Connect with us

Privacy

Conservative Think Tank says FTC Should Be Sole Federal Privacy Regulator

‘The key to striking the right balance lies in ‘guided FTC rulemaking’ in a federal law, echoed by privacy experts and private sector companies alike.’

Published

on

Photo of Lauren Zabierek, Executive Director of the Cyber Project, Harvard Kennedy School

WASHINGTON, June 2, 2022 – As states begin to pass their own privacy laws, experts from conservative group the R Street Institute pushed for a federal privacy law with the Federal Trade Commission as the “primary enforcer.”

“We need to have one standard, one set of laws. It should not matter where you live…you should have the exact same basic privacy rights as anyone, anywhere,” Brandon Pugh, senior fellow and policy counsel at R Street, said at an R Street event Wednesday. He added that California, Colorado, Virginia and Utah have their own privacy laws. “If we don’t do a federal law, [more] will continue.”

During Wednesday’s event, Lauren Zabierek, executive director of the Cyber Project at Harvard Kennedy School, said that the FTC should have “the primary role for overseeing privacy regulation,” while Pugh said that this would avoid a “patchwork of agencies all taking a different element of privacy.”

In a blog post on its website on Tuesday, R Street said, “The key to striking the right balance lies in ‘guided FTC rulemaking’ in a federal law, echoed by privacy experts and private sector companies alike.” That conclusion was drawn after receiving feedback from 130 stakeholders, the think tank said.

Data privacy is one of the most pressing issues in the U.S. “The United States is one of the industrialized countries that lacks a single, national data privacy law,” said cyber experts from the R Street Institute. “The current lack of federal privacy legislation affects the economy, national security and consumer safety and is—at its most basic level—not a controversial issue for most Americans.”

Because of this, “multiple leaders of top-tier tech companies have, in recent weeks, called for privacy legislation.”

Reporter Riley Haight studied sociology at Brigham Young University. She has a passion for human rights and effective communication. She embraces the opportunity to learn and interact with those from diverse backgrounds.

Privacy

As States Take Action Against TikTok, Major Privacy Legislation Seems Unlikely

Californians’ opposition to the ADPPA’s preemption provision may be the end of the comprehensive bipartisan privacy bill.

Published

on

WASHINGTON, December 7, 2022 — The comprehensive privacy legislation currently stalled in Congress could provide a strong solution to growing privacy and cybersecurity threats, including significant concerns about TikTok’s data collection practices, according to panelists at a Broadband Breakfast event Wednesday.

The American Data Privacy and Protection Act is a long-awaited bipartisan effort that garnered widespread support before being held back by Speaker Nancy Pelosi, D-Calif., due to its preemption provision. California officials have claimed that the ADPPA is weaker than the state’s existing privacy law.

If the ADPPA fails to pass now, it is even less likely to pass under a Republican-controlled House that will probably favor even less preemption, said Cameron Kerry, a visiting fellow at the Brookings Institution’s Center for Technology Innovation. “We may be back to impasse before we get to some kind of new compromise, and I don’t know that any new compromise can be better than what’s on the table today.”

Despite Pelosi’s opposition to the bill, the state law is actually fairly similar to the ADPPA, said Lauren Zabierek, executive director of the Harvard Kennedy School’s Cyber Project.

“There’s a couple of things where maybe California is just a little bit stronger, but there’s a lot of areas where it seems that the federal bill is actually much stronger,” she added.

This claim is backed up by a thorough comparison chart created in July by the Electronic Privacy Information Center and the Lawyers’ Committee for Civil Rights Under Law. Several industry groups also expressed agreement in a letter to Pelosi, noting that the ADPPA includes algorithmic bias testing, limits on targeted advertising to kids and other protections not present in the California law.

TikTok takes the digital privacy spotlight, with several states announcing limited bans

Social media platform TikTok is at the center of many privacy and cybersecurity debates, with the Federal Communications Commission’s Brendan Carr saying in November he believed banning the platform altogether was the only path forward.

Rick Lane, CEO of Iggy Ventures, said that he supported a general TikTok ban and predicted that it would happen within the next six months.

“The ability to collect very large amounts of data from Americans in order to build their AI is a core piece of the CCP’s efforts in terms of domination in world markets,” he said.

Brandon Pugh, policy counsel at the R Street Institute, agreed that Congress will likely call for further investigation into the security concerns surrounding TikTok, although not necessarily impose a complete ban.

In the absence of a national standard, states are likely to continue creating a disparate patchwork of privacy laws, Pugh said.

State governments are already mobilizing against TikTok. Maryland Gov. Larry Hogan and Texas Gov. Greg Abbott both announced Wednesday that TikTok would be prohibited on government devices. These directives followed a Nov. 29 executive order issued by South Dakota Gov. Kristi Noem that similarly banned the app from the devices of government employees and contractors.

Several other states have indicated that they will soon follow suit.

In a separate attack on the platform, Indiana Attorney General Todd Rokita filed two lawsuits against TikTok on Wednesday, calling the app “a malicious and menacing threat.”

The lawsuits claim that TikTok’s data collection practices violate consumer protection laws and that the company falsely markets the app as being safe for teenagers while presenting them with inappropriate content.

Child-specific privacy bill seems more likely to pass

Another piece of bipartisan privacy legislation making its way through Congress is the Kids Online Safety Act, which would create a broad “duty of care” requirement for tech platforms to shield underage users from harmful content. Broadband Breakfast panelists predicted that it is likely to pass during the lame duck period.

The group on the webcast indicated general support for KOSA, while also saying that it shouldn’t come at the cost of a more comprehensive federal privacy bill. The ADPPA already includes several protections for children, such as prohibiting targeted advertising to anyone 16 and under.

Several industry experts and organizations have raised more substantive concerns over KOSA.

“Instead of protecting kids, KOSA actively harms them—a pretty terrible tradeoff for violating the First Amendment, which this bill also does,” said Ari Cohn, free speech counsel for TechFreedom, in a press release Wednesday. Cohn was not on the Broadband Breakfast panel.

Online services would have to verify the ages of all users to comply with KOSA, Cohn argued, and this would violate users’ right to read and communicate anonymously.

But TechFreedom was not alone in raising concerns. Organizations including Ranking Digital Rights and the American Civil Liberties Union opposed KOSA in a letter to senate leadership. The bill would force internet providers to use invasive filtering and monitoring tools and incentivize increased consumer data collection, they argued.

Our Broadband Breakfast Live Online events take place on Wednesday at 12 Noon ET. Watch the event on Broadband Breakfast, or REGISTER HERE to join the conversation.

Wednesday, December 7, 2022, 12 Noon ET – What to Expect from Congress on Social Media and Privacy Regulation

With both Republicans and Democrats having concerns about social media and data privacy, how will the new Congress tackle these issues in the 118th Congress next year? We’ll also review the status of the substantial American Data Privacy and Protection Act in the 117th Congress. At one point, it seemed primed to become the strongest federal privacy legislation ever passed. Now, it might not even make it to the House floor after opposition to its preemption provisions.

Meanwhile, the Big Tech privacy landscape is rapidly shifting: Apple’s steps toward consumer privacy are cutting into ad revenue for companies like Meta, and Federal Communications Commissioner Brendan Carr has called for a complete ban of TikTok over data privacy concerns. What, if anything, will the 118th Congress do in response?

Panelists:

  • Cameron Kerry, Distinguished Visiting Fellow, Governance Studies, Center for Technology Innovation, Brookings Institution
  • Rick Lane, CEO, Iggy Ventures
  • Brandon Pugh, Resident Senior Fellow and Policy Counsel, Cybersecurity and Emerging Threats, R Street Institute
  • Lauren Zabierek, Executive Director, Cyber Project, Harvard Kennedy School’s Belfer Center for Science and International Affairs
  • Drew Clark (moderator), Editor and Publisher, Broadband Breakfast

Panelist resources:

Cameron Kerry is a global thought leader on privacy, artificial intelligence, and cross-border challenges in information technology. He joined Governance Studies and the Center for Technology Innovation at Brookings in December 2013 as the first Ann R. and Andrew H. Tisch Distinguished Visiting Fellow. Previously, Kerry served as general counsel and acting secretary of the U.S. Department of Commerce, where he was a leader on a wide of range of issues including technology, trade, and economic growth and security.

Rick Lane is a tech policy expert, child safety advocate, and the founder and CEO of Iggy Ventures. Iggy advises and invests in companies and projects that can have a positive social impact. Before starting Iggy, Rick served 15 years as the Senior Vice President of Government Affairs of 21st Century Fox and was the first eCommerce and Internet Technology director for the US Chamber of Commerce.

Brandon Pugh is a Resident Senior Fellow and Policy Counsel for the R Street Institute’s Cybersecurity and Emerging Threats team, where he leads the data privacy and security portfolio. He also serves as an international law officer in the Army Reserve. Previously, he served in elected and appointed office, managed a cyberwarfare publication, and was counsel for a state legislature, among other roles.

Lauren Zabierek is the Acting Executive Director of the Harvard Kennedy School’s Belfer Center for Science and International Affairs and the Executive Director of the Center’s Cyber Project, a policy-relevant research program. She is a graduate of the Kennedy School, a US Air Force veteran and a former civilian analyst in the Intelligence Community.

Drew Clark (moderator) is CEO of Breakfast Media LLC, the Editor and Publisher of BroadbandBreakfast.com and a nationally-respected telecommunications attorney. Under the American Recovery and Reinvestment Act of 2009, he served as head of the State Broadband Initiative in Illinois. Now, in light of the 2021 Infrastructure Investment and Jobs Act, attorney Clark helps fiber-based and wireless clients secure funding, identify markets, broker infrastructure and operate in the public right of way.

Photoillustration from the Electronic Frontier Foundation

WATCH HERE, or on YouTubeTwitter and Facebook.

As with all Broadband Breakfast Live Online events, the FREE webcasts will take place at 12 Noon ET on Wednesday.

SUBSCRIBE to the Broadband Breakfast YouTube channel. That way, you will be notified when events go live. Watch on YouTubeTwitter and Facebook

See a complete list of upcoming and past Broadband Breakfast Live Online events.

Continue Reading

Robocall

Experts Discuss Enforcement Against Imposter Fraud, Other Consumer Protection Issues

Imposter fraud is a particularly predatory offshoot of robocalling, often involving extremely sophisticated scams.

Published

on

Image by Ityuan used under license from Adobe Stock

WASHINGTON, December 6, 2022 — Consumer protection efforts from telecommunications companies and federal agencies need to tackle imposter fraud in addition to robocalling, said experts at a Federal Communications Bar Association event Monday.

Imposter fraud is a particularly predatory offshoot of robocalling, involving real individuals instead of or in addition to automated messages. These scams can be very sophisticated and tailored toward individual consumers, panelists said.

By pretending to be associated with the IRS or government aid programs, imposter fraud primarily targets vulnerable communities, including non-native English speakers, low-income individuals and the elderly.

State and federal enforcement agencies should take more aggressive action to stop these bad actors, panelists said.

Another important step toward consumer protection is updating education efforts to reflect the increasing sophistication and complexity of scams. Many consumers rely on security advice that is now outdated, said Harold Feld, senior vice president at Public Knowledge.

“The idea of, ‘Don’t click the link, you should call someone”—well, now they fake numbers,” he said. “So if you call rather than click the link, you’re still talking to a to a criminal.”

While many consumers know to not give out their bank information or social security number, newer scams frequently ask for information that may seem less important, such as utility account numbers. Scammers can then use that information to perpetrate various forms of identity theft.

With scamming tactics changing every few months, telecommunications companies should provide continued consumer education beyond their initial onboarding, said Stuart Drobny, president of Stumar Investigations.

Panelists discussed a variety of actions being taken to combat robocalls, generally describing them as positive steps but not full solutions.

Although STIR/SHAKEN implementation – the Federal Communications Commission’s framework to combat illegal robocalls – has made progress, bad actors have found a workaround by purchasing thousands of legitimate phone numbers, said Diana Eisner, vice president of policy and advocacy at USTelecom.

The FCC’s actions against voice over internet protocol providers are “very promising and so far have been proven to be very effective,” said Len Briley, senior legal counsel for DIRECTV.

Other consumer protection issues involve the ACP and provider disclosures

Panelists also discussed the benefits and weaknesses of the FCC’s Affordable Connectivity Program, which subsidizes internet services for low-income households.

The ACP has been life-changing for many of the program’s participants, Feld said, citing a digital equity report released by Cox on Friday. About half of the survey participants reported that they had been unable to afford home internet prior to the ACP. Nearly all participants reported significant benefits from home internet, particularly for participating in remote learning, accessing educational resources and completing schoolwork from home.

Despite the program’s value, it has also been the subject of multiple fraud controversies. Some of these problems have emerged when consumers are not fully informed about the requirements, Feld said.

“You have lifeline recipients who get a contact from their phone lifeline provider and they say, ‘Hey, we’d like to upgrade you to a new contract,’ and they don’t tell them that it’s an ACP program… and then when [consumers] try to apply their ACP benefit, which is a one per household for a wireline connection, they discover that they can’t because they have used their ACP benefit for wireless.”

In October, Rep. Frank Pallone, Jr., D-N.J., raised concerns about several internet service providers engaging in potential “abusive, misleading, fraudulent, or otherwise predatory behaviors” related to the ACP.

Another FCC consumer protection initiative is the new broadband “nutrition label” requirement, mandating that internet providers display standardized performance metrics, monthly rates and other relevant information at points of sale.

Eisner praised the initiative, saying that the FCC had reached a good balance of ensuring that the labels would present important information without becoming unwieldy or overly complicated.

Although consumer groups called for a requirement that these labels be included on monthly internet bills, this requirement did not make it into the final order. In failing to include it, the FCC “missed something that would be a very significant benefit to consumers,” Feld said.

Continue Reading

Expert Opinion

Dmitry Sumin: What to Do About Flash Calls, the New SMS Replacement

Why are flash calls on the rise and how do operators handle them to maximize revenue?

Published

on

The author of this Expert Opinion is Dmitry Sumin, AB Handshake Corporation Head of Products

Chances are you’ve received several flash calls this week when registering for a new app or verifying a transaction. Flash calls are almost instantly dropped calls that deliver one-time passcodes to users, verifying their phone numbers and actions. Many prominent apps and companies, such as Viber, Telegram, WhatsApp, and TikTok, use flash calls as a cheaper, faster, and more user-friendly alternative to application-to-person SMS.

With the flash call volume expected to increase 25-fold from 2022 to 2026, from five to 130 billion, it’s no wonder they’re a hot topic in the telecom industry.

But what’s the problem, you may ask?

The problem is that there is currently no way for operators to bill zero-duration calls. This means operators don’t make any termination revenue from flash calls, which overload networks. What’s more, operators lose SMS termination revenues as businesses switch to flash calls. SMS business messaging accounts for up to five percent of total operator-billed revenue in 2021, so you can see the scale of potential revenue losses for operators. 

In this article, I’ll discuss why flash calls are on the rise, why it’s difficult to detect and monetize them, and what operators can do about this.

Why are flash calls overtaking SMS passcodes?

Previously, application-to-person SMS was a popular way to deliver one-time passwords. But enterprises and communication service providers are increasingly switching to flash calls because they have several disruptive advantages over SMS.

First and foremost, flash calls are considerably cheaper than SMS, sometimes costing up to eight times less. Cost of delivery is, of course, a prime concern for apps and enterprises.

Second, flash calls ensure smooth user interaction, which boosts user satisfaction and retention. On Androids, mobile apps automatically extract flash call passcodes. This makes the two-factor authentication process fast and frictionless. In comparison, SMS passcodes require users to read the SMS and sometimes insert the code manually.

Third, on average flash calls reach users within 15 seconds, while SMS sometimes take 20 seconds or longer. The delivery speed of flash calls also improves the user experience.

The problem: Flash calls erode operators’ SMS revenues

While offering notable advantages for apps, flash call service providers, and end users, flash calls create numerous challenges for operators and transit carriers.

As we discussed before, flash calls erode operators’ SMS revenues because much of the new flash call traffic will be shifted away from current SMS business messaging. The issue is only going to become more pressing as the volume of flash calls grows.

So from the operator’s standpoint, flash calls reduce revenue, disrupt relations with interconnect partners, and overload networks. However, there is still no industry consensus on how to handle flash calls: block them like spam and fraudulent traffic or find a monetization model for this verification channel, like for application-to-person SMS.

Accurate detection of flash calls is a challenge

The first crucial step that gives operators the upper hand is accurately detecting flash calls.

This is difficult because operators have no way of discerning legitimate verification flash calls from fraud schemes that rely on drop calls, such as wangiri. The wangiri fraud scheme uses instantly dropped calls to trick users into calling back premium rate numbers. In addition, flash calls need to be distinguished from genuine missed calls placed by customers.

The problem is that even advanced AI-powered fraud management systems struggle to accurately differentiate between various zero-duration calls. The task requires AI engines to be trained on large volumes of relevant traffic coupled with analysis of hundreds of specific call parameters.

Dedicated anti-fraud solutions are the answer

There are only a few solutions on the market that are capable of accurately distinguishing flash calls from other zero-duration calls. Dedicated fraud management vendors have made progress on this difficult task.

The highest accuracy of flash call detection now available on the market is 99.92 percent. Such tools allow operators to precisely determine the ranges from which flash calls are sent. As a result, operators can make an informed decision on how to treat flash calls to maximize revenue and can proactively negotiate with flash call providers.

Flash call detection creates new opportunities

Our team estimates that flash calls make up to four percent of Tier one operators’ international voice traffic. Without accurate detection and a billing strategy, this portion of traffic overloads operators’ networks and offers no revenue. However, with proper detection flash calls offer a new business opportunity.

Now is a crucial time for operators to start implementing flash call detection into their system and capitalize on the trend.

There are a few anti-fraud solutions on the market that give operators all the necessary information to negotiate a billing agreement with a flash call provider. Once an agreement has been reached, all flash calls coming from this provider will be monetized, much like SMS.

All flash calls not covered by agreements can be blocked automatically. This will help to restore SMS revenues. Once a flash call has been blocked, subscribers will most likely receive an SMS passcode sent as a fallback.

Moreover, modern solutions don’t affect any legitimate traffic because they only block selected ranges. This also helps to prevent revenue loss.

Essentially, the choice of how to handle flash calls comes down to each operator. However, without a powerful anti-fraud solution capable of accurately detecting flash calls in real time, it’s nearly impossible to monetize flash calls effectively and develop a billing strategy.

Dmitry Sumin is the Head of Products at the AB Handshake Corporation. He has more than 15 years of experience in international roaming, interconnect and fraud management. Since graduating from Moscow State University, he has worked for both vendors and network operators in the MVNO and telecommunications market. This piece is exclusive to Broadband Breakfast.

Broadband Breakfast accepts commentary from informed observers of the broadband scene. Please send pieces to commentary@breakfast.media. The views reflected in Expert Opinion pieces do not necessarily reflect the views of Broadband Breakfast and Breakfast Media LLC.

Continue Reading

Signup for Broadband Breakfast

Get twice-weekly Breakfast Media news alerts.
* = required field

Broadband Breakfast Research Partner

Trending