The Campaign for a Commercial-Free Childhood and Center for Digital Democracy filed an update to an FTC complaint against Google’s YouTube Kids app Tuesday for false and deceptive marketing, a joint news release said. In April, CCFC and CDD were part of a coalition of children’s and consumer groups that filed a complaint and urged the FTC to investigate whether Google’s YouTube Kids app was unfair and deceptive toward children and parents -- a violation of FTC Act Section 5 (see 1504070045). In subsequent research, CCFC and CDD said they found “even more widespread and pervasive” evidence supporting the original complaint, the groups wrote in a letter to the FTC. “Further review of YouTube Kids demonstrates that the app is rife with videos that would not meet anyone’s definition of ‘family friendly’,” the letter said. “YouTube Kids contains many videos that would not only be disturbing for young children to view, but potentially harmful.” A commission spokesman confirmed the agency received the letter and would review it. “As users of YouTube Kids search for material, the app begins to recommend similar videos,” said CCFC and CDD. When the groups conducted their review of the app, “YouTube Kids actually began recommending videos about wine tasting on its app for preschoolers,” it said. The more children search for inappropriate videos, the more inappropriate videos they will be shown, the letter said. Google had no immediate comment. “Federal law prevents companies from making deceptive claims that mislead consumers," said Aaron Mackey, the coalition’s attorney at Georgetown Law's Institute for Public Representation. Google promised YouTube Kids would deliver appropriate content for children, but it has failed to fulfill its promise, Mackey said. “Google gets an 'F' when it comes to protecting America’s youngest kids,” said CDD Executive Director Jeff Chester. The groups allege they found: explicit sexual language presented amid cartoon animation; a profanity-laced parody of the film Casino featuring Sesame Street’s Bert and Ernie; graphic adult discussions about family violence, pornography and child suicide; jokes about pedophilia and drug use; unsafe behaviors such as playing with lit matches; and advertising alcohol products. As of May 11, at least 13 Budweiser commercials were available on YouTube Kids, the letter said. Given the “inadequacies of the screening process and the constant addition of new videos to YouTube Kids, it would be virtually impossible for anyone to catalog all of the inappropriate content that is accessible on the app,” it said. “In the rush to expand its advertising empire to preschoolers, Google has made promises about the content on YouTube Kids that it is incapable of keeping,” said CCFC Associate Director Josh Golin.
The FTC wants the court-appointed consumer privacy ombudsman in RadioShack’s bankruptcy case to recommend against the sale of personal customer data as a stand-alone asset, Consumer Protection Director Jessica Rich told the ombudsman, an agency news release said. RadioShack obtained personal data, including consumers’ names, addresses, email addresses and purchase histories from tens of millions of consumers, Rich said. RadioShack had extensive privacy promises it made to consumers online and in stores, including the promise to not sell consumers’ information or the company’s mailing lists, Rich said. Consumer information should be sold only to another entity that's substantially in the same line of business as RadioShack and that buyer should be bound by the RadioShack privacy policies that were in place when the consumers’ data was collected, Rich said. The buyer should also give consumers notice their data was bought and obtain affirmative consent if the data is to be used in a manner that differs from promises RadioShack made, she said. Rich pointed to FTC intervention in the bankruptcy case of the online retailer Toysmart, which sought to sell customers’ information despite promises made in its privacy policies, as an example of how conditions successfully can be put on the sale of data both to allow the company to divest assets and to protect consumers’ information, the release said. RadioShack’s privacy policy had said (see 1504020032) that “we will not sell or rent your personally identifiable information to anyone at any time.”
Senate Intelligence Chairman Richard Burr, R-N.C., should listen to constituents who are “loud and clear that they not only want [Section 215 of the Patriot Act] to end, but that they are also incredibly dubious about the NSA’s collection practices,” wrote Electronic Frontier Foundation Legislative Analyst Mark Jaycox in a blog post Monday. Burr’s “reliance on the program being effective ignores the conclusions of two independent investigations tasked with looking at the calling records program,” Jaycox said: “The Director of National Intelligence and the Attorney General have written a letter expressing the need to reform the authorities, and essentially end the current program as it currently is.” Jaycox said “if the Executive branch, the Judicial branch, and two independent commissions can't convince Senator Burr, then maybe their fellow lawmakers can.”
Reddit administrators and users are unhappy with harassing behavior on its site, so the site has updated its practices to better curb harassment, an administrators' blog post said Thursday. “For the past six months we have been examining and reviewing reddit’s community policies and practices, collecting and analyzing data, defining our own goals, and making some hard decisions,” reddit said. “We value privacy, freedom of expression, open discussion, and humanity, and we want to make sure that we uphold these principles for all kinds of people,” they said. Some changes have already been made, such as an annual transparency report showing when private information was shared with law enforcement and when content was taken down in response to legal demands or for privacy reasons, the administrators said. In March, reddit’s privacy policy was updated to address revenge porn, and on Wednesday, additional changes were made to be “even more transparent about content that reddit removes for legal reasons,” they said. Reddit announced on Thursday administrators have been looking “closely at the conversations on reddit and at personal safety.” Reddit values freedom of expression and relies on volunteer moderators to determine and uphold rules for subreddits, allowing administrators to step in only when “we see threats to our values of privacy and safety,” they said. As use of the Internet and information available evolves, reddit said, it has seen more harassment and different types of harassment emerge, such as posting links to private information on other sites. “Instead of promoting free expression of ideas, we are seeing our open policies stifling free expression; people avoid participating for fear of their personal and family safety,” reddit said. “Because of this, we are changing our practices to prohibit attacks and harassment of individuals through reddit with the goal of preventing them,” they said. Harassment is defined as: “Systematic and/or continued actions to torment or demean someone in a way that would make a reasonable person (1) conclude that reddit is not a safe platform to express their ideas or participate in the conversation, or (2) fear for their safety or the safety of those around them,” the administrators said.
To ensure law enforcement uses body cameras in a way that enhances civil rights, New America’s Open Technology Institute and 35 other privacy and civil rights organizations and advocates Friday released principles they embraced. They would among other things require law enforcement agencies implementing cameras to: develop camera policies in public; commit to a set of narrow and well-defined purposes for cameras; specify clear operational policies for recording, retention and access; make footage available to promote accountability, an OTI news release said. The principles were spearheaded by the Leadership Conference on Civil & Human Rights. Other groups that supported the principles include the American Civil Liberties Union, Center for Democracy & Technology, Electronic Frontier Foundation and Public Knowledge.
The non-profit Technology Business Management Council established a Commission on IT Cost Opportunity, Strategy and Transparency (IT COST) Wednesday to “define a set of recommendations and best practices for Federal departments and agencies to transparently measure and communicate their IT costs so that Federal CIOs [chief information officers] are better equipped to govern their IT spending and support agency missions with limited resources,” a news release said. The federal government spends more than $78 billion on technology per year, but each agency uses its own standards to measure, benchmark and communicate the value of its technology investments, the release said. Lack of standardization creates numerous challenges and complications, it said. CIOs from the departments of Health, Transportation, Interior, Commerce and Agriculture are participating in the first IT COST Commission meeting, to be held in June. CIOs from Cisco, Hewlett-Packard and DirecTV are also participating. The goal is to release a report in early 2016 outlining a series of recommendations to reduce waste and increase efficiency, demonstrate cost, quality and value of IT spend, and aid in the implementation of the new Federal IT Acquisition Reform Act, the release said.
The FTC launched IdentityTheft.gov Thursday, in hopes of making it easier for identity theft victims to report and recover from identity theft, a news release said. The new website has an interactive checklist for those who learn their identity is stolen and has advice for those notified their personal information was exposed in a data breach. A Spanish version of the site is available at RobodeIdentidad.gov.
The Online Trust Alliance is welcoming experts from private and public industry to join its initiative to develop a security, privacy and sustainability trust framework for IoT devices, it said in a Wednesday news release. OTA said the framework is intended to provide clarity and confidence to consumers as they shop and use connected devices, with an initial focus on the connected home and wearable/fitness technologies. OTA hopes the framework will be used as a basis for a potential certification program for IoT devices and applications, it said. A draft will be shared in a panel at the TRUSTe IoT privacy summit June 17, it said. “With the rapid introduction of Internet of Things products into the market, we must ensure that security and privacy best practices are integrated to maximize consumer protection,” said OTA Executive Director Craig Spiezle. “According to preliminary data from OTA’s forthcoming Online Trust Audit, 14 percent of leading IoT products did not have a discoverable privacy policy for consumers to review prior to purchase,” Spiezle said. “We welcome industry leaders to join in the multi-stakeholder effort to raise the bar and make security, privacy and sustainability key product attributes.” OTA’s next full working group meeting is June 16 in Mountain View, California. Leaders in the security and privacy community, app developers, manufacturers and international retailers were invited to provide input. TRUSTe CEO Chris Babel welcomed OTA’s initiative to extend the work of the IoT Privacy Tech Working Group to include the security and sustainability issues arising out of the explosion of data collection from connected devices, he said. “Considering that 79 percent of U.S. consumers are concerned about data collected by connected devices, we urge companies to join this important endeavor to develop clear standards for privacy and security in the Internet of Things.”
The Department of Commerce Internet Policy Task Force extended the comment deadline on identifying substantive cybersecurity issues from May 18 to May 27, said a notice in Wednesday's Federal Register. Comments may be submitted via email or mail.
The Mozilla Foundation released security updates Tuesday to address vulnerabilities in Firefox, Firefox ESR and Thunderbird, said a notice from the U.S. Computer Emergency Readiness Team. U.S.-CERT said the vulnerabilities in Firefox may have let a remote hacker “cause a denial-of-service condition or steal sensitive information." Adobe also released security updates Tuesday for Acrobat, Flash Player and Reader, a U.S.-CERT notice said. It said exploitation of Adobe vulnerabilities may let an attacker take control of an affected system.