Showing posts with label consumer privacy. Show all posts
Showing posts with label consumer privacy. Show all posts

Monday, February 10, 2014

Just say NO to continued government surveillance!

Call/email Congress. Ask legislators to oppose the FISA Improvements Act. Look here at the ACLU comments, here at the EFF comments on "fake fix bill", another EFF note on 54 civil liberties and public interest organizations opposing this bill and here for an analysis in the British paper The Guardian (Permanent loophole for "backdoor search provision," and the Cato Institute, which called it the NSA Fig Leaf.

Ask your congresspeople to support the USA Freedom Act, and enact protections for non-Americans. Read the ACLU comments supporting this alternative bill. The EFF also supports this bill, which was co-sponsored by Representative Sensenbrenner (R, Wis) and Senator Leahy (D, Ver).

There are limits to what the USA Freedom Act accomplishes, according to the EFF website:

The bill only addresses a small portion of the problems created by NSA spying and overreaching government secrecy. It does not touch problems like NSA programs to sabotage encryption standards, it does not effectively tackle the issue of collecting information on people outside of the United States, and it doesn't address the authority that the government is supposedly using to tap the data links between service provider data centers, such as those owned by Google and Yahoo.

The bill also does not address a key issue that the government uses to inhibit lawsuits contesting the spying: excessive secrecy. For instance, it won't deal with the major over-classification issues or the state secrets privilege, the latter of which is used aggressively to prevent litigation from getting to a court decision on whether the spying is unconstitutional. The bill also leaves out a clause appearing in Sen. Ron Wyden's bill [113 S. 1551 Intelligence Oversight and Surveillance Reform Act] and, which provides guidelines to obtain standing in legal cases against the spying.

Lastly, it does not hold public officials accountable for their role in allowing this spying to take place and hiding it from public and Congressional oversight, and it does not create a Congressional committee that could independently investigate the surveillance programs and give the country a full accounting. Remember we are still just learning the full depth of the programs on a piecemeal basis.

So while we are happy to support the USA FREEDOM Act, we also acknowledge that there is still much to do to dial back the NSA. This can happen through ongoing improvements to the USA FREEDOM Act as well as through additional bills.
The EFF does list 7 steps the USA Freedom Act uses to improve privacy rights:
1. It would likely stop the NSA's call records program;
2. The bill modifies Section 702 of the FISA Amendments Act (EFF thinks one effect of the amendment is good - it requires the NSA to get a more narrowly tailored order from the FISA court before searching its enormous databases of call data for information on U.S. citizens. However, EFF is concerned that the amendment codifies the practices and existence of the collection and databases rather than abolishing them.
3. The bill creates a special advocate before the FISA court.
4. "Significant decisions" by the FISA court must be disclosed by the Attorney General. This is hugely important, though the FISA court itself has increased the publication of some of its decisions in recent days, there is neither any confidence that it might continue nor anything to show the public that we have had publication of either the most significant decisions or any proportion of significant decisions.
5. It increases protections designed to limit the potential harm from the use of National Security Letters (NSLs, the secret orders from the FBI that include a gag order preventing recipients from ever announcing they got one). Nevertheless, the law fails to address the central problem with NSLs: NSLs would still be unconstitutional.
6. Increases (a tiny bit) the ability of the companies that are ordered to cooperate with government agencies to be more transparent to users about their cooperation. There would still be gag orders limiting the amount of information that could be shared, but reports could be somewhat more detailed.
7. It grants subpoena powers for the Privacy and Civil Liberties Oversight Board (PCLOB). PCLOB is supposed to provide oversight and recommendations to the executive branch when it comes to our civil liberties, but currently has no subpoena powers.

Fight for the Future coordinates an Internet Fight against NSA Surveillance

Who here has gotten the e-mail from Fight for the Future? FFtF is a not for profit that
is dedicated to protecting and expanding the Internet's transformative power in our lives by creating civic campaigns that are engaging for millions of people. Alongside internet users everywhere we beat back attempts to limit our basic rights and freedoms, and empower people to demand technology (and policy) that serves their interests.
Well, they don't have any problem with self esteem, anyway. Their issues, from their About Us page, listed as posing "major threats to freedom of expression online":

Copyright and patent laws are outdated and overzealous. They hurt artists and innovation, shifting control of our art, media, and ideas to large corporations.
Slow speed and limited access: Lack of competition in the U.S. broadband market has resulted in an Internet system that is among the slowest, most expensive and least available among developed nations.
Tracking and Spying: People can’t express themselves freely online when they feel like they are being watched. In an extreme form, government and corporate surveillance can lead to political repression.
On Feb. 11, they are urging websites to add a banner to their sites
urging people to call/email Congress. We'll ask legislators to oppose the FISA Improvements Act, support the USA Freedom Act, and enact protections for non-Americans.

If you're not in the US: Visitors will be asked to urge appropriate targets to institute privacy protections.
Visit their website to see.

I have mixed feelings about the breadth of their issues. But I do know what I think about the NSA and FISA courts.

Tuesday, December 17, 2013

NSA decision, Klayman v. Obama

The exciting decision from the Federal District Court for the District of Columbia, Judge Richard Leon presiding, just came out, and it's quite powerful. You can see the full text at Scribd. Judge Leon writes a strongly worded opinion, that is rather narrow in actual scope, but contains a good deal of important reasoning. There are 2 cases joined here, so there are 2 petitioners. The judge is only ruling on petitioners' requests for an injunction against the NSA continuing to gather metadata about their telephone calls as part of their Bulk Telephony Metadata Program. Judge Leon further rules that the NSA must destroy any information they have already collected of this nature about the two petitioners.

However, in coming to this ruling, Judge Leon distinguishes the 1979 decision, Smith v. Maryland, 442 U.S. 735 which the FISC Court has ruled "squarely control[s]" on the issue of "telephone service provider metadata." Indeed, the government has so heavily relied on courts accepting the Smith case as controlling, that they have considered the issue as completely settled. In Smith, the police installed a pen register on a telephone without a warrant, after a robbery victim complained to them that she was receiving obscene and threatening phone calls. The FISC court accepted the Smith precedent in a decision that has been redacted and published at their website, In Re An Application of the [FBI] for an Order Requiring the Production of Tangible Things from [Redacted], BR13-109 at 6-9, (FISC, Aug. 29, 2013). Leon, however, writes that a short term, very limited pen register is a far cry from the long-running, wide-ranging modern technology being deployed n the Bulk Telephony Metadata Program, and furthermore notes that the Supreme Court recently called the Smith decision into some doubt in United States v. Jones, 132 U.S. 945 (2012), (attaching a GPS device to a vehicle) a 5-4 decision. Judge Leon notes that the Supreme Court took the Jones decision as an opportunity to revisit the Smith decision, because there was an earlier warrantless tracking device opinion, United States v. Knotts, 460 U.S. 276 (1983) which could have been used as precedent.

Judge Leon uses strong language about the NSA datagathering program, which enlists the nation's telecommunications giants (and, incidentally, the Internet search and social networking providers as well) to
"operate what is effectively a joint intelligence-gathering operation with the Government." Klayman, at 48. ... the almost Orwellian technology that enables the government to store and analyze the phone metadata of every telephone user in the United States is unlike anything that could have been conceived in 1979. ... The notion that the government could collect similar data on hundreds of millions of people and retain that data for a five-year period, updating it with new data every day in perpetuity, was at best in 1979, the stuff of science fiction. By comparison, the Government has at its disposal today the most advanced twenty-first century tools, allowing it to "store such records and efficiently mine them for information years into the future." Jones, 132 S.Ct. at 956 (Sotomayor, J., concurring). ... (Klayman at 49)

And finally and most importantly, not only is the Government's ability to collect, store and analyze phone data greater now than it was in 1979, but the nature and quantity of the information contained in people's telephone metadata is much greater as well.... But the ubiquity of phones has dramatically altered the quantity of information now available and, more importantly, what that information can tell the Government about people's lives. ... Records that once would have revealed a few scattered tiles of information about a person now reveal an entire mosaic, a vibrant and constantly updating picture of the person's life. ... (Klayman at 50, 54)

In sum, the Smith pen register and the ongoing NSA Bulk Telephone Metadata Program have so many significant distinctions between them that I cannot navigate these uncharted Fourth Amendment waters using as my North Star a case that predates the rise of cell phones. (Klayman, at 55)

[Judge Leon next examines the likelihood that the petitioners will succeed in showing that the searches are unreasonable. He does a very careful survey of the Supreme Court Fourth Amendment jurisprudence, and concludes:] ... To my knowledge, however, no court has ever recognized a special need sufficient to justify continuous, daily searches of virtually every American citizen without any particularized suspicion. In effect, the Government urges me to be the first non-FISC judge to sanction such a dragnet. (Klayman at 58)

The Government asserts that the Bulk Telephony Metadata Program serves the "programmatic purpose" of "identifying unknown terrorist operatives and preventing terrorist attacks." Govt.'s Opp'n at 51 -- an interest that everyone, including this Court, agrees is "of the highest order of magnitude," In re Directives Pursuant to Section 105B of the Foreign Intelligence Surveillance Act, 551 F3d 1004, 1012 (FISA Ct. Rev, 2008). ... A closer examination of the record, however, reveals that the Government's interest is a bit more nuanced -- it is not merely to investigate potential terrorists, but rather, to do so faster than other investigative methods might allow. ... (Klayman, at 59-60)

Yet, turning to the efficiency prong, the Government does not cite a single instance in which analysis of the NSA's bulk metadata collection actually stopped an imminent attack or otherwise aided the Government in achieving any object that was time-sensitive in nature. In fact, none of the three "recent episodes" cited by the Government which supposedly "illustrate the role that telephony metadata analysis can play in preventing and protecting against terrorist attack" involved any apparent urgency. (Klayman, at 61. Judge Leon describes the 3 examples laid out by the Government in the Holley Declarations, and finds none of the three persuasive). ... Given the limited record before me ... most notably, the utter lack of evidence that a terrorist attack has ever been prevented because searching the NSA database was faster than investigative tactics -- I have serious doubts about the efficacy of the metadata collection program as a means of conducting time-sensitive investigations in cases involving imminent threats of terrorism ... (Klayman at 62)

I cannot imagine a more "indiscriminate" and "arbitrary invasion" than this systematic and high-tech collection and retention of personal data on virtually every single citizen for purposes of querying and analyzing it without prior judicial approval. Surely, such a program infringes on "that degree of privacy" that the Founders enshrined in the Fourth Amendment. Indeed, I have little doubt that the author of our Constitution, James Madison, who cautioned us to beware "the abridgement of freedom of the people by gradual and silent encroachments by those in power," would be aghast. (Klayman at 64)

[Judge Leon then considers the Government's complaint of the burdensomeness of removing the two plaintiffs from its database and that this may cause a number of other such requests, degrading the utility of the program.] ... Of course the public has no interest in saving the Government from the burdens of complying with the Constitution! ... For reasons already explained, I am not convinced ... that the NSA's database has ever truly served the purpose of rapidly identifying terrorists in time-sensitive investigations, and so I am certainly not convinced that the removal of two individuals from the database will "degrade" the program in any meaningful sense. (Klayman at 66)

This case is the latest chapter in the Judiciary's continuing challenge to balance the national interests of the United States with the individual liberties of our citizens. The Government, in its understandable zeal to protect our homeland, has crafted a counterterrorism program with respect to telephone metadata that strikes the balance based in large part on a thirty-four year old Supreme Court precedent, the relevance of which has been eclipsed by technological advances and a cell phone-centric lifestyle heretofore inconceivable. ... (Klayman at 66-67)

The image of Judge Leon decorating this post is from Suffolk Law Review's Donahue Lecture series. Judge Leon spoke at our school in 2012, about his cases on the Guantanamo detainee litigation, balancing personal liberties against national security during the war on terror. Seeing the title of his talk, which I attended, makes it doubly interesting that he heard this case on the NSA.

Thursday, August 15, 2013

Stunning Google Admission in Court on Gmail Lack of Privacy

The Guardian reports on a stunning admission Google makes in a court document about the lack of privacy for users of the Gmail system. filed a class action law suit, In re Google Inc. Gmail Litigation, Case No. 5:13-md-02430-LHK, which will be held before Judge Lucy H. Koh in U.S. District Court in San Jose, CA. at 1:30 p.m., Sept. 5. The complaint was sealed since it involved business practices, but a highly redacted version was filed publicly, and can be found here. And THIS is the Google motion to dismiss that is the source of the Guardian excited report.  The first argument is titled: 

"The Wiretapping Claims Fail Because

the Alleged Scanning Practices Are
Part of Google’s Ordinary Course
of Business as an ECS Provider"

I'd say that's pretty chilling stuff. Google says, "You can't sue us for cooperating with the NSA wiretapping because we already listen in to all your e-mail conversations as a matter of our business practices!

OK. That makes it all alright.  You go, guys.  Don't be evil.  

Tuesday, July 09, 2013

Dept. of Unintended Consequences: COPPA

Children's Online Privacy Protection Act (COPPA, 15 USC §6501 - 6506, PL 105-277)
regulations from the FTC are just going into effect.  The Internet is going to be changing, both for those under 13, and for the website/app providers who deal with them. offers a website explaining in some detail how to comply with the new regulations. According to the explanation provided there, the Act applies to any
commercial Web site or an online service directed to children under 13 that collects personal information from children or if you operate a general audience Web site and have actual knowledge that you are collecting personal information from children, ...
The website goes on to explain the factors the FTC considers in deciding whether a website or app is directed to children, who is an "operator" and what amounts to personal information.   Then, the folks lay out the requirements of the Act and regulations as cleanly as possible.  This also provides the full text of the Act.

Sadly, despite the efforts to make the Act's requirements seem less overwhelming, it appears that many smaller businesses operating on the Internet or with online services that either cater to children or to a general population that attracts the under-13 crowd, will be completely changing their business model in response.  AdWeek reports that already AOL Kids has stopped working, and at least one academic consultant is recommending smaller businesses simply change their websites to avoid being covered by the Act.   Some foresee that the final result will be less innovation on the Internet.  I hope they are wrong!  I am sure that is not what the FTC or Congress intended.  But many businesses seem quite shy of the new regs.

Wednesday, July 03, 2013

Fourth of July Protests Against NSA

Happy Fourth of July! Celebrate our freedoms, and contemplate what it takes to maintain them. 

The Boston Globe reports that two groups of web activists are planning protests against the NSA around the Fourth of July. The protests combine web protests with some live protests in selected cities across the country. 

One group is Fight for the Future, which helped coordinate the rallies against SOPA and PIPA last year.  The other group is Restore the Fourth, which is a reference to the Fourth Amendment, not the holiday.

Look for websites to carry messages, and the text of the 4th Amendment.  If you care to join a local rally, Fight for the Future may have information, though I don't see notes there. The closest I find is their page on the NSA cybersecurity program and opposition to Senate bill 2105, the Cybersecurity Act of 2012.  The bill failed to move to a full vote. That link will also provide a handy analysis and history of the bill and those who supported and opposed it. It is a scary sounding piece of legislation, in my opinion, especially in the wake of Snowden's revelations of how much data the NSA is already gathering.

Saturday, June 08, 2013

First BeenVerified, Now NSA, FBI, and the rest of the Feds... do you feel a bit surveilled?

The news broke in just the last day or two, about the large tech companies and telecommunications companies reluctantly acceding to government requests for vast amounts of user data.  The Boston Globe ran a nice report that summarizes the history of the group of programs involved in the news. It's an even-handed article that quotes from President Obama's comments about the need for balance if we want to catch terrorists while trying to protect civil liberties. It also quotes from Mark Rumold, a staff lawyer at the Electronic Frontier Foundation criticizing the extent of the surveillance programs.  (See order from a Foreign Intelligence Surveillance Court requiring Verizon to turn over telephone data acquired by the British Guardian; not clear how they got this since it's marked Top Secret do not declassify until 12 April 2038.)

The Globe article, "What Surveillance Can Uncover About You," (available in print at A1, A7, by Matt Viser, Noah Bierman and Bryan Bender) includes a Surveillance programs fact sheet (A7 in print), that does a very nice job of listing in a general way, what data the government collects under two different programs from the various major players.

From telephone conversations, without a warrant, from U.S. citizens, agencies collect metadata only, not the actual content of the conversations.  The metadata reveal information on:
beginning and end times and thus the length of the call;
place of origin of the call, and place of the receiver;
serial number of the phone placing the call;
phone number of the placing and receiving call;

However, there is a second, top-secret data-gathering program, PRISM, by US and British intelligence on which the British Guardian and the Washington Post, published a slide show provided them by the National Security Agency (NSA). The Post edited and annotated their slides, which is what I have linked here. The Post also provides an article about Prism. According to the material appearing at the Guardian and the Post, with the aid of NSA, the British analogous agency, Government Communications Headquarters (GCHQ), has been sieving the same U.S. tech company data as the NSA in the same ways. This has allowed GCHQ to evade the British laws requiring legal process to acquire photographs, e-mails and videos outside of the country.  From the Post's article:
PRISM was launched from the ashes of President George W. Bush’s secret program of warrantless domestic surveillance in 2007, after news media disclosures, lawsuits and the Foreign Intelligence Surveillance Court forced the president to look for new authority.

Congress obliged with the Protect America Act in 2007 and the FISA Amendments Act of 2008,  which immunized private companies that cooperated voluntarily with U.S. intelligence collection. PRISM recruited its first partner, Microsoft, and began six years of rapidly growing data collection beneath the surface of a roiling national debate on surveillance and privacy. Late last year, when critics in Congress sought changes in the FISA Amendments Act, the only lawmakers who knew about PRISM were bound by oaths of office to hold their tongues.

(FISA = Foreign Intelligence Surveillance Act, P.L. 95-511, 92 Stat 1783, 50 U.S.C. Chapter 36 
Protect America Act of 2007 = P.L. 110-55, 121 Stat 552, amending 50 U.S.C. certain sections of Chapter 36
USA PATRIOT ACT = P.L. 107-56, 115 Stat 272, amending MANY U.S.C. sections) The Post includes a separate article with details on how the Foreign Intelligence Surveillance Courts work, including statistics on number of requests and number denied during various administrations since the courts were established in 1979.

The Post web link includes in interesting video interview with the reporter who has done most of the work uncovering PRISM here in the U.S.  Besides stressing that the tech companies involved have all denied any knowledge of PRISM, and that the government has said that PRISM only applies to non-citizens, there are several fascinating parts to the conversation.  One is asking the reporter whether he is concerned about repercussions such as those suffered by the Fox News and AP reporters recently who had materials subpoenaed.  The second is asking about his contact within the NSA and whether this whistle blower is prepared for what will happen when or if he is unmasked.  And thirdly, the interviewer mentions receiving an e-mail that simply says "tip of the iceberg."  The conversation goes from there about the size of the data sets available and how unimaginable this was to them before the story broke.

Two organizations which have long been critical of the government's data gathering:

Electronic Frontier Foundation, which has helpful information, explanations and white papers on their website.

Electronic Privacy Information Center (EPIC)
which also has helpful information, explanations, and links to legal documents on their website. They have explanatory notes, pleadings, rulings, memoranda and briefs in a number of relevant court cases that are still working their way through appeals.  Very helpful.

The American Civil Liberties Union has some links and posts about this issue, but it is one small issue among many for them.

Only a few members of Congress have opposed the relentless expansion of the Executive's power of surveillance.  They have been lonely voices until now.  

The witty decoration for this post comes courtesy of an interesting new citation storage, sharing and organization service,

Sunday, January 29, 2012

Google & its Discontents

Google has announced a new privacy policy. They are working hard to get you to read it. If you have not read it, you should. And you should think about what it means. If you have a gmail account, if you have an Android phone, or keep a Google calendar, if you have an account with any of the other Google services, it means that the information from one account will be available across ALL of the other accounts. This article from the British Daily Mail does an excellent job of giving examples that help the reader see just how chilling the possibilities are. Google users have long been used to seeing ads for hotels pop up if they have been searching for information about another city. We have stopped worrying about it (though perhaps we should not!). But with the integration of all our accounts' information, those ads could now access information from our meetings calendar, our phone list, our profile, our GooglePlus "circles" and the data attached to those people in our lives.

Gizmodo has no doubts at all about this. Their blog post is titled "Google's Broken Promise: the End of Don't be Evil." They do a very nice job of contrasting previous privacy policies with the new one, to help make the profound shift more obvious.

What this means for you is that data from the things you search for, the emails you send, the places you look up on Google Maps, the videos you watch in YouTube, the discussions you have on Google+ will all be collected in one place. It seems like it will particularly affect Android users, whose real-time location (if they are Latitude users), Google Wallet data and much more will be up for grabs. And if you have signed up for Google+, odds are the company even knows your real name, as it still places hurdles in front of using a pseudonym (although it no longer explicitly requires users to go by their real names).

All of that data history will now be explicitly cross-referenced. Although it refers to providing users a better experience (read: more highly tailored results), presumably it is so that Google can deliver more highly targeted ads. (There has, incidentally, never been a better time to familiarize yourself with Google's Ad Preferences.)
Gizmodo explains that they consider Google to be going back on its promise to users, on which it built its multi-million dollar business, that it would always place its users' first. The new privacy policy does away with users' fine-grained control of their personal information that previous policy iterations upheld. However, Google does give users time to opt out, so pay attention!

And Google keeps wondering why their social media efforts keep falling flat!

Wednesday, July 13, 2011

Could Your Cellphone Voice Mail be Hacked?

We are all watching the scandal about the British tabloid News of the World whose reporter hacked into the cellphone voice mail of a missing girl and deleted some of the messages while police were searching for the child. But have you considered the implications of hacking voice mail in cellphones? It means that it's dead easy to get into anybody's voice mail – unless they take a few precautions.

The Boston Globe has an article in today's paper by Hiawatha Bray, one of my tech heroes. The hack is done with a service anybody can find, called ID spoofing. Google it. It works like a pre-paid calling card or sometimes through a Web interface. You pay for a certain amount of time to have a PIN that represents to the telephone you are calling that you are calling from a different telephone number.

Spoofing can be used for legitimate purposes, as law enforcement sometimes uses it, or women fleeing from abusive situations have used this to conceal their location and phone number. But mostly, it is considered a malicious act, and bills have been introduced several times to outlaw the practice, beginning in 2006. Finally, in December, 2010, the Truth in Calling Actpassed Congress and was signed into law by President Obama, prohibiting spoofing “with the intent to defraud, cause harm, or wrongfully obtain anything of value...” Law enforcement is specifically exempted. The penalties are fines, and enforcement is under state jurisdiction.

But the important part of the Globe article is to explain how to protect yourself from having your voice mail hacked. Here is the information: Protect your voice mail

The image is courtesy of Entrepreneur website, which actually has a very helpful post about protecting your cellphone, adding a paragraph about the viruses that are becoming so rampant in a lot of the apps that people are adding outside of the official sites. See

Tuesday, May 24, 2011

Online Consumer Privacy - "Do Not Follow"

Bloomberg News, Eric Engleman and Adam Satariano reported on a hearing in the Senate Commerce subcommittee on mobile privacy on May 19, 2011.

, Google and Facebook and the makers of applications for these these companies’ platforms faced scrutiny at the hearing over how they collect, use, store and share information on users’ wireless devices, from smartphones to any sort of PDA.

Google’s director for public policy, Alan Davidson stated that Google seeks consent from users of its Android software for collection of information and location data. “Google is also very careful about how we use and store the data that is generated by these services.” Location information sent to Google servers when users opt in with Android is stripped of personal identifying tags, for instance, so it cannot be tied or traced to an individual user, and then stored in an aggregated form. And Google provides parental controls to protect children, and requires developers of apps to rate them according to appropriate age level.

One of Apple’s vice-presidents, Catherine Novelli, testified that Apple does not knowingly collect any data about users below the age of 13. Like Google, all location information gathered from iPhones and iPad tablet computers are stripped of individual identifying data, and not traceable to an owner. They use the aggregated information to improve the functionality of devices. “Apple does not track users’ location, has never done so and has no plans to do so,” said Novelli. (I also understand that some manufacturers use the internal GPS and an accelerometer in the devices to find out if the malfunction for which you bring the machine in for repair was caused by it being dropped or hurled. The GPS and accelerometer function together to locate the device in space, determine its speed, and whether it stopped very suddenly. There is also a device that measures humidity levels, so if you drop a phone or PDA into water, or even a steam room, it may void the warranty.)

Bret Taylor, Facebook's chief technology officer said that Facebook has "robust privacy protections ... if people lose trust in a service like Facebook, they will stop using it." (This seems pretty ironic in light of the continuing battle between Facebook trying to "monetize" their site and the outrage of their users whenever Facebook creates a new set of "opt-ins" that streams all the user data out to third party vendors! See this C-Net Op-ed). When asked about Facebook protections for children, Taylor said that nobody under 13 is allowed to create a Facebook account, and that they remove such accounts when they are alerted to them.

In December, the Federal Trade Commission issued a proposed regulation, commonly referred to as “Do Not Follow,” patterned after the popular “Do Not Call” regulation they issued some years ago for telemarketers. The comment period recently closed, and I have heard from a spokesperson for the agency at the GigaNet conference in early May that they received about 200 comments from consumers on the proposal, which was a surprising number. Here is an announcement with links to a report they issued on the matter, including links to make comments and view comments (note that the comment period is now closed). You can track it on their website with the handy "quick finder" from the FTC homepage by following "Privacy and Data Security," to "Behavioral Advertising."

This was a hot topic at the GigaNet conference. There were commentators who felt that the FTC proposal, which relies on the website owners to self-enforce, (because consumers cannot tell if they are being followed) was just too lax. But there was also a commentator, who represented a number of different large web corporations, who warned that if the companies could no longer “monetize” their websites, that many services that are now free, might become billable. Interestingly, there was also a moderator from the European Union, which was mentioned as a place of intense regulation, who spoke up and said that, although the regulations there did allow all consumers to opt out of being followed, that in practice only about 10% of consumers actually did. I was later told as well, that the regulation and laws in the EU were passed long enough ago that technology has bypassed them and there are now many “work-arounds” that web companies exploit.