Thursday, July 30, 2015

CT :: FTC Announces Workshop to Examine Online Lead Generation

Lead generators identify or cultivate consumer interest in a product or service, and sell the consumer “lead” information to third parties. For example, as consumers search the Internet for goods and services, they may express interest in specific topics, such as educational programs, mortgages, or small-dollar loans, and submit their personal information to the lead generator. The consumer leads sometimes contain sensitive personal and financial information that may travel through multiple online marketing entities before reaching the desired business.
The workshop, “Follow the Lead: An FTC Workshop About Online Lead Generation,” will gather a variety of stakeholders, including industry representatives, consumer advocates, and government regulators, to discuss consumer protection issues raised by the practices of the lead generation industry, such as:
  • How online lead generation works and its variations, depending on the industry,
  • What types of lead generation conduct may be unlawful under the FTC Act’s prohibition against unfair or deceptive practices,
  • Best practices for entities that generate and sell consumer leads, and
  • How consumers can avoid unlawful conduct in the online marketplace.
The FTC is seeking research, recommendations for discussion topics, and requests for panelists in advance of the workshop. Please email any relevant information to sends e-mail) by August 25, 2015. The deadline to submit public comments about the workshop is December 20, 2015. Comments can be submitted electronically.
The workshop, which is free and open to the public, will be at the Constitution Center, 400 7th St., SW. The FTC will publish a detailed agenda at a later date. Reasonable accommodations for people with disabilities are available upon request. Requests should be submitted to Fawn Bouchard at sends e-mail) or 202-326-2743. Requests should be made in advance and include a detailed description of the accommodations needed and contact information.

Monday, July 27, 2015

Once Hacked, The Risk That Customer's Personal Data Will Be Misued is Immediate and Real

"Sometime in 2013, hackers attacked Neiman Marcus, a luxury department store, and stole the credit card numbers of its customers. In December 2013, the company learned that some of its customers had found fraudulent charges on their cards. On January 10, 2014, it announced to the public that the cyberattack had occurred and that between July 16, 2013, and October 30, 2013, approximately 350,000 cards had been exposed to the hackers' malware. In the wake of those disclosures, several customers..."
filed a class action lawsuit.  

In order to have standing, a plaintiff must be harmed.  But how speculative can the harms be?
What about the class members who contend that unreimbursed fraudulent charges and identity theft may happen in the future, and that these injuries are likely enough that immediate preventive measures are necessary? 
Neiman Marcus contends that this is too speculative to serve as injury-in-fact. It argues that all of the plaintiffs would be reimbursed for fraudulent charges because (it asserts) that is the common practice of major credit card companies.
In other words, sorry that your identity got stolen, and that you "must spend time and money replacing cards and monitoring their credit score."  And sorry that "that full reimbursement is not guaranteed."  According to Neiman Marcus, this harm is too speculative and thus plaintiffs lack standing.

A substantial risk of future injuries is sufficient to establish harm for purposes of standing, according to the 7th Circuit.  "The risk that Plaintiffs' personal data will be misused by the hackers who breached [defendant's] network is immediate and very real." "Neiman Marcus customers should not have to wait until hackers commit identity theft or credit-card fraud in order to give the class standing, because there is an "objectively reasonable likelihood" that such an injury will occur."

The 7th Circuit affirmed the standing of the plaintiffs, and the class action can proceed.  REMIJAS v. NEIMAN MARCUS GROUP, LLC, Court of Appeals, 7th Circuit 2015

Win one for the victims.  We have seen the story played out over and over in the media; corporation or government plays fast and loose with its security; personal data gets stolen; and the victims who had no control over the security in the first place bared the blame and the cost.  The liability for data breaches needs to be placed on the party that can prevent those data breaches, the one who collected and held the data in the first place.

Tuesday, July 21, 2015

Two Internet of Things Videos: In the one corner, Distopia ~ and in the other, Consumer Utopia

For extra credit, drinking game for every time you hear the phrase "Labor arbitrage."

NIST RFC :: Trusted Geolocation in the Cloud

July 15, 2015
NIST IR 7904
DRAFT (Second Draft) Trusted Geolocation in the Cloud: Proof of Concept Implementation
NIST announces the second public comment release of Interagency Report (IR) 7904, Trusted Geolocation in the Cloud: Proof of Concept Implementation. This report describes a proof of concept implementation that was designed by NIST to address challenges with Infrastructure as a Service (IaaS) cloud technologies and geolocation. Since the initial public comment release, NIST IR 7904 has been extensively updated to reflect advances and changes in the proof of concept implementation technologies.

Please submit comments by August 24, 2015 to, with "IR 7904 Comments" in the subject line.
Second Draft NISTIR 7904 (2.7 MB)
Comment Template Form for NISTIR 7904

Friday, July 10, 2015

Bit :: Twenty-Fourth Quarterly Status Report to Congress Regarding BTOP


Twenty-Fourth Quarterly Status Report to Congress Regarding BTOP

July 10, 2015
Pursuant to Section 6001(d)(4) of the American Recovery and Reinvestment Act of 2009 (ARRA or Recovery Act) (Public Law No. 111-5), NTIA provides this Quarterly Report on the status of the Broadband Technology Opportunities Program. This Report focuses on the Program’s activities from October 1 to December 31, 2014.

Bit :: Testimony of Assistant Secretary Strickling on “Internet Governance Progress After ICANN 53”

Chairman Walden, Ranking Member Eshoo, and members of the Subcommittee, thank you for this opportunity to testify on behalf of the National Telecommunications and Information Administration (NTIA) regarding NTIA’s role in the Internet’s domain name system (DNS) and the transition of NTIA’s stewardship over certain DNS technical functions.  I am pleased to appear before you to update you on the current status of the transition planning process as Internet stakeholders work to develop a proposal that will ensure the stability, security, and openness of the Internet.