Risk
3/28/2011
09:18 PM
50%
50%

Do Not Track Momentum Mounts

Legislation to be proposed by Senator John Kerry and analysis of business comments to the FTC may point toward stronger privacy protections.

Will the FTC -- which can advise Congress, but otherwise has little regulatory power -- see Do Not Track become law? When initially released for public comment in December 2010, the FTC's Internet privacy proposal was publicly slammed by the advertising industry, although lauded by privacy rights groups.

Interestingly, however, an analysis of businesses' related comments to the FTC sees widespread support for privacy -- at least as a concept. So said a blog post from attorney Richard Santalesa, senior counsel, Information Law Group, which evaluated all 442 of the comments submitted to the FTC by individuals, organizations, agencies, and businesses. Microsoft, for example, in its submission said that it "supports an industry-wide privacy-by-design principle that encourages businesses to incorporate privacy protections into their data practices and to develop comprehensive privacy programs."

But many businesses raise concerns over Do Not Track and other FTC privacy proposals. These range from hesitation over standardizing on a single approach or technology, to problems with FTC Fair Information Practices.

Facebook, for example, argues that privacy protections should be strengthened so long as users aren't impeded. In addition, it "broadly opines that common Do Not Track 'concerns are not implicated when the user has a relationship with the company [i.e. Facebook] conducting the tracking and understands that the entity may be collecting data,'" said Santalesa. In other words, Facebook wants an opt-out for its users being able to opt out.

Regardless, related privacy laws could arrive soon. On Friday, a draft was leaked of Senator John Kerry's yet to proposed legislation -- the Commercial Privacy Bill of Rights Act of 2011 -- that would allow the FTC to develop and enforce rules for how people's personal information is handled.

The act "directs the FTC to make rules requiring certain entities that handle information covered by the act to comply with a host of new requirements protecting the security of the information as well as the privacy of the individuals to whom information pertains," said attorney Nicole Friess, associate, Information Law Group, in a blog post.

The as yet not proposed legislation, which is co-sponsored by Senator John McCain, suggests that privacy will no longer be left to advertisers to safeguard, which is the current approach.

"With the exception of the FTC's enforcement actions cracking down on unfair and deceptive practices, the government has favored industry self-regulation over privacy legislation," Friess said. "Between the new draft of the 'Commercial Privacy Bill of Rights Act of 2011,' three separate privacy bills pending in the House, and the Obama administration backing a 'consumer privacy bill of rights,' it looks like change is in the air -- and I'm not just saying that to be clever."

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Companies Blindly Believe They've Locked Down Users' Mobile Use
Dawn Kawamoto, Associate Editor, Dark Reading,  11/14/2017
Microsoft Word Vuln Went Unnoticed for 17 Years: Report
Kelly Sheridan, Associate Editor, Dark Reading,  11/14/2017
121 Pieces of Malware Flagged on NSA Employee's Home Computer
Kelly Jackson Higgins, Executive Editor at Dark Reading,  11/16/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Managing Cyber-Risk
An online breach could have a huge impact on your organization. Here are some strategies for measuring and managing that risk.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.