “Most importantly, the FTC has determined that information such as consumer viewing history is in fact sensitive information that should require a consumer’s affirmative express consent before being collected,” she said. “This places the FTC’s privacy framework squarely in line with the broadband privacy rules recently passed by the FCC.” Efforts to use the Congressional Review Act to repeal those FCC rules “would create a double standard,” where ISPs would be allowed to collect and use consumers’ personal information without their consent,” said the lawyer. “Congress should ensure that these privacy protections remain in place.”

NTIA’s Institute for Telecommunication Sciences (ITS) plans a Feb. 15-16 workshop in Boulder, Colorado, on tactical encryption and key management (E&KM). RAND Corp. is co-hosting the workshop, which is sponsored by the Defense Advanced Research Projects Agency, NTIA said in a notice set to run in Friday's Federal Register. The workshop aims to “identify solutions to the problem of how to dynamically key and re-key different groups with varying levels of access and for varying lengths of time using existing infrastructure or over an ad hoc network that is reliable and user friendly,” NTIA said. E&KM “is a process that can be onerous, difficult, and time-consuming. We hypothesize that advances in processing efficiency and networking technologies can greatly simplify (or perhaps even automate) E&KM thus enabling secure dynamic coalitions and information flow control in mobile, tactical applications. We further hypothesize that these secure, dynamic coalitions and information control schemes can be constructed and maintained without a central, off-site coordination authority.” ITS hopes the workshop will “look into the future to see what E&KM may look like and will look at the present to see what technologies can be leveraged to take us there,” NTIA said. The workshop will run 8 a.m.-5 p.m. MST both days in the Department of Commerce’s Boulder Laboratories Building 1 Lobby, NTIA said.