Vogel Internet, Information Technology and e-Discovery Blog : Texas Internet, Information Technology, eCommerce & E-Discovery Lawyer & Attorney Peter S. Vogel : Gardere Wynne Sewell Law Firm : Dallas TX

 Earlier this week Carrier IQ representatives met with officials at the FTC, FCC, and with the staff of a number of Senators. For more details about Carrier IQ please read my eCommerce Times column “Carrier IQ and the US' Escalating Privacy Risk Level.”

The Washington Post reported that Carrier IQ Andrew Coward (senior vice president for marketing) said “This week Carrier IQ sought meetings with the FTC and FCC to educate the two agencies . . . and answer any and all question”…but he was “not aware of an official investigation.” As well, the scope of the privacy controversy has enlarged. In addition to class action lawsuits against Carrier IQ other class-actions have been filed against AT&T, Sprint Nextel, Apple, T-Mobile USA, HTC, Samsung, and Motorola.

Stay tuned for more about Carrier IQ and privacy.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

A researcher recently found that Carrier IQ software is secretly installed on most modern Android, BlackBerry, and Nokia phones. Android developer’s Trevor Eckert’s 17 minute video demonstrates how that Carrier IQ software is loaded on his phone, cannot be disabled, tracks every keystroke, and sends the data to Carrier IQ.  After receiving this massive data from millions of cell users, Carrier IQ "correlates and aggregates the data for near real-time system monitoring and business intelligence" for phone carriers and manufacturers ostensibily to improve quality.

Eckert demonstrated that Carrier IQ software was logging and potentially transmitting the sensitive information of consumers, including:

• when they turn their phones on;
  
• when they turn their phones off;
  
• the phone numbers they dial;
  
• the contents of text messages they receive;
  
• the URLs of the websites they visit;
  
• the contents of their online search queries—even when those searches are encrypted; and
  
• the location of the customer using the smartphone—even when the customer has expressly denied permission for an app that is currently running to access his or her location.

As a result Representative Edward Markey (D-Mass.), co-Chair of the Congressional Bi-Partisan Privacy Caucus, sent a letter to the Federal Trade Commission  asking what is being done to investigate.

In addition to Representative Markey’s letter, Senator Al Franken (chairman of the Subcommittee on Privacy, Technology, and the Law) sent his own letter to Carrier IQ which included the following:

I am very concerned by recent reports that your company's software - pre-installed on smartphones used by millions of Americans - is logging and may be transmitting extraordinarily sensitive information from consumers' phones ... It also appears that an average user would have no way to know that this software is running - and that when the user finds out, he or she will have no reasonable means to remove or stop it. ... These actions may violate federal privacy laws, including the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act. This is potentially a very serious matter.

Senator Franken requested that Carrier IQ answer by December 14, 2011.

On December 1, 2011 Carrier IQ issued a press release in which Carrier IQ stated that consumer’s privacy is protected:

Consumers have a trusted relationship with operators and expect their personal information and privacy to be respected. As a condition of its contracts with operators, Carrier IQ operates exclusively within that framework and under the laws of the applicable jurisdiction. The data we gather is transmitted over an encrypted channel and secured within our customers’ networks or in our audited and customer-approved facilities.

Actually Carrier IQ claimed that “Our software makes your phone better by delivering intelligence on the performance of mobile devices and networks to help the operators provide optimal service efficiency.”

This is alarming news and it seems to me we all expect our government to step in to protect consumers’ privacy which seems has been seriously compromised! 

• Email This
• Print
• Comments (1)
• Trackbacks
• Share Link

After the US government filed charges that Facebook violated US privacy law, Facebook finally confessed that it failed to protect the privacy of its 800 million active users. The Federal Trade Commission (FTC) welcomes the public to submit comments on the settlement through December 30, 2011.

Under the proposed consent order, which does not include any fines, Facebook is:

barred from making misrepresentations about the privacy or security of consumers' personal information;

required to obtain consumers' affirmative express consent before enacting changes that override their privacy preferences;

required to prevent anyone from accessing a user's material more than 30 days after the user has deleted his or her account;

required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers' information; and

required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers' information is protected.

The Facebook user community surely welcomes these commitments to comply with privacy laws, and it’s good to see that FTC will monitor Facebook’s privacy compliance for the next 20 years. The 20 year privacy monitoring is similar to the FTC’s agreement for Google to protect privacy after Google’s social media disaster with Buzz.

However, time will tell if the FTC can really police social media privacy, so it would be wise for social media users to protect their own privacy.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

My eCommerce Times column for October is entitled “Shore Up Your Privacy Policy Before Disaster Strikes” and I encourage you to read it. Actually it was published the same day as my blog that more than 7.5 million children under 13 are on Facebook. Since the Federal Trade Commission regulates Internet privacy in the US and particularly the 1998 Children’s Online Privacy Protection Act , it’s only a matter of time before we can expect some action.

Facebook’s latest user statistics are that more than 75% of Facebook users are outside the US.  So it seems likely that the EU, Japan, Canada, and many other countries will inquire about what Facebook intends to do about children using Facebook!

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Not only was Google’s roll out of Buzz in 2010 badly received by the user community, the Federal Trade Commission (FTC) filed a Complaint for Google’s violation of its own Privacy Policies:

 ...Google launched its Buzz social network through its Gmail web-based email product. Although Google led Gmail users to believe that they could choose whether or not they wanted to join the network, the options for declining or leaving the social network were ineffective. For users who joined the Buzz network, the controls for limiting the sharing of their personal information were confusing and difficult to find, the agency alleged.

The FTC Complaint alleged that Buzz violate US privacy laws, and also violate the US – EU Safe Harbor Framework to allow personal data to be lawfully transferred from the EU to the US. Ultimately Google settled this dispute with the FTC and the FTC announced:

The proposed settlement bars the company from future privacy misrepresentations, requires it to implement a comprehensive privacy program, and calls for regular, independent privacy audits for the next 20 years.

Clearly the FTC settlement with Google sends a huge wake up message to everyone to review their Privacy Policies to avoid FTC actions!

• Email This
• Print
• Comments
• Trackbacks
• Share Link

The Electronic Privacy Information Center (EPIC) issued its second annual privacy report card with lower grades of “C for consumer data protection efforts and a D on civil liberties.” Mark Rotenberg, executive director of EPIC said "Our bottom-line assessment is that with respect to privacy, things are getting worse.” The EPIC is pleased that President Obama’s first Cyber Czar Howard Schmidt (who was appointed in December 2009) is working with privacy groups. EPIC’s report is critical of the Federal Trade Commission (FTC) which is now reevaluating US privacy laws in the wake of Google’s Buzz disaster and alleged privacy violations by Facebook. Clearly everyone needs to keep an eye on how the Obama administration manages privacy, and now that the Democrats do not control both houses of Congress it will be interesting to see how law makers deal with privacy.

New Congress and Privacy

As matter of fact after the November 2, 2010 election the Washington Post reported  that “Rep. Joe L. Barton (Tex.), ranking GOP member of the House Energy and Commerce Committee, signaled the legislative push in a statement about his correspondence with Facebook executives on privacy issues…I want the Internet economy to prosper, but it can't unless the people's right to privacy means more than a right to hear excuses after the damage is done.” Reports of data breaches continue and merely needs to check out the FBI’s websites of Cyber Crime Stories which clearly impact us all. 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Let’s see a show of hands- do you read Terms of Service? Privacy Policies? Or Click Agreements? I routinely ask audiences this question and rarely do I ever get any hands raised. My recent Technology Law column in eCommerce Times entitled “Who Reads Terms of Service, Privacy Policies or Click Agreements?” identifies many legal issues concerning website contracts. Every fall since 2000 I’ve taught a course on theLaw of eCommerce at the SMU Dedman School of Law and every fall I find that virtually none of my students have ever considered reviewing Terms of Service, Privacy Policies, or Click Agreements. But by the end of the semester they routinely review these contract terms. I was pleased to see a former student from 2004 recently who told me that he regularly reviews these contract provisions. The irony of not reviewing these contract provisions is that people have no idea what legal rights and privacy they may be giving up.

FTC and Privacy

TheFederal Trade Commission regulates privacy in the US and if a website does not have a Privacy Policy that’s okay but if there is a Privacy Policy the website must follow its promises to website visitors. Since so few people review Terms of Use, Privacy Policies, and Click Agreements the FTC is considering making changes to US privacy laws particularly regarding the Children’s Online Privacy Protection Act. However in the meantime until the US privacy laws are changed, websites have pretty much a free hand since no seems care.

• Email This
• Print
• Comments (2)
• Trackbacks
• Share Link

President-Elect Obama’s Twitter account was hacked “offering his more than 150,000 followers a chance to win $500 in free gas.” Twitter settled the FTC’s charges that “that it deceived consumers and put their privacy at risk by failing to safeguard their personal information, marking the agency’s first such case against a social networking service.” In my recent testimony before the Texas Senate I highlighted the problem with violating FTC privacy laws, and obviously this is just the beginning of Social Media claims that we will all deal with about Internet privacy.

FTC Settlement Terms

Here’s what Twitter agreed to as part of its settlement:

Twitter will be barred for 20 years from misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent unauthorized access to nonpublic information and honor the privacy choices made by consumers. The company also must establish and maintain a comprehensive information security program, which will be assessed by an independent auditor every other year for 10 years.

Twitter Adds Location to Messages

Recently Twitter announced that it would allow “users tag their messages with their location.” So given the FTC settlement it seems that adding location would seriously impact privacy if one can easily learn when the tweets are originating.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Apparently large scale phishing attacks resulted in compromises to tens of thousands of webmail accounts, hardly a surprise. However it is pretty amazing that so many individuals fall for the phishing tricks. As a matter of fact this morning I got an email purportedly from PayPal indicating that my account had been hacked and if I would only provide personal information including credit card information, social security number, date of birth, well you get it. Of course it would be incredibly stupid for me, or thousands of these phishing victims to believe the emails that come to our inboxes. What can we do to protect ourselves?

OnGuard Online

Apparently few people take the time to review OnGuard Online before they get duped by phishing and spam attacks. However the OnGuard Online is a great website hosted by a number of federal agencies and non-profits including: Federal Trade Commission, Department of Commerce, Department of Homeland Security, Internal Revenue Service, Computing Technology Industry Association, National Crime Prevention Council, Better Business Bureau, and Anti-Phishing Working Group (APWG). OnGuard Online provides cute videos and games to educate consumers about the risks associated with: phishing, computer security, email scams, spam, VOIP, among other topics. The OnGuard Online site also provides publications and allows consumers to file complaints.

Federal Government to the Rescue?

If the CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing) Act of 2003 is any indication it’s probably unlikely that the US government can do much to protect citizens since there seems to be an increase in spam and phishing since 2003, not a reduction as was hoped when the 2003 law was passed. There are estimates that 80% of all email is unsolicited which should be reason enough for individuals to be more leery of suspicious phishing emails. Hotmail claims it has 400 million accounts so the number of compromised accounts could be huge and reports from the APWG estimate that phishing attacks will continue. Since the US government does not seem capable of managing cyber security and the White House cannot get anyone to be Cyber Czar is it any wonder that the webmail accounts are compromised by the thousand?
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Behavior Advertising

A recent privacy blog discussed the February 2009 Federal Trade Commission Staff Report entitled “Self-Regulatory Principles For Online Behavioral Advertising,” and the opt-out questions posed by Congress are at the heart of whether new Internet privacy laws are required. The Internet economy, and certainly Google is chief example, are dependent upon the current behavioral advertising model and surely will be impacted by a change in the privacy laws in the US.

eMail Surveillance

Most US citizens believe that their emails are private. However employee privacy regarding emails in the workplace (not personal webmail) may be misplaced since in the US emails are private to employers and in the EU, Canada, and other countries emails are private to the employees. Nevertheless there are more questions being asked in Congress about how many e-mails are being collected in the name of security. The recent report that National Security Agency exceed its authority by intercepting emails and phone calls continues to be debated in Congress. Given President Obama’s cybersecurity agenda it will be interesting to see how the US congress can reconcile the expectation of personal privacy and need for Internet security. These debates will continue as the Internet evolves. Stay tuned for more.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

No surprise that the Chinese government blocked social networking on the eve of the 20th anniversary of the military crackdown at Tiananmen Square. As a matter of fact just before the Olympic Games began in August 2008 China limited Internet access as the government wanted control over information before and during the Games. Many people from the West were surprised since China was hosting the international Games, but it seems logical that a totalitarian government would not change its behavior in such a circumstance.

More Social Networking

It’s about time that smaller businesses got the clue that they need to use social networking to promote their activities, so it’s no surprise to read reports that small businesses are directing their efforts to attract traffic with social networks. Targeted advertising works even better on the Internet, but learning how to identify potential customers has always been a primary goal of marketing.

In February 2009 the Federal Trade Commission issued its FTC Staff Report entitled “Self-Regulatory Principles For Online Behavioral Advertising” following public hearings and “sixty-three comments on the Principles from eighty-seven stakeholders, including individual companies, business groups, academics, consumer and privacy advocates.” Since the US relies on self-regulation of privacy these comments were all considered before releasing the Principles. One need merely review Google’s Analytics site to how much information about is captured about our activity on the Internet. The fact that this monetized is one thing, but the potential loss of privacy has many alarmed.

• Email This
• Print
• Comments
• Trackbacks
• Share Link