Connect with us

Privacy

Comprehensive Data Privacy Bill Faces Markup in Committee

The American Data Privacy and Protection Act said to be years in the making.

Published

on

Photo of Roger Wicker, Senator, R-Miss.

WASHINGTON, July 20, 2022 – The House Energy and Commerce Committee will vote on amendments to a comprehensive privacy bill restricting collection and transfer of personal data of U.S. citizens without consent during its markup meeting on Wednesday.

U.S. Senate Committee on Commerce, Science, and Transportation Ranking Member Roger Wicker, R-Miss., House Committee on Energy and Commerce’s Frank Pallone, D-N.J., and representative Cathy Rodgers, R-Wash., co-authored the bicameral bill known as the American Data Privacy and Protection Act. It is currently awaiting approval in the corresponding committees in Congress.

ADPPA addresses a national data privacy framework, a set of consumers’ data privacy rights and appropriate enforcement mechanisms. The proposed bill would grant Americans protections against discriminatory use of their data, require covered entities to minimize the data they collect, and prevent customers from needing to pay for privacy.

The bill would also protect American children and teens against harmful online content. Companies, including social media platforms, will be “flatly prohibited” from targeting children with harmful content and advertising and will be required to receive express consent before transferring data related to underage persons.

The Federal Trade Commission will be the main enforcer of ADPPA compliance through the new FTC Bureau of Privacy, which will be equipped with a specialized Youth Privacy and Marketing Division.

ADPAA has gained a lot of momentum in Congress but there remain sources of tension.

“This landmark agreement represents the sum of years of good faith efforts by us, other members, and numerous stakeholders,” read a statement from Wicker, Pallone, and Rodgers.

Lawmakers are concerned about the security of the American people. Tuesday, Federal Communications Commission Chairwoman Jessica Rosenworcel released a letter indicating the Commissions’ concern over the safety and privacy of subscribers to mobile internet service providers.

Current federal laws such as the Health Insurance Portability and Accountability Act and state-level regulations such as the Virginia Consumer Data Protection Act provide the American people some level of data security but considerable gaps in data privacy persist.

A letter from Senator Brian Schatz, D-Hawaii, urged the sponsors to shift the burden of data privacy from consumers to companies by including a corporate duty in the legislation. The U.S. Chamber of Commerce wrote in a draft letter that several aspects of the bill are “unworkable,” reported CNBC.

The bill has the backing of the Federal Trade Commission as well as several human rights organizations. Non-profit research and advocacy center, Electronic Privacy Information Center and advocate for technology, Information Technology industry Council both commended the bill after the release of the discussion draft early June.

“ADPPA presents Congress with the best opportunity it has had in decades to stop the very real harms that are happening online every minute of the day,” said Caitriona Fitzgerald, deputy director of EPIC.

Continue Reading
Click to comment

Leave a Reply

Robocall

FCC Cracks Down on Straight-to-Voicemail Robocalls

The commission’s ruling follows a notice of inquiry the agency approved last month.

Published

on

Photoillustration of a mobile phone, used with permission

WASHINGTON, November 21, 2022 – The Federal Communications Commission on Monday took another step to combat telephone spammers by ruling that straight-to-voicemail robocalls are “call(s)” under the 1991 Telephone Consumer Protection Act and will be subject to the law’s consumer protections.

According to the TCPA, before any call using an automatic dialing system or artificial or prerecorded voice is made to a wireless number, the recipient must provide affirmative consent. In 2017, All About the Message – the owner of a proprietary ringless, straight-to-voicemail calling software – petitioned the FCC to allow its software to operate outside of TCPA’s constraints. After the FCC received more than 8,000 comments and replies on the matter, nearly all opposing the petition, All About the Message sought to withdraw its request.

The FCC pushed forward, nonetheless. “Because the Petition drew substantial attention from commenters and members of Congress, and the applicability of the TCPA to ringless voicemail technology has been the subject of considerable recent litigation,” Monday’s ruling read, “We believe this declaratory ruling is necessary to resolve a controversy and remove uncertainty about ringless voicemail.”

“Imagine finding robocallers leaving junk voicemails on your phone without it ever having rung.” said FCC ChairwomanJessica Rosenworcel. “It’s annoying and it’s happening to too many of us.  Today we’re taking action to ensure these deceptive practices don’t find a way around our robocall rules and into consumers’ inboxes.”

The FCC’s ruling follows an anti-robocall notice of inquiry the agency approved last month. The commission is exploring how best to crack down on illegal robocalls occurring over non–internet protocol networks, which are technologically incompatible with the prevailing STIR/SHAKEN protocol.

Continue Reading

China

Report Urges States, Local Governments Follow Federal Rules on Prohibited Equipment Purchases

Only a handful of states have crafted their purchasing decisions after federal rules banning certain companies’ equipment.

Published

on

Members of the Center for Security and Emerging Technology at Georgetown University

WASHINGTON, November 14, 2022 – A think tank is recommending state and local governments align their rules on buying technology from companies with federal guidelines that prevent agencies from purchasing certain prohibited foreign technology, such as ones from Chinese companies.

The Center for Security and Emerging Technology at Georgetown University notified the Federal Communications Commission late last month of a report released that month regarding what it said was a concerning trend of state and local governments having outdated procurement policies that are seeing them purchase equipment banned for federal purchase.

“State and local policymakers should not be expected to independently analyze and address the threats posed by foreign technology, but it would behoove them to align their own procurement practices with the rules set by the federal government,” the report recommends.

The FCC has a list of companies, as required by the Secure and Trusted Communications Networks Act of 2019, that it updates on a rolling basis through commission votes that it says pose a national security threat to the country’s networks. It last updated the list in September, when it added Pacific Network Corp. and China Unicom Operations Ltd. to the growing list that already includes Huawei and ZTE.

Chinese companies and following Communist Party directions

U.S. officials and experts have warned that Chinese companies operating anywhere in the world must follow directions of the Chinese Communist Party, which they say could mean anything from surveillance to American data falling into the hands of that government.

The report notes at least six state governments had their networks breached by a state-sponsored Chinese hacking group between May 2021 and February 2022.

The only states that have enacted local regulations aligned with federal provisions are Florida, Georgia, Louisiana, Texas, and Vermont, the report said. Provisions in Georgia and Texas prohibit private companies from entering into agreements with the covered companies. Vermont, Texas and Florida provisions block state entities from purchasing equipment from countries like China, Russia, Iran, North Korea, Cuba, Venezuela and Syria. Louisiana and Georgia provisions ban public-funded schools from buying prohibited technology.

The remaining 45 states do not explicitly target the equipment and services they produce, nor are they directly responsible for following federal provisions, the report said, leaving state entities vulnerable in obtaining equipment from third party contractors that could pose a security risk.

“Many government entities also lack the in-house technical expertise and procedures to understand and address such threats in the first place, and those that do may prioritize addressing immediate threats like ransomware over the more abstract risks posed by foreign ICTS,” the report said.

Section 889 of the 2019 National Defense Authorization Act is one out of four federal provisions addressing the issue, prohibiting federal agencies from using equipment and services from Huawei, ZTE, Hikvision, Dahua and Hytera as well as working with contractors that use the equipment.

Prohibited products finding their way in

In some cases, the report said, the listed companies will sell their products to third party contractors that are not listed on Section 889 to bypass regulations, according to the report. Due to the low cost of Chinese equipment, public schools and local governments will purchase from the third-party entities that are unknowingly selling prohibited equipment, it added.

“These ‘middle-man’ vendors can mask the origin of their products, which creates major challenges for organizations aiming to keep certain equipment and services off their networks”, the report reads.

“Currently, contractors are responsible for self-certifying that their products and internal networks do not contain covered [products]” and “… inspecting the IT infrastructure—equipment, services, and components – of every contractor that does business with the federal government would require a staggering level of resources, making it difficult for agencies to conduct effective oversight.”

Continue Reading

Cybersecurity

Internet of Things Devices May Provide a Weak Point for Cybersecurity, Says CableLabs

But every device is a potential way into its network, and the recent explosion of IoT devices presents security risks.

Published

on

Screenshot of Brian Scriber, vice president of security and privacy technologies at CableLabs.

WASHINGTON, November 9, 2022 – Since Internet-of-Things appliances are prime “landing spot[s]” for cyber-attackers looking for network access, industry standards and open-source resources are important to maintaining cybersecurity at the device level, said Brian Scriber, vice president of security and privacy technologies at CableLabs, a non-profit the innovation arm of the cable industrylab.

“The mark that we’re really shooting for is how do we get some industry-led initiatives to really make a difference on the… supply” (of IoT devices),” Scriber said Tuesday on during a cybersecurity panel at the American Enterprise Institute, a conservative think tank.

IoT refers to network-connected devices that can interact with their environments. IoT devices can be refrigerators, thermostats, home-security systems, health-monitoring devices, and much else. But every device is a potential way into its network, and the recent explosion of IoT devices presents security risks.

“If you are an attacker, finding a vulnerable device like a lightbulb is fantastic because it has power constantly, it has the computational ability to be able to engage, you gave it network credentials when you brought it on your network,” Scriber argued. And e

Even a secure network can’t protect against the cyber risks associated with vulnerable devices, he added.

In addition to device security, overall network security is crucial and can be enhanced by limiting communication between devices, suggested said Katerina Megas, program manager of the Cybersecurity for Internet of Things Program at the National Institute of Standards and Technology, a federal agency responsible for technical calibration and standard-setting.

“There has to be an ecosystem approach,” Megas said.

In October, President Joe Bidens administration announced preliminary steps towards a cybersecurity labeling system for IoT devices.

By developing and rolling out a common label for products that meet by U.S. Government standards and are tested by vetted and approved entities, we will help American consumers easily identify secure tech to bring into their homes,” the White House said.

Continue Reading

Signup for Broadband Breakfast

Get twice-weekly Breakfast Media news alerts.
* = required field

Broadband Breakfast Research Partner

Trending