Articles Posted in Government

Published on:

Last week we discussed smart toys, and we mentioned “COPPA” in that article.  As such, some of you may be asking what is COPPA?” In short, COPPA is a federal law specifically tailored towards children, and stands for “Children’s Online Privacy Protection Act.” This law is meant to protect children from over exposure and prohibit businesses from gathering invasive amounts of analytics on children using their products or services. This remains a legitimate concern, attempting to curtail some of the worst aspects of online life.  What exactly does COPPA prohibit? Is there any limitation? Does it provide guidelines for a business to follow and ensure compliance?

COPPA Prohibitions

The spirit of COPPA can be summarized as follows: It is unlawful for an operator or a website or online service directed to children or with knowledge that it is collecting or maintaining a child’s information, to violate this federal statute by failing to give notice on the website of what information it collects, how it’s used, and how it’s disclosed, failing to obtain parental consent, providing reasonable means for parents to review or cancel the use of the service or website, to not condition participation in a game, offering of a prize or other activity by disclosing more personal information than is necessary, and failing to establish and maintain procedures to protect the confidentiality, security and integrity of the children’s information.

Published on:

This is a current update on the principle of net neutrality that is worthy of a discussion. So, how or why is an update necessary?  The answer is that net neutrality rules may be changing soon, and various organizations are currently lobbying for their positions.  Why does net neutrality matter to businesses or consumers?  Is there a way or reason for removing net neutrality? What may you need to consider as a business or consumer after the demise of net neutrality?

Historical Background

For those that have not been following the idea of net neutrality, the idea is simple. No one packet of data can be favored or disfavored by a company that provides internet access. Previous rules would forbid this, and allow entities to sue if there was an intentional slowdown of their service. Indeed, this has allegedly occurred in the past as described in a lawsuit between Time Warner Cable (now Spectrum) and the State of New York.  Essentially, Spectrum was intentionally slowing down service, and only improving the service after payment was received by it.  Under the Open Internet Rules, this process was prohibited.

Published on:

The European Commission released its first annual review of the current EU-US Privacy Shield in order to determine what may or may not need changes as a matter of policy. As it currently stands, the Privacy Shield creates enforceable protections for European Union residents regarding the use of their personal data. The US-based entities that wish to participate will have to conform to greater transparency standards in how the data is used, as well as submitting to strong oversight to ensure adherence, and increased cooperation with Data Protection Authorities (“DPAs”). So, what changes are suggested in this new report? How might this affect businesses in the United States? What consequences, if any, may be added to the new changes?

What is the review?

It was conducted by the Commission to the European Parliament, which in essence reviewed the function of the Privacy Shield and gathered input from publicly-available sources. These sources combined press releases as well as legal cases that were available to the Commission; although, neither source was cited specifically within the seven-page report. The Commission is composed of both European and American representatives, such as the European Data Protection Supervisor and Federal Trade Commission.

Published on:

The United States Supreme Court has accepted a new case that implicates cell-phone location privacy. The case of Carpenter v. United States was decided by the Sixth Circuit and now the Supreme Court will issue a decision in the future as to whether the lower court’s decision was correct. The main issue in this case is that the court will be deciding whether or not the warrantless search and seizure of historical cell phone records revealing the location and movements of a cell phone user over the course of a 127-day period is permitted by the Fourth Amendment.  In general, the Fourth Amendment protects against unreasonable searches and seizures. It also implicates the laws regarding search warrants, wiretaps, other forms of surveillance and is central to privacy laws.

What are the case facts?

In 2011, four men were arrested because they were suspected of committing a string of armed robberies at T-Mobile and Radio Shack in the Detroit area. One of the four men confessed to the crimes and told the police that a shifting group of 15 other men served as getaway drivers and lookouts. The one man who confessed gave his phone number along with the phone numbers of some of the other participants to the FBI. The FBI then reviewed the call records of the man who confessed and were able to identify the phone numbers of others that he had called around the time of the robberies.

Published on:

Net Neutrality is the principle that Internet Service Providers (ISP) and the government should treat all web-related traffic equally regardless of the source. If there was no net neutrality, companies would have the ability to purchase priority access to the ISP customers. Larger and wealthier companies (e.g., Google) would be able to pay the ISPs to provide customers more reliable access to their websites instead of to competitors’ websites. This would negatively impact any new start-up service that would not be able to purchase a priority access.

On February 26, 2015, the Federal Communications Commission (FCC) voted to enact the “strongest net neutrality rules in history.”  Millions of Americans contacted the FCC, called their Congress members, and wrote to the White House to express their support.  Although, this decision was a bold move in favor of net neutrality, but more changes may be coming soon. This 2015 Rule meant that ISPs cannot block access to any websites and they cannot interfere with website loading speeds. This rule also banned paid prioritization, which means that ISPs are not able to give preferential treatment to websites that pay an additional fee.

On January 23, 2017, President Trump selected Ajit Pai to lead the FCC as the new Chairman. This Chairman has a record of previously promising to undo the 2015 landmark decision. Then on May 18, 2017, the FCC, led by Chairman Ajit Pai, voted to propose a review of the 2015 rules.  Mr. Pai holds the opinion that the 2015 FCC rules are a “bureaucratic straitjacket” on the ISPs.  The new FCC proposal, which is called “Restoring Internet Freedom” contemplates whether to undo the legal approach that enforced those rules and whether there was anything that warranted the rules in the first place.

Published on:

President Donald Trump has signed an executive order on cybersecurity as a response to the WannaCry ransomware attack. This executive order is entitled as “Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure.”  The executive order contains three main sections and a fourth category that includes some definitions of terms that are contained in the order.

The first section of the executive order is regarding Cybersecurity of Federal Networks. This section states that the United States Information Technology (IT) should have the data secured responsibly by the United States Government. The President said that he will also be holding the heads of executive departments and agencies accountable for managing cybersecurity risk to their enterprises. One of the findings included in this first section is that the executive branch has been too accepting of IT in that it is antiquated and difficult to defend. To manage these risks, the first section includes a risk management section, which includes ideas of how to reduce future cybersecurity risk.  For example, the head of each agency must provide a risk report to the Secretary of Homeland Security and Director of Office of Management and Budget.

The second section of the executive order is regarding Cybersecurity of Critical Infrastructure. This section states that support must be provided to the critical infrastructure that faces the greatest risk. It also describes how the Secretary of Commerce and Secretary of Homeland Security will both go through an open process to try and improve how resilient the internet is, so they can reduce threats of automated attacks.

Published on:

On May 12, 2017, what is believed to be the largest ransomware attack in history occurred on the internet.

A global search is heating up trying to locate those who are responsible for the attack.

While this search is occurring, there is also a question of how much blame for the attack should be placed on Microsoft. This is because the WannaCry attack took advantage of a weakness that was already existing in the Microsoft operating systems.

Published on:

So, where do we go from here? After the Internet of Things was effectively used as a way to crash various online stores and services, it leaves us with the question of how can we fix this gaping hole in our security that would allow this new technology to continue to exist without causing further risk? As mentioned last week, the most likely solutions are either in the private sector, through consumer choice and manufacturer investment, or through government action. What actions should individuals take? What is the government doing now? What might the government do in the future?

What is the private sector currently doing?

The private sector is not doing much at this time. While consumers could demand more secure smart devices, the focus of the demand for these devices tends to be towards their functioning.  In general, less sophisticated consumers buy smart devices for the sake of convenience, with security being a distant thought when compared to the more sophisticated consumers.  These smart devices, like any other internet-connected device, occasionally need security updates to remain resistant to online bugs (i.e., malware).  So, as the world becomes smarter, this technology will need to adapt and advance, accordingly, in order to mitigate the risks. Yet, without some motive to do so, it’s less likely that resistance to the botnet will emerge, and it may be due to the government’s intervention.

Published on:

As it stands, the Internet of Things can be a dangerous proposition. Due to various hacking techniques, like rubber ducks, pineapples, and pivoting, one must wonder, if it can be hacked into, and if so, then what can we do about it? What about cars, planes, trains, and power plants? To this point, the U.S. Government has launched the Cybersecurity National Action Plan or CNAP. The idea is to add more information and resources into the system, increasing the amount of resources to help build up cybersecurity and investing resources into security measures. So, what is the government doing with CNAP? How might this help a business? How might this help individuals?

What does CNAP do?

It’s a set of guidelines and goals that the Obama Administration has implemented to help build the cybersecurity network, protect against attacks on the Internet of Things, and the general national network as a whole. The first, and easiest way it plans to do this is through the 2017 budget, allocating approximately 19 billion dollars for cybersecurity, up by 35% from the previous year’s budget.  It also incorporates and promotes other existing goals and changes, such as the BuySecure Initiative requiring credit cards to incorporate smartchips, and making large businesses use the smartchip option rather than the traditional magnetic strip.  CNAP also incorporates other ideas, such as multifactor authentication, identity for Federal Government digital services, training for small businesses, and relaunching identitytheft.gov.  Therefore, it is less of a new initiative, but rather a continuation of previous actions.

Published on:

For entrepreneurs who seek to engage in international business, it is important to keep abreast of developments in other countries. Political problems, exchange rates, and legislation may affect the business climate when engaged in international business.  The most recent shake up in international legal requirements seems to have risen from “Brexit” and what it means for those doing business with the United Kingdom, European Union, and United States. Brexit (which comes from the merger of “Britain” and “Exit”) is the UK’s vote to leave the European Union.  While this decision has had repercussions on the value of the British Pound, Euro, and U.S. Dollar, it also serves to show that the UK will no longer be bound by the European Union’s rules or regulations.  So, what law applies now? How soon will the United Kingdom be unbound from the European Union’s rules or regulations? What should American businesses take out of this referendum?

What does “Brexit” do?

The UK has voted to leave the European Union as part of a referendum voted on by its citizens. The EU is an economic and political partnership between various member states, sharing a common currency, with the exception of the United Kingdom, which uses the British Pound. The EU imposes certain restrictions when working with member states (e.g., Privacy Shield, Digital Single Market initiative). It serves to allow the free movement of people between member states. However, Brexit does not mean that right now, the UK has officially separated from the European Union.  Brexit has set in motion the process to fully remove the United Kingdom from the European Union.  It needs to invoke “Article 50 of the Lisbon Treaty,” to initiate the process, which grants both sides two years to negotiate the terms and conditions.  Essentially, the referendum will start the process, but does not remove the United Kingdom from the European Union immediately.