Tech Giants Brace for More Scrutiny From Regulators

originally appeared in The New York Times:

Silicon Valley lobbied hard in Washington in 2012, and despite some friction with regulators, fared fairly well. In 2013, though, government scrutiny is likely to grow. And with this scrutiny will come even greater efforts by the tech industry to press its case in the nation’s capital and overseas.

In 2012, among other victories, the industry staved off calls for federal consumer privacy legislation and successfully pushed for a revamp of an obscure law that had placed strict privacy protections on Americans’ video rental records. It also helped achieve a stalemate on a proposed global effort to let Web users limit behavioral tracking online, using Do Not Track browser settings.

But this year is likely to put that issue in the spotlight again, and bring intense negotiations between industry and consumer rights groups over whether and how to allow consumers to limit tracking.

Congress is likely to revisit online security legislation — meant to safeguard critical infrastructure from attack — that failed last year. And a looming question for Web giants will be who takes the reins of the Federal Trade Commission, the industry’s main regulator, this year. The director of the commission’s Bureau of Consumer Protection, has resigned, and there have been suggestions that its chairman would step down.

The agency is investigating Google over possible antitrust violations and will subject Facebook to audits of its privacy policy for the next 20 years. Its next steps could serve as a bellwether of how aggressively the commission will take on Web companies in the second Obama administration.

Now that the election is over, Silicon Valley companies each are thinking through their strategy for the second Obama administration, according to a law professor at Ohio State University and a former White House privacy official. The F.T.C. will have a new Democratic chairman. A priority for tech companies will be to discern the new chair’s own priorities.

In early 2012, an unusual burst of lobbying by tech companies helped defeat antipiracy bills, which had been backed by the entertainment industry. Silicon Valley giants like Facebook and Google feared that the bills would force them to police the Internet.

At the end of the year, Silicon Valley also got its way when the Obama administration stood up against a proposed global treaty that would have given government authorities greater control over the Web.

The key to the industry’s successes in 2012 was simple: it expanded its footprint in Washington just as Washington began to pay closer attention to how technology companies affect consumers. Privacy and security became top-tier important policy issues in Washington in 2012, accordion to the director of security policy and global privacy officer at Intel.

Industry has realized it is important to be engaged, he continued, to make sure government stakeholders are fully informed and educated about the role that new technology plays and to make sure any action taken doesn’t unnecessarily burden the innovation economy while still protecting individual trust in new technology.

At the end of 2012, tech companies were on track to have spent record amounts on lobbying for the year. In the first three quarters, they spent close to $100 million, which meant that they were likely to surpass the $127 million they spent on lobbying in 2011, according to an analysis by the Center for Responsive Politics, a Washington-based nonpartisan group that tracks corporate spending. Even the venture capital firm Andreessen Horowitz hired a lobbyist in Washington who was a former mayor of the city.

Technology executives and investors also made generous contributions in the 2012 presidential race, luring both President Obama and Mitt Romney to Northern California for fund-raisers and nudging them to speak out on issues like immigration overhaul and lower tax rates.

In a blog post in November, the center said Silicon Valley’s lobbying expenditures have ballooned in recent years, even as spending by other industries has fallen.

Facebook more than doubled its lobbying outlay in the year, reporting close to $2.6 million through the third quarter of 2012. Google spent more than any other company in the industry, doling out more than $13 million in the same period and more than double its nearest competitor, Microsoft, which spent just over $5.6 million in the same period.

Among Google’s advocates on Capitol Hill is a former Republican congresswoman, Susan Molinari, who heads Google’s office in Washington.

Google has particular reason to be engaged. It faces a wide-reaching antitrust investigation by the Federal Trade Commission, just as Microsoft did a decade ago. At issue is whether Google’s search engine results favor Google products over its rivals’.

Although the agency was ready to settle that case before the holidays, without harsh remedies, late last month it shelved the inquiry and put stronger penalties back in play. A resolution is expected in January.

The commission has already fined Google on a separate matter. In 2012, the company paid $22.5 million to settle charges that it had bypassed privacy settings in Apple’s Safari browser to track users and serve them targeted advertisements.

Facebook has vastly expanded its Washington presence in recent years. It has set up a political action committee, hired a stable of seasoned, well-connected insiders from both parties and offered tips to lawmakers in an effort to make its site indispensable to politicians seeking re-election.

Facebook scored a win on Capitol Hill in late 2012 when it nudged Congress to amend a 1988 law, the Video Privacy Protection Act, that had protected the privacy of Americans’ video rental records. Facebook and its partner, Netflix, the video streaming service, advocated for changes in the law so that movies watched on Netflix could be shared on Facebook. That kind of data can be valuable for behavioral advertising, a principal source of revenue for Web services like Facebook.

The company also attracted increased scrutiny from the F.T.C. The agency negotiated a consent order with Facebook to settle charges that it had engaged in unfair and deceptive practices when changes in its settings revealed personal information that Facebook users had regarded to be private. As part of the settlement, Facebook agreed to audits of its privacy policies for 20 years.

Facebook faced renewed public outcry last month when its subsidiary, Instagram, proposed to deploy users’ pictures to serve targeted advertisements. The company has backtracked on that proposal, but the outcry, say consumer privacy advocates, is an indication of public sentiment.

Yes, the industry managed to hold off privacy legislation this year, according to the executive director of the Electronic Privacy Information Center. But if the end-of-year protests over the Facebook and Instagram changes are any indication, users will be pressing for better privacy protections in the next Congress.

Silicon Valley’s lobbying efforts are also likely to expand across the Atlantic in 2013. Both Facebook and Google have faced off with European regulators over privacy issues. Now, the European Parliament is weighing an overhaul of data protection laws that apply across the Continent.

One of the proposed changes requires Web companies to ask European Union citizens for their explicit consent before collecting personal data for targeted Web advertising. Web companies vigorously oppose that and other proposals.

FBI Access to Web Data Raises Concerns

Associated Press

Invasion of privacy in the Internet age. Expanding the reach of law enforcement to snoop on e-mail traffic or on Web surfing. Those are among the criticisms being aimed at the FBI as it tries to update a key surveillance law.

With its proposed amendment, is the Obama administration merely clarifying a statute or expanding it? Only time and a suddenly on guard Congress will tell.

Federal law requires communications providers to produce records in counterintelligence investigations to the FBI, which doesn't need a judge's approval and court order to get them.

They can be obtained merely with the signature of a special agent in charge of any FBI field office and there is no need even for a suspicion of wrongdoing, merely that the records would be relevant in a counterintelligence or counterterrorism investigation. The person whose records the government wants doesn't even need to be a suspect.

The bureau's use of these so-called national security letters to gather information has a checkered history.

The bureau engaged in widespread and serious misuse of its authority to issue the letters, illegally collecting data from Americans and foreigners, the Justice Department's inspector general concluded in 2007. The bureau issued 192,499 national security letter requests from 2003 to 2006.

Weathering that controversy, the FBI has continued its reliance on the letters to gather information from telephone companies, banks, credit bureaus and other businesses with personal records about their customers or subscribers - and Internet service providers.

That last source is the focus of the Justice Department's push to get Congress to modify the law.

The law already requires Internet service providers to produce the records, said Dean Boyd, a spokesman for the Justice Department's national security division. But he said as written it also causes confusion and the potential for unnecessary litigation as some Internet companies have argued they are not always obligated to comply with the FBI requests.

A key Democrat on Capitol Hill, Senate Judiciary Committee chairman Patrick Leahy of Vermont, wants a timeout.

The administration's proposal to change the Electronic Communications Privacy Act "raises serious privacy and civil liberties concerns," Leahy said Thursday in a statement.

"While the government should have the tools that it needs to keep us safe, American citizens should also have protections against improper intrusions into their private electronic communications and online transactions," said Leahy, who plans hearings in the fall on this and other issues involving the law.

Critics are lined up in opposition to what the Obama administration wants to do.

"The FBI is playing a shell game," says Al Gidari, whose clients have included major online companies, wireless service providers and their industry association.

"This is a huge expansion" of the FBI's authority "and burying it this way in the intelligence authorization bill is really intended to bury it from scrutiny," Gidari added.

Boyd, the Justice spokesman, said the changes being proposed will not allow the government to obtain or collect new categories of information; rather it simply seeks to clarify what Congress intended when the statute was amended in 1993, he argued.

Critics, however, point to a 2008 opinion by the Justice Department's Office of Legal Counsel which found that the FBI's reach with national security letters extends only as far as getting a person's name, address, the period in which they were a customer and the numbers dialed on a telephone or to that phone.

The proposed amendment would add the category "electronic communications transactional records" to the section of the law that currently lists only those items cited in the Justice legal opinion. Those four words are already in another section of the law.

The problem the FBI has been having is that some providers, relying on the 2008 Justice opinion - issued during the Bush administration - have refused to turn over Internet records such as information about who a person e-mails and who has e-mailed them and information about a person's Web surfing history.

To deal with the issue, there's no need to change the law since the FBI has the authority to obtain the same information with a court order issued under a broad section of the Patriot Act, said Gregory Nojeim, director of the Project on Freedom, Security and Technology at the Center for Democracy and Technology, a nonprofit Internet privacy group.

The critics say the proposed change would allow the FBI to remove federal judges and courts from scrutiny of its requests for sensitive information.

"The implications of the proposal are that no court is deciding whether even that low standard of 'relevance' is met," said Nojeim. "The FBI uses national security letters to find not just who the target of an investigation e-mailed, but also who those people e-mailed and who e-mailed them."

Google to Turn Over Street-View Data to Governments

NY Times

Google is bowing to the demands of four European governments and says it will begin surrendering the data it improperly collected over unsecured wireless networks.

Eric E. Schmidt, Google’s chief executive, told The Financial Times in an interview in London that within the next two days, the company would share the data with regulators in Germany, Spain, France and Italy. The data is thought to include fragments of personal information like e-mail and bank account numbers.

Google had previously resisted requests from European officials and privacy advocates to hand over the data, saying it needed time to review legal issues.

Last month, Google revealed it had been inadvertently collecting 600 gigabytes of personal data, saying that the roving, camera-mounted cars in its Street View program had collected not only photographs of neighborhoods but snippets of private information from people whose personal Wi-Fi networks were left unencrypted.

In Thursday’s interview, Mr. Schmidt said that the software code responsible for the data collection was in “clear violation” of Google’s rules.

Mr. Schmidt also said that Google would make public the results of internal and external audits of its Wi-Fi data collection practices.

Regulators in the United States have not expressed the same level of outrage over the incident as European officials have. The Federal Trade Commission has said it will take a close look at the practice, and several lawmakers have written letters to Google asking for more information about the practice. Lawsuits against Google over Wi-Fi data collection have also been filed in at least three states.

WebCam Spying Suit Triggers War of Words

eWeek

A high school assistant principal in the Lower Merion School District in Pennsylvania lashes out about the Webcam spying allegations, while the student at the center of the case says her denials fall short.

The Webcam spying allegations that have rocked Pennsylvania's Lower Merion School District turned into a verbal sparring match Feb. 24 when a high school administrator offered an emotionally charged rebuttal that the family suing the district said does not constitute a denial of relevant facts.

The parents of Harriton High School student Blake Robbins filed a class action lawsuit (PDF) Feb. 11 alleging that the school remotely activated a Webcam and took a picture of their son, which they accuse Assistant Principal Lynn Matsko of citing as evidence that he was engaged in "improper behavior in his home."

In response to what she termed "many false accusations reported about me in the media," Matsko denied any involvement in spying on Robbins or any other student.

"If I believed anyone was spying on either of my children in our home, I too would be outraged … At no point in time did I have the ability to access any Webcam through security tracking software," Matsko said. "At no time have I ever monitored a student via a laptop Webcam, nor have I ever authorized the monitoring of a student via security tracking Webcam either at school or within the home. And I never would."

She continued, "In my 10-plus years as an assistant principal I have never disciplined a student for conduct he or she engaged in outside of school property that is not in connection with school, or a school-related event. That is not, has never been and never should be my role."

Calling the allegations "abhorrent and outrageous," Matsko said she has been subjected to numerous "offensive and threatening" e-mail messages since the controversy broke.

After her statement, Robbins read a statement to the media in which he stressed that the intent of the suit was not to disparage Matsko, but to take the school board to task for green-lighting the technology involved in the accusation.

The students' MacBook laptops were outfitted with task management software called LANrev that could be used to remotely activate the Webcams. The district has characterized the technology as a security tracking feature intended to recover lost laptops, and has reported that the software had been used for this purpose 42 times as of Feb. 19.

In his statement, Robbins noted that Matsko did not deny seeing a Webcam picture and screenshot of him in his home—she denied having authorized or activated the Webcam.

"We have no reason to doubt Ms. Matsko's statement that she did not personally activate the Webcam on my computer, but that has never been the issue," he said. "The issue is that we know someone accessed my Webcam and provided Ms. Matsko with a screenshot and a Webcam picture of me at home in my bedroom."

In an interview with the Philadelphia Inquirer, an attorney representing the Robbins family claimed Matsko told the student directly that he had been observed via the Webcam "trying to sell pills."

After being notified of the lawsuit, the district disabled the feature and pledged not to re-enable it without notifying students and their family members. Meanwhile, the FBI and local investigators have reportedly opened up an investigation into the case.

California Legislator Believes Google Maps Could Aid Terrorists, Calls For Censorship

Original Story Posted to ZDNet

Imagine if all the hospitals, schools, churches, and government buildings that appear on online maps were nothing but blurs.

That would not only reduce the usefulness of things like Google Maps and Google Earth, but it would be a huge undertaking for Google and would probably violate the First Amendment.

But that's exactly what California Assemblyman Joel Anderson, a Republican from El Cajon, is proposing in a measure dubbed "AB-255."

The measure would apply to Web site operators and online services that make "a virtual globe browser available to members of the public" and fails to define what that is. It also specifies that a violation would constitute a criminal offense with fines of up to $250,000 per day.

So, all the government agencies that use Google Earth and want the public to be able to find their buildings could conceivably be in violation as well.

As justification for the proposed censorship, Anderson is citing terrorism.

"We heard from terrorists involved in the Mumbai attacks last year that they used Google Maps to select their targets and get knowledge about their targets. Hamas has said they were using Google Maps to target children's schools," Anderson told Computerworld. "What my bill does is limit the level of detail. It doesn't stop people from getting directions. We don't need to help bad people map their next target. What is the purpose of showing air ducts and elevator shafts? It does no good."

Google spokeswoman Elaine Filadelfo told Computerworld that the company hopes to talk to Anderson about the proposed legislation.

Privacy complaints have led Google to blur images of official buildings in several instances. The U.S. military banned Google from taking street view images from inside military bases and in 2007 India asked that certain government and military buildings be blurred.

Private Data Leaked From Google Docs

Originally Posted to ZDNet

Google has confirmed that a software bug in its Google Docs online applcation service exposed documents thought to be privately stored.

The problem was fixed by the weekend, and is believed to have affected only half a percent of the digital documents at a Google Docs service that provides text-handling programs as services on the Internet.

Google Docs Product Manager Jennifer Mazzon wrote the following in a message on the official Google Docs blog on Saturday:

“We’ve identified and fixed a bug where a very small percentage of users shared some of their documents inadvertently.”

“We’re sorry for the trouble this has caused. We understand our users’ concerns (in fact, we were affected by this bug ourselves) and we’re treating this very seriously.”

According to Google, the problem occurred in cases where people had chosen to collaborate on multiple documents and adjusted settings to allow access to others. Collaborators were unintentionally given permission to access documents aside from the ones intended.

“As part of the fix, we used an automated process to remove collaborators and viewers from the documents that we identified as having been affected,” Mazzon said.

“We then emailed the document owners to point them to their affected documents in case they need to re-share them.”

Google and other companies (such as Drop.io) are encouraging users to migrate online software-as-a-service and other offerings “in the cloud,” instead of using desktop software. The companies insist the move is safe, but just where do you draw the line?

Small as it is, is half a percent too risky for the cloud?

Is Google's Cloud Secure?

Originally Posted at ZDNet

A Washington-based privacy group wants the Federal Trade Commission to launch an investigation of the cloud-computing services offered by Google - including Gmail, Google Docs, Google Calendar and others - to ensure that they are as secure as Google promises they will be.

Specifically, the matters stems from reports earlier this month that a software bug in Google Docs publicly exposed documents believed to be private. The company said the glitch affected one-half of one percent of the documents stored online.

The Electronic Privacy Information Center pointed out in its petition to the FTC that Google uses language in its marketing statements that suggest to users that their documents are safe and secure and that users can “rest assured that your documents, spreadsheets and presentations will remain private unless you publish them to the Web or invite collaborators and/or viewers.”

The group cites other security breach incidents involving Google, though none since January 2007, when a security flaw involving Google Desktop was found. The group notes that the matter becomes critical because cloud computing services are growing in popularity among both consumers and businesses, greatly increasing the potential for risk.

Google said the Google Docs problem earlier this month occurred in cases where people had chosen to collaborate on multiple documents and adjusted settings to allow access to others. Collaborators were unintentionally given permission to access documents aside from the ones intended.

Qimonda Secures Infusion

As posted by: Wall Street Journal

FRANKFURT -- Qimonda AG of Germany will get a cash infusion of €325 million, or about $450 million, from major stakeholders, keeping the memory-chip maker operating into next year.

A pedestrian walks past the plant of memory chip manufacturers Qimonda and Infineon in the German city of Dresden.

Qimonda warned this month that it could run out of cash early next year if it failed to find an investor or strategic partner. The company's cash reserves have been draining as demand dropped for its DRAM chips used in mobile phones, personal computers and other consumer products.

Qimonda said Sunday it will get a €75 million loan from parent company Infineon Technologies AG, which has a 77.5% stake; a €150 million loan from the German state of Saxony, where Qimonda employs 3,200 employees in the city of Dresden; and a €100 million loan from an unnamed financial institution in Portugal.

The company employs 1,800 in Porto, Portugal.

In addition, Qimonda said it expects to receive guarantees totaling €280 million from Saxony and the German government. Based on such guarantees, Qimonda is in advanced negotiations regarding additional bank financing of €150 million, the company said.