All in Privacy + Cybersecurity

Privacy Activity in the Federal Government Ramps Up Dramatically

Federal policymakers have been grappling with many aspects of privacy these days, and this week has already seen two major developments: today’s release of privacy principles by the National Telecommunications and Information Administration (NTIA), and yesterday’s roll out of a Privacy Framework process by the National Institute of Standards and Technology (NIST). 

Important Cyber Provisions Now Law Under the 2019 NDAA

The John S. McCain National Defense Authorization Act for Fiscal Year 2019 (NDAA or the Act) (H.R. 5515) was signed into law on August 13, 2018. The appropriations law authorizes a $717 billion national defense budget and includes wide-ranging provisions on cybersecurity, touching everything from enhancing the military’s ability to respond to cyber attacks to protecting the IT supply chain and encouraging greater public-private collaboration. 

Location Services: OFF

In an August 3 memo from Deputy Secretary of Defense Patrick Shanahan, the Department of Defense (DoD) banned personnel from “using geolocation features and functionality on both non-government and government-issued devices, applications, and services while in locations designated as operational areas (OAs).”  Outside of OAs, DoD has ordered the heads of DoD Components to “consider the inherent risks associated with geolocation capabilities on devices, applications, and services, both non-government and government issued, by personnel both on and off duty.”

Treasury Report Recommends National Data Breach Law, TCPA Reforms, and More

At the end of July, the Department of Treasury released a Report on Nonbank Financials, Fintech, and Innovation. At over 200 pages, the Report is the fourth in a series on the Administration’s core principles for financial regulation called for by Executive Order 13772.  It contains more than 80 recommendations, and “identif[ies] improvements to the regulatory landscape that will better support nonbank financial institutions, embrace financial technology, and foster innovation.” 

Will Smart Homes Be a New Target for Subliminal Messaging?

A smart home device made waves recently after a report that one sent the audio of a conversation to a user’s contact without the user’s knowledge. It was an innocuous discussion about hardwood flooring, a simple speech-recognition mistake that can happen when a smart speaker is listening for its key phrase: “Alexa,” or “Hey, Siri,” or “Okay, Google.” But a recent research paper suggests that smart speakers—which can control everything from light switches to front doors to bank accounts—may be susceptible to intentional hijacking.

Industry Player Calls for Biometrics Regulation; Will Policymakers Jump?

In a recent blog post, Microsoft’s President Brad Smith called upon the federal government to regulate the proper use of facial recognition technology.  Facial recognition, which has numerous applications including detecting and locating a face in a photo, targeted advertising, and identifying anonymous images, is just one of many types of biometric identifiers.