All in Privacy + Cybersecurity
Federal policymakers have been grappling with many aspects of privacy these days, and this week has already seen two major developments: today’s release of privacy principles by the National Telecommunications and Information Administration (NTIA), and yesterday’s roll out of a Privacy Framework process by the National Institute of Standards and Technology (NIST).
Today, the Department of Energy (“DOE”) published a Request for Information (“RFI”) regarding smart technology, adding to the regulatory efforts swirling around IoT.
The John S. McCain National Defense Authorization Act for Fiscal Year 2019 (NDAA or the Act) (H.R. 5515) was signed into law on August 13, 2018. The appropriations law authorizes a $717 billion national defense budget and includes wide-ranging provisions on cybersecurity, touching everything from enhancing the military’s ability to respond to cyber attacks to protecting the IT supply chain and encouraging greater public-private collaboration.
In an August 3 memo from Deputy Secretary of Defense Patrick Shanahan, the Department of Defense (DoD) banned personnel from “using geolocation features and functionality on both non-government and government-issued devices, applications, and services while in locations designated as operational areas (OAs).” Outside of OAs, DoD has ordered the heads of DoD Components to “consider the inherent risks associated with geolocation capabilities on devices, applications, and services, both non-government and government issued, by personnel both on and off duty.”
At the end of July, the Department of Treasury released a Report on Nonbank Financials, Fintech, and Innovation. At over 200 pages, the Report is the fourth in a series on the Administration’s core principles for financial regulation called for by Executive Order 13772. It contains more than 80 recommendations, and “identif[ies] improvements to the regulatory landscape that will better support nonbank financial institutions, embrace financial technology, and foster innovation.”
On the heels of Microsoft President Brad Smith’s call for the federal government to regulate facial recognition technology, five Democratic members of Congress have penned a letter to the Government Accountability Office (GAO) asking the agency to study commercial and government use of facial recognition technology.
A smart home device made waves recently after a report that one sent the audio of a conversation to a user’s contact without the user’s knowledge. It was an innocuous discussion about hardwood flooring, a simple speech-recognition mistake that can happen when a smart speaker is listening for its key phrase: “Alexa,” or “Hey, Siri,” or “Okay, Google.” But a recent research paper suggests that smart speakers—which can control everything from light switches to front doors to bank accounts—may be susceptible to intentional hijacking.
In a recent blog post, Microsoft’s President Brad Smith called upon the federal government to regulate the proper use of facial recognition technology. Facial recognition, which has numerous applications including detecting and locating a face in a photo, targeted advertising, and identifying anonymous images, is just one of many types of biometric identifiers.