Connect with us

Privacy

Colorado Attorney General Phil Weiser Takes Aim at Big Tech and Big Telecom

What should state leaders be doing to procure a safer, healthier information environment?

Published

on

Photo of Jessica Dheere and Phil Weiser by Drew Clark

KEYSTONE, Colorado, May 27, 2022 – Colorado Attorney General Phil Weiser advised state and local leaders to devote resources both toward creating strong data privacy measures and developing broadband deployment initiatives.

Speaking on Wednesday at the Mountain Connect conference here, Weiser split his time being critical Big Tech and inadequate broadband.With a large amount of federal resource devoted toward broadband deployment  focused on areas without high-quality broadband, Weiser said that Colorado had a key priority to double-check the accuracy of federal  broadband maps.

Weiser is deeply involved in technology and telecommunications issues because of his work as the founder of Silicon Flatirons, a research center at the University of Colorado at Boulder. He was interviewed by Jessica Dheere, director of Ranking Digital Rights, a program of the New American think tank in Washington.

Community Crowdsourcing Efforts Essential to Accessing Federal Broadband Funding

But while heartened by the possible rollout of more reliable, affordable internet access being spurred by the Infrastructure Investment and Jobs Act, the pair was sobered by the dilemmas associated with Big Tech.

Dheere described a few of the social concerns of the big data era, including: Information overload, companies’ collection of vast amounts of data processed through algorithms, cloud services encouraging people to store their data and essential documentation on virtual servers, addiction to social media platforms and virality, and government technologies that make decisions for people.

“How do we take advantage of the amazing opportunities broadband creates for us, without sacrificing our civil and human rights, without being dehumanized by the technologies themselves and the corporations and institutions we interact with?” Dheere asked.

“We talked here about broadband as the great connector, but we also need to address the potential harms and create strategies for mitigating them.”

Bringing problems and solutions to the local level

Weiser responded that, “We need to focus on our state and local opportunities to solve problems together.”

He reflected on time he spent, more than a decade ago, working to create privacy legislation while working in the Obama administration. Such a bill would presumably give consumers more choice and awareness on how their data is collected and used, but no such federal measure has passed.

Now as a top state government official, Weiser has been supportive of state data privacy laws. Last year the state passed the Colorado Privacy Act, and his office as the state attorney general is required this fall to issue rules that will go into effect on July 1, 2023.

Colorado is the third state, after California and Virginia, to pass a comprehensive data privacy bill. Yet Weiser said that the rules to be crafted under Colorado’s privacy bill are principles-based and will be less prescriptive than California’s and Virginia’s.

Giving users more control over their data

“The core promise here is to give consumers basic control over their data,” he explained. “What information is being collected about you? Is it true? Are you okay with it being shared to other people? Do businesses actually have to assess what data they’re collecting, and ask themselves if it’s necessary?”

Notable provisions in the law include a “universal opt-out mechanism” which allows Coloradans to freely and easily opt out of their personal data being sold and used for targeted advertising.

The Colorado Privacy Act further requires users to opt-in for the processing of “sensitive data,” and grants district attorneys, as well as the state attorney general, to enforce the statute.

For more on how Colorado’s Privacy Act compares to other states, see Colorado’s New Data Privacy Law: Comparing to Other States and Looking Ahead.

Contributing Reporter Jericho Casper graduated from the University of Virginia studying media policy. She grew up in Newport News in an area heavily impacted by the digital divide and has a passion for universal access and a vendetta against anyone who stands in the way of her getting better broadband.

Privacy

As States Take Action Against TikTok, Major Privacy Legislation Seems Unlikely

Californians’ opposition to the ADPPA’s preemption provision may be the end of the comprehensive bipartisan privacy bill.

Published

on

WASHINGTON, December 7, 2022 — The comprehensive privacy legislation currently stalled in Congress could provide a strong solution to growing privacy and cybersecurity threats, including significant concerns about TikTok’s data collection practices, according to panelists at a Broadband Breakfast event Wednesday.

The American Data Privacy and Protection Act is a long-awaited bipartisan effort that garnered widespread support before being held back by Speaker Nancy Pelosi, D-Calif., due to its preemption provision. California officials have claimed that the ADPPA is weaker than the state’s existing privacy law.

If the ADPPA fails to pass now, it is even less likely to pass under a Republican-controlled House that will probably favor even less preemption, said Cameron Kerry, a visiting fellow at the Brookings Institution’s Center for Technology Innovation. “We may be back to impasse before we get to some kind of new compromise, and I don’t know that any new compromise can be better than what’s on the table today.”

Despite Pelosi’s opposition to the bill, the state law is actually fairly similar to the ADPPA, said Lauren Zabierek, executive director of the Harvard Kennedy School’s Cyber Project.

“There’s a couple of things where maybe California is just a little bit stronger, but there’s a lot of areas where it seems that the federal bill is actually much stronger,” she added.

This claim is backed up by a thorough comparison chart created in July by the Electronic Privacy Information Center and the Lawyers’ Committee for Civil Rights Under Law. Several industry groups also expressed agreement in a letter to Pelosi, noting that the ADPPA includes algorithmic bias testing, limits on targeted advertising to kids and other protections not present in the California law.

TikTok takes the digital privacy spotlight, with several states announcing limited bans

Social media platform TikTok is at the center of many privacy and cybersecurity debates, with the Federal Communications Commission’s Brendan Carr saying in November he believed banning the platform altogether was the only path forward.

Rick Lane, CEO of Iggy Ventures, said that he supported a general TikTok ban and predicted that it would happen within the next six months.

“The ability to collect very large amounts of data from Americans in order to build their AI is a core piece of the CCP’s efforts in terms of domination in world markets,” he said.

Brandon Pugh, policy counsel at the R Street Institute, agreed that Congress will likely call for further investigation into the security concerns surrounding TikTok, although not necessarily impose a complete ban.

In the absence of a national standard, states are likely to continue creating a disparate patchwork of privacy laws, Pugh said.

State governments are already mobilizing against TikTok. Maryland Gov. Larry Hogan and Texas Gov. Greg Abbott both announced Wednesday that TikTok would be prohibited on government devices. These directives followed a Nov. 29 executive order issued by South Dakota Gov. Kristi Noem that similarly banned the app from the devices of government employees and contractors.

Several other states have indicated that they will soon follow suit.

In a separate attack on the platform, Indiana Attorney General Todd Rokita filed two lawsuits against TikTok on Wednesday, calling the app “a malicious and menacing threat.”

The lawsuits claim that TikTok’s data collection practices violate consumer protection laws and that the company falsely markets the app as being safe for teenagers while presenting them with inappropriate content.

Child-specific privacy bill seems more likely to pass

Another piece of bipartisan privacy legislation making its way through Congress is the Kids Online Safety Act, which would create a broad “duty of care” requirement for tech platforms to shield underage users from harmful content. Broadband Breakfast panelists predicted that it is likely to pass during the lame duck period.

The group on the webcast indicated general support for KOSA, while also saying that it shouldn’t come at the cost of a more comprehensive federal privacy bill. The ADPPA already includes several protections for children, such as prohibiting targeted advertising to anyone 16 and under.

Several industry experts and organizations have raised more substantive concerns over KOSA.

“Instead of protecting kids, KOSA actively harms them—a pretty terrible tradeoff for violating the First Amendment, which this bill also does,” said Ari Cohn, free speech counsel for TechFreedom, in a press release Wednesday. Cohn was not on the Broadband Breakfast panel.

Online services would have to verify the ages of all users to comply with KOSA, Cohn argued, and this would violate users’ right to read and communicate anonymously.

But TechFreedom was not alone in raising concerns. Organizations including Ranking Digital Rights and the American Civil Liberties Union opposed KOSA in a letter to senate leadership. The bill would force internet providers to use invasive filtering and monitoring tools and incentivize increased consumer data collection, they argued.

Our Broadband Breakfast Live Online events take place on Wednesday at 12 Noon ET. Watch the event on Broadband Breakfast, or REGISTER HERE to join the conversation.

Wednesday, December 7, 2022, 12 Noon ET – What to Expect from Congress on Social Media and Privacy Regulation

With both Republicans and Democrats having concerns about social media and data privacy, how will the new Congress tackle these issues in the 118th Congress next year? We’ll also review the status of the substantial American Data Privacy and Protection Act in the 117th Congress. At one point, it seemed primed to become the strongest federal privacy legislation ever passed. Now, it might not even make it to the House floor after opposition to its preemption provisions.

Meanwhile, the Big Tech privacy landscape is rapidly shifting: Apple’s steps toward consumer privacy are cutting into ad revenue for companies like Meta, and Federal Communications Commissioner Brendan Carr has called for a complete ban of TikTok over data privacy concerns. What, if anything, will the 118th Congress do in response?

Panelists:

  • Cameron Kerry, Distinguished Visiting Fellow, Governance Studies, Center for Technology Innovation, Brookings Institution
  • Rick Lane, CEO, Iggy Ventures
  • Brandon Pugh, Resident Senior Fellow and Policy Counsel, Cybersecurity and Emerging Threats, R Street Institute
  • Lauren Zabierek, Executive Director, Cyber Project, Harvard Kennedy School’s Belfer Center for Science and International Affairs
  • Drew Clark (moderator), Editor and Publisher, Broadband Breakfast

Panelist resources:

Cameron Kerry is a global thought leader on privacy, artificial intelligence, and cross-border challenges in information technology. He joined Governance Studies and the Center for Technology Innovation at Brookings in December 2013 as the first Ann R. and Andrew H. Tisch Distinguished Visiting Fellow. Previously, Kerry served as general counsel and acting secretary of the U.S. Department of Commerce, where he was a leader on a wide of range of issues including technology, trade, and economic growth and security.

Rick Lane is a tech policy expert, child safety advocate, and the founder and CEO of Iggy Ventures. Iggy advises and invests in companies and projects that can have a positive social impact. Before starting Iggy, Rick served 15 years as the Senior Vice President of Government Affairs of 21st Century Fox and was the first eCommerce and Internet Technology director for the US Chamber of Commerce.

Brandon Pugh is a Resident Senior Fellow and Policy Counsel for the R Street Institute’s Cybersecurity and Emerging Threats team, where he leads the data privacy and security portfolio. He also serves as an international law officer in the Army Reserve. Previously, he served in elected and appointed office, managed a cyberwarfare publication, and was counsel for a state legislature, among other roles.

Lauren Zabierek is the Acting Executive Director of the Harvard Kennedy School’s Belfer Center for Science and International Affairs and the Executive Director of the Center’s Cyber Project, a policy-relevant research program. She is a graduate of the Kennedy School, a US Air Force veteran and a former civilian analyst in the Intelligence Community.

Drew Clark (moderator) is CEO of Breakfast Media LLC, the Editor and Publisher of BroadbandBreakfast.com and a nationally-respected telecommunications attorney. Under the American Recovery and Reinvestment Act of 2009, he served as head of the State Broadband Initiative in Illinois. Now, in light of the 2021 Infrastructure Investment and Jobs Act, attorney Clark helps fiber-based and wireless clients secure funding, identify markets, broker infrastructure and operate in the public right of way.

Photoillustration from the Electronic Frontier Foundation

WATCH HERE, or on YouTubeTwitter and Facebook.

As with all Broadband Breakfast Live Online events, the FREE webcasts will take place at 12 Noon ET on Wednesday.

SUBSCRIBE to the Broadband Breakfast YouTube channel. That way, you will be notified when events go live. Watch on YouTubeTwitter and Facebook

See a complete list of upcoming and past Broadband Breakfast Live Online events.

Continue Reading

Robocall

Experts Discuss Enforcement Against Imposter Fraud, Other Consumer Protection Issues

Imposter fraud is a particularly predatory offshoot of robocalling, often involving extremely sophisticated scams.

Published

on

Image by Ityuan used under license from Adobe Stock

WASHINGTON, December 6, 2022 — Consumer protection efforts from telecommunications companies and federal agencies need to tackle imposter fraud in addition to robocalling, said experts at a Federal Communications Bar Association event Monday.

Imposter fraud is a particularly predatory offshoot of robocalling, involving real individuals instead of or in addition to automated messages. These scams can be very sophisticated and tailored toward individual consumers, panelists said.

By pretending to be associated with the IRS or government aid programs, imposter fraud primarily targets vulnerable communities, including non-native English speakers, low-income individuals and the elderly.

State and federal enforcement agencies should take more aggressive action to stop these bad actors, panelists said.

Another important step toward consumer protection is updating education efforts to reflect the increasing sophistication and complexity of scams. Many consumers rely on security advice that is now outdated, said Harold Feld, senior vice president at Public Knowledge.

“The idea of, ‘Don’t click the link, you should call someone”—well, now they fake numbers,” he said. “So if you call rather than click the link, you’re still talking to a to a criminal.”

While many consumers know to not give out their bank information or social security number, newer scams frequently ask for information that may seem less important, such as utility account numbers. Scammers can then use that information to perpetrate various forms of identity theft.

With scamming tactics changing every few months, telecommunications companies should provide continued consumer education beyond their initial onboarding, said Stuart Drobny, president of Stumar Investigations.

Panelists discussed a variety of actions being taken to combat robocalls, generally describing them as positive steps but not full solutions.

Although STIR/SHAKEN implementation – the Federal Communications Commission’s framework to combat illegal robocalls – has made progress, bad actors have found a workaround by purchasing thousands of legitimate phone numbers, said Diana Eisner, vice president of policy and advocacy at USTelecom.

The FCC’s actions against voice over internet protocol providers are “very promising and so far have been proven to be very effective,” said Len Briley, senior legal counsel for DIRECTV.

Other consumer protection issues involve the ACP and provider disclosures

Panelists also discussed the benefits and weaknesses of the FCC’s Affordable Connectivity Program, which subsidizes internet services for low-income households.

The ACP has been life-changing for many of the program’s participants, Feld said, citing a digital equity report released by Cox on Friday. About half of the survey participants reported that they had been unable to afford home internet prior to the ACP. Nearly all participants reported significant benefits from home internet, particularly for participating in remote learning, accessing educational resources and completing schoolwork from home.

Despite the program’s value, it has also been the subject of multiple fraud controversies. Some of these problems have emerged when consumers are not fully informed about the requirements, Feld said.

“You have lifeline recipients who get a contact from their phone lifeline provider and they say, ‘Hey, we’d like to upgrade you to a new contract,’ and they don’t tell them that it’s an ACP program… and then when [consumers] try to apply their ACP benefit, which is a one per household for a wireline connection, they discover that they can’t because they have used their ACP benefit for wireless.”

In October, Rep. Frank Pallone, Jr., D-N.J., raised concerns about several internet service providers engaging in potential “abusive, misleading, fraudulent, or otherwise predatory behaviors” related to the ACP.

Another FCC consumer protection initiative is the new broadband “nutrition label” requirement, mandating that internet providers display standardized performance metrics, monthly rates and other relevant information at points of sale.

Eisner praised the initiative, saying that the FCC had reached a good balance of ensuring that the labels would present important information without becoming unwieldy or overly complicated.

Although consumer groups called for a requirement that these labels be included on monthly internet bills, this requirement did not make it into the final order. In failing to include it, the FCC “missed something that would be a very significant benefit to consumers,” Feld said.

Continue Reading

Expert Opinion

Dmitry Sumin: What to Do About Flash Calls, the New SMS Replacement

Why are flash calls on the rise and how do operators handle them to maximize revenue?

Published

on

The author of this Expert Opinion is Dmitry Sumin, AB Handshake Corporation Head of Products

Chances are you’ve received several flash calls this week when registering for a new app or verifying a transaction. Flash calls are almost instantly dropped calls that deliver one-time passcodes to users, verifying their phone numbers and actions. Many prominent apps and companies, such as Viber, Telegram, WhatsApp, and TikTok, use flash calls as a cheaper, faster, and more user-friendly alternative to application-to-person SMS.

With the flash call volume expected to increase 25-fold from 2022 to 2026, from five to 130 billion, it’s no wonder they’re a hot topic in the telecom industry.

But what’s the problem, you may ask?

The problem is that there is currently no way for operators to bill zero-duration calls. This means operators don’t make any termination revenue from flash calls, which overload networks. What’s more, operators lose SMS termination revenues as businesses switch to flash calls. SMS business messaging accounts for up to five percent of total operator-billed revenue in 2021, so you can see the scale of potential revenue losses for operators. 

In this article, I’ll discuss why flash calls are on the rise, why it’s difficult to detect and monetize them, and what operators can do about this.

Why are flash calls overtaking SMS passcodes?

Previously, application-to-person SMS was a popular way to deliver one-time passwords. But enterprises and communication service providers are increasingly switching to flash calls because they have several disruptive advantages over SMS.

First and foremost, flash calls are considerably cheaper than SMS, sometimes costing up to eight times less. Cost of delivery is, of course, a prime concern for apps and enterprises.

Second, flash calls ensure smooth user interaction, which boosts user satisfaction and retention. On Androids, mobile apps automatically extract flash call passcodes. This makes the two-factor authentication process fast and frictionless. In comparison, SMS passcodes require users to read the SMS and sometimes insert the code manually.

Third, on average flash calls reach users within 15 seconds, while SMS sometimes take 20 seconds or longer. The delivery speed of flash calls also improves the user experience.

The problem: Flash calls erode operators’ SMS revenues

While offering notable advantages for apps, flash call service providers, and end users, flash calls create numerous challenges for operators and transit carriers.

As we discussed before, flash calls erode operators’ SMS revenues because much of the new flash call traffic will be shifted away from current SMS business messaging. The issue is only going to become more pressing as the volume of flash calls grows.

So from the operator’s standpoint, flash calls reduce revenue, disrupt relations with interconnect partners, and overload networks. However, there is still no industry consensus on how to handle flash calls: block them like spam and fraudulent traffic or find a monetization model for this verification channel, like for application-to-person SMS.

Accurate detection of flash calls is a challenge

The first crucial step that gives operators the upper hand is accurately detecting flash calls.

This is difficult because operators have no way of discerning legitimate verification flash calls from fraud schemes that rely on drop calls, such as wangiri. The wangiri fraud scheme uses instantly dropped calls to trick users into calling back premium rate numbers. In addition, flash calls need to be distinguished from genuine missed calls placed by customers.

The problem is that even advanced AI-powered fraud management systems struggle to accurately differentiate between various zero-duration calls. The task requires AI engines to be trained on large volumes of relevant traffic coupled with analysis of hundreds of specific call parameters.

Dedicated anti-fraud solutions are the answer

There are only a few solutions on the market that are capable of accurately distinguishing flash calls from other zero-duration calls. Dedicated fraud management vendors have made progress on this difficult task.

The highest accuracy of flash call detection now available on the market is 99.92 percent. Such tools allow operators to precisely determine the ranges from which flash calls are sent. As a result, operators can make an informed decision on how to treat flash calls to maximize revenue and can proactively negotiate with flash call providers.

Flash call detection creates new opportunities

Our team estimates that flash calls make up to four percent of Tier one operators’ international voice traffic. Without accurate detection and a billing strategy, this portion of traffic overloads operators’ networks and offers no revenue. However, with proper detection flash calls offer a new business opportunity.

Now is a crucial time for operators to start implementing flash call detection into their system and capitalize on the trend.

There are a few anti-fraud solutions on the market that give operators all the necessary information to negotiate a billing agreement with a flash call provider. Once an agreement has been reached, all flash calls coming from this provider will be monetized, much like SMS.

All flash calls not covered by agreements can be blocked automatically. This will help to restore SMS revenues. Once a flash call has been blocked, subscribers will most likely receive an SMS passcode sent as a fallback.

Moreover, modern solutions don’t affect any legitimate traffic because they only block selected ranges. This also helps to prevent revenue loss.

Essentially, the choice of how to handle flash calls comes down to each operator. However, without a powerful anti-fraud solution capable of accurately detecting flash calls in real time, it’s nearly impossible to monetize flash calls effectively and develop a billing strategy.

Dmitry Sumin is the Head of Products at the AB Handshake Corporation. He has more than 15 years of experience in international roaming, interconnect and fraud management. Since graduating from Moscow State University, he has worked for both vendors and network operators in the MVNO and telecommunications market. This piece is exclusive to Broadband Breakfast.

Broadband Breakfast accepts commentary from informed observers of the broadband scene. Please send pieces to commentary@breakfast.media. The views reflected in Expert Opinion pieces do not necessarily reflect the views of Broadband Breakfast and Breakfast Media LLC.

Continue Reading

Signup for Broadband Breakfast

Get twice-weekly Breakfast Media news alerts.
* = required field

Broadband Breakfast Research Partner

Trending