Connect with us

Privacy

Lawmakers, Prosecutors and Big Tech Companies Spar at Senate Hearing Over Unlocking Encryption

Published

on

Photo of Senate hearing by Masha Abarinova

WASHINGTON, December 11, 2019 – Lawmakers remain concerned about law enforcement’s inability to access highly encrypted devices for investigations. Tuesday’s Senate Judiciary Committee hearing questioned some representatives from big tech on the matter.

This isn’t going to be a world where social media is a haven for child abusers and other criminals, said Committee Chairman Lindsey Graham, R-S.C. Big tech can be either the problem or the solution to this dilemma, but they need to take action on encryption. Otherwise, Graham said, these companies face repercussions from Congress.

When a crime is committed, said Ranking Member Dianne Feinstein, D-Calif., it is imperative that these devices be opened. The tech industry has a responsibility to respond to law enforcement’s concerns, she said, and that determines the degree of congressional action.

Sen. Dick Durbin, D-Ill., inquired about how encrypted information is affected under the Children’s Online Privacy Protection Act. Obtaining this information is not only about deterring hackers or foreign actors, he said, but it is about the government protecting children.

Because of Section 230 of the Communications Decency Act, said Sen. Richard Blumenthal, D-Conn., big tech uniquely enjoys immunity from legal action. Sen. Sheldon Whitehouse, D-R.I., added that these companies seem to profit off encryption, yet they are unwilling to take responsibility for the negative effects they might incur.

Representatives from tech companies included Erik Neuenschwander, manager of user privacy at Apple, and Jay Sullivan, product management director for privacy and integrity at Facebook’s Messenger. They emphasized that their respective companies are actively working to ensure safety and security across devices.

Encryption is one of the most important mechanisms a nation has in order to safeguard an increasingly interconnected future, Neuenschwander said. Currently, Apple doesn’t have the ability to retrieve encrypted information off a device. However, he said, that means malicious actors also do not have access to that personal data.

Neuenschwander also added that Apple works closely with law enforcement and government agencies, receiving thousands of requests. Apple’s team has also trained law enforcement officers in the U.S. and around the world on its security processes.

Most Facebook’s methods to combat malicious actors, Sullivan said, are behavioral and based off social interaction. Facebook does not sell or share minors’ data to third parties, and Facebook does not use private messages for targeted ads or other algorithms, he said.

End-to-end encryption is the best technology available to make messages safe and secure, Sullivan continued. If the United States rolls back its support for privacy and encryption, foreign application providers will fill that vacuum to provide the privacy and security that people demand.

Tech companies have no external incentive to mandate the regulation of encrypted devices, said Prof. Matt Tait, cyber security fellow at the Lyndon B. Johnson School of Public Affairs. Encryption hinders law enforcement in three ways: device searches, which are impacted by a user passcode, traditional wiretaps, which are impacted by end-to-end communications and cyber tips, where companies can alert law enforcement of known child abuse material.

Options exist for conducting wiretaps and retaining cyber tips without altering encryption, Tait said. Only device encryption is amenable to a “front door” access mechanism.

New York City District Attorney Cyrus Vance was also on the panel, and he reiterated that law enforcement has lost functionality due to encrypted devices.

Apple and Google have engineered their phones to no longer have the capacity to be unlocked without encryption, he said. Vance said officers can only access about half of the encrypted phones that come into the DA’s office.

Encrypted material should not go beyond the law when a judge signs a search warrant, Vance said. For their own private business interests, the Fourth Amendment grants a right to not only privacy but to anonymity.

Vance emphasized that law enforcement officials having access to the cloud is not a suitable substitute for lawful access to a device. The cloud only stores data that has been saved. Moreover, a user can opt not to backup particular data to the cloud. The device itself, he said, contains the most critical evidence.

Cybersecurity

Remote Work an Opportunity for Service Providers to Build Trust on Cybersecurity: Research Director

A study by Futurum Research found organizations expect more remote work long-term.

Published

on

Photo of Ron Westfall, research director at Futurum Research

July 6, 2022 – An increase in remote work post-pandemic provides internet service providers with an opportunity to build trust by prioritizing cybersecurity, according to a new study discussed Wednesday.

The Futurum Research study of over 500 respondents – many of which are influential decision makers – concluded that post-pandemic, organizations are expecting their workforce to become more remote long-term.

“This, I believe, provides an opportunity for service providers to, for example, prioritize higher security as a way for these organizations to have more confidence and have more satisfaction in how the work-from-home coordination and limitations are optimized,” Ron Westfall, research director and senior analyst at Futurum Research, said at Fiber for Breakfast event on Wednesday

Cybersecurity is a huge concern for companies as employees work from home on various networks and with less supervision and “there is still a lot of work to be done,” continued Westfall. Security remains a hot topic in the industry as cyberattack threats increase.

Organizations that have already adopted a single, holistic approach to remote working are showing greater satisfaction with the outcomes of their collaboration platforms, Westfall said. Westfall indicated that executive leaders need to take action to produce an organization-wide work-from-home collaboration policy.

Video surveillance and artificial intelligence technologies are allowing key decision makers to maintain a remote work presence. However, over two-thirds of companies are still improvising how they will approach the remote or hybrid workforce, said Westfall.

Continue Reading

Privacy

Experts Wrangle Over Whether Online Children Protection Legislation Needs Overhaul

‘We can’t keep overhauling the regulatory structure.’

Published

on

WASHINGTON, June 21, 2022 – Observers at an Information Technology and Innovation Foundation event on Wednesday urged Washington not to take legislation protecting children online down the path of congressional overhaul, instead preferring guidance for the existing text to come from its administrator, the Federal Trade Commission.

The Child Online Privacy Protection Act, passed in 1998, includes online data protections for children under 13. In 2013, as designated by Congress, the FTC updated enforcement rules, giving parents more control over the online collection of their children’s personal information.

Since then, new advances in technology and social media has brought COPPA to the attention of many who consider substantive changes are needed, including privacy experts, senators and U.S. President Joe Biden, who addressed it in his State of the Union address earlier this year.

Some lawmakers have long called for an age increase for those protections through legislative reforms, which came before lawmakers this month introduced a proposal for the first federal privacy law, which would include data privacy protections for children under 17.

“We can’t keep overhauling the regulatory structure,” said Julia Tama, partner at law firm Venable LLP. “It takes a big investment for companies to come up to speed.”

Instead, she said, she wants “improvements on what we have rather than replacing it with a completely different framework.”

In May, the FTC issued a policy statement that will guide its enforcement of COPPA. It focused on four provisions: limiting the amount of data collected for children’s access to educational tools; restricting types of data collected and requiring reasons for why they are being collected; prohibiting ed tech companies from holding on to data for speculative purposes; and prohibiting the use of the data for targeted advertising purposes.

Graham Dufault, senior director for public policy at the App Association, said the FTC should be responsible for potential provisions made to COPPA. “The FTC’s enforcement of COPPA is a really important thing for us.”

But panelist James Cooper, associate professor of law and director of the program on economics and privacy at George Mason University, said COPPA isn’t in need of any major revisions. He said if the legislation requires change, he doesn’t want to see it done through FTC policy statements and instead should come from the crafters in Congress.

“If the FTC feels [the need to] expand COPPA beyond its current boundaries, it should go back to Congress,” Cooper said.

Continue Reading

Privacy

Expand Online Protections for 17-Year-Olds in Draft Federal Privacy Law, Committee Urged

The draft privacy law includes a provision to enhance privacy protections online for children under 17.

Published

on

Photo of the hearing held by the subcommittee on consumer protection and commerce

WASHINGTON, June 16, 2022 – Panelists before the subcommittee on consumer protection and commerce recommended Tuesday that a newly-crafted draft for federal privacy legislation introduced earlier this month include online protections for 17-year-olds.

The draft of the American Data Privacy and Protection Act, which would be the first federal privacy law, includes a provision to enhance privacy protections online for children under 17, including restrictions on Big Tech platforms’ data collection and targeted advertisements to those age groups.

But testimony from Jolina Cuaresma, senior counsel on privacy and technology policy at Common Sense Media, suggested that the language include 17-year-olds as well.

If the bill becomes law, she said this would provide a substantial upgrade to the Child Online Protection Privacy Act, which provides online protections for children under 13. “We need to cover all minors under the draft’s protections,” Cuaresma said, adding, “one in four children between the ages of 9 and 17 have had a sexual encounter with an adult online.”

With ongoing discussion about potential changes to COPPA and ensuring children’s privacy online due to increasing use of online educational tools and social media, Rep. Kathy Castor, D-Fl, stated during the hearing, “there is room for improvement in the draft for children’s protections.”

Big Tech regulation

Witnesses also said the draft should make clearer limits for Big Tech companies. Caitriona Fitzgerald, deputy director of the Electronic Privacy Information Center, said, “technology companies have too much power” and have been unregulated for too long. She urged the bill to define responsibilities more clearly for big tech companies, individuals, states, and federal entities.

Chairman Frank Pallone Jr. of the energy and commerce committee stated that if the bill passes, “our kids will be protected from abusive advertising and data transfers, and businesses will be required to protect consumer data or face real consequences.

“Comprehensive national privacy legislation is necessary to limit the excesses of Big Tech and ensure Americans can safely navigate the digital world,” said Pallone.

Continue Reading

Recent

Signup for Broadband Breakfast

Get twice-weekly Breakfast Media news alerts.
* = required field

Trending