Risk
3/28/2011
09:18 PM
Connect Directly
RSS
E-Mail
50%
50%

Do Not Track Momentum Mounts

Legislation to be proposed by Senator John Kerry and analysis of business comments to the FTC may point toward stronger privacy protections.

Will the FTC -- which can advise Congress, but otherwise has little regulatory power -- see Do Not Track become law? When initially released for public comment in December 2010, the FTC's Internet privacy proposal was publicly slammed by the advertising industry, although lauded by privacy rights groups.

Interestingly, however, an analysis of businesses' related comments to the FTC sees widespread support for privacy -- at least as a concept. So said a blog post from attorney Richard Santalesa, senior counsel, Information Law Group, which evaluated all 442 of the comments submitted to the FTC by individuals, organizations, agencies, and businesses. Microsoft, for example, in its submission said that it "supports an industry-wide privacy-by-design principle that encourages businesses to incorporate privacy protections into their data practices and to develop comprehensive privacy programs."

But many businesses raise concerns over Do Not Track and other FTC privacy proposals. These range from hesitation over standardizing on a single approach or technology, to problems with FTC Fair Information Practices.

Facebook, for example, argues that privacy protections should be strengthened so long as users aren't impeded. In addition, it "broadly opines that common Do Not Track 'concerns are not implicated when the user has a relationship with the company [i.e. Facebook] conducting the tracking and understands that the entity may be collecting data,'" said Santalesa. In other words, Facebook wants an opt-out for its users being able to opt out.

Regardless, related privacy laws could arrive soon. On Friday, a draft was leaked of Senator John Kerry's yet to proposed legislation -- the Commercial Privacy Bill of Rights Act of 2011 -- that would allow the FTC to develop and enforce rules for how people's personal information is handled.

The act "directs the FTC to make rules requiring certain entities that handle information covered by the act to comply with a host of new requirements protecting the security of the information as well as the privacy of the individuals to whom information pertains," said attorney Nicole Friess, associate, Information Law Group, in a blog post.

The as yet not proposed legislation, which is co-sponsored by Senator John McCain, suggests that privacy will no longer be left to advertisers to safeguard, which is the current approach.

"With the exception of the FTC's enforcement actions cracking down on unfair and deceptive practices, the government has favored industry self-regulation over privacy legislation," Friess said. "Between the new draft of the 'Commercial Privacy Bill of Rights Act of 2011,' three separate privacy bills pending in the House, and the Obama administration backing a 'consumer privacy bill of rights,' it looks like change is in the air -- and I'm not just saying that to be clever."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6306
Published: 2014-08-22
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges via unknown vectors.

CVE-2014-0232
Published: 2014-08-22
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, which are not properly handled in a (1)...

CVE-2014-3525
Published: 2014-08-22
Unspecified vulnerability in Apache Traffic Server 4.2.1.1 and 5.x before 5.0.1 has unknown impact and attack vectors, possibly related to health checks.

CVE-2014-3563
Published: 2014-08-22
Multiple unspecified vulnerabilities in Salt (aka SaltStack) before 2014.1.10 allow local users to have an unspecified impact via vectors related to temporary file creation in (1) seed.py, (2) salt-ssh, or (3) salt-cloud.

CVE-2014-3587
Published: 2014-08-22
Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in the Fileinfo component in PHP before 5.4.32 and 5.5.x before 5.5.16, allows remote attackers to cause a denial of service (application crash) via a crafted CDF file. NOTE: this vulnerability exists bec...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.