Calling all Technologists! The FTC has job opportunities available in its newly formed Office of Technology Research and Investigation (OTRI), an office designed to expand the FTC’s capacity to protect consumers in an age of rapid technological innovation.
In another step to enhance the FTC’s website, I'm pleased to announce that our agency has enabled encryption by default (HTTPS) for ftc.gov, our primary public domain, and home of the Tech@FTC blog. Ironically, as I was preparing this post, the entire internet has been FREAKing out about another vulnerability in SSL.
The FTC released a staff report in late January that took a comprehensive look at the emerging “Internet of Things” and security, including secure APIs, authentication, and product updates, was a key theme.
I’d like to briefly explain why I believe IoT security is so important and why the IoT ecosystem presents a unique set of factors that give rise for special attention to security.
I’d like to introduce myself as the new Chief Technologist of the FTC, following in the footsteps of my predecessors, Latanya Sweeney, Steve Bellovin, and Ed Felten. As the Commission enters its 100th year, technological expertise will be more important than ever, and I’m excited to lead this charge.
In this regard, my agenda will include the following:
Online ads, exclusive online communities, and the potential for adverse impacts from big data analytics
Online advertising today is a big data analytic marvel, deciding in the time it takes to load a web page which ad, among billions, to deliver to which of billions of domains. Large and fast for sure, but what are the ramifications of some of the decisions ad networks are making?
Are you attending DEF CON 22 or will you be in Las Vegas from Aug. 7-9? Do you hate robocalls from “Rachel at Cardholder Services” and her countless robot clones and minions? If you answered “yes” to any of these questions or know someone who might, please keep reading!
Quick, what’s the most annoying tech-related problem since internet popup ads?
Does enjoying a camcorder, a new computer, or a football game mean you have to risk personal harms like loss of privacy? Sometimes we enjoy advances in technology with protections like privacy. How can we do so more often?
Before I go any further, let me advise you that I am solely responsible for this blog’s content, characterizations, ideas and choice of topic. This blog does not necessarily reflect the views of the Federal Trade Commission (FTC) or any of its Commissioners. The goal of this blog post is to spark discussion and debate.
The Federal Trade Commission is launching a new program, Summer Research Fellowships in Technology and Data Governance. Spend your summer exploring ways to design, create, assess, and analyze technology at its intersection with business, society and policy. This 10-week program gives students hands on experience with work relevant to the FTC by assisting the FTC's Chief Technologist and others with real-work exploratory projects of interest to the FTC.
We are amidst an era of open data –a period in which we share details of our personal lives widely in exchange for all kinds of services, often trusting companies with our most intimate facts. Sharing information about our personal lives has fostered technological innovations and influenced more transparency in government (e.g., [1,2]) and in science (e.g., [3,4]). However, once personal data are acquired, it may be shared with others without consumer awareness. So how might we add transparency to data sharing? The goal of this blog is to spark discussion and debate.
Children can perform amazing feats using iPhones and iPads, but an Apple business practice may unfairly bill parents. In January, the Federal Trade Commission announced a settlement with Apple Inc, in which the company agreed to provide full refunds to consumers, paying a minimum of $32.5 million, to settle a FTC complaint that the company billed consumers for millions of dollars of charges incurred by children in mobile apps without consent . The Complaint  and statements from FTC Commissioners [3,4,5] alone provide FTC's position on the case.
Anyone can setup wireless sensors to record the appearance of your mobile phone’s Wi-Fi and Bluetooth probes to track where you are and where you have been –say, where you are when you're ambling through store or mall, or when you're walking or driving down a street. Some retail stores are experimenting with this technology to track your whereabouts, so FTC held a public hearing on the topic on February 19, 2014. Consumers and retailers already engage in loyalty programs. Should mobile phone tracking be part of loyalty programs?
Hello World! I am the new Chief Technologist at the Federal Trade Commission, continuing the blog steps of my predecessors. I am grateful for the service of Ed Felten and Steve Bellovin. With the office developments they have left behind, I am able to blaze a new trail forward.
I've had a great time at the FTC, but today is my last day; I'm returning to academe--what Tom Lehrer aptly described as "ivy-covered professors in ivy-covered halls". In due course, this blog and the @TechFTC Twitter account will be taken over by my successor; stay tuned.
There’s been yet another report of security problems with SSL. If you run a website or mail server, you may be wondering what to do about it. For now, the answer is simple: nothing—and don’t worry about it.
A while back, I wrote about passwords and promised a later post on salting. This is it: a deeper look at how servers should accept and store passwords. This is a complement to the usual articles on passwords, which focus on the user (you know the ones: “pick strong passwords”); here, I’ll be looking at the server side, and in particular how to store passwords for web sites.
It’s a ritual we’ve all grown accustomed to: something needs a software update to repair security flaws. Traditionally, it’s been our computer; increasingly, it’s our smartphones or their apps. In the not very distant future (possibly now, for some of us), it will be our printers, our thermostats, our cars, our “anything that uses software”—and that will be more or less everything. WiFi-controlled light bulbs are already on sale in some countries; if it’s WiFi-controlled, it m
Most attacks are pretty mundane. Some aren’t, though, and we can learn a lot from them. Let’s consider the recent case of the New York Times being hacked, allegedly by China.
The FTC has just announced a broad settlement with Google. Let’s talk about one aspect, the consent order on “standard-essential patents” (SEP). It’s an important issue; the New York Times noted that “legal experts say Google’s settlement with the F.T.C. signals progress in clarifying the rules of engagement in high-tech patent battles, and thus could ease them.”