IT Security & Network Security News & Reviews: How the Federal Government Could Change Your Internet Privacy

 
 
By Brian Prince  |  Posted 2010-06-14
 
 
 

How the Federal Government Could Change Your Internet Privacy

by Brian Prince

How the Federal Government Could Change Your Internet Privacy

Congress Looks at Privacy

In May, Reps. Rick Boucher, D-W.Va., and Cliff Stearns, R-Fla., presented draft legislation on user privacy. Some critics say the law goes too far, while others say it adds little in the way of new user protections and merely codifies common industry practices. The bill's provisions include requiring companies collecting personally identifiable information to conspicuously display a clearly written, understandable privacy policy that explains how the data is collected, used and disclosed. Companies also may collect personal information unless the individual opts out.

Congress Looks at Privacy

Third-Party Sharing

The draft bill also requires companies to obtain expressed permission from an individual before sharing his or her data with unaffiliated third parties other than for a "transactional purpose." In addition, the bill includes exceptions to the general rule of requiring users to opt in to sharing information with third-party ad networks, such as when there is an easy-to-find link to a Web page for the ad network that allows a person to edit a profile or opt out of having a profile.

Third-Party Sharing

Holding on to Data

The legislation by Boucher and Stearns would also require Websites to dump data collected from their users 18 months after the information was first collected.

Holding on to Data

Making Changes

Under the legislation, organizations would need to obtain a person's expressed consent prior to making significant changes in privacy practices that govern a person's previously collected data or disclosing the information for a purpose that hadn't been previously outlined for the person, and which the person probably would not expect given the prior privacy policy.

Making Changes

Why Reform ECPA

When the ECPA was enacted in 1986, it was envisioned as a way to provide a legal basis for expanding government monitoring of telephone communications to electronic communications on computers. It also created confusion for law enforcement, businesses and the public as technology continued to advance. A coalition of tech companies, including Microsoft, partnered with the American Civil Liberties Union and other groups to push for reforms.

Why Reform ECPA

Updating the Law

Proposed reforms to the ECPA include mandating government search warrants before requiring a company to disclose digital communications not readily accessible to the public and requiring the government to show probable cause before getting location data from a mobile communications device. The reforms also would give the government access to dialed number information, e-mail to-and-from information, and other data "covered by the authority for pen registers and trap and trace devices" after approved by the courts.

Updating the Law

Rocket Fuel