Earlier today, the FTC announced a revised settlement with Uber regarding the company’s privacy and data security promises. The case involved multiple breaches of Uber’s cloud storage infrastructure where the company stored full and partial backups of databases containing information about Uber users and drivers. The complaint alleges that Uber failed to reasonably secure this cloud storage.
Today, the FTC announced a lawsuit against four individuals alleging that they have promoted one or more fraudulent “chain referral schemes.” Such schemes are not new – in fact, the FTC has brought chain referral cases for years. What makes today’s announcement interesting is that the alleged schemes used bitcoin, a cryptocurrency.
Because the FTC’s consumer protection and competition missions cut across so many technology industries, some call it the “Federal Technology Commission.” With only a few exceptions, the FTC protects consumers and competition across the entire economy. Technology now pervades every industry, so we constantly encounter new technologies as part of our job. See the bottom of this post for an extensive list, with links to examples, of technologies and industries where the FTC has experience or expertise.
Over the past year, I have spoken to a large number of researchers at conferences (see for example my keynote presentation at SOUPS 2016) and in my visits to universities, and I have talked with them about the FTC’s mission to improve the welfare of US consumers. Many researchers have asked me how they can help.
We are pleased to announce that OTech’s research on cross device tracking has been accepted for publication in the Proceedings on Privacy Enhancing Technologies, and is available online now. This paper stems from research OTech presented at the FTC Cross-Device Tracking workshop, and OTech continues to be interested in this emerging area.
Earlier this year, I joined the FTC as the Research Director of our Office of Technology Research and Investigation. As a computer science PhD, the opportunity to conduct research relevant to consumer protection has been an immensely satisfying experience, so I wanted to share an opportunity for other computer scientists to do the same.
With the FTC’s 2017 PrivacyCon event on January 12 and various other privacy-related events in the area that week, Washington, DC will see an influx of Privacy Researchers in early January. Given this short-term wealth of privacy experts, we’re taking the opportunity to host a pre-PrivacyCon networking event on January 11, 2:30 to 4:30 pm.
On September 15, 2016, the FTC convened a public workshop, Putting Disclosures to the Test, that examined ways of testing and evaluating the effectiveness of disclosures in communicating a wide range of information that consumers need to make informed decisions in the marketplace.
With the stroke of a pen, the Librarian of Congress has authorized security researchers who are acting in good faith to conduct controlled research on consumer devices so long as the research does not violate other laws such as the Computer Fraud and Abuse Act (CFAA). This temporary exemption to the Digital Millennium Copyright Act (DMCA) begins today. The new temporary exemption is a big win for security researchers and for consumers who will benefit from increased security testing of the products they use.
In June, the Commission announced its first settlement with a mobile advertising network, InMobi. Among other things, the Commission’s complaint challenges the company’s location tracking practices. In this post, we explain the mechanism that the Commission alleges InMobi used to track users’ location without permission, and discuss technical steps that mobile operating systems have taken to try to address this practice.
In order to protect consumers in our tech economy, we could use the help of some smart and creative technologists. That’s why I’m headed to Las Vegas this week with members of the Office of Technology Research and Investigation and other FTC folks to attend BSidesLV and DEF CON. We want to learn from security and privacy researchers and let them know about our research interests.
The White House recently released the first ever United States “National Privacy Research Strategy,” which identifies priorities for privacy research funded by the Federal government. While focused on government, the strategy is also intended to spur similar private sector efforts. I participated in the working group that developed the strategy and am excited to see it published.
A few weeks ago an unknown person walked into a mobile phone store, claimed to be me, asked to upgrade my mobile phones, and walked out with two brand new iPhones assigned to my telephone numbers. My phones immediately stopped receiving calls, and I was left with a large bill and the anxiety and fear of financial injury that spring from identity theft.
As we recently announced, the Federal Trade Commission will host a public workshop on September 15, 2016 to examine the testing and evaluation of disclosures that companies make to consumers about advertising claims, privacy practices, and other information. Our goal is to encourage and improve the evaluation and testing of disclosures by industry, academics, and the FTC.
Last week I spoke at a White House event “Opportunities & Challenges: Open Police Data and Ensuring the Safety and Security of Victims of Intimate Partner Violence and Sexual Assault.” This event brought together representatives from government agencies, police departments, and advocacy groups to discuss the potential safety and privacy impact of open police data initiatives.
Researchers, the FTC is interested in hearing from you! Last week we announced our Fall Technology Series on emerging consumer technology issues, and this week we announced our second PrivacyCon event. Both the technology series and PrivacyCon offer opportunities for researchers to submit work that informs questions the FTC is exploring.