Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Category Archives: ID Theft

The Scope and Potential of FTC Data Protection

Hartzog, Woodrow and Solove, Daniel J., The Scope and Potential of FTC Data Protection (July 1, 2014). 83 George Washington Law Review, 2015, Forthcoming; GWU Law School Public Law Research Paper No. 2014-40; GWU Legal Studies Research Paper No. 2014-40. Available for download at SSRN: http://ssrn.com/abstract=2461096

For more than fifteen years, the Federal Trade Commission (FTC) has regulated privacy and data security through its authority to police deceptive and unfair trade practices as well as through powers conferred by specific statutes and international agreements. Recently, the FTC’s powers for data protection have been challenged by Wyndham Worldwide Corporation and LabMD. These recent cases raise a fundamental issue, and one that has surprisingly not been well explored: How broad are the FTC’s privacy and data security regulatory powers? How broad should they be? In this article, we address the issue of the scope of FTC authority over privacy and data security, which together we will refer to as “data protection” We argue that the FTC not only has the authority to regulate data protection to the extent it has been doing, but it also has the authority to expand its reach much more. Normatively, we argue that the FTC’s current scope of data protection authority is essential to the United States data protection regime and should be fully embraced to respond to the privacy harms unaddressed by existing torts, contracts, and statutes. For example, the FTC can regulate with a much different and more flexible understanding of harm that one focused on monetary or physical injury. Thus far, the FTC has been quite modest in its enforcement, focusing on the most egregious offenders and enforcing the most widespread industry norms. The FTC should push the development of the norms a little more (though not in an extreme or aggressive way). We also discuss steps the FTC should take to change the way it exercises its power, such as greater transparency and more nuanced sanctioning and auditing.”

Two Factor Auth

Two Factor Auth (2FA): “Two-step verification, abbreviated to TSV (not equal to two step authentication TSA nor to Two-factor authentication, abbreviated to TFA) is a process involving two subsequent but dependent stages to check the identity of an entity trying to access services in a computer or in a network with just one factor or secret,Continue Reading

HP Study Reveals 70 Percent of Internet of Things Devices Vulnerable to Attack

“HP Fortify on Demand is pleased to announce the release of its Internet of Things State of the Union Study, revealing 70 percent of the most commonly used Internet of Things (IoT) devices contain serious vulnerabilities. Why we did the study - Late last year, we were hearing a lot about Internet of Things, and a bit about IoT security,Continue Reading

US-CERT: Backoff Point-of-Sale Malware

Systems Affected - Point-of-Sale Systems - Alert (TA14-212A) “This advisory was prepared in collaboration with the National Cybersecurity and Communications Integration Center (NCCIC), United States Secret Service (USSS), Financial Sector Information Sharing and Analysis Center (FS-ISAC), and Trustwave Spiderlabs, a trusted partner under contract with the USSS.  The purpose of this release is to provide relevant andContinue Reading

NY AG Releases Report Showing Rise In Data Breaches, Provides Security Tips To Small Businesses & Consumers

“Attorney General Eric T. Schneiderman today issued a new report examining the growing number, complexity, and costs of data breaches in the New York State. Using information provided to the Attorney General’s Office pursuant to the New York State Information Security Breach & Notification Act, the report, titled “Information Exposed: Historical Examination of Data Security in NewContinue Reading

Is Your Android Device Telling the World Where You’ve Been? – EFF

“Do you own an Android device? Is it less than three years old? If so, then when your phone’s screen is off and it’s not connected to a Wi-Fi network, there’s a high risk that it is broadcasting your location history to anyone within Wi-Fi range that wants to listen. This location history comes in theContinue Reading

Internet of Things: Connected Home – Survey

“Fortinet® – a global leader in high-performance network security released the results of a global survey that probes home owners about key issues pertaining to the Internet of Things (IoT). Independently administered throughout 11 countries, the survey titled, “Internet of Things: Connected Home,” gives a global perspective about the Internet of Things, what security andContinue Reading

2014 Trustwave Global Security Report

“The 2014 Trustwave Global Security Report is back for another year,…and we again lean on hard evidence gathered from hundreds of data breach investigations conducted last year – 691 to be exact, spread across industries and the world – as well as threat intelligence gathered from our products and security operations centers. Using that evidence,Continue Reading

At the Nexus of Cybersecurity and Public Policy

“We depend on information and information technology (IT) to make many of our day-to-day tasks easier and more convenient. Computers play key roles in transportation, health care, banking, and energy. Businesses use IT for payroll and accounting, inventory and sales, and research and development. Modern military forces use weapons that are increasingly coordinated through computer-basedContinue Reading

The Target Data Breach: Frequently Asked Questions

CRS – The Target Data Breach: Frequently Asked Questions. N. Eric Weiss. Specialist in Financial Economics; Rena S. Miller, Specialist in Financial Economics. April 22, 2014. “According to Target, in November and December of 2013, information on 40 million payment cards (credit, debit, and ATM cards) and personally identifiable information (PII) on 70 million customers was compromised. The Secret Service hasContinue Reading

Verizon 2014 Data Breach Investigations Report

Excerpt from the Verizon 2014 Data Breach Investigations Report: ‘“We have more incidents, more sources, and more variation than ever before—and trying to approach tens of thousands of incidents using the same techniques simply won’t cut it. Not only would the dominant incident characteristics drown out the subtleties of the less frequent varieties, but we cannotContinue Reading

FTC Announces Top National Consumer Complaints for 2013

News release: “Identity theft continues to top the Federal Trade Commission’s national ranking of consumer complaints, and American consumers reported losing over $1.6 billion to fraud overall in 2013, according to the FTC’s annual report on consumer complaints released today. “Americans of all ages are vulnerable to identity theft, and it remains the most common consumerContinue Reading