News

Privacy Takes Precedence in D.C.

5/16/2011 12:01 AM Eastern

Washington — Wired and wireless Internet-service
providers are facing a flood of online data-protection proposals
in Washington, as politicians grapple with issues of
how to secure the nation’s new social and economic online
commerce.

In addition to new bills to create online do-not-track regimes
that could put a crimp in targeted marketing (see
Rules), data security on mobile broadband devices
drew attention from some high-powered senators.

Meanwhile, the White House weighed in with a cybersecurity
legislative
package that would have
industry team with the
Department of Homeland
Security to protect
and defend critical infrastructure.

RIGHT TO KNOW

On the Hill, Sen. Al Franken
(D-Minn.) began a
hearing on privacy and
mobile broadband, under
the auspices that
people have a right to
know who gets access
to their information via
their mobile broadband
devices and to control
how that information is
shared.

By the end of the hearing
in the Senate Judiciary
Subcommittee on
Privacy, Technology and
the Law, chairman Franken
said he still had serious
doubts that those
rights were being addressed
in law or in practice. He said the issues of privacy
and data security were urgent.

At the hearing, representatives from both Apple and
Google’s were both grilled over geolocation informationcollection
issues that have troubled lawmakers and led to
pledges by both companies to take remedial action.

In one case, “troubled” translated to some drama.
Connecticut Sen. Richard Blumenthal appeared to take
Google’s director of public policy, Alan Davidson, by surprise
when he presented him with a patent application
that appeared to anticipate the kind of geolocation data
collection that Google said was inadvertently collected as
part of its Google Maps initiative.

Davidson said he was not familiar with the documents,
but that the company has fi led hundreds of patents, many
of which are speculative. However, Google had not used
the info and had not meant to collect it, Davidson said.

Federal Trade Commission witness Jessica Rich,
deputy director of the Bureau of Consumer Protection,
stopped short of endorsing any specific privacy legislation,
but echoed the FTC’s conclusions that companies needed
to build choice, control and notice into their products
from the outset.

DEMS: LAWS FALL SHORT

Franken, Blumenthal and Sen. Sheldon Whitehouse (DR.
I.) all agreed that federal laws fell short in protecting online
privacy, while ranking member Senator Tom Coburn
(R-Okla.) cautioned that more information was needed on
the issue before legislating.

Sen. Patrick Leahy (D-Vt.), who chairs the Judiciary
Committee, said he would reintroduce a data-security
bill that would create a national standard for notification
when there is a breach. It will be the lawmaker’s fourth try
at getting that notification into law, he said.

Jason Weinstein, a deputy assistant attorney general in
the Justice Department’s criminal division, said it was vital
for law enforcement to be informed, otherwise by the
time officials find out about a breach, the “trail could have
gone cold.” Most states have their own notification laws,
he conceded, but few require law-enforcement agencies
to be notified.

A notification requirement will likely be part of the
Justice Department’s proposed cybersecurity legislative
package.

A hack earlier this month into Sony’s PlayStation Network
online gaming platform, leading to an information
breach aff ecting some 100 million customers, has heighted
focus on the security issue — particularly after complaints
about how long Sony took to disclose the breaches. Leahy
said those breaches have become more and more “frightening”
the more he has learned about them.

There are no affirmative obligations in law to require
timely notification of breaches, according to Justin Brookman,
director of the Center for Democracy and Technology’s
Project on Consumer Privacy. Justice’s Weinstein said
that would be one of the recommendations in the upcoming
package of legislative proposals on cybersecurity.

DISCLOSURE AT ISSUE

Among the issues of concern to Congress are privacy
policies that are so complicated that users default
to acceptance of unread fine print and the disclosure
of location information without the their knowledge or
consent.

“This is a serious problem,” Franken said. The senator
added that he doesn’ t believe Apple or Google shouldn’t
be allowed to collect location information, calling the two
technology firms “brilliant.”

Rather, Franken said a balance should be struck between
rights and user privacy — something he believes to
be “doable,” he said.

September