Connect with us

Privacy

Panelists Call Federal Privacy Legislation Necessary and Express Optimism Toward That Goal

Published

on

Photo of privacy panel at State of the Net conference by David Jelke

WASHINGTON, January 29, 2020 – Federal privacy legislation is necessary to ensure standardization of legal treatment, technology experts said Tuesday at the 2020 State of the Net conference.

On a panel on “Privacy and Preemption” at the annual tech policy gathering, speakers acknowledged the role of the California Consumer Privacy Act in spurring discussion and action. But the CCPA fails to provide rules that are clear to consumers about their rights and clear to businesses about their obligations.

Jessica Rich, former director of the Federal Trade Commission’s Bureau of Consumer Protection, highlighted the irony of a visitor from Nevada to California travelling across the border and facing a situation of vastly different rights. This created a “bad consumer experience,” Rich said.

Chris Calabrese, vice president of the Center for Democracy and Technology, praised Congress’ handling of privacy legislation thus far, citing the seriousness with which representatives have approached the issue in the wake of serious national data breaches.

The panel also addressed where small businesses fit into the tug-of-war of data privacy. Rich said many small businesses can come into contact with sensitive user data and should not be given a free pass in legislation.

“Lest we forget, Cambridge Analytica was a small company,” cracked Jason Albert, Director of Public Policy at Workday.

The panel also defended the FTC against the criticism that it is unfit to enforce data privacy legislation. Albert argued that the FTC has an internationally respected reputation that would be very difficult for a new agency to imitate.

Rich pointed to the fact that the FTC is under-sourced with about only 50 employees assigned to privacy issues for the whole country. Calabrese added to the sentiment by referencing how the Information Commissioner’s Office, Britain’s FTC equivalent, has 500 employees for a nation a quarter the population.

Calabrese also expressed a desire for companies to have the ability to check in with the FTC regarding grey area privacy practices so as to avoid accidental infringement of privacy law.

The moderator capped off the session by asking for the panelists’ predictions as to the future of privacy law. The panel was cautiously optimistic about the future of privacy and believed that the country still had time to sort through the implications that information technologies pose.

Cybersecurity

Private Sector Falling Behind on Information Sharing During Cyberattacks, Says Comcast Rep

Comcast’s Noopur Davis says cyber attackers share information better than the private sector.

Published

on

Noopur Davis, Chief Product and Information Officer at Comcast Cable.

ASPEN, Colorado, August 23 — In the wake of an influx of ransomware attacks on critical infrastructure and cyberattacks on private carriers, entities across the technology industry are revaluating their strategies and how they share information to prevent such acts.

T-Mobile announced on August 15 that as many as 50 million consumers had their private data compromised during a data breach. Days later, on August 17, as part of Technology Policy Institute’s 2021 Aspen Forum, Noopur Davis, Chief Product and Information Officer at Comcast Cable, sat down for a fireside chat to discuss what the industry was doing to address this event and events like it.

Join in Broadband Breakfast Live Online’s Discussion on “Cybersecurity: Reviewing the Biden Administration’s Executive Order,” on Wednesday, August 25, 2021, at 12 Noon ET.

When Davis was asked how she felt about the current state of cybersecurity, she said it was okay, but that the telecom community at large would have to do more.

She referenced the mean time of comfort—that is, the average duration between the time that a service becomes connected to the internet and when it is targeted by bad actors. While in the early days of the internet cybersecurity experts could expect to have significant mean times of comfort, she stated that this is no longer the case.

“The second you connect [to the internet] you are attacked,” she said.

As soon as a successful breach is recognized, Davis explained that the target companies begin to revaluate their “TTP,” or tactics, techniques, and procedures.

Information sharing is crucial

Though one company may find a remedy to their breach, other companies may remain vulnerable. To combat this, Davis said that it is critical for companies to share information quickly with their counterparts, but she indicated that this is a race that the private sector is currently losing.

“[Attackers] share information better than [the private industry does].”

She went further, revealing that there is now a sophisticated market for malware as a service, where various platforms publish reviews for their products and services and even offer tech support to those struggling to get the most out of their purchases.

Growing market for hacking tools

She pointed to the Colonial Pipeline attack as an example where hackers did not even create the malware themselves—they just purchased it from a provider online. She explained that this marketplace has significantly lowered the barriers of entry and deskilled the activity for would be attackers, and that theoretically anyone could engage in such nefarious acts today.

Though Davis was in favor of collaboration between companies to address these attacks, she made it clear that this would not mean that responses and capabilities would become standardized, and that every company would maintain their own unique strategies to ensure that their services and data remain uncompromised.

Continue Reading

Robocall

Associations Press FCC to Keep Robocall Extension for Facilities-Based Carriers

Organizations say preponderance of illegal calls don’t come from facilities-based providers.

Published

on

Acting FCC Chairwoman Jessica Rosenworcel

August 11, 2021 – In submissions to the Federal Communications Commission on Monday, associations representing smaller telecom are asking the agency to keep an extension specifically for facilities-based carriers to comply with new robocall rules.

In May, the FCC voted to push up by a year, from 2023 to 2022, the deadline for small carriers to comply with the STIR/SHAKEN regime, which requires telephone service providers to put in place measures – including analytics services to vet calls – to drastically reduce the frequency of scam, illegal robocalls, and ID spoofing that misleads Americans to believe the call is legitimate. Large carriers, however, had a deadline of June 30 this year.

But in submissions to the FCC this week, the Competitive Carriers Association, NTCA, and USTelecom said the preponderance of illegal robocalls come from smaller providers – those with fewer than 100,000 lines – that don’t have networks and, because of that, facilities-based carriers should have the additional year to comply with the rules, which is reportedly a highly technical and complex endeavor.

To appreciate the effort, providers must tag or label all calls on their network, using analytics tools, to ensure that the calls are legitimate. All illegitimate calls must be tagged as potential spam or blocked completely. Even still, the possibility of “false positives” can occur. Failure to comply with the rules could result in hefty penalties.

‘Good faith’ actors shouldn’t be penalized

“Commenters recognize as well that care must be taken to correctly identify this group of small providers in a surgical and precise manner that does not sweep in innocent actors and compel them to adopt this standard on a timeframe they had neither anticipated nor budgeted for,” the NTCA said in its submission to the FCC on Monday.

“A more targeted and effective way of capturing the parties that prompted these proposals can be found in the record – specifically, the Commission should require operators that are not ‘facilities-based’ voice providers…to adopt STIR/SHAKEN on a more accelerated timeframe,” the NTCA continued.

Burden of proof on non-facilities providers to show need for extension

USTelecom, however, added that the non-facilities-based providers – which generally originate calls over the public internet – should be able to request the full two-year extension, but they must show why they need it.

“It’s also critical that they are required to explain in detail and specificity why their robocall mitigation plans are sufficient to protect consumers and other voice service providers from illegal and unwanted robocalls,” USTelecom said in its Monday submission.

“Such a requirement would offer the right balance between affording non-facilities-based small providers the opportunity for the full extension if truly needed, but without creating an opportunity for the small VoIP providers responsible for illegal robocalls to abuse the process in order to continue to send unsigned illegal traffic downstream to the detriment of other providers and consumers,” USTelecom added.

Continue Reading

Robocall

FCC Proposes Measures to Limit Unwanted Access to Numbers, Protect Against Foreign Entities

The agency proposed rules for public comment on that would further restrict illegal use of numbering resources.

Published

on

Acting FCC Chairwoman Jessica Rosenworcel

August 9, 2021 – The Federal Communications Commission is seeking comment on proposed rules that it expects will reduce access to phone numbers by those running illegal robocalls and to further enhance public safety by adding transparency measures on foreign providers.

At the August Open Meeting on Thursday, the FCC said it is proposing to require voice-over-internet protocol providers to abide by the new robocalling regime, which requires voice service providers to put in place measures to limit spam calls and ID masking or face severe penalties.

To block calls, voice providers must first gather analytics on the origins of the call and essentially tag its authenticity before its routed.

As of the June 30 deadline, all major U.S. phone companies use caller ID authentication system to label calls as part of the regime, known as STIR/SHAKEN. This allows for end-to-end phone calls to be verified with a now common digital tool. AT&T said in June that is it now labelling over one billion calls a month.

Last week’s meeting also yielded other proposals to safeguard limited numbering resources, “protect against national security risks…and further promote public safety” by adding a layer of oversight at the executive branch level to vet those outside the United States trying to access numbering resources. That includes requiring applicants disclose foreign ownership information.

This would add to the federal government’s approach to protecting national security from foreign entities perceived as threats to the country, including legislation introduced recently that would prevent the FCC from approving those companies with ties to the Chinese communist party.

Continue Reading

Recent

Signup for Broadband Breakfast

Get twice-weekly Breakfast Media news alerts.
* = required field

Trending