Can the government regulate Internet privacy?

democrats sit in live stream joint session of congress

The headlines are becoming so common we almost tune them out: major credit card breaches at Target and Neiman Marcus; a major security bug at the heart of Apple’s operating systems; the “heartbleed” bug at the heart of OpenSSL … on and on. This week it’s arts and crafts chain Michaels, which looks to have been taken for up to three million credit and debit cards over two eight-month periods. (Not that we’re judging.) And let’s not forget the ongoing Snowden revelations.

Are you numb? Or do you want the government to “do something” to protect your data?

The court of public opinion

Privacy problems and security breaches are battering some people’s confidence. A recent poll by market research firm GfK found that one in three consumers claimed to have been directly impacted by misuse of personal data in the last year, with 60 percent saying their concern about data privacy has increased in the last year. (Almost nine out of ten now say they’re at least “a little” concerned about the safety of their personal information.) Further, over half of respondents say the U.S. government is not doing enough to protect their data, and almost 80 percent said there should be strong regulations governing how data brokers and others can repurpose personal information.

Similarly, a survey conducted last year by the Pew Internet & American Life Project found 66 percent of adults said current privacy laws are “not good enough” to protect Internet users’ privacy – and, intriguingly, the concern was uniform across respondents’ reported political affiliations. Didn’t matter whether folks were liberals or Tea Party supporters: most were concerned about their online privacy. In January, a separate Pew survey found 18 percent of respondents had had important personal information stolen (like a credit card or Social Security number), while 21 percent – that’s one in five – had had an email or social networking account hacked.

There oughtta be a law!

Folks crying for regulations over how corporations handle our data and manage privacy breaches will be relieved to know there are laws. It’s just that they’re mainly state laws. Currently, forty-seven of the fifty states have passed varying forms of privacy protection legislation, with Kentucky getting in line just this week and New Mexico looking like it’ll be next.

“The biggest concern is that a federal bill might actually be weaker than a lot of the state laws.”

State requirements vary widely, and are mostly concerned with the conditions under which residents must be informed that their personal data has been (or might have been) compromised. In one state, a single consumer might be informed immediately if his or her personal information was exposed, but in another state businesses might not have to inform anybody unless a certain number of consumers are known to have been impacted, or where risk analysis finds a breach was likely to have caused actual harm. In some states businesses have to contact consumers directly; in others, they can just post a notice on some dim corner of their Web site.

It’s not as if the federal government is totally out of the picture. Section Five of the Federal Trade Commission Act prohibits “unfair or deceptive practices,” which the FTC has determined can apply to lax data security procedures. In fact, the FTC’s assertion was upheld up last week in a case against Wyndham Hotels, which stored credit card information as plain text, failed to change default passwords…and got taken to the cleaners by Russian hackers on several occasions. However, the FTC can’t assess penalties for violations; at best, it can force companies into settlement agreements in which they modify their practices, pay damages, and promise to play nice for a few years.

What if the feds got more involved?

Proposals for national data protection regulations have been around for years – but so far haven’t gotten much traction in Congress, and there’s little agreement on standards, thresholds, or requirements. Should suspicion of a data breach be enough to trigger notifications, or does actual harm have to have occurred? For instance, a 2011 proposal from the Obama administration would have required any business with information on more than 10,000 people to disclose breaches affecting more than 5,000 people, but only to credit agencies and the federal government, not to actual consumers.

“The biggest concern is that a federal bill might actually be weaker than a lot of the state laws,” said Justin Brookman, Director of Consumer Privacy at the Center for Democracy & Technology. “One of the main points of data breach notification is not necessarily to let everyone know, it’s to impose a liability cost on companies when they have these terrible situations. That way there’s a strong incentive not to have breaches. If a federal law makes that cost less, that’s not a great result.”

Data Security

Speaking on background, executives at two nationwide retailers indicated American businesses might support a nationwide data breach law – even if it came with liability. One likened the varying state privacy laws to the sales tax situation in the United States, where rates, reporting, and collection vary widely by state, county, and municipal laws. A single privacy and data protection standard would be easier for businesses to manage and — in that executive’s view — exceed.

However, the other executive was wary of reporting requirements. If businesses were mandated to report every possible data breach for any number of customers regardless of whether any harm occurred, they might become the companies that cried wolf, he said. Consumers might receive so many warnings they simply tune them out – which also wouldn’t be a great result.

You mean we’d just get notices?

The approaches described so far focus on informing people whose information has been compromised after a breach. Surely, the better approach is to prevent data breaches in the first place. And what about data brokers, who collect and sell information about us to anyone with two nickels to rub together?

Don’t expect the federal government – or states, for that matter – to attempt to legislate data security practices. The bottom line that that laws and regulation move much more slowly than technology and business practice, and while governments may have requirements for particular contracts or services performed with the private sector, no one expects the government will try to broadly dictate how companies protect consumer data.

Much of the online economy is driven by tracking, analyzing, and reselling information about consumers.

What about data brokers? Consumers are wary of information being traded about them. That GfK survey mentioned earlier found the majority of people in every measured age group distrusted marketers with their personal data, and last year’s Pew study found 86 percent of consumers have taken some steps to minimize online tracking.

Some data security bills introduced before Congress have had provisions addressing data brokers, potentially obligating them to let consumers see, correct, or even delete information that has been collected about them. However, much of the online economy is driven by tracking, analyzing, and reselling information about consumers – think of all the targeted advertising and personalized services we see every day. Companies like Google, Facebook, and Amazon are likely to be wary of any requirement to let consumers control how data is collected and generated about them.

What are the chances of federal regulations regarding data brokers?

“Congress is so ossified, there’s so little floor time to move bills, it’s hard to see anything that’s not utterly uncontroversial getting traction,” said Brookman. “It’s possible something could move, but I think Republicans, Democrats, consumer advocates, and business probably want somewhat different things.”

So don’t hold your breath.

[Final image courtesy of scyther5/Shutterstock]


Kanye West wants to meet ‘Metal Gear Solid’ creator Hideo Kojima, for some reason

Rapper Kanye West wants to meet video game designer Hideo Kojima in New York. Nobody knows the reason behind the meeting, but fans are speculating that it may have something to do with Death Stranding for the PlayStation 4.

Is somebody watching you? How to stop apps from tracking your location

If you don't like the idea of your every movement being tracked by apps on the phone in your pocket, then you may want to turn location tracking off. We take a look at how to do it on an iPhone or Android phone in this easy guide.
Smart Home

Put away that sponge and let us help you pick the best dishwasher for your buck

Tired of doing dishes by hand? Take a look at our picks of the four best dishwashers currently available and let a machine do the dirty work for you. They’ll do a much better job, anyway.

Need to record calls on an iPhone? Check out our handy guide

Are you wondering how to record calls on your iPhone? It isn't as easy as you might think, but we'll walk you through the process of doing so with Google Voice, and identify several other apps and external voice recorders that can help.

Want to save a webpage as a PDF? Just follow these steps

Need to quickly save and share a webpage? The best way is to learn how to save a webpage as a PDF file, as they're fully featured and can handle images and text with ease. Here's how.

5G: Why everything is about to change

Curious about the many ways 5G will change and enrich your life? Here’s our guide to all things 5G.

Firefox 64 helps keep your numerous tabs under control

Mozilla officially launched Firefox 64 by placing new features into the laps of its users including new tab management abilities, intelligent suggestions, and a task manager for keeping Firefox's power consumption under control.

Email take-backsies! Gmail's unsend feature is one of its best

Everyone has sent a message they wish they could take back. How great would it be if you could undo that impulsive email? If you're a Gmail user, you can. Here's how to recall an email in Gmail.

Costco members can cut up to $200 off MacBook and iMac price tags

Costco is discounting MacBook Air and MacBook Pro laptops by as much as $200 as part of a members-only sale. It also has deals on select MacBooks and iMacs, with optional Apple Care in most instances.

Here's our head-to-head comparison of Pandora and Spotify

Which music streaming platform is best for you? We pit Spotify versus Pandora, two mighty streaming services with on-demand music and massive catalogs, comparing every facet of the two services to help you decide which is best.

Our favorite Chrome themes add some much-needed pizzazz to your boring browser

Sometimes you just want Chrome to show a little personality and ditch the grayscale for something a little more lively. Lucky for you, we've sorted through the Chrome Web Store to find best Chrome themes available.

PewDiePie supporters hack printers, hope to boost his subscription numbers

In an attempt to garner more subscribers for their favorite vlogger and secure his status as having the most YouTube subscribers, PewDiePie supporters claimed to have hacked thousands of printers worldwide.

Chrome fights manipulative sites that don’t allow you to hit the back button

Have you encountered a webpage that won't let you hit the back button? Someun scrupulous websites employ what's known as history manipulation, preventing you from hitting the back button, but now Google Chrome will be fighting back.
Smart Home

Holiday shopping: Here are the final dates for Amazon’s free shipping promotion

If you're shopping with Amazon this holiday season, then time is fast running out if you want all of your gifts delivered before December 25. Here are the dates you need to know ...