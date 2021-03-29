Privacy
Attach Strings To Data Collection To Combat Surveillance Capitalism, Experts Suggest
March 29, 2021 – Laws addressing how much data can be collected should be among new regulations that must ensure data collection from big technology companies doesn’t harm Americans, according to a March 17 panel of academics at the South by Southwest conference.
The era of corporate self-regulation is now up, said Marietje Schaake of the Standford University Cyber Policy Center and panelist at SXSW conference discussing the “techno-democratic” approach to Big Tech, including what to do about surveillance capitalism.
Surveillance capitalism is an economic system centered on commodifying personal data with the core purpose of profit-making.
“We have heard many pledges, many promises, and good intention offers for solutions for self-regulatory initiatives. And the time is out for those,” she said.
Schaake said it is time the government attach consequences to data collection to the detriment of the public and to set clear limits on collection practices.
“We have tried for too long, and it has led to several distractions and lost time to make sure that the rule of law is leading and that there are enforceable accountable, transparent expectations placed on these companies,” she said.
Joan Donovan, a social scientist at the Harvard Kennedy School, said what’s critical is how much data tech companies should be allowed to collect and under what conditions should they sell it to ensure rights aren’t violated.
“The tech sector as it is built now, relies on harvesting so much data about an individual that their products and the entire economy they are built on could not exist” if there were robust rights and privacy protections in place, Donovan said.
She said the discussion about regulating these businesses should include moving from a focus on protecting enterprise to protecting human rights.
National Plan Required For Consumer Privacy, Congresswoman says
April 1, 2021 — A Congresswoman from Washington State, who introduced federal legislation that would be the first national consumer privacy law if adopted, says the federal government is being outpaced by some states that are implementing their own consumer privacy legislation.
“There is a significant problem with consumer privacy in the US,” said Representative Suzan Delbene on Tuesday during a New Democratic Network event. Delbene introduced her Information Transparency, and Personal Data Control Act, a wide ranging federal privacy legislation, on March 10. Delbene is the vice chair of the Ways and Means Committee, and is the chair of the House New Democrat Coalition caucus.
There is no federal data privacy law, which has forced some states to pursue their own consumer data policies. That includes California and, recently, Virginia. Some have said the concern is that there will be a patchwork of different privacy legislation that may end up just confusing Americans.
“We need a uniform set of rights for consumers and businesses standards to follow in the digital world,” DelBene said.
The bill states that companies must provide privacy polies in plain language, must allow users to opt-in for personal information gathering, must disclose who personal information is being shared with, and must submit to privacy audits every two years. The federal law would also give the government the ability to preempt existing state laws.
Simon Rosenberg, president of New Democrat Network, said about the bill that, “together, we have a lot of work to do in the coming years to restore the promise of the Internet. One of the areas of greatest need is creating a single working privacy standard for the United States.
“In her bill, the approach Representative DelBene takes to protecting Americans’ privacy is smart, measured, and will undoubtedly be highly influential in shaping the approach Congress takes in the days ahead. It is a very welcome addition to the vital debate underway about our digital future,” Rosenberg added.
The purpose of this bill is to ensure that privacy policies are transparent and clear. “Many consumers are given lots of information with lots of legal terms, that leads them to click the accept button without knowing what they have signed up for,” DelBene said.
“There is an urgent need for consumers to understand what data is being shared,” she added. “We want to make sure there is enforcement. The law says that this will be the responsibility of the Federal Trade Commission, so the FTC must have the resources to do this.
“I think my bill is focused on privacy specifically because I think it is foundational. We build on important things, such as AI, facial recognition, and all the other issues we need to address. If we don’t start addressing the issues of data privacy, it will be hard to imagine how it will the expansion of laws to address a broader set of issues that need to get ahead of.”
Congresswoman DelBene believes the bill can be bipartisan, but she wants to make sure Congress understands its importance. “I’m not sure Congress understands these issues, so it takes a collective effort to push it forward.”
DelBene says she’s confident that Congress will follow the bill, despite many congresspeople who she said are hesitant to take that first step.
House Energy and Commerce Chairman Frank Pallone Calls for Update to Children’s Privacy Legislation
March 11, 2021 – House Energy and Commerce Committee Chairman Frank Pallone, D-N.J., on Thursday called for an update to the Children’s Online Privacy Protection Act at subcommittee hearing on “Kids Online During COVID: Child Safety in an Increasingly Digital Age.”
“The challenges children face online existed before the pandemic, but it’s only gotten worse,” he said.
Visiting in person with extended family and friends have so far become a thing of the past as the COVID-19 pandemic continues. Many other in-person activities have been replaced with video games, social media, and other video services.
Kids’ screen time has doubled during the pandemic, said Pallone. The effects of too much screen time can increase instances of anxiety, sleep deprivation, obesity, and cyber bullying, he said.
The increased screen time due to the pandemic has turned consumers into victims of what he called harassment and dark pattern manipulation led by advertisers. Children cannot defend themselves like adults in managing these predatory practices, he said.
“Despite laws to protect children’s privacy, data collection and tracking of children is disturbingly prevalent.” He went on to criticize many apps targeting children on mobile devices are notorious for collecting personal information, which is then bought and sold, resulting in advertising meant to manipulate children.
He said that digital ad spending specifically targeting children was expected to reach $1.7 billion this year. COPPA, which hasn’t been updated since 2013, needs to be updated because, he said, internet companies have since continued to target children.
Cybersecurity
Despite Increasing Risk, Companies Are Still Not Prioritizing Cybersecurity
March 10, 2021 – Experts said Tuesday that cybersecurity should be one of the top priorities for every business, but many businesses still don’t consider it as such.
“I was not that surprised to see 50 percent of executives count it as a high priority,” said Chad Kliewer, the information security officer of Pioneer Telephone Cooperative, at a Tuesday webinar hosted by the Center for Strategic and International Studies.
“Let’s be honest, its not a moneymaker for most people,” he added.
Rep. James Langevin, D-R.I., who is chairman of the House Cyber, Innovative Technologies and Information Systems Subcommittee, was joined by several members of both the public and private sectors discussing cybersecurity for small and medium-sized businesses in the critical infrastructure industry. They used US Telecom’s recent 2021 Cybersecurity Survey as a backdrop for that discussion.
According to the survey, 26 percent of employees, versus 50 percent of executives, consider cybersecurity a high priority. Kliewer expressed disappointment about that gap, saying that for his company, he spends a lot of time focusing on employees and ensuring that they’re all informed on cybersecurity.
One challenge to be addressed to get businesses up to speed on cybersecurity is education and awareness.
Jeff Goldthorp of the Federal Communications Commission suggested on the webinar the possibility of federal agencies to providing “fairly robust and rich and large set of guidance and practices” to a smaller segment of the industry that “has a different set of needs or where the scale is smaller,” he said.
Ola Sage, CEO of CyberRx, expressed similar concern. There could be several reasons why employees don’t make cybersecurity as high a priority as executives, she said, including lack of mechanisms to communicate that message across the company, or employees believing that cybersecurity isn’t their personal responsibility. It comes back to the question of education and awareness, she said.
Langevin said cyber criminals often go after a broad range of targets, hoping to hit the easiest victims. “These criminals go after entities really with the weakest cybersecurity hygiene, which often unfortunately means small businesses,” he said. “Ransomware is rampant right now, and its hitting a lot of small businesses in addition to hospitals or school systems,” he said.
Langevin said cybersecurity monitoring is about “risk management,” which is an ongoing process.
The influence of foreign nation-state adversaries
The webinar came in the wake of other cybersecurity panels and congressional hearings on the recent SolarWinds cyberattack that infiltrated thousands of American companies and federal agencies. The hack is currently being blamed on Russia.
Langevin touched on the influence of foreign nation-state adversaries. “I want to make something perfectly clear: countries like Russia actively aid and abet cyber criminals,” he said.
“We’re really living in a golden age of cyber crime because there are countries, again, that allow and encourage criminals to operate within their borders,” he said. “While some of the talk of norms and the need for stronger cyber diplomacy may seem esoteric, I can really assure you that it is increasingly relevant to stopping the constant stream of intrusions targeting small businesses around the country,” he said.
Eric Goldstein, executive assistant director for cybersecurity at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, said “adversaries of all types are targeting American businesses now.
“It is not just the case that if you are a company that has highly sensitive [intellectual property] or provides critical infrastructure that you are the only type of company at risk. We are now seeing adversaries, including criminal groups, that will launch what I call indiscriminate attacks targeting anybody in this country with a vulnerability,” he said.
“Every company in America is at risk,” he said, adding they need to “take urgent steps to manage vulnerabilities in their IT infrastructure.”
