If you promise customers that their personal information is secure, you had better deliver on that promise. That is the message of last week’s settlement between the FTC and Twitter — the FTC’s first case against a social networking service. It’s a message the FTC has sent to industry before.
The matter arose when hackers twice secured administrative control of Twitter in early 2009. (How? In one case, an automated password-guessing tool smoked out the administrative password – ”a weak, lowercase, letter-only, common dictionary word,” according to the complaint.) The breach led to a series of phony tweets from a number of user accounts — including one from then President-elect Obama. Hackers also reviewed non-public user information. Read more »
A New York court has dismissed a criminal complaint brought against an employer who secretly accessed an employee’s personal email account. In People v. Klapper, an employee reported that his employer, a doctor, surreptitiously installed keystroke tracking software on his computer; obtained the password for the employee’s personal email account; and then accessed and printed out documents from that account. The prosecutor’s office charged the employer with Unauthorized Use of a Computer, a misdemeanor under section 156.05 of the New York Penal Law. Read more »
Facebook has been under a microscope lately. So founder Mark Zuckerberg, criticized for keeping his head down in the face of growing criticism, penned this op-ed for the Washington Post. Zuckerberg acknowledges some mistakes, and that “the biggest message we have heard recently is that people want easier control over their information.” He promises in the coming weeks ”privacy controls that are much simpler to use.” [UPDATE: at his May 26 press conference, reported here, he said the changes will include simpler controls for determining whether information is visible to friends, friends of friends, or everyone, and an easy way to turn off "instant personalization."] We eagerly await the changes, as well as the soon-to-be-published David Kirkpatrick book The Facebook Effect — The Inside Story of the Company That Is Connecting the World. Indeed, we plan to host the author as part of a star-studded Gotham Media Ventures panel on June 18th. For good networking and an insider’s view of the business of Facebook, register here. Frankfurt Kurnit tech group chair Jerry Spiegel moderates. Only a few seats remain.
What is the significance of these numbers? If you guessed “number of words in Facebook’s privacy policy compared to number of words in the US Constitution,” go to the head of the class. As today’s New York Times reported here, the Facebook privacy policy has grown from 1,004 words in 2005 to 5,830 today. Facebook’s privacy policy word count not only has eclipsed the US Constitution, it has also passed other major social networks such as Flickr (384 words), Twitter (1,203), Friendster (1,977), and MySpace (2,290). According to the Times‘ analysis, a Facebook user now needs to click through more than 50 privacy buttons with more than 170 options in order to opt out of full disclosure of his or her personal information. The complexity and arc of the current policy – the evolution of which is neatly summarized here – has driven some interest groups to file a complaint with the FTC. More legal and regulatory action is coming. You can count on it.
The FTC has consistently brought enforcement proceedings against companies that do not follow their own privacy policies (see examples here, here, and here). In the most recent example of this trend, the FTC has settled charges that an Arizona company called LifeLock Inc. had made false promises about the extent of its data security measures. You can read the settlement agreement here.
LifeLock casts itself as the “industry leader in the rapidly growing field of identity theft protection” providing its customers with “early notification of identity threats” (fraud alerts). The company advertised in print and on radio, television, and the Web. While marketing the service, the company collected personally identifiable information for more than one million customers. The FTC complaint alleged, among other things, that the service did not prevent identity theft, as advertised. Read more »
You or your IT department have probably taken steps to secure the information on your laptops, PDA’s, and smart phones. But have you identified the risk of a data breach from your office or personal copy machine? WBZ-TV in Boston recently reported how copy machines pose a new potential threat to our personal and confidential information.
WBZ-TV quoted a Boston security expert who said that “Copy machines today are just like computers. They have hard drives and can store data that can be extracted.” Read more »
The New York Times is reporting that a broad coalition of organizations including the ACLU, the EFF, Google, AT&T and Microsoft have formed a new group called the Digital Due Process Coalition to push Congress to strengthen Internet privacy laws. Facebook is notably absent from the group.
Yesterday the FTC announced the review of its Children’s Online Privacy Protection Act (COPPA) Rule. COPPA imposes requirements on operators of Web sites that are aimed at children under 13, or that knowingly collect personal information from children under 13. For example, the Rule requires online operators to get parental permission before collecting, using, or disclosing personal information from children. Read more »
Last week we wrote of an interesting proposal by major advertisers to append a stylized “i” to online ads that rely on consumer online behavior data. Now the Mozilla Foundation, the organization behind the Firefox Web browser, is designing a standard set of colored icons to reveal how data-protective — or how intrusive — Web sites are. Mozilla’s hope is to use the leverage it has through its popular browser to convince Web publishers to disclose their privacy practices in a standard way. What might the Mozilla privacy icons look like? The Mozilla Foundation posted these graphics: Read more »
Stephanie Clifford reports in today’s The New York Times on an interesting development in the online privacy wars. According to the article, several major advertisers are considering appending a stylized ”i” icon to their online ads that rely on consumer online behavioral data. The initiative would begin this summer. The icon was developed by the Future of Privacy Forum. A consumer who clicks on the icon will receive information explaining how the advertiser used the consumer’s Web surfing history and demographic information to target him or her for the ad. Advertisers hope this new effort at self-regulation can help the industry stave off potential FTC regulation.
FTC, Laws and Regulations, Privacy, Twitter | editor | 
June 28, 2010 3:03 pm | 
Comments (0) 
Subscribe
