A Welcome Call for ECPA Reform

A lot has changed technologically, and otherwise, since the Electronic Communications Privacy Act (ECPA) was enacted in 1986. In addition, the law has never been a model of clarity. I litigated a case under ECPA in the late-90’s, McVeigh v. Cohen, representing an individual against the government when the Navy violated ECPA by obtaining online information about my client from AOL without a warrant or consent. In that case, the government actually argued, based on tha statutory language, that ECPA did not apply directly to it, only the online provider. (It lost that argument).

The need for greater clarity in and modernization of ECPA has led to a consortium including Microsoft, Google, AT&T, CDT and the ACLU calling itself “Digital Due Process,” whose tag line is “Modernizing Surveillance Laws for the Internet Age”. The group is calling for requirements that the government obtain a search warrant before obtaining any private communications or documents stored online and before it can track cell phone or other mobile device locations, that the government demonstrate to a court that the data it seeks is relevant to a criminal investigation before monitoring e-mail, instant messaging, text messaging and the telephone, and that there be better protection against bulk data requests concerning an entire class of users. The group hopes to eliminate “a patchwork of confusing standards that have been interpreted inconsistently by the courts”. FPF applauds this effort at ECPA reform.

Smart Grid Interview with Legal Broadcast news

Jules Polonetsky Smart Grid Interview w LBN Host Scott Drake

Smart Grid Today Web Conference

Privacy and the Smart Grid: How to Address Consumer Concerns Without Jeopardizing the Growth of the Grid

A web conference, Tuesday, April 13, 2010, 2:00 PM – 3:30 PM Eastern

Click here or call 888-471-4447 (+1-301-769-6804) to register!

YOUR PRESENTERS:

Lillie Coney, Associate Director, Electronic Privacy Information Center

Annabelle Lee, Senior Cybersecurity Strategist, Computer Security Division, NIST

William Levis, Director, Colorado Office of Consumer Counsel

Jules Polonetsky, Co-Chairman and Director, Future of Privacy Forum

Sam Spencer (Moderator), Editor and Publisher, Smart Grid Today

Click here for more information.

Behavioral Ads Good for Business, Sez the NAI

The Network Advertising Initiative report released today, showing the performance and value of behavioral advertising, demonstrates the importance of policy-makers and businesses getting the balance of controls right in this area.  We need to ensure that data enhanced advertising can continue to play a role in the ad economy, but we also need to provide users with better controls so they can more easily choose to be in or out.  But, most critically, we need to create a transparent and respectful value proposition.  Consumers do not care about the value of behavioral advertising to the economy or how well it works for marketers.  They care about the value to themselves, personally!  How does it make my experience better? How does it put me more in control of my experience and help me in any way?

Only by demonstrating the value to both business and consumers will behavioral advertising be able to flourish without constant policy and advocacy push back.  The ad icon and messaging that FPF and WPP tested with consumers is a step “”for the good”, as FTC Consumer Protection Director David Vladeck said at last week’s FTC Privacy Roundtable.  If the leading trade groups that have adopted this symbol as part of their self-regulatory efforts succeed in their plans to add a serious educational program around the symbol, it could be a key step towards the “information respect” called for by privacy experts like Professor Joseph Turow.  Profile viewers and improved opt-out tools are also examples of progress from leading NAI companies, but we are hoping for the next steps toward meaningful consumer engagement in the year to come.

The icon and label notice that FPF and WPP designed and the leading trade groups have adopted is a key step in the right direction, as are profile viewers and improved opt-outs.

Right Now is the Time to Address Privacy Issues and the Smart Grid

Last week, two events generated press coverage about privacy advocates sounding the alarm about privacy and the smart grid. The California Public Utilities Commission (CPUC) held a smart grid hearing which included a focus on consumer privacy and the White House Office of Science and Technology Policy collected comments on the topic of who owns consumer energy data and who should get access to it. (To see FPF’s comments to the OSTP, click here.) Businesses are starting to wonder whether consumer privacy could limit the data they need to optimize demand response management or delay smart installations due to consumer push-back. They are right to be worried because the concerns are real.

How should the industry respond? Hiding from the issue or hoping regulators solve the problem for companies are not strategies likely to succeed when innovation that can allow both data use and consumer control is needed. We think that the potential benefits to the causes of energy conservation, green jobs, and the environment are too valuable to be allowed to fail.

Over the past year, FPF’s Smart Grid Privacy Working Group of businesses and advocates has worked extensively with the Gridwise Alliance to address these concerns. We held the first conference focused on Privacy and the Grid, with the White House, regulators, advocates and business participating. We wrote a white paper with Ontario Privacy Commissioner Ann Cavoukian laying out how “privacy by design” can be a key strategy to addressing grid privacy development.

We have established SmartGridPrivacy.org as a clearing house for resources related to privacy and the smart grid. And today, we are part of the launch of the Smart Grid Consumer Collaborative (SGCC), which is a new industry collaborative to help build consumer engagement in the rollout of the smart grid. SGCC includes consumer electronics and technology companies, retailers, consumer advocacy groups, and utilities that are dedicated to finding solutions that maximize the value of the grid for consumers.

The FCC Broadband Plan released last week calls for consumers to be able to access their power data so that “innovation” in the home can be unleashed to create new tools, new features and new advances that will encourage users to save energy. If privacy innovation is also part of the innovation agenda, we are sure that the data needed to power the grid can also serve to empower consumers.

The Future of Secure Documents 2010

On Friday, April 30 at 10:35 am Jules will be speaking at The Future of Secure Documents 2010 conference in Washington, D.C.

His discussion is entitled, “Future of Privacy Forum Hot Topics: Apps gone wild, the smart power grid and your data, and getting beyond behavioral advertising.”

Click here for more information on the conference.

FPF Files Comments to OSTP Relating to Development and Depolyment of the Smart Grid

Click here to find the response of Jules Polontesky and Christopher Wolf on behalf of the Future of Privacy Forum to the Office of Science and Techology’s Request for Information published at 75 Fed. Reg. 6414.

 

This response addresses issues relating to the development and deployment of the “Smart Grid” for energy distribution.  The specific question(s) addressed are outlined in the document.

IAPP: 10 Years and Counting

Ten years ago, desktop computers ran on Pentium III chips and home broadband was a novelty.  But even then, some people recognized the coming ability of businesses to amass personal information about web users – and the need for safeguards. 

 

Today marks the 10th anniversary of the founding of the International Association of Privacy Professionals.  From a rather inauspicious beginning, IAPP has grown to include 6,000 members. In the process, it has helped businesses across every sector recognize privacy’s key role in ensuring public trust.  It also successfully promoted the trend in having senior level privacy officers develop and oversee practices.

 

To commemorate its 10th anniversary, IAPP has published a white paper predicting that “The next 10 years will see more types of data collected from more people, and more privacy laws in more places.”  Specifically, it looks at several global business trends: cloud computing, smart grids, health information networks, and government and private domestic security policies.  In every instance, IAPP notes, there will be a need for constantly evolving privacy rules which often must apply across international boundaries. 

 

Given these challenges, as IAPP president (and FPF Advisory Board Member) Nuala O’Connor Kelly notes, the success factors for tomorrow’s privacy professionals will have to include “making the case for privacy in positive, measurable terms, [understanding] technology [and] gaining international experience and cross-cultural literacy.”

 

The Internet’s growth has made it easier than ever for consumers to find out whether a company values its customers’ privacy and to make purchasing decisions accordingly. IAPP has set forth a useful paper to help guide businesses seeking help in navigating a rapidly evolving area at the nexus of law, technology and public attitudes.

Mar. 15, 2010 – FCC Broadband Plan Focuses on Privacy, Competition, MediaPost

 

 

Walkthrough: Click at Your Own Risk

Walkthrough: Click at Your Own Risk

FootballOutsider.com

By Mike Tanier

March 10, 2010

None of the scenarios listed below have happened yet, as far as we know: