Privacy Lives joins eight groups in submitting comments (pdf) to the Federal Communications Commission recommending stronger consumer privacy protections. The FCC sought comments (pdf) “on the use of personal information, identity management services, and privacy protection against broadband applications.” The groups said that “substantial threats to our privacy and related consumer protection issues” can arise from the business practices and policies of broadband, mobile and other advertising companies.

The consumer advocacy groups said: “(1) There are significant problems concerning the collection and use of personal data by companies, especially sensitive data and children’s data; (2) The FCC should not rely on industry self-regulatory models because they do not adequately protect consumer privacy; and (3) The principles and standards that should serve as the foundation of consumer privacy protection should be the Fair Information Practices, especially as they are implemented in the OECD Guidelines on data privacy.” The Fair Information Practices were created in 1973 by the U.S. Department of Health, Education and Welfare. “Congress has reaffirmed its commitment to the Fair Information Practices numerous times. Congress used the Fair Information Practices as the basis of the Privacy Act of 1974, which restricts the amount of personal data that Federal agencies can collect and requires agencies to be transparent in their information practices. When Congress created the Department of Homeland Security’s Privacy Office several years ago, Fair Information Practices were included in the establishing legislation,” the groups said.

In explaining point (2), the groups said that both sets of self-regulatory guidelines by the U.S. Interactive Advertising Bureau (“IAB”), the online marketing industry’s principal trade and lobbying group, [guidelines here (pdf)] and Network Advertising Initiative [guidelines here (pdf)] have narrow definitions for “sensitive information” and “personally identifiable information,” focusing on the traditional ideas of identification numbers or addresses. Read more »

I launched this blog on May 22, 2008, and I am amazed that I have already hit 1,000 posts. It feels like I just started writing about daily intrusions into individual privacy. Some days have been better than others, but I continue to enjoy working on this site. I am appreciative of my readers’ support and your engaging questions. I will continue writing about privacy and civiil liberty issues and hope that you will keep reading for the next 1,000 posts. Here are a few posts that I found most interesting from the last year and a half.

• FBI Solicits Informants to Infiltrate Protests, Again

• Charter Drops Plan to Track Customers’ Browsing, But Two Other Companies Consider Same Tactics

• Google, Viacom Agree to Mask User IDs, IP Addresses in YouTube Case

• European Court of Human Rights: Keeping Innocent Individuals’ DNA in Criminal Database Violates Human Rights

• Update: Supreme Court Upholds Search Arising From Error In Police Database

• Department of Justice Report: 3.4 Million Americans Are Victims of Stalking

• What the Federal Government Is Saying About Fusion Centers and Civil Liberties

• Senate Democrats Propose to Require All U.S. Workers to Submit Fingerprints, Eye Scans

• Privacy and the Erin Andrews Secret Videotape Case

• Taking a Closer Look at Cloud Computing, Privacy and Security

It is now winter holiday time in the United States, and I am taking a break from posting. Privacy Lives will resume normal publication of in-depth coverage of privacy and civil liberty issues on January 4, 2010. Enjoy the holidays!

The Federal Trade Commission had the first of three privacy roundtables yesterday, and I spoke on a panel about online targeted behavioral advertising. The other speakers on the panel were: Jeff Chester, Executive Director, Center for Digital Democracy; Dave Morgan, CEO, Simulmedia, Inc.; Zoë Strickland, Vice President, Chief Privacy Officer, Walmart; Berin Szoka, Director, Center for Internet Freedom, The Progress & Freedom Foundation; Omar Tawakol, CEO, BlueKai; Craig Wills, Associate Professor, Computer Science, Worcester Polytechnic Institute; and Linda Woolley, Executive Vice President, Government Affairs, Direct Marketing Association. Moderators: Peder Magee and Michelle Rosenthal, Division of Privacy and Identity Protection, FTC.

A New York Times article on the roundtable quoted me about a fundamental issue that divides industry and consumer advocates: opt-in or opt-out. Opt-in, the choice of consumer advocates, puts the burden on companies to have strong privacy protections and use limitations so consumers will choose to share their data. Opt-out, the choice of the majority of ad industry players, puts the burden on consumers to learn about what the privacy policies are, whether they protect consumer data, whom the data is shared with and for what purpose, and how to opt-out of this data collection, use and sharing.

I’ve written a lot about online targeted behavioral advertising and the possible risks for consumer privacy. Behavioral advertising, where a user’s online activity is tracked so that ads can be served based on the user’s behavior. Often, consumers do not understand they are being tracked or have a false belief in the security of their data. In September, the New York Times reported on a new survey (pdf) from researchers at the University of Pennsylvania and the University of California-Berkeley that found  consumer  confusion  about  how,  when  or  if  their  data  is   protected.  “Americans mistakenly believe that current government laws restrict companies from  selling wide‐ranging data about them. When asked true‐false questions about companies’ rights  to share and sell information about their  activities online and off, respondents on average answer only 1.5  of  5 online  laws  and  1.7  of  the 4 offline  laws  correctly  because  they  falsely  assume  government regulations prohibit the sale of data.”

Even people knowledgeable about privacy laws are confused by privacy policies. In an August 2009 interview with the New York Times, FTC Bureau of Consumer Protection Director David Vladeck said, “I’m a lawyer, I’ve been practicing law for 33  years. I can’t  figure out  what the hell these [notice and consent disclosure forms] mean anymore. And I don’t believe that most consumers either read them, or,  if they read them, really understand it.” Read more »

I’m quoted in a USA Today story about the investigation into the alleged Fort Hood shooter. The FBI’s Joint Terrorism Task Force investigated Maj. Nidal Hasan before the shootings occurred, but “did not tell the Pentagon that he had exchanged 10 to 20 e-mails with a radical Muslim cleric.” U.S. Senate committees will soon hold hearings on the investigation. The FBI, and others, cited constraints on evidence-sharing. “There are limits on sharing information on U.S. persons,” said former Department of Homeland Security intelligence chief Charles Allen to USA Today. “There are issues of privacy, civil rights and civil liberties, and those are taken very seriously.”

A recent New York Times article reported, “Officials familiar with the work of the Washington task force said the Hasan assessment was one of hundreds involving government employees undertaken each year. Such inquiries can be hampered, they said, by privacy laws that prevent the sharing of personal information about someone unless it reflects evidence of wrongdoing or a potential threat.” Read more »

Privacy Lives joins 28 groups (including the Center for Democracy & Technology, Center for National Security Studies, and Special Libraries Association) in sending a letter (pdf) to the White House urging that the administration make the Privacy and Civil Liberties Oversight Board selection process “a priority and ensure that nominations to the Board are made to the Senate before the end of the first session of the 111th Congress, so that a Board can be seated early next year.” The board “was designed to play a vital independent role in oversight of privacy and civil liberties,” the groups said. Read more »