A lot has changed technologically, and otherwise, since the Electronic Communications Privacy Act (ECPA) was enacted in 1986. In addition, the law has never been a model of clarity. I litigated a case under ECPA in the late-90’s, McVeigh v. Cohen, representing an individual against the government when the Navy violated ECPA by obtaining online information about my client from AOL without a warrant or consent. In that case, the government actually argued, based on tha statutory language, that ECPA did not apply directly to it, only the online provider. (It lost that argument).
The need for greater clarity in and modernization of ECPA has led to a consortium including Microsoft, Google, AT&T, CDT and the ACLU calling itself “Digital Due Process,” whose tag line is “Modernizing Surveillance Laws for the Internet Age”. The group is calling for requirements that the government obtain a search warrant before obtaining any private communications or documents stored online and before it can track cell phone or other mobile device locations, that the government demonstrate to a court that the data it seeks is relevant to a criminal investigation before monitoring e-mail, instant messaging, text messaging and the telephone, and that there be better protection against bulk data requests concerning an entire class of users. The group hopes to eliminate “a patchwork of confusing standards that have been interpreted inconsistently by the courts”. FPF applauds this effort at ECPA reform.
The Network Advertising Initiative report released today, showing the performance and value of behavioral advertising, demonstrates the importance of policy-makers and businesses getting the balance of controls right in this area. We need to ensure that data enhanced advertising can continue to play a role in the ad economy, but we also need to provide users with better controls so they can more easily choose to be in or out. But, most critically, we need to create a transparent and respectful value proposition. Consumers do not care about the value of behavioral advertising to the economy or how well it works for marketers. They care about the value to themselves, personally! How does it make my experience better? How does it put me more in control of my experience and help me in any way?
Only by demonstrating the value to both business and consumers will behavioral advertising be able to flourish without constant policy and advocacy push back. The ad icon and messaging that FPF and WPP tested with consumers is a step “”for the good”, as FTC Consumer Protection Director David Vladeck said at last week’s FTC Privacy Roundtable. If the leading trade groups that have adopted this symbol as part of their self-regulatory efforts succeed in their plans to add a serious educational program around the symbol, it could be a key step towards the “information respect” called for by privacy experts like Professor Joseph Turow. Profile viewers and improved opt-out tools are also examples of progress from leading NAI companies, but we are hoping for the next steps toward meaningful consumer engagement in the year to come.
The icon and label notice that FPF and WPP designed and the leading trade groups have adopted is a key step in the right direction, as are profile viewers and improved opt-outs.
Right Now is the Time to Address Privacy Issues and the Smart Grid
Last week, two events generated press coverage about privacy advocates sounding the alarm about privacy and the smart grid. The California Public Utilities Commission (CPUC) held a smart grid hearing which included a focus on consumer privacy and the White House Office of Science and Technology Policy collected comments on the topic of who owns consumer energy data and who should get access to it. (To see FPF’s comments to the OSTP, click here.) Businesses are starting to wonder whether consumer privacy could limit the data they need to optimize demand response management or delay smart installations due to consumer push-back. They are right to be worried because the concerns are real.
How should the industry respond? Hiding from the issue or hoping regulators solve the problem for companies are not strategies likely to succeed when innovation that can allow both data use and consumer control is needed. We think that the potential benefits to the causes of energy conservation, green jobs, and the environment are too valuable to be allowed to fail.
Over the past year, FPF’s Smart Grid Privacy Working Group of businesses and advocates has worked extensively with the Gridwise Alliance to address these concerns. We held the first conference focused on Privacy and the Grid, with the White House, regulators, advocates and business participating. We wrote a white paper with Ontario Privacy Commissioner Ann Cavoukian laying out how “privacy by design” can be a key strategy to addressing grid privacy development.
We have established SmartGridPrivacy.org as a clearing house for resources related to privacy and the smart grid. And today, we are part of the launch of the Smart Grid Consumer Collaborative (SGCC), which is a new industry collaborative to help build consumer engagement in the rollout of the smart grid. SGCC includes consumer electronics and technology companies, retailers, consumer advocacy groups, and utilities that are dedicated to finding solutions that maximize the value of the grid for consumers.
The FCC Broadband Plan released last week calls for consumers to be able to access their power data so that “innovation” in the home can be unleashed to create new tools, new features and new advances that will encourage users to save energy. If privacy innovation is also part of the innovation agenda, we are sure that the data needed to power the grid can also serve to empower consumers.
The Future of Secure Documents 2010
On Friday, April 30 at 10:35 am Jules will be speaking at The Future of Secure Documents 2010 conference in Washington, D.C.
His discussion is entitled, “Future of Privacy Forum Hot Topics: Apps gone wild, the smart power grid and your data, and getting beyond behavioral advertising.”
Click here for more information on the conference.
FPF Files Comments to OSTP Relating to Development and Depolyment of the Smart Grid
Click here to find the response of Jules Polontesky and Christopher Wolf on behalf of the Future of Privacy Forum to the Office of Science and Techology’s Request for Information published at 75 Fed. Reg. 6414.
This response addresses issues relating to the development and deployment of the “Smart Grid” for energy distribution. The specific question(s) addressed are outlined in the document.
IAPP: 10 Years and Counting
Ten years ago, desktop computers ran on Pentium III chips and home broadband was a novelty. But even then, some people recognized the coming ability of businesses to amass personal information about web users – and the need for safeguards.
Today marks the 10th anniversary of the founding of the International Association of Privacy Professionals. From a rather inauspicious beginning, IAPP has grown to include 6,000 members. In the process, it has helped businesses across every sector recognize privacy’s key role in ensuring public trust. It also successfully promoted the trend in having senior level privacy officers develop and oversee practices.
To commemorate its 10th anniversary, IAPP has published a white paper predicting that “The next 10 years will see more types of data collected from more people, and more privacy laws in more places.” Specifically, it looks at several global business trends: cloud computing, smart grids, health information networks, and government and private domestic security policies. In every instance, IAPP notes, there will be a need for constantly evolving privacy rules which often must apply across international boundaries.
Given these challenges, as IAPP president (and FPF Advisory Board Member) Nuala O’Connor Kelly notes, the success factors for tomorrow’s privacy professionals will have to include “making the case for privacy in positive, measurable terms, [understanding] technology [and] gaining international experience and cross-cultural literacy.”
The Internet’s growth has made it easier than ever for consumers to find out whether a company values its customers’ privacy and to make purchasing decisions accordingly. IAPP has set forth a useful paper to help guide businesses seeking help in navigating a rapidly evolving area at the nexus of law, technology and public attitudes.
Mar. 15, 2010 – FCC Broadband Plan Focuses on Privacy, Competition, MediaPost
Walkthrough: Click at Your Own Risk
Walkthrough: Click at Your Own Risk
FootballOutsider.com
By Mike Tanier
March 10, 2010
None of the scenarios listed below have happened yet, as far as we know:
A star college quarterback sends a text message to five friends, bragging about his performance against a rival school. One of the friends forwards it to another set of friends, and one of them sends it to a few other people. The message finds its way to the blogosphere, then to ESPN. Soon football fans around the Internet are questioning the quarterback’s character and judgment for “distributing” inflammatory bulletin board material.
An angry crank with an axe to grind against a top defensive prospect searches the Internet for dirt on his prey. An ordinary Google search turns up not just public data, but postings from the defender’s Twitter and Facebook accounts. The crank establishes an anti-prospect Web site, mixing out-of-context postings with some facts and a sprinkle of innuendo. Maybe he goes a step further, impersonating the player on a phony Twitter account and tweeting vitriol to a confused public. The line between what’s real and what’s fabricated is blurred by reporters and draftniks, who inadvertently cite some of the false or highly distorted information. The prospect’s reputation is tarnished by a cyber-smear campaign. By the time he realizes it, the damage is already done.
A team hires an investigator to check out the top prospect in the draft, and the investigator isn’t above bending a few laws. In addition to standard background checks, he calls in a few favors with major Internet advertisers. He suddenly has access to the prospect’s “clickstream” information, a full record of the athlete’s browsing and chatting proclivities. Chat sessions at 3 a.m., just hours before kickoff? The general manager may find that interesting. Perhaps a GPS search of the player’s iPhone will provide other revelations …