Connect with us

Privacy

Facebook, Google, and Apple Ease Privacy Concerns of Senators

WASHINGTON, July 28, 2010 – Member of the Senate Committee on Commerce, Science, and Transportation are worried about unclear consumer online privacy policies and the negative effects of targeted advertising.

Representatives from Apple, Facebook, Google, The Cato Institute, AT&T, and the Annenberg School for Communication overviewed their current privacy policies and tools, and outlined the future of their privacy controls.

Published

on

WASHINGTON, July 28, 2010 – Member of the Senate Committee on Commerce, Science, and Transportation are worried about unclear consumer online privacy policies and the negative effects of targeted advertising.

Representatives from Apple, Facebook, Google, The Cato Institute, AT&T, and the Annenberg School for Communication overviewed their current privacy policies and tools, and outlined the future of their privacy controls.

Bud Tribble, from Apple Inc., said Apple builds privacy protection into its devices instead of asking consumers to add protection through downloading applications. He focused on their location-based services, such as GPS applications, which a user must authorize before the application will function. This type of opt-in service gives more control to the user than the more commonly-practiced opt-out licensing agreements.

Facebook’s chief technology officer, Bret Taylor, also agreed that giving users easy control over their privacy settings is essential since the people who use Facebook supply all of its content. “Individuals use social technologies to connect and share information, but they also play an important role in policing the medium itself,” said Taylor. He said Facebook tried to ensure familiarity with their privacy settings by requiring all users to navigate through a privacy transition tool, where they had to confirm or change their privacy settings.

Alma Whitten, privacy engineering lead at Google, said they were focused on building transparency and user controls into their services. She said their Dashboard tool allows consumers to easily see, edit, or delete information from their Google account. She said that while there had been a security mishap with Google’s StreetView service, none of the collected data was ever shared and Google is working on a solution to prevent further problems.

Jim Harper, director of information policy studies at The Cato Institute, agreed that privacy online was mostly a user control issue. He addressed targeted advertising, which he said makes users feel like they have lost some of that control over their personal information. However, he doubted whether direct privacy legislation would improve the online privacy climate. He said the current privacy policies, or “fair information practices,” are too complex and inconsistent to have a real effect. Mandated privacy notices have not made improvements either since they rely on consumers actually reading those notices, which they often do not.

Like Apple, Dorothy Attwood, chief privacy officer at AT&T said it is important to have privacy functions built in from the outset instead of leaving it up to consumers. She said AT&T had also consolidated 17 separate privacy policies into one with easy-to-understand language.

Joseph Turow, from The Annenberg School for Communication at the University of Pennsylvania, said he was concerned about some of the proposed privacy solution. He said applications like Google Dashboard give users the impression that they have “the whole picture about their privacy,” when they really just have some controls over their Google accounts.

He was also concerned about social discrimination resulting from targeted advertisements and the way people would be reduced to a number instead of as a respected individual. He suggested a limit on the amount of information that an online presence could hold about an individual or household.

Sen. Kerry (D-Mass) said that the policies are just too confusing. He was also concerned about incorrect or out-of-context information from a user that could cost someone a job or health insurance.

Lindsey is working with BroadbandBreakfast.com through an internship with the National Journalism Center. She graduated from Virginia Tech with a degree in professional writing. She has worked in Virginia Tech's public affairs department, and she was an assistant editor of one of the college's news-magazines. Lindsey is from Chatham, Va.

Cybersecurity

Private Sector Falling Behind on Information Sharing During Cyberattacks, Says Comcast Rep

Comcast’s Noopur Davis says cyber attackers share information better than the private sector.

Published

on

Noopur Davis, Chief Product and Information Officer at Comcast Cable.

ASPEN, Colorado, August 23 — In the wake of an influx of ransomware attacks on critical infrastructure and cyberattacks on private carriers, entities across the technology industry are revaluating their strategies and how they share information to prevent such acts.

T-Mobile announced on August 15 that as many as 50 million consumers had their private data compromised during a data breach. Days later, on August 17, as part of Technology Policy Institute’s 2021 Aspen Forum, Noopur Davis, Chief Product and Information Officer at Comcast Cable, sat down for a fireside chat to discuss what the industry was doing to address this event and events like it.

Join in Broadband Breakfast Live Online’s Discussion on “Cybersecurity: Reviewing the Biden Administration’s Executive Order,” on Wednesday, August 25, 2021, at 12 Noon ET.

When Davis was asked how she felt about the current state of cybersecurity, she said it was okay, but that the telecom community at large would have to do more.

She referenced the mean time of comfort—that is, the average duration between the time that a service becomes connected to the internet and when it is targeted by bad actors. While in the early days of the internet cybersecurity experts could expect to have significant mean times of comfort, she stated that this is no longer the case.

“The second you connect [to the internet] you are attacked,” she said.

As soon as a successful breach is recognized, Davis explained that the target companies begin to revaluate their “TTP,” or tactics, techniques, and procedures.

Information sharing is crucial

Though one company may find a remedy to their breach, other companies may remain vulnerable. To combat this, Davis said that it is critical for companies to share information quickly with their counterparts, but she indicated that this is a race that the private sector is currently losing.

“[Attackers] share information better than [the private industry does].”

She went further, revealing that there is now a sophisticated market for malware as a service, where various platforms publish reviews for their products and services and even offer tech support to those struggling to get the most out of their purchases.

Growing market for hacking tools

She pointed to the Colonial Pipeline attack as an example where hackers did not even create the malware themselves—they just purchased it from a provider online. She explained that this marketplace has significantly lowered the barriers of entry and deskilled the activity for would be attackers, and that theoretically anyone could engage in such nefarious acts today.

Though Davis was in favor of collaboration between companies to address these attacks, she made it clear that this would not mean that responses and capabilities would become standardized, and that every company would maintain their own unique strategies to ensure that their services and data remain uncompromised.

Continue Reading

Robocall

Associations Press FCC to Keep Robocall Extension for Facilities-Based Carriers

Organizations say preponderance of illegal calls don’t come from facilities-based providers.

Published

on

Acting FCC Chairwoman Jessica Rosenworcel

August 11, 2021 – In submissions to the Federal Communications Commission on Monday, associations representing smaller telecom are asking the agency to keep an extension specifically for facilities-based carriers to comply with new robocall rules.

In May, the FCC voted to push up by a year, from 2023 to 2022, the deadline for small carriers to comply with the STIR/SHAKEN regime, which requires telephone service providers to put in place measures – including analytics services to vet calls – to drastically reduce the frequency of scam, illegal robocalls, and ID spoofing that misleads Americans to believe the call is legitimate. Large carriers, however, had a deadline of June 30 this year.

But in submissions to the FCC this week, the Competitive Carriers Association, NTCA, and USTelecom said the preponderance of illegal robocalls come from smaller providers – those with fewer than 100,000 lines – that don’t have networks and, because of that, facilities-based carriers should have the additional year to comply with the rules, which is reportedly a highly technical and complex endeavor.

To appreciate the effort, providers must tag or label all calls on their network, using analytics tools, to ensure that the calls are legitimate. All illegitimate calls must be tagged as potential spam or blocked completely. Even still, the possibility of “false positives” can occur. Failure to comply with the rules could result in hefty penalties.

‘Good faith’ actors shouldn’t be penalized

“Commenters recognize as well that care must be taken to correctly identify this group of small providers in a surgical and precise manner that does not sweep in innocent actors and compel them to adopt this standard on a timeframe they had neither anticipated nor budgeted for,” the NTCA said in its submission to the FCC on Monday.

“A more targeted and effective way of capturing the parties that prompted these proposals can be found in the record – specifically, the Commission should require operators that are not ‘facilities-based’ voice providers…to adopt STIR/SHAKEN on a more accelerated timeframe,” the NTCA continued.

Burden of proof on non-facilities providers to show need for extension

USTelecom, however, added that the non-facilities-based providers – which generally originate calls over the public internet – should be able to request the full two-year extension, but they must show why they need it.

“It’s also critical that they are required to explain in detail and specificity why their robocall mitigation plans are sufficient to protect consumers and other voice service providers from illegal and unwanted robocalls,” USTelecom said in its Monday submission.

“Such a requirement would offer the right balance between affording non-facilities-based small providers the opportunity for the full extension if truly needed, but without creating an opportunity for the small VoIP providers responsible for illegal robocalls to abuse the process in order to continue to send unsigned illegal traffic downstream to the detriment of other providers and consumers,” USTelecom added.

Continue Reading

Robocall

FCC Proposes Measures to Limit Unwanted Access to Numbers, Protect Against Foreign Entities

The agency proposed rules for public comment on that would further restrict illegal use of numbering resources.

Published

on

Acting FCC Chairwoman Jessica Rosenworcel

August 9, 2021 – The Federal Communications Commission is seeking comment on proposed rules that it expects will reduce access to phone numbers by those running illegal robocalls and to further enhance public safety by adding transparency measures on foreign providers.

At the August Open Meeting on Thursday, the FCC said it is proposing to require voice-over-internet protocol providers to abide by the new robocalling regime, which requires voice service providers to put in place measures to limit spam calls and ID masking or face severe penalties.

To block calls, voice providers must first gather analytics on the origins of the call and essentially tag its authenticity before its routed.

As of the June 30 deadline, all major U.S. phone companies use caller ID authentication system to label calls as part of the regime, known as STIR/SHAKEN. This allows for end-to-end phone calls to be verified with a now common digital tool. AT&T said in June that is it now labelling over one billion calls a month.

Last week’s meeting also yielded other proposals to safeguard limited numbering resources, “protect against national security risks…and further promote public safety” by adding a layer of oversight at the executive branch level to vet those outside the United States trying to access numbering resources. That includes requiring applicants disclose foreign ownership information.

This would add to the federal government’s approach to protecting national security from foreign entities perceived as threats to the country, including legislation introduced recently that would prevent the FCC from approving those companies with ties to the Chinese communist party.

Continue Reading

Recent

Signup for Broadband Breakfast

Get twice-weekly Breakfast Media news alerts.
* = required field

Trending