The Federal Trade Commission (FTC) has introduced a new “Click-to-Cancel” rule aimed at simplifying the process of canceling subscriptions. The rule ensures that canceling a service will be just as easy as signing up for it, addressing widespread complaints about the difficulties consumers face when trying to end recurring payments.

From Click-to-Sign-Up to Click-to-Cancel

Let’s get one thing straight: companies have been playing dirty. They’ve made it easy to sign up for their services—just a click here and a tap there—and boom, you’re locked into a subscription. But when it comes time to cancel? It’s like you’re trying to break out of a bureaucratic maze. “Too often, businesses make people jump through endless hoops just to cancel a subscription,” said FTC Chair Lina M. Khan. “The FTC’s rule will end these tricks and traps, saving Americans time and money. Nobody should be stuck paying for a service they no longer want.”

The FTC’s new rule levels the playing field, requiring companies to provide a cancellation option that’s just as simple as the one they used to reel you in. Whether you’re dealing with a streaming service, a gym membership, or an online magazine, canceling will soon be as easy as signing up.

The “negative option” loophole is finally closing

The rule is about shutting down shady practices known as “negative option” programs. These are the sneaky setups where companies treat your silence as consent to keep charging you. Whether it’s automatic renewals, free trials that morph into paid plans, or subscriptions buried in fine print, negative option programs have been a thorn in consumers’ sides for years.

As Erin Witte, Director of Consumer Protection for the Consumer Federation of America, bluntly put it: “No subscription business model should be structured to profit from a gauntlet-style cancellation process.” With this new rule, the FTC is taking a sledgehammer to these deceptive practices. Companies will no longer be able to hide behind legalese or obscure terms that trap consumers in unwanted subscriptions.

Under the new rule, companies are required to be upfront about their subscription terms, and they can’t charge you unless you give explicit consent. This means no more fine print surprises or vague auto-renewal clauses. As Shennan Kavanagh from the National Consumer Law Center pointed out, “People should be able to click to unsubscribe just as easily—not spend months trying to cancel unwanted subscriptions.”

FTC is hunting Amazon and judge approves it

However, the Click-to-Cancel rule doesn’t completely slam the door on corporate shenanigans. A proposal that would have forced companies to send consumers annual reminders about their subscription status didn’t make the final cut. So, while it’s now easier to cancel, companies are still free to try and sweet-talk you into staying before you pull the plug.

The rule is a significant step in the right direction, but it’s just the beginning. The FTC receives thousands of complaints every year about negative option programs, and the number has been steadily increasing. In 2024 alone, the agency was hit with nearly 70 complaints a day, up from 42 per day in 2021. The subscription trap is a billion-dollar industry, and companies won’t give up their recurring revenue without a fight.

Commissioner Lina Khan and her allies at the FTC are determined to keep pushing for consumer-friendly reforms. “The FTC’s new rule is an important recognition of the struggles consumers have been facing to free themselves from hidden contract language and misleading practices,” said Kavanagh. But as Kavanagh noted, there’s still more work to be done. Congress and state legislatures may need to step in to provide even stronger protections for consumers.

What’s next for consumers?

The Click-to-Cancel rule takes effect 180 days after it’s published in the Federal Register, which gives companies some time to clean up their act. When it goes live, expect your subscription landscape to change dramatically. Whether you’re a serial subscriber or someone who falls for the occasional free trial, canceling a service will soon be a pain-free process.

No more waiting on hold, no more searching through endless account settings, and no more having to plead your case to some retention specialist. The days of subscription traps are numbered, and the FTC is leading the charge to give control back to consumers. As Kavanagh succinctly put it, “We hope the FTC does not close the door to future rulemaking and that Congress and the states will go further to provide consumers even more transparency and control.”

Featured image credit: Kerem Gülen/Ideogram

So, a federal judge just cleared the way for the Federal Trade Commission (FTC) to move forward with its antitrust case against Amazon. The FTC is accusing Amazon of using its market power to unfairly dominate, particularly by punishing sellers who offer discounts outside of Amazon and pushing them to use its fulfillment services to get better placement on the site.

Why judge approves FTC’s antitrust suit against Amazon

Amazon had tried to get the case thrown out, but the judge, John Chun, said no to most federal claims based on antitrust laws like the Sherman Act. Some claims related to state laws were dismissed, but those might get another shot after some tweaks.

“We are pleased with the court’s decision and look forward to moving this case forward. The ways Amazon illegally maintains its monopolies and the harm they cause — including suppressed competition and higher prices for shoppers and sellers — will be on full display at trial. This case ultimately seeks to pry loose Amazon’s monopolistic control and restore competition,” FTC spokesperson Douglas Farrar stated.

The FTC is happy with the outcome so far, saying this case is about showing how Amazon’s actions harm competition and raise prices for everyone. They want to break up what they see as Amazon’s monopolistic control. Amazon, on the other hand, is downplaying the ruling. Their spokesperson pointed out that at this early stage, the court has to assume everything the FTC says is true, but they’re confident the FTC won’t be able to back up these claims once the trial starts.

The judge’s decision doesn’t guarantee how things will end, though. Chun said it’s too early to consider Amazon’s defense, like any arguments that their practices benefit competition, but those will come up during the trial. The case will also be split into two parts: first, figuring out if Amazon is actually guilty, and if they are, then deciding on any consequences.

This is a big deal, and it’s similar to what’s happening with Google’s antitrust trials, where major tech companies are being called out for their market practices. All eyes will be on the courtroom to see how it plays out.

Featured image credit: Kerem Gülen/Ideogram

The Federal Trade Commission (FTC) has taken legal action against five companies for deceptive practices related to their AI technologies, following through on its commitment to regulate unethical AI use.

These lawsuits come under the FTC’s “Operation AI Comply,” targeting firms that either exaggerated their AI’s capabilities or used it to break the law.

The cases in focus

Three of the companies—Ascend Ecom, Ecommerce Empire Builders, and FBA Machine—are fighting the allegations in court. They were accused of selling get-rich-quick schemes that claimed their AI-driven tools could create profitable online stores. Instead, these promises led to consumers losing millions, as the profits never materialized.

Each of these companies has been issued court orders to cease operations while the cases unfold.

Misleading AI in action

FTC Chair Lina Khan emphasized that the misuse of AI for fraudulent purposes is illegal, stating, “The FTC’s enforcement actions make clear that there is no AI exemption from the law”.

The crackdown is part of the agency’s larger mission to protect consumers from deceptive practices and ensure ethical AI development.

Settled cases: DoNotPay and Biden robocalls

Two companies have already settled with the FTC. One of the more familiar names, DoNotPay, known for its “robot lawyer,” was fined for misrepresenting its AI as a legal substitute. Despite the hype, it failed to deliver services that matched real human lawyers, leaving users with incomplete documents and unresolved issues.

The company agreed to pay $193,000 and notify past users of its limitations.

In a separate case, Steve Kramer, who created AI-generated robocalls impersonating President Joe Biden, was fined $6 million by the FCC. The calls violated the Telephone Consumer Protection Act, and further lawsuits against Kramer are ongoing.

Rytr’s AI review generator on the scope

The most controversial case involves Rytr, an AI company that allowed users to generate fake online reviews. This practice violated the FTC’s rules on deceptive advertising, especially since many of these fake testimonials contained false details unrelated to the products or services in question.

Although the FTC’s decision was contentious, with some commissioners dissenting, Rytr has agreed to stop offering its AI review-generating services.

Critics of the case, including former FTC Chief Technologist Neil Chilson, argue that holding AI companies responsible for user-generated content sets a dangerous precedent. He expressed concerns that this decision could stifle innovation by penalizing developers for how users misuse their tools, even if the company itself didn’t cause harm.

What’s next?

The FTC’s actions mark a significant moment in regulating AI technologies. While some worry this could stifle innovation, the agency is standing firm on enforcing consumer protection laws, making it clear that AI developers must be accountable for how their technology is used.

As AI continues to evolve, this might be just the beginning of stricter oversight in the industry.

Featured image credit: Emre Çıtak/Ideogram AI

FTC and Fortnite have reached a $245 million settlement over accidental in-game purchases, allowing players to apply for refunds. The regulatory body contended that design elements misled players into unintentional buying, an issue that culminated in a settlement that’s a segment of a larger $520 million agreement disclosed last December.

How to claim a Fortnite refund through the FTC?

To claim your refund, head over to http://www.ftc.gov/Fortnite. According to the FTC, eligibility for a refund is determined if any of the listed conditions on the site are met:

You were charged in-game currency for items you didn’t want between January 2017 and September 2022

Your child made charges to your credit card without your knowledge between January 2017 and November 2018

Your account was locked between January 2017 and September 2022 after you complained to your credit card company about wrongful charges

For those under 18 interested in obtaining a refund, the FTC specifies that a parent will have to fill out the form on your behalf. Once you confirm your eligibility, you’ll be asked for either the claim number provided by the FTC or your Epic Account ID to proceed.

Be aware that the cutoff date for applying for your share of the Fortnite and FTC settlement is January 17, 2024. The actual amount to be refunded will vary, hinging on a few variables, including the total number of claims made. As for when you can expect to receive the payment, the FTC has yet to announce a mailing date.

If you’re planning to request a refund, you’ll need either your claim number or your Epic Account ID.

Where to find Epic ID?

If you haven’t received an email containing your claim number, you can easily find your Epic Account ID using the following methods:

On web:

• Navigate to www.epicgames.com.
• Select “Sign-in” located in the upper right corner of the webpage.
• Log in to your Epic Games account.
• Move your cursor over your Epic Games account name and click on “Account.”
• Your Epic Account ID will be displayed under the “Account Information” section.

In Fortnite:

• Launch the Fortnite game.
• Once you’re in the lobby, locate the main menu by clicking on the gear icon in the upper left corner.
• After the menu opens, click on “SETTINGS.”
• Go to the “ACCOUNT AND PRIVACY” tab.
• Hover your cursor over the area that says “EPIC ACCOUNT ID.” Your Epic Account ID will then be displayed on the right-hand side of the screen.

Behind the scenes of FTC Fortnite lawsuit

Last December marked a pivotal moment in gaming and regulatory oversight when Epic Games, the creator of Fortnite, agreed to a landmark $520 million settlement with the FTC. This colossal figure comprises a $275 million penalty and an additional $245 million earmarked for refunds to impacted players.

FTC vs Epic Games

The crux of the dispute revolved around the FTC’s assertions that Epic Games committed serious breaches of the Children’s Online Privacy Protection Act (COPPA). Firstly, the FTC claimed that Epic knowingly gathered personal data from underage players without first securing parental consent.

This allegation was bolstered by evidence such as Fortnite-focused surveys, marketing materials aimed primarily at children, and internal communications within the company. In spite of being aware of their young user base, Epic had imposed cumbersome processes for parents who sought to delete their children’s data and at times failed to honor these requests altogether.

The FTC pointed out inherent risks in Fortnite’s default settings back then. The game had automatically enabled text and voice chats, thereby placing minors in potentially harmful interactions with strangers. Issues ranging from bullying to exposure to emotionally damaging topics had been flagged as early as 2017 by Epic staff, but the warnings were largely ignored.

FTC leak reveals discless Xbox and new Bethesda games

The FTC also accused Epic Games of employing “dark patterns” in Fortnite to manipulate users into unintentional purchases. These design tactics included misleading button placements and the capacity for single-click purchases without confirmation. In some instances, players inadvertently bought items during game loading screens or when waking the game from sleep mode.

Until 2018, the game had even permitted children to buy the in-game currency, V-Bucks, without the necessity for parental or cardholder approval. Additionally, if a player contested any unauthorized purchases via their credit card companies, Epic would lock the account, rendering all previous purchases inaccessible.

Featured image credit: Kerem Gülen/Midjourney

• Quick take: The FTC leak divulges key details about the discless Xbox Series X and Bethesda’s upcoming game releases, pointing to a transformative year ahead in gaming.
• Core insight: The FTC leak uncovers future technology products, raising questions about data safety and confidentiality in revealing upcoming projects from Microsoft and Bethesda.
• What’s next: Given the credibility of the FTC leak, both Microsoft and Bethesda may need to accelerate their official announcements to manage public expectations and maintain the momentum of their upcoming releases.

Amidst recent FTC leak documents, exciting information has surfaced regarding a Discless Xbox Series X makeover, slated for a 2024 release, according to The Verge. Codenamed Brooklin, the leaked plans unveil Microsoft’s intent to revamp its flagship gaming console. The same documents have lifted the curtain on Bethesda’s future game projects, highlighting their ambitions for truly groundbreaking titles.

The disclosed information doesn’t just provide a sneak peek at what Microsoft aims to achieve with its gaming hardware; it also offers a revealing look at the remarkable endeavors Bethesda is undertaking. The FTC leak essentially acts as a treasure map to Bethesda’s gaming roadmap for the coming years.

The discless Xbox unveiled during the FTC leak

The discless Xbox Series X will take on a more cylindrical form and ditch the disc drive. Exclusive Microsoft documents show it will have an expanded 2TB of storage and a USB-C port that comes with power delivery, alongside an “all-new, more immersive controller.”

A new controller, dubbed Sebille, will be unveiled later this year. It will be fitted with an accelerometer to support gyro controls. The controller will offer cloud-direct connection, Bluetooth 5.2, and an improved “Xbox Wireless 2” connection. Further specs for the controller include “precision haptic feedback” and “VCA haptics double as speakers.” The buttons and thumbsticks are quieter, and it comes with a rechargeable, swappable battery and modular thumbsticks. The controller will wake up when lifted.

Internally, the redesigned discless Xbox Series X will boast Wi-Fi 6E and Bluetooth 5.2 capabilities. The company is minimizing the current die to 6nm “for improve efficiency.” The FTC leak also indicates that the power supply unit’s power consumption will go down by 15%. The console is expected to retail for the same $499 as its predecessor.

According to the FTC leak, Microsoft’s future plans include this redesigned Xbox Series X and an updated Xbox Series S, featuring 1TB of storage. A recent black version of the Series S has been released, but another update is anticipated in 2024, with the inclusion of Wi-Fi 6E and Bluetooth 5.2.

Bethesda’s future games also made an appearance in Microsoft’s roadmap, which was mentioned in the leaked documents. Console customization, possibly through Microsoft’s Xbox Design Lab program, is among the company’s long-term goals set for 2030. However, it’s worth noting that, according to the same FTC leak, this initiative isn’t fully financed yet. An Elite controller upgrade is also in the pipeline, expected to inherit the features of the main controller redesign.

Microsoft is eyeing next September for the release of the updated Xbox Series S, followed by the discless Xbox Series X refresh in November.

Bethesda to release Dishonored 3, Doom Year Zero, Oblivion Remaster and Fallout 3

Bethesda has an action-packed pipeline, according to the FTC leak, with new game releases spanning from classics to entirely fresh titles. Next year, Bethesda aims to roll out a new Indiana Jones game and refresh The Elder Scrolls IV: Oblivion.

By fiscal year 2023, gamers can look forward to Doom Year Zero. Although specifics are scant, id Software’s ongoing work on the new id Tech Engine suggests this upcoming Doom installment will leverage it.

Employees are given three options as seen in the VMware leaked email

The road ahead is even more exciting as Bethesda is setting the stage for highly anticipated launches, including The Elder Scrolls VI, Fallout 3 Remaster, Dishonored 3, and a follow-up to Ghostwire: Tokyo. However, it’s unlikely that these projects will be ready for release in FY24E.

This isn’t mere speculation; it’s all corroborated by a court document, making the FTC leak a credible source. Overall, this accidental disclosure could be seen as a setback for Bethesda, but it’s a windfall for gamers keen on what the future holds for the studio’s lineup.

Featured image credit: Kerem Gülen/Midjourney

Amazon FTC settlement was announced today by Federal Trade Commission (FTC). Amazon has agreed to pay more than $30 million to resolve two separate privacy lawsuits alleging that the firm breached consumers’ privacy through its Alexa voice assistant and its Ring doorbell cameras.

In the first case, a parent claims that Amazon improperly collected and stored their child’s voice recordings and geolocation data in violation of the Children’s Online Privacy Protection Act (COPPA). The complaint also claims that Amazon did not comply with parents’ requests to erase such information.

The second claim is that Amazon has been misleading people about what it does with the information it gathers through Alexa and Ring devices. The complaint states that Amazon misrepresented the extent to which consumers might exercise choice over Amazon’s collection and use of their personal information.

Zoom Settlement: Is Epiqpay legit?

Amazon FTC settlement: Ring and Alexa privacy violations cost over $30 million

Amazon FTC settlement for Alexa will cost $25 million because it broke the Children’s Internet Privacy Protection Act. Amazon was accused by FTC Consumer Protection Director Samuel Levine of putting “privacy for profits” by “flouting parents’ deletion requests.”

“We built Alexa with strong privacy protections and customer controls, designed Amazon Kids to comply with COPPA, and collaborated with the FTC before expanding Amazon Kids to include Alexa,” Amazon said in a statement on Wednesday. “As part of the settlement, we agreed to make a small modification to our already strong practices and will remove child profiles that have been inactive for more than 18 months unless a parent or guardian chooses to keep them.”

In the Amazon FTC settlement for Ring, the FTC claims that Amazon’s 2018 acquisition of the firm gave employees and contractors access to customers’ private footage. Poor security measures meant that some accounts may be compromised. The FTC has issued an order mandating that Ring pay $5.8 million to be utilized for customer refunds.

“Ring promptly addressed the issues at hand on its own years ago, well before the FTC began its inquiry,” Amazon said. “Our focus has been and remains on delivering products and features our customers love, while upholding our commitment to protect their privacy and security.”

In addition to the monetary payment, Amazon has agreed to implement the following privacy measures:

• Create a new privacy policy for Ring devices that is more transparent about how Amazon collects and uses data.
• Give users more control over their privacy settings, including the ability to opt out of data collection and sharing.
• Implement stronger security measures to protect user data.
• Train its employees on privacy compliance.

While Amazon strongly disagrees with the FTC’s claims about Alexa and Ring, the firm hopes this settlement will help put the controversy to rest.

Insecure digital environment’s latest big settlements: Equifax & T-Mobile

The credit reporting firm Equifax acknowledged on September 7, 2017, that one of its computer networks had had a data leak that had exposed the personal information of 143 million clients, which eventually rose to 147 million. These records included information about the customers’ names, residences, dates of birth, Social Security numbers, and credit card numbers, all of which may be exploited for fraud and identity theft.

Equifax agreed to establish a fund to provide customers with free credit monitoring, identity theft protection, and cash compensation of up to $20,000 per to people harmed by the event, per the deal’s conditions. Additionally, the company must pay court fees and government fines.

Take a closer look at how data breaches effects companies: Equifax Data breach settlement

The cybersecurity vulnerability was first disclosed by T-Mobile and was made public on August 16, 2021. According to reports, almost 77 million consumers’ personally identifiable information was stolen due to the T-Mobile data breach. This contained database data such as addresses, dates of birth, social security numbers, driver’s license numbers, unique IMEIs and identification codes for client phones, etc.

If granted, the $350 million T-Mobile deal will represent US history’s second-largest payment for a data breach.

Take a closer look at how data breaches effects companies: T-Mobile Data Breach Settlement

Other settlements that made the news this year: Epic Games settlement, ATT settlement, Tiktok data privacy settlement, Snapchat privacy settlement, and Google location tracking lawsuit settlement

Data breaches and hacks are today’s biggest problems. Check out the latest data breaches for more information:

• CHI Health data breach
• Facebook data breach
• Uber security data breach
• American Airlines data breach
• Medibank cyber attack
• Binance hack

There is a chance that regulatory agencies and governments will look into and impose sanctions on Twitter as a result of a number of damning revelations about the company’s cybersecurity methods and regulations.

The shocking revelations were disclosed in an over 80-page filing to the US Securities and Exchange Commission (SEC), copies of which CNN and The Washington Post were able to obtain.

What are the claims regarding Twitter cybersecurity issues?

Peiter “Mudge” Zatko, the whistleblower, previously served as Twitter’s head of security and reported to CEO Parag Agrawal. Zatko is a well-known ethical hacker and a leading player in the cybersecurity field. As a member of organizations like L0pht and Cult of the Dead Cow, he helped shape much of the early development of the industry.

He joined Twitter during the administration of Agrawal’s predecessor, platform creator Jack Dorsey, to assist in addressing the platform’s security issues in the wake of a 2020 cyberattack in which prominent accounts, including those of Jeff Bezos, Bill Gates, and Elon Musk, were compromised by cryptocurrency scammers. However, his employment was terminated in early 2022.

After trying in vain to convince Twitter to address its issues, Zatko claims he is now speaking up. He said that Agrawal and others prevented him from providing the organization’s board of directors with accurate facts and discouraged him from doing so.

Zatko described an organization plagued with poor security practices and mismanagement, one that gave way too many insiders unrestricted access to crucial data and platform features, in the disclosure, which was also forwarded to the US Congress and other agencies of the US federal government in July.

Cybersecurity experts in the UK are on the same page about Computer Misuse Act reform

Twitter was charged by Zatko with trying to hide a number of significant weaknesses, deceiving its board and regulators, and thus opening the door for hostile activity from cybercriminals and nation-state spy agencies. In fact, he asserted, there might be adversarial spies working for it right now.

He continued by asserting that the site had been deceiving customers into thinking their data had been wiped after canceling their accounts when this was not necessarily the case.

Technically speaking, Zatko further asserted that Twitter continues to function on aging, obsolete server architecture that is not patched, lacks proper security, and has shoddy mechanisms in place to restore data centers from unanticipated outages.

Additionally, he claimed that the organization lacked the motivation to control a large number of bots using the site. Elon Musk’s decision to back out of his attempt to acquire Twitter, which is currently the subject of legal action, was influenced by this issue.

Enterprises need to improve secure service access (SSA) by adopting the latest solutions

Twitter responded to Zatko’s charges by claiming that Zatko was terminated in January 2022 due to “ineffective leadership and poor performance.”

“What we’ve seen so far is a false narrative about Twitter and our privacy and data security practices that is riddled with inconsistencies and inaccuracies and lacks important context,” stated a Twitter spokesperson.

“Mr Zatko’s allegations and opportunistic timing appear designed to capture attention and inflict harm on Twitter, its customers and its shareholders. Security and privacy have long been company-wide priorities at Twitter and will continue to be.”

Agrawal reaffirmed this in a message to employees distributed via Twitter, adding: “We will pursue all paths to defend our integrity as a company and set the record straight.”

US senators from Illinois and Iowa, Dick Durbin and Chuck Grassley, who are members of the Senate Judiciary Committee and were copied on the report, said Zatko’s charges required more research to determine the truth.

Massive data sets, poor security measures, and exposure to adversarial nation-state actors, according to Grassley, are a “recipe for disaster.” He said that Zatko’s assertions caused the US to seriously question its national security.

Richard Blumenthal of Connecticut, a third senator, claimed he had written to the Federal Trade Commission (FTC) pleading for it to look into the matter. In 2011, after the FTC settled with the company, Twitter was forbidden from “misleading consumers about the extent to which it protects the security, privacy, and confidentiality of non-public consumer information.” The FTC had previously looked into claims that Twitter had misled customers about the security of its service. According to Zatko’s allegation, Twitter appears to have violated this agreement.

Zatko was also defended by members of the security community, who fought back against Twitter’s denials. Aaron Turner, the CTO for software-as-a-service (SaaS) solutions at threat detection expert Vectra, was one of them.

“I’ve known Mudge since his days at Cult of the Dead Cow. When I was at Microsoft, he and the Stake team helped us fundamentally improve our security strategy and tactics. As I’ve worked across government projects over the last 20 years, I would say that his work at Darpa made a significant difference in the way that the US government approached cybersecurity,” stated Turner.

“He has always had the highest level of integrity and also adheres to the highest technical standards of development and operation of systems. If Mudge says that Twitter has cybersecurity problems, Twitter has some big problems,” he added.

TikTok data privacy concerns push companies to review their social media strategies

Turner, who oversaw Twitter’s investigation into the 2020 crypto hoax, claimed that he had personally arrived to the conclusion that Twitter lacked the necessary privileged user management safeguards and procedures governing the division of duties between sysadmins and developers.

“If Mudge’s disclosure is correct, that Twitter has a significant system hygiene problem combined with the user management controls and policies, then Twitter’s entire platform is at risk of compromise,” he added.

The vice president of research and development at Arctic Wolf, Daniel Thanos, also defended Zatko, stating that Mudge is a well-known and respected pioneer in the field of cybersecurity and that his remarks should not be dismissed.

Thanos claims that the allegations against Twitter indicate a pattern common to other social media businesses experiencing security and privacy issues. He lamented the fact that social media corporations far too frequently fail to confront these problems openly and sweep them under the rug.

“All of these events have proven that self-policing isn’t going to work anymore. These social media entities are behaving as publishers now, which requires a high level of public trust. With that comes certain security and transparency responsibilities that are clearly not being met,” he said.

“Twitter has the same insider threats as many other companies. Since it has become a vital source of information, it must make sure its internal security controls maintain the highest level of security and privacy. This is absolutely fundamental due to the trust users are placing in it,” he added.

“These organizations are often faced with balancing an expanded security apparatus and a scalable revenue-generating product. Many of the shortcomings are readily addressable through various integrated security technologies that grow with the revenue-generating production environment, including visibility of all assets on the network and where they’re communicating,” explained Ed Hunter, CISO at cloud security firm Infoblox.

However, these problems are not limited to the world of social media. Anyone who regularly follows the cybersecurity news cycle is well aware that poor security hygiene, and sometimes even purposeful disregard for best practices, are all too common.

For instance, according to Julia O’Toole, CEO of access management expert MyCena, some of Zatko’s accusations should make people realize how out of touch they are with data protection. “Organisations must begin to realize that they are responsible for their data and have a duty to keep it safe. However, by allowing employees to create their own passwords and passkeys to access critical data, they are losing that control,” she said.

“No organization ever allows employees to make their owns keys to access a physical office, yet they allow employees to create their digital keys to access their data, which is undoubtedly their most valuable asset today. We need to address this vulnerability to truly improve security,” she added.

The incident, according to Thanos, also demonstrated how crucial it is for security leaders at any organization to maintain a direct line of communication with the board that internal stakeholders cannot cross. He asserted that everyone should be concerned by Zatko’s claims of interference on the part of senior Twitter figures.

“Mudge was hired to do a job by the previous CEO on this issue and on the insider threat problem, but the patterns of interference that many transformational CISOs face seem to have all been exhibited here. Anyone who cares about the mission we are on as a security community will want to see Mudge prevail for the good of the entire industry,” explained Thanos.

Federal Trade Commission (FTC) commissioner Julie Brill has voiced concerns about the way consumer apps collect and use health data. She raised the issue during a round-table discussion at The Hill’s Tech in Policy event in Washington DC this week. Brill remarked that the collection and use of data ought to be considered tantamount, and the collection of health data in particular needs to be regulated and restricted.

“There have been incredible developments in mobile technology that help students learn and improve health outcomes,” Reed said in a statement. “We need a regulatory environment that encourages innovation while protecting consumers in areas that make a real difference in our lives.”

She referred to the oft-cited case of Target, who are able to predict the pregnancies of their female customers using big data, and then present them with personalised ads for pre-natal and post-natal products. One woman’s family discovered her pregnancy through the targeted ads on her computer.

Brill is leading the FTC’s efforts to evaluate- and if necessary, regulate- consumer privacy in healthcare and technology. Healthcare data privacy as covered in HIPAA is not the FTC’s usual remit, but they are ready to intervene if they determine health app developers aren’t being transparent with consumers about their data is being collected and used. Brill raised the concern that the new & innovative methods used in data capture and transformation pose a serious compliancy challenge to health laws established in the twentieth century, when such technology didn’t exist.

If the FTC does clamp down on health data collection, it prove a serious obstacle to companies innovating in this field. But, it could improve the transparency and security of data for end-users, too.

Read more here.
(Image credit: NYU)

Facebook is again under attack, this time by U.S Senator Mark R. Warner, who is asking the Federal Trade
Commission to inspect the social network’s use of big data. The cause of this is a controversial experiment
conducted by Facebook on a share of its users. In statement on
this topic, the Virginia senator said: “I think the industry could benefit from a conversation about what
are the appropriate rules of the road going forward.”

The study in question was performed in 2012, when Facebook manipulated the content of some 689,003 users
in English-speaking countries to see how much it would affect their mood. This again was analyzed through
their own status updates, using language analysis systems. Warner suggests that the experiment stands in
conflict with the consent agreement they drew up with the FTC in 2011 and section 5 of the FTC act,
concerning “unfair or deceptive acts or practices.”

As we have already reported, despite the impact of this experiment and the implicit power
of Facebook and its founder Mark Zuckerberg, Facebook is appraised by academic
parties for the amount of research that they open up to the public; this study was published in the
Proceedings of the National Academy of Sciences. But Electronic Privacy Information Center doesn’t share their enthusiasm; they recently filed a complaint to the FTC claiming that Facebook is guilty of violating its task to protect user privacy and of using deceptive trade practice.

In Warner’s letter to the FDC he raises the question whether in times of immense big data collection and
analysis through social networks, it would be useful to establish a framework, possibly overseen by the FTC,
to regulate such practices. While Facebook was under no requirement to have the moral impact of its study
evaluated by any independent agency, Warner wonders if this might become necessary in the future. He also
makes the suggestion that users should be provided with more agency over the use of their data for such
purposes, a question that has remained unanswered in reports on the topic. Same goes for informing users
about the public presentation of the data collected through this experiment. Yet Warner does not necessarily
support an increase of federal regulation, but favors a self-regulation of the industry.

“It’s clear that people were upset by this study and we take responsibility for it. We want to do better in the future and are improving our process based on this feedback,” a Facebook spokesman said in response. “The study was done with appropriate protections for people’s information and we are happy to answer any questions regulators
may have.”

So far, the FTC has not commented on the content of Warner’s letter. In response to the criticism on this study,
a Facebook researcher has defended the company’s conduct by explaining that its main goal was to reflect on a public concern about the impact of negative status updates on users’ emotions and their use of the social
network. In two parallel experiments the algorithm either reduced or increased the amount of negative
emotional content on users; news feeds, in a procedure that “was consistent with Facebook’s Data Use Policy,
to which all users agree prior to creating an account on Facebook, constituting informed consent for this
research.” according to the paper’s authors.

(Image credit: Flickr)

Read more here.
(Image credit: The Open Data Institute)

Follow @DataconomyMedia

Interested in more content like this? Sign up to our newsletter, and you wont miss a thing!

[mc4wp_form]

Collecting personal information in the world of Big Data has its advantages; it allows companies to prevent fraud for instance, and personalise our online experiences. But it also has a more nefarious side; personal data can be hacked, allowing strangers access to our most intimate personal details. And it’s not just criminals who might be peering at our private information; in the US, there has been uproar about the NSA’s surveillance of its own citizens. It with this dark underbelly of data in mind that the Federal Trade Commission published their report on Big Data, calling for greater transparency and greater control for the consumer.

FTC Chairwoman Edith Ramirez vocalised her concerns over how much personal data is available to big companies today. “The extent of consumer profiling today means that data brokers often know as much – or even more – about us than our family and friends, including our online and in-store purchases, our political and religious affiliations, our income and socioeconomic status, and more,” she stated. “It’s time to bring transparency and accountability to bear on this industry on behalf of consumers, many of whom are unaware that data brokers even exist.” Ramirez, and the 110-page report, emphasise just how much the most influential companies know about us, and just how little we know about them.

Once they’ve collected the data, a company’s knowledge can have a tangible impact on the consumer’s life. The FTC cite “bike enthusiasts” as an example; if you’re considered to be in this category, you may receive personalised discounts on motorcycles, but you may also be charged heftier insurance premiums without ever knowing it. The FTC has made extensive recommendations on how to improve this, starting with a centralised portal where big data brokers must disclose any data they’ve collected on an individual, and from where. If the FTC succeeds in its plans, consumers would not only be able to view data collected, but also amend any errors, or potentially opt out altogether.

Data privacy has become a widely-discussed issue in the US, following on from a White House report on the matter earlier this month. Jeffrey Chester, director of the Center for Digital Democracy, believes the FTC’s report offers a much more extensive outlook and robust strategy than its White House counterpart. “Unlike the White House’s Big Data reports issued earlier this month, the FTC study provides a much more realistic—and chilling—analysis of an out of control digital data collection industry,” he stated.

And it’s not just America who are growing increasingly uneasy about the scale of data collection. The European Court of Human Rights recently ruled that Google and its competitors had to consider requests by individuals to have their information removed from search engine results. There seems to be a growing call internationally for a system of checks and balances to be put in place in the almost unregulated world of big data.

Read more here.
(Image credit: Technology Review)