Risk
3/28/2011
09:18 PM
50%
50%

Do Not Track Momentum Mounts

Legislation to be proposed by Senator John Kerry and analysis of business comments to the FTC may point toward stronger privacy protections.

Will the FTC -- which can advise Congress, but otherwise has little regulatory power -- see Do Not Track become law? When initially released for public comment in December 2010, the FTC's Internet privacy proposal was publicly slammed by the advertising industry, although lauded by privacy rights groups.

Interestingly, however, an analysis of businesses' related comments to the FTC sees widespread support for privacy -- at least as a concept. So said a blog post from attorney Richard Santalesa, senior counsel, Information Law Group, which evaluated all 442 of the comments submitted to the FTC by individuals, organizations, agencies, and businesses. Microsoft, for example, in its submission said that it "supports an industry-wide privacy-by-design principle that encourages businesses to incorporate privacy protections into their data practices and to develop comprehensive privacy programs."

But many businesses raise concerns over Do Not Track and other FTC privacy proposals. These range from hesitation over standardizing on a single approach or technology, to problems with FTC Fair Information Practices.

Facebook, for example, argues that privacy protections should be strengthened so long as users aren't impeded. In addition, it "broadly opines that common Do Not Track 'concerns are not implicated when the user has a relationship with the company [i.e. Facebook] conducting the tracking and understands that the entity may be collecting data,'" said Santalesa. In other words, Facebook wants an opt-out for its users being able to opt out.

Regardless, related privacy laws could arrive soon. On Friday, a draft was leaked of Senator John Kerry's yet to proposed legislation -- the Commercial Privacy Bill of Rights Act of 2011 -- that would allow the FTC to develop and enforce rules for how people's personal information is handled.

The act "directs the FTC to make rules requiring certain entities that handle information covered by the act to comply with a host of new requirements protecting the security of the information as well as the privacy of the individuals to whom information pertains," said attorney Nicole Friess, associate, Information Law Group, in a blog post.

The as yet not proposed legislation, which is co-sponsored by Senator John McCain, suggests that privacy will no longer be left to advertisers to safeguard, which is the current approach.

"With the exception of the FTC's enforcement actions cracking down on unfair and deceptive practices, the government has favored industry self-regulation over privacy legislation," Friess said. "Between the new draft of the 'Commercial Privacy Bill of Rights Act of 2011,' three separate privacy bills pending in the House, and the Obama administration backing a 'consumer privacy bill of rights,' it looks like change is in the air -- and I'm not just saying that to be clever."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-9710
Published: 2015-05-27
The Btrfs implementation in the Linux kernel before 3.19 does not ensure that the visible xattr state is consistent with a requested replacement, which allows local users to bypass intended ACL settings and gain privileges via standard filesystem operations (1) during an xattr-replacement time windo...

CVE-2014-9715
Published: 2015-05-27
include/net/netfilter/nf_conntrack_extend.h in the netfilter subsystem in the Linux kernel before 3.14.5 uses an insufficiently large data type for certain extension data, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) via outbound network traffic that trig...

CVE-2015-1157
Published: 2015-05-27
CoreText in Apple iOS 8.x through 8.3 allows remote attackers to cause a denial of service (reboot and messaging disruption) via crafted Unicode text that is not properly handled during display truncation in the Notifications feature, as demonstrated by Arabic characters in (1) an SMS message or (2)...

CVE-2015-2666
Published: 2015-05-27
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to t...

CVE-2015-2830
Published: 2015-05-27
arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrate...

Dark Reading Radio
Archived Dark Reading Radio
After a serious cybersecurity incident, everyone will be looking to you for answers -- but you’ll never have complete information and you’ll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?