Recent tech policy news focuses on online privacy and cybersecurity. In efforts to safeguard individual’s personal information online, the Federal Trade Commission (FTC) released its final report on protecting consumer privacy, and two U.S. Senators have asked the Department of Justice (DOJ) to investigate the trend of employers demanding social-media passwords from job applicants. In the realm of cybersecurity, a Federal advisory committee has unanimously approved recommendations to combat three major cybersecurity threats and leading ISPs have committed to implement the measures. Lastly, there has recently been a potential breach of Mastercard and Visa cardholder account information.
On Monday, the FTC issued its final report on Protecting Consumer Privacy in an Era of Rapid Change. The report calls on companies handling consumer data to implement recommendations for protecting privacy, including: privacy by design –protections built in every stage of product development; simplified choices giving consumers the option to decide what information is shared about them, including a Do-Not-Track mechanism; and greater transparency so consumers know what information is being collected and how it is being used.
On one side of this debate are online advertising companies and data brokers which collect and sell information. On the other side are consumer groups and privacy advocates that are concerned about the volume of data being collected and how little control consumers have over that information.
Lorrie Faith Cranor, Associate Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University and Director of CyLab Usable Privacy and Security Laboratory (CUPS) – referring to her recent study and article with Aleecia McDonald of Stanford: “Beliefs and Behaviors: Internet Users' Understanding of Behavioral Advertising.”
…as Cranor and McDonald put it, is that "people who think they have already lost the ability to control private information ... may value privacy less." If, post-facto, you inform people that you're already using their data, they won't pay to stop you. But if you ask beforehand, they might. So, the companies making the data-tracking tools have serious incentive to erode the idea of privacy not just because they can make (more) money, but because privacy erosion leads to more privacy erosion. The system is self-reinforcing. This is a problem.
“How Much Is Your Data Worth? Mmm, Somewhere Between Half a Cent and $1,200”
(The Atlantic, March 19, 2012)
Joseph Turow, Professor at the Annenberg School for Communication and Associate Dean for Graduate Studies at the University of Pennsylvania
However, “most consumers don’t understand the value of their personal data, and will willingly give up much in exchange for a quick return,” says Joseph Turow.
“We have to understand this from the perspective of the beginning of a century of big data,” he says, noting that it is not enough to simply put up intermediary companies. “People have to begin to engage with this issue and understand it, because data is the oxygen of the Internet,” he says, adding with a rueful laugh, “and if we don’t fully understand this it could suffocate us.”
Jedi Knights of Online Privacy Strike Back at Data-mining Empires
(The Christian Science Monitor, March 14, 2012)
Looking to safeguard individuals’ privacy when they use social media, U.S. Senators Richard Blumenthal and Charles E. Schumer called on the U.S. Equal Employment Opportunity Commission (EEOC) and the U.S. Department of Justice (DOJ) to launch a federal investigation into a new trend of employers demanding job applicants turn over their user names and passwords for social networking and email websites.
Andrea Matwyshyn, Associate Professor of Legal Studies and Business Ethics at the University of Pennsylvania's Wharton School
Overall, Matwyshyn says employers using social media to track and potentially vet candidates is a concerning practice.
"From an employer's perspective, if they are putting an individual in a client or public-facing position, the way that candidate represents him or herself online could be an indication of the tone, professionalism and demeanor the individual may bring to the professional setting," she says.
Users that give up their login and password information, Matwyshyn says, are showing the disregard they have for personal privacy. It also demonstrates, Matwyshyn says, a power imbalance between employers and perspective employees.
"In the past in real space, we've been able to carve out different identities for different contexts," she says. "In this online realm, when those different identities are all blended together and employers usurp the access to those identities, it can be an alarming trend for individuals."
“Tech Job Seekers Less Likely to Be Asked for Social-media Passwords”
(Network World, March 23, 2012)
A Federal advisory committee, Communications Security, Reliability & Interoperability Council (CSRIC), unanimously endorsed voluntary, industry-wide best practices to address three major network vulnerabilities that have allowed cyber criminals to access Internet traffic for purposes such as the theft of personal information and intellectual property. A group of Internet Service Providers (ISPs), including AT&T, Comcast, Time Warner Cable and Verizon Communications, have committed to implement these measures to fight botnets, domain name fraud and Internet route hijacking.
Lastly MasterCard and Visa stated Friday that they had a potential breach affecting cardholder account information. Global Payments Inc., a third-party company which processes credit card transactions for stores, said it had detected a breach of card data in early March. Federal law enforcement is investigating.