Comcast today said it has “no plans” to sell its customers’ individual Web browsing histories, but Comcast can still deliver personalized ads based on its customers’ browsing history. Comcast, the nation’s largest home Internet provider, said it will continue to offer customers a way to opt out of targeted ads.
“We do not sell our broadband customers’ individual Web browsing history,” Comcast Chief Privacy Officer Gerard Lewis wrote in a blog post today. “We did not do it before the FCC’s rules were adopted, and we have no plans to do so.”
Comcast operates its own advertising network, so it doesn’t need to share individuals’ browsing history with third parties in order to serve targeted ads. Instead, Comcast can use its customers’ browsing history to sell targeted ads. Businesses pay Comcast to have their advertising reach people who are more likely to buy their products, but only Comcast would know exactly who those customers are.
Comcast sells targeted ads on its own websites “and other digital properties,” which would include NBC and various regional sports networks.
Makers of three popular health apps are changing their tune about the capabilities and privacy policies of their products following an investigation and settlement with the New York Attorney General’s office.
The makers of Cardiio, Runtastic, and My Baby’s Beat apps all agreed to pay a combined total of $30,000 in fines while changing their advertising claims and privacy policy disclosures, New York Attorney General Eric Schneiderman announced Thursday. A year-long investigation by his office found that the three made health claims that were not backed up by data or FDA-approval. They also found that the app makers weren’t forthright about how identifying information from users could be shared with third parties.
“Mobile health apps can benefit consumers if they function as advertised, do not make misleading claims, and protect sensitive user information,” Schneiderman said in a press release. “However, my office will not hesitate to take action against developers that disseminate unfounded information that is both deceptive and potentially harmful to everyday consumers.”
ISPs that want the federal government to eliminate broadband privacy rules say that your Web browsing and app usage data should not be classified as “sensitive” information.
“Web browsing and app usage history are not ‘sensitive information,'” CTIA said in a filing with the Federal Communications Commission yesterday. CTIA is the main lobbyist group representing mobile broadband providers such as AT&T, Verizon Wireless, T-Mobile USA, and Sprint.
Senators Edward Markey (D-MA) and Richard Blumenthal (D-CT) have introduced the “Security and Privacy in Your Car Act of 2017.” The SPY Car Act would establish cybersecurity and privacy standards for new passenger vehicles, and establish a privacy rating system. A 2014 report from Senator Markey “detailed major gaps in how auto companies are securing connected features in cars against hackers.” The bill would also prevent the use of driver data for marketing purposes without consent. In 2015 EPIC testified before Congress on the need for privacy and safety safeguards for connected vehicles. In 2016 EPIC filed an amicus brief in federal appeals court to protect consumers in cases involving connect vehicles.
The content in this post was found at https://epic.org/2017/03/senators-markey-and-blumenthal-2.html Clicking the title link will take you to the source of the post. and was not authored by the moderators of privacynnewmedia.com. Clicking the title link will take you to the source of the post.
Today the Senate voted to roll back the FCC’s broadband privacy rules which require internet service providers to obtain consumers’ consent for accessing sensitive information and required consumers to be notified of any data breaches. Senator Edward Markey (D-MA) blasted the vote stating that it is “Now easier for American’s sensitive information about their health, finances and families to be used, shared, and sold to the highest bidder without their permission.” EPIC had urged the FCC to establish comprehensive safeguards for consumer privacy.
The content in this post was found at https://epic.org/2017/03/senate-dismantles-fcc-broadban.html Clicking the title link will take you to the source of the post. and was not authored by the moderators of privacynnewmedia.com. Clicking the title link will take you to the source of the post.
The European Parliament has adopted a resolution on the fundamental rights implications of big data. The resolution stresses that “the prospects and opportunities of big data” can only be realized “when public trust in these technologies is ensured by a strong enforcement of fundamental rights and compliance with current EU data protection law.” The resolution discusses the importance of data protection, accountability, transparency, data security, and privacy by design. EPIC has warned about the risks of big data and launched campaigns on “Algorithmic Transparency” and data protection.
The content in this post was found at https://epic.org/2017/03/european-parliament-adopts-res.html Clicking the title link will take you to the source of the post. and was not authored by the moderators of privacynnewmedia.com. Clicking the title link will take you to the source of the post.
Facial recognition database used by FBI is out of control, House committee hears
3/27/2017
Olivia Solon
The Guardian
During a House oversight committee hearing, committee chair Jason Chaffetz stated that the FBI’s facial recognition database, which contains around half of all adult Americans’ photographs (typically from driver’s licenses and passports), could easily be “used by bad actors to harass or stalk individuals” and otherwise target individuals. Worryingly, this database paired with real-time facial recognition technology could create situations in which anyone could be identified anywhere anytime they leave their home. Chaffetz then suggests that proper oversight is necessary to protect Americans.
The FBI’s facial recognition database, known as their Next Generation Identification program, was brought about as an upgrade to prior existing fingerprint databases. And, unlike fingerprint databases, these photos are collected even before any arrests happen. Additionally, the system “does not test for false positives nor for racial bias,” rendering the FBI unable to tell the difference between incorrectly identified innocent citizens and potential criminals, and especially places people of color at risk (previous studies have concluded that facial recognition technology is markedly worse at identifying black faces, in addition to the fact that “African Americans are disproportionately subjected to police facial recognition”).
Push for Internet Privacy Rules Moves to Statehouses
3/26/2017
Conor Dougherty
New York Times
In the face of the Senate’s rollback on regulations preventing ISPs from monetizing information like a user’s browsing history, states like Illinois are now making moves towards increasing protections of their citizens’ privacy. In the case of Illinois, a “right to know” bill is in considering, which would “let consumers find out what information about them is being collected by companies like Google and Facebook, and what kinds of businesses they share it with.” Additionally, Illinois is looking to restrict smartphone tracking by applications in addition to audio recordings from TVs and wifi-enabled personal assistants.
Obviously, other states could easily look to these laws should they be passed, hopefully spreading further than just Illinois. This would additionally make it more difficult for companies to work around, requiring specific features on a per-state basis. These laws, of course, fly in the face of what large corporate entities like Microsoft lobby for.
While I’m appreciative of local state legislature for privacy, these laws feel a lot more like band-aids than legitimate solutions for the US. Protecting only a fraction of the country on a state-by-state basis is not ideal in that it creates pockets of lowered privacy. While it sounds ideal that other states may simply just adopt laws that Illinois or California have recently begun to push for, these regulations are the kind that should benefit all Americans, rather than just Illinoisans or Californians. If the majority of states prove that privacy is important to them and both the left and the right can prove that they can come together on these issues, there’s no reason that it should not just be the law of the land.
WikiLeaks: CIA Has Targeted Everyday Gadgets for Snooping
3/8/2017
Anick Jesdanun
US News
WikiLeaks has revealed yet another set of CIA-centered documents revealing that the agency uses technology like smart TVs to monitor Americans’ everyday goings-on, weeding through personal conversations held in citizens’ homes. The site has yet to release specifics of the “hacks,” citing a desire to wait “‘until a consensus emerges’ on the nature of the CIA’s program and now the methods should be ‘analyzed, disarmed and published.’” These documents, if released in full, could contain detailed information for anyone who reads them to have the same access the CIA has.
WikiLeaks itself claims that the CIA’s access to the data available from phones and TVs relies heavily on security vulnerabilities within the software of these devices, which they have yet to disclose to the developers of said technology. These vulnerabilities, obviously, are accessible to anyone who finds them, potentially leaking this same information to malicious entities as well.
Yet more worrying is that WikiLeaks claims that the CIA has found ways to abuse these vulnerabilities to intercept data before encryption or after decryption, leaving even supposedly protected information passed through apps like WhatsApp in fact vulnerable. Additionally, WikiLeaks claims that the CIA makes use of virus-like secretive applications that target Windows PCs.
Developers of the widely used LastPass password manager are scrambling to fix a serious vulnerability that makes it possible for malicious websites to steal user passcodes and in some cases execute malicious code on computers running the program.
The flaw, which affects the latest version of the LastPass browser extension, was briefly described on Saturday by Tavis Ormandy, a researcher with Google’s Project Zero vulnerability reporting team. When people have the LastPass binary running, the vulnerability allows malicious websites to execute code of their choice. Even when the binary isn’t present, the flaw can be exploited in a way that lets malicious sites steal passwords from the protected LastPass vault. Ormandy said he developed a proof-of-concept exploit and sent it to LastPass officials. Developers now have three months to patch the hole before Project Zero discloses technical details.
Recent Comments