The FTC report on shopping apps, which concluded privacy policies are often unclear, is more evidence app developers should institute privacy policies in line with the NTIA-backed mobile privacy code of conduct, said Jules Polonetsky, executive director of Future of Privacy Forum, the industry-backed group favoring self-regulatory privacy guidelines. The FTC report released Friday said many shopping apps make security promises in privacy policies but use vague language to retain an ability to collect, use and share consumer data (CD Aug 4 p14). “It is apparent that many apps should consider adopting the model app privacy nutrition label notice developed by the NTIA multistakeholder group to avoid the vagueness problems identified by the FTC in their study,” said Polonetsky by email. The Application Developers Alliance recently released open source code, based on the NTIA-backed mobile privacy code, that creates such a “nutrition label notice” for apps (CD July 25 p9).
The U.S. Court of Appeals for the D.C. Circuit said the full text of National Security Presidential Directive 54 is subject to a Freedom of Information Act (FOIA) request, in a Thursday ruling (http://bit.ly/1nZXRTf). According to the Electronic Privacy Information Center (EPIC), which filed the lawsuit and FOIA requests, the directive is “a previously-secret Presidential order granting the government broad authority over cybersecurity matters” (http://bit.ly/1nZYaxa). The document (http://bit.ly/1ncaCnG) also discusses “government efforts to enlist private sector companies to assist in monitoring Internet traffic,” EPIC said.
Peer-to-peer network BitTorrent has “enabled a huge black market for the ’sharing’ of creative works without the creators’ permission,” said Ruth Vitale, executive director of CreativeFuture, an anti-piracy advocacy group for artists and creators, in a Thursday blog post (http://bit.ly/1zDq8Sf). She criticized BitTorrent’s refusal to “clearly and definitively condemn the misuse of its protocol for piracy” and was skeptical of its reported plan to crowdsource funding for a TV series. “If BitTorrent really wants to be a friend to creativity, the company can’t have it both ways,” she said. BitTorrent didn’t comment.
Time Warner Cable is adding its higher-speed TWC Maxx service to eight new markets, said the operator in a blog post Thursday (http://bit.ly/UOkI7a). The new markets are Austin, Charlotte, Dallas, Hawaii, Kansas City, Raleigh, San Antonio and San Diego. The service is in Los Angeles and New York City, Time Warner Cable said. Depending on a customer’s current speed, the service is up to six times faster and includes an all-digital TV lineup, a larger VOD library, and an advanced set-top box and DVR with more storage capacity, it said. The upgrade is in progress in Austin, and will begin in the other locations starting in 2015, said the cable ISP. “Making these groundbreaking changes is quite an undertaking and requires major enhancements to all of our TWC hubs in these markets."
The Department of Homeland Security (DHS) endorsed Tuesday a cyber-risk oversight handbook for corporate board of directors jointly published by AIG, the Internet Security Alliance (ISA) the National Association of Corporate Directors (NACD). DHS is incorporating the handbook into its Critical Infrastructure Cyber Community (C3) Volunteer Program, the program the department is using to encourage use of the National Institute of Standards and Technology-facilitated Cybersecurity Framework, said DHS Assistant Secretary Andy Ozment, head of the National Protection and Programs Directorate’s (NPPD) Office of Cybersecurity and Communications, during a news conference announcing DHS’s adoption of the handbook. DHS will also make the handbook available through the U.S. Computer Emergency Readiness Team’s website, said Ozment. The handbook, originally released last month, says corporate boards of directors should handle cybersecurity using a set of five principles, including an understanding that cybersecurity is “an enterprise-wide management issue,” rather than just an IT issue. Boards also need to understand the legal implications of cyber risks and should have adequate access to cybersecurity expertise to evaluate policies, the handbook said. They should also expect management to create an enterprise-wide cyber risk framework that is adequately funded, and should identify which risks to “avoid, accept, mitigate or transfer through insurance,” the handbook said (http://bit.ly/1mbVuut). Directors are “very much aware of cybersecurity,” but need guidance on how to confront it, said NACD President and CEO Ken Daly during the news conference. ISA President Larry Clinton said the handbook could help corporate board and cybersecurity experts “connect the dots,” noting that both sides need to understand each others’ lexicons.
NSA surveillance activities, as revealed by former contractor Edward Snowden, have damaged the economic outlook of international businesses based in the U.S., prompted proposals by foreign governments for data localization mandates, weakened the diplomatic standing of the U.S. and undermined the NSA’s cybersecurity efforts, the New America Foundation’s Open Technology Institute says in a policy paper released Tuesday (http://bit.ly/UIDnRJ). “While intelligence officials have vigorously defended the merits of the NSA programs, they have offered little hard evidence to prove their value -- and some of the initial analysis actually suggests that the benefits of these programs are dubious,” the foundation said in an accompanying blog post (http://bit.ly/1mYFrMj) Tuesday. “American companies have reported declin ing sales overseas and lost business oppor tunities, especially as foreign companies turn claims of products that can protect users from NSA spying into a competitive advantage,” the paper says. NTIA’s decision to transition the Internet Assigned Numbers Authority to ICANN and its multistakeholder body “demonstrates that [NTIA] is willing to fulfill longstanding commitments to the Internet governance community rather than fighting to maintain the status quo,” it says, citing the disruption to the Internet governance debate and multistakeholder model after the Snowden disclosures. The paper recommends increasing “transparency around government surveillance” and strengthening “privacy protections for both Americans and non-Americans,” among other ways to reduce the alleged harm of NSA programs.
The FCC should adopt “light-touch” net neutrality and prohibit broadband Internet access providers from charging for prioritized access, Internet Association CEO Michael Beckerman, Gina Woodworth, IA’s vice president-public policy and government affairs, and General Counsel Markham Erickson told Commissioner Mignon Clyburn and aides July 23, said an ex parte notice (http://bit.ly/1tWBw8s) posted in docket 14-28 on Monday. The commercially reasonable test would create “uncertainty and needless litigation,” the association said. Net neutrality rules should apply to any ISP, regardless of wired or wireless, it said. Net neutrality is “critical in maintaining fairness to all who use the Internet from the smallest to the largest users,” Sunset Digital Communications President Paul Elswick, Vice President Ryan Elswick, and Director-Special Projects Daniel Wells told FCC Chairman Tom Wheeler’s aides July 24, said an ex parte notice (http://bit.ly/1la6vsg) posted in the docket Tuesday. The officials met with Gigi Sohn, FCC special counsel for external affairs; Daniel Alvarez, legal adviser, and Elizabeth McIntyre, Pricing Policy Division deputy chief. Networks like Comcast and Verizon “intend to extort the transport provider” in addition to content providers, said Sunset, which advocated for common-carrier regulations.
"Writers who argue that data collection and analytics favor the rich over the poor rely on hypothetical rather than actual examples,” said Technology Policy Institute President Thomas Lenard in comments filed Monday to the FTC ahead of its September workshop on big data (http://bit.ly/UxMqW2). No current evidence indicates that predictive analytics tools cause discrimination, he said. But the recent White House report on the subject (CD May 2 p3), and the FTC’s workshop lineup (http://1.usa.gov/1hFee3o) indicate otherwise, Lenard said. “Much of the concern seems to be that the predictive models may not be totally accurate,” he said. “Big data, however, can be expected to improve accuracy. The use of more data points makes it less likely that any single data point will be determinative, and more likely that a correct decision will be reached.” Additionally, big data is being used to develop products to benefit low-income individuals, Lenard said. He cited three companies -- Better Finance Inc., LendUp and ZestFinance -- that use additional data points to find people for “small, short-term” loans. These individuals might not have been able to get any loan previously, Lenard said. “It is more likely that price discrimination will favor lower-income individuals,” he said. “Since price discrimination involves charging different prices to different consumers for the same product based on their willingness to pay, and since willingness to pay is generally positively related to ability to pay, price discrimination will, other things equal, result in lower prices to lower-income consumers."
Live broadband coverage to connected devices of the summer’s biggest events, including the World Cup and Wimbledon, drove BBC Sport in June to its “busiest digital month on record,” it said Thursday (http://bbc.in/1pfKVE5). BBC Sport logged 77.5 million “unique browsers” in June, beating the previous record of 73.6 million set during the London 2012 Olympics, it said. Included in the data are live viewership on smartphones, tablets, laptops and connected TVs, BBC Sport said. Other recent digital firsts, according to BBC Sport: (1) Its highest-ever weekly mobile reach, 8.1 million unique U.K. mobile browsers, during the first full week of the World Cup, June 16-22; (2) Its highest-ever daily global reach, 3.4 million unique browsers across all devices, during postgame coverage of Germany’s 7-1 drubbing of Brazil on July 9.
The government can get warrants requiring email service providers to turn over all account information for an indefinite period of time, said the U.S. District Court in New York City in a Friday memorandum opinion explaining a June 11 warrant approval (http://bit.ly/1yRqww7). The court noted its divergence with other recent district court rulings on similar matters as the reason for issuing an explanation. The U.S. District Courts for the District of Columbia and the District of Kansas refused to issue such warrants because they would not limit what content could be disclosed and would allow the government to seize large quantities of emails without establishing probable cause, said the New York court’s Friday opinion. That argument “too narrowly construes the Fourth Amendment’s particularity requirement and is contrary to copious precedent,” said Magistrate Judge Gabriel Gorenstein, who wrote the opinion. Multiple courts have concluded on-site searches of hard drives are difficult and warrants have allowed for the government to remove hard drives to conduct information searches. “We perceive no constitutionally significant difference between the searches of hard drives just discussed and searches of email accounts,” Gorenstein said. “Indeed, in many cases, the data in an email account will be less expansive than the information that is typically contained on a hard drive.” The D.C. and Kansas rulings are outliers to the larger body of legal precedent, he said. “If the Government acts improperly in its retention of the materials, our judicial system provides remedies,” Gorenstein said. “We recognize that the Government has a need to retain materials as an investigation unfolds for the purpose of retrieving material that is authorized by the warrant.” American Civil Liberties Union Legislative Director Christopher Calabrese said the court’s explanation allows for an invasive government. “The case highlights the danger of allowing civil agencies to have some type access to our emails directly from the service provider,” he said by email. “The result will be that these agencies will have full access to our email inboxes, potentially in response to the most trivial civil violations of the law.” The ACLU, privacy advocates and conservative-leaning groups have been pushing for Congress to pass a law requiring the government to obtain a warrant before accessing a user’s email, which it currently is not required to do under all circumstances (CD July 14 p9).