The Center for Democracy & Technology said AnchorFree's virtual private network service violates promises of protecting users' data security, collection and sharing practices and wants the FTC to investigate, said a Monday complaint. An FTC spokeswoman said it received the complaint. CDT alleged the company's Hotspot Shield Free Virtual Private Network (VPN) product privacy policy said it doesn't keep a log of users' online activity and personal information and doesn't track or sell such information. But CDT said Hotspot Shield "regularly" collects users' IP addresses, unique device identifiers and other data, and monitors their browsing habits when the VPN is in use. CDT said the service deploys persistent cookies "and concedes that it works with unaffiliated entities to customize advertising and marketing messages," despite claiming browsing and other similar data are "cleared" after VPN sessions close. The complaint alleged Hotspot Shield connected advertisers to frequent, unique visitors to business, finance, retail and travel websites, giving advertisers access to customers' IP addresses and device identifiers. CDT wants the FTC to order the company to stop misrepresentations, provide clearer statements, implement a comprehensive security and privacy program and offer customer refunds. AnchorFree didn't comment.
TrustArc's proposed modifications to its safe harbor program under the Children's Online Privacy Protection Act rule were approved 2-0, the FTC said in a Monday news release. COPPA bars companies that operate websites and provide online services from "knowingly" collecting personal data from children under 13 unless the companies get parental consent before collecting, using or disclosing such information. The statute also requires them to post comprehensive privacy policies. Under the safe harbor provision, organizations can get their self-regulatory guidelines approved by the FTC if they implement the same or greater protections as those in COPPA. Those organizations still will be subject to commission review and discipline in the safe harbor's guidelines "in lieu of formal FTC investigation and law enforcement," said the release. The agency received six comments in May on the modifications (see 1704190028), which include "a new requirement that participants conduct an annual internal assessment of third-parties’ collection of personal information from children on their websites or online services." TRUSTe changed its name to TrustArc in June.
California legislation that would establish broadband privacy rules for ISPs passed the Senate Judiciary Committee 5-2 Tuesday after AB-375 was approved by the Senate Energy, Utilities and Communications Committee earlier that day (see 1707170052), said Assemblymember Ed Chau (D), who sponsored the bill, in a news release. Chau introduced the legislation, which requires ISPs to get opt-in consent from their customers before they can collect, use and sell any personal information. It garnered opposition from major ISPs and other tech firms. California is among at least 20 states to introduce such legislation after President Donald Trump and Congress repealed FCC privacy rules earlier this year. A Chau spokesman emailed that the legislation will be referred to the Senate Rules Committee but won't be heard by the Senate Business, Professions and Economic Development Committee as initially expected. "We will be working on amendments with the two policy committees that heard the bill," the spokesman said, and the legislature will take up the bill in August after summer recess.
A California bill that would require ISPs to get express consent from consumers to use, disclose and sell personal data survived a Senate Energy, Utilities and Communications Committee hearing Tuesday, despite opposition from industry. By a 9-1 vote with one member abstaining, the committee advanced AB-375 with several saying the legislation needs work before it reaches the Senate floor. The bill, which unanimously passed the Assembly in May, faces scrutiny by the state Senate Judiciary Committee, scheduled to hold a hearing at our deadline (see 1707060052). A spokeswoman for the Energy Committee emailed that even if Judiciary votes down the bill, it would be held there and "is not officially dead."
The House Appropriations Committee unanimously approved language in an FY 2018 spending bill that adds the substance of the Email Privacy Act, which is an update the 30-year-old Electronic Communications Privacy Act, said Rep. Kevin Yoder, R-Kan. The language was included in the Financial Services and General Government Appropriations bill that passed 31-21 Thursday and funds the SEC, Treasury Department, Judiciary and other agencies. Yoder sponsored the Email Privacy Act that unanimously passed the House in February (see 1702070011) and would require agencies to get a warrant to access an American's electronic communications in all instances, including those 180 days or older. He said he introduced the amendment due to "the Senate's lack of urgency" on such matters and "disturbing news" that the SEC in February sought access to an individual's emails stored by Yahoo with an administrative subpoena despite previous assurances it would get warrants. "If the Senate and the SEC refuse to recognize that, Republicans and Democrats in the House will work together to force their hand by adding this language to our must-pass spending bill," Yoder said. Representatives from the American Civil Liberties Union, Center for Democracy & Technology and others praised the committee's action in Yoder's release, as did the Software & Information Industry Association separately.
Illinois Gov. Bruce Rauner (R) has concerns about a geolocation privacy bill passed Tuesday by the state Legislature, a Rauner spokeswoman told us Wednesday. The House voted 63-38 Tuesday, with 11 members not voting and one absent, to approve HB-3449, which would require companies to get customer permission before collecting, using, storing or disclosing geolocation information. Rauner is reviewing the bill, but has "preliminary concerns that this bill unnecessarily discourages technology investment and job creation in Illinois, while only serving to add a redundant and byzantine layer of state regulation where federal privacy regulations already ensure uniform and consistent consumer protections," his spokeswoman emailed.
AT&T's Washington chief sees more in common than not with major tech companies on some privacy issues. The company is "very much in favor" of the Balancing the Rights of Web Surfers Equally and Responsibility Act (HR-2520) by House Communications Subcommittee Chairman Marsha Blackburn, R-Tenn., as "I should have the same rules in place as Google has, as Amazon has," and the Browser Act "says that," said Senior Executive Vice President for External and Legislative Affairs Bob Quinn. "We’ll be in the same regulatory environment" at the FTC, he said on C-SPAN's The Communicators during a segment to be televised this weekend and to be put online. He noted the likes of Amazon and Google don't like the opt-in standard in the bill, which is "less important than the equal treatment and one regulator approach." Tech companies may be escaping some heat, as "in any debate, it's always better to be arguing about how you're going to regulate some other person than you are fighting the regulation," Quinn said: "I think they are going to be a little more defensive" as scrutiny may increase. ISPs compared to websites and apps may be "part of the same ecosystem, but [are] strikingly different in makeup," an Internet Association spokesman emailed us. "The ISP market has high entry barriers, burdensome or even nonexistent ability to switch providers, and consumers, according to FCC data, lack choice. In contrast, entry barriers at the edge are low and competition is just a click away." Meanwhile, AT&T may wrap up its buy of Time Warner by year's end, Quinn said. It's unclear how soon the full Senate will approve Makan Delrahim as DOJ antitrust chief, the executive said, after the Senate Judiciary Committee cleared him 19-1 (see 1706080025). "Timing of this is going to be tied up with a lot of other partisan disputes" on Capitol Hill, Quinn said of Senate approval: "It's not clear to us how far in that process we’re going to get" at DOJ and with any consideration of possible conditions before Delrahim takes over the Antitrust Division. "I think that conversation is just beginning," and AT&T produced all data and answered all questions the department sought, Quinn said. "That process will kick off this summer." At a meeting with tech, FCC and other officials Thursday, President Donald Trump praised AT&T (see 1706220054), after criticizing the deal on the campaign trail. DOJ declined to comment. On net neutrality, "the only way to ensure that is really through legislation," Quinn said. "Whatever this commission does, we’re in Washington, and we know the pendulum politically swings back and forth repeatedly in this town," he said of the FCC and "walk[ing] away once and for all" from Title II Communications Act common-carrier regulation of broadband service. "If the political pendulum swings the other way, we’re subject to the next FCC coming in and just backtracking." The company worried "use of Title II was going to lead to significant rate regulation," he recounted.
Five consumer and privacy organizations are urging acting FTC Chairman Maureen Ohlhausen to resolve a year-old complaint that cable and satellite providers "continue to deceive consumers about their privacy practices" (see 1606090054). In a Monday letter, the coalition -- including Center for Digital Democracy, Consumer Action, Consumer Federation of America, Privacy Rights Clearinghouse and Public Knowledge -- said "the time is ripe" for the commission to act since the 9th U.S. Circuit Court of Appeals decided to rehear FTC v. AT&T Mobility, which restored the commission's authority to oversee non-common carrier activities of ISPs (see 1705100063). In the June 9, 2016, complaint, several members of the coalition plus other groups alleged AT&T, Cablevision and Comcast didn't disclose how much consumer information they were collecting through their TV subscription services, how they shared the data and how they created consumer profiles with it. "Now that the AT&T Mobility decision has been vacated, it is time for the FTC to do some policing," the groups said. "We ask that you now publicly and expeditiously resolve the pending complaint." An FTC spokeswoman emailed that the agency has received the letter but doesn't comment on investigations or even if they exist.
The FTC is "better suited" to oversee broadband privacy practices than the FCC and the "public utility-like" ISP regulation should be repealed, blogged Free State Foundation Senior Fellow Seth Cooper Friday, who summarized experts' comments at a recent FSF event (see 1705310027 and 1705310057). If the FCC does retain ISP privacy oversight, it "should adopt only the fact-specific, complaint-based ex post approach of the FTC," he said. Cooper said he doesn't favor the FCC retaining any such authority, but the framework "should be tied to market power analysis and target specific instances of claimed consumer harm or anticompetitive conduct."
The leader and ranking member of the Senate Select Committee on Intelligence set a Wednesday hearing on the Foreign Intelligence Surveillance Act. Director of National Intelligence Daniel Coats, acting FBI Director Andrew McCabe, NSA Director Mike Rogers and Deputy Attorney General Rod Rosenstein "will provide a comprehensive overview of FISA’s authorities, current oversight mechanisms, and examples of the value this court-authorized collection provides to the United States Intelligence Community," said a Friday announcement from Chairman Richard Burr, R-N.C. and Vice Chairman Mark Warner, D-Va.: The hearing at 10 a.m. in Hart 216 "will move into closed session following the open session," the announcement said.