July 12: A Day to Defend Net Neutrality

Online privacy, Protest, Regulation

In protest of the FCC’s plans to scrap net neutrality protections, many non-profits, companies and websites are banding together to host a day of action on July 12, 2017. Among the companies joining in this progressive movement: Amazon, Vimeo, GitHub, Netflix, Etsy, Twitter, and Spotify. What will the day of protest entail?

-a Twitter Brigade, tweeting net neutrality news through July 12

-30-second video bumper for online video content

-website alerts, like the one below (I’m going to try this one on my page!)


The point is to show what the internet would look like without the neutrality of browsing protected.

Without net neutrality, internet service providers will be free to steer you to their selected content, making slow lanes for companies that can’t pay up. A big company could get fast navigation through their website, but it can take more time to load a small non-profit’s page.

Support net neutrality on July 12! Join here.

44 States Refuse to Hand Over Components of Requested Voter Data

Elections, Regulation, Voting

As of yesterday, 44 states have called foul on providing some of the requested voter data from the state rolls, as requested by Kris Kobach of the Presidential Advisory Commission on Election Integrity. The commission was established to corroborate Trump’s claims of widespread voter fraud in the 2016 election. The data collected from the states will eventually be made public. Kobach has clarified the request of the letter sent to the states, stating that it is asking for what is publicly available in each state. Still, the letter asks for date of birth and last four digits of social security number, as well as elections voted in. 19 states have outwardly criticized the commission’s request. Virginia Governor Terry McAuliffe (D) stated,

“At best this commission was set up as a pretext to validate Donald Trump’s alternative election facts, and at worst is a tool to commit large-scale voter suppression.”

Many state laws prevent the release of the requested data, and public officials are pointing to specious claims of voter fraud with the intent of voter suppression, as well as complete disregard to privacy.

In response, Trump brings up the flawed “something to hide” argument, so often used to flout privacy concerns. Equating privacy with criminality and clandestine activity is the classic way to disregard the benefits of privacy and shame those who resist oppression. Pointing to the “distinction” of a group requesting private data does not mean that group will handle data responsibly. Especially in this case, where the purpose is to link the data with other sources and make it public.

Source: CNN


EU Proposes to Ban “Backdoors” in Encryption

Encryption, Legislation, Online privacy, Regulation, Smartphones

The European Commission has drafted amendments to the 2002 ePrivacy regulations that would ban the creation of backdoors for reading encrypted communications. This is a win for privacy in light of widespread calls by law enforcement and governments to establish access to end-to-end encrypted (E2EE) messages, most recently by the UK (for Signal and WhatsApp, which use E2EE).

The draft proposal, which would outlaw backdoor encryption, states:

Member states shall not impose any obligations on electronic communications service providers that would result in the weakening of the security and encryption of their networks and services.


…when encryption of electronic communications data is used, decryption, reverse engineering or monitoring of such communications shall be prohibited…

The proposed amendments are more in line with the new General Data Protection Regulation (GDPR), but will have to pass through the European parliament and European council to go into effect.

Source: The Guardian

California Broadband Internet Privacy Act, AB 375, Introduced

Advertising, Legislation, Online privacy, Regulation

As a response to the repeal of FCC broadband privacy rules in April 2017, CA Assemblymember Ed Chau (D-Monterey Park) has introduced the California Broadband Internet Privacy Act, or AB 375. This bill is modeled after the FCC’s regulations and includes an “Ask Me First” principle, requiring Internet Service Providers (ISPs) to only use, sell, or share identifiable customer data if the customer opts in. Such information includes internet browsing history, downloaded applications, and time spent on each site. AB 375 would also prohibit any ISP practices that would require customers to pay more for their privacy or penalize those who did not consent to share their data. Eighteen other states, including Oregon, have already introduced similar bills to protect internet data privacy following the Congressional repeal of the FCC rules. At least 25 consumer, privacy, and labor advocacy groups are endorsing this bill, including the ACLU of CA, EFF, and the Privacy Rights Clearinghouse.

Sources: The Recorder, Consumer Federation of California

UK Grocery Store Fined £10,500 ($13,373) for Spamming Opt-Out Customers

Advertising, Regulation

Morrison’s, a UK grocery chain, has been fined by Britain’s Information Commissioner’s Office (ICO) for sending marketing emails to customers who had opted out of receiving email advertising from the store. The chain was found to have sent out 130,671 emails to opt-out customers at the end of 2016 and so has been fined £10,500 ($13,373). The emails in question asked recipients to change their marketing preferences to receive coupons and newsletters, a practice that violates the nation’s Privacy and Electronic Communication Regulations (PECR). This law contains specific rules for marketing communications, cookies, communications security, itemized billing, and customer location data. The ICO stated that enforcement of the PECR through fines will also help to prepare for corporate adherence to the EU’s General Data Protection Regulation (GDPR).

Sources: ICO, ITPro

Enforcement of the EU Global Data Protection Regulation (GDPR) < 1 Year Away: Are Marketers Prepared?

Advertising, Online privacy, Regulation

Short answer: No

The GDPR requires that companies obtain explicit and informed permission before collecting personal data from EU residents. This includes IP addresses and cookies. While it is already in effect, it doesn’t hit the enforcement stage until May 25, 2018. A study of 250 businesses conducted by the Data & Marketing Association finds that half of companies will still not be prepared to comply by next year’s deadline.

Among the adjustments that companies have to make are deleting or updating non-compliant databases of personal information and ceasing use of “clickwrap” forms (lengthy terms of service that people click through quickly), as well as pre-checked consent boxes. Any business that collects information from EU residents, even businesses based abroad, must comply with the GDPR terms. And, the repercussions will be hefty: €20 million or 4% of global turnover, whichever is higher.

Source: DigiDay

Former Intelligence Director Clapper Calls for Police Access to Encrypted Data

Police, Regulation, Smartphones, Social Media, Surveillance

Former U.S. Director of National Intelligence (under the Obama administration) James Clapper spoke in Australia last week, calling on Silicon Valley to develop encryption that allows law enforcement to access the encrypted content while investigating criminal acts. He claims that technology companies have a “social responsibility” to provide this access to the government. Clapper likened full encryption to giving a “pass” to “criminals, terrorists, rapids, murderers, et cetera.” The encryption debate came to widespread public attention following the 2015 San Bernardino shooting, after which Apple refused to unlock the iPhone 5c used by the shooter. The FBI sidestepped Apple by working with a third party to unlock the phone. Clapper also called for filtering out “some of the more egregious material that appears on social media.” At the same time, the former intelligence chief has also been outspoken in his criticism of Trump, stating last week that the Watergate scandal “pales” in comparison with Trump’s strong pro-Russia stance in the face of evidence of Russian interference in the 2016 election.

Sources: TechCrunch, Reuters

Supreme Court Will Hear Case on Location Privacy

Police, Regulation, Surveillance

The Supreme Court has granted certiorari to Carpenter v. United States, a case about historical cell phone location data. In question is whether police need a warrant to obtain historical customer location data from cell phone companies. In this case, a group of men committed a series of armed robberies, after which one of the men confessed and provided cell phone numbers for 16 others in the group. Investigators obtained cell site information for Carpenter through a court order under the Stored Communications Act, which required the government to provide evidence of reasonable suspicion, rather than the stricter test of probable cause. Metro PCS then provided 127 days of cell-site records for Carpenter. Lower courts have deferred to the precedent set in the 1979 Smith v. Maryland decision. In that case, the Court ruled that a robbery suspect had no reasonable expectation of privacy for phone numbers dialed, because he had voluntarily provided that information to a third party: the phone company. The third-party doctrine, said the lower courts, allows investigators to retrieve cell phone locations without a warrant.

Will be waiting to see the justices’ arguments and verdict in this appeal!


Salary History and the Gender Gap

Equality, Income, Legislation, Regulation

It’s a common enough question in a job application: Please provide your most recent employment history and salary information. But, this seemingly innocuous question has been found to reinforce salary inequality. It’s also a common enough outcome: As a woman, you’re getting by on your seemingly reasonable salary (so you thought), when you find that younger male colleagues with less experience are paid more than you. And, this gap will continue to grow as everyone gets a percentage wage increase (if lucky) and as new salaries are based on reported previous salaries. California (bless this place) and Massachusetts were the first states last year to pass laws to prevent employers from considering the past salaries of job applicants. Several dozen states are considering similar legislation this year.

But, this brings up an interesting privacy question: should salaries be private information? If shared, whom should they be shared with? In many ways, requiring the publishing of salaries forces us to recognize the gender pay gap and make efforts to rectify inequality. Yet, if current salaries are available data, who can access these data? Insurers? Credit card companies? Hackers? Sites like SuperDataProfiles, which then create maps of the income of you and your neighbors? And finally, wouldn’t this circle back around to future employers knowing your previous salary without even having to ask?

Source: NPR

Google and Facebook Lobbying Against BROWSER Privacy Bill

Advertising, Legislation, Online privacy, Regulation

The BROWSER internet privacy bill, sponsored by House Republicans, is being lobbied against by Google and Facebook representatives. The bill would require an opt-in by internet users before location and browsing history are used for advertising. Websites and ISPs would face repercussions from the FTC if they break privacy restrictions. The Internet Association is claiming that the regulations would stifle innovation (same argument used against net neutrality) and “upend the consumer experience.” The current paradigm for targeted ads and tracking is opt-out, although we consumers cannot really opt out of tracking. The Internet Association was founded by members of Google and Facebook, and includes similar big companies such as Amazon, Dropbox, and Netflix.

Source: ArsTechnica