Privacy & Data Security

Startups: Talk Data Reg with FTC Commissioner Brill

FTC1.jpg

Engine is excited to host a townhall with Commissioner Julie Brill of the Federal Trade Commission Wednesday at 4:00 pm. Join us for the event at The Hattery in SOMA (414 Brannan Street, San Francisco, California). Video will be available after if you can’t attend. We’re bringing together startups, entrepreneurs, policy wonks, and lawmakers to talk about data, privacy, and other policies that impact small businesses and technology firms. Commissioner Brill’s visit is part of the Congressional Internet Caucus’ State of the Net West series.

Why should startups care about the FTC? The agency has been working to create guidelines for businesses on consumer privacy, releasing its “final report” on the subject March 26. Data exchange is central to the relationship between internet-based businesses and their consumers. Maintaining and enhancing trust between innovators and users will be critical to the continued success of startups across the web.

While the commission has focused on large tech companies, search engines, internet service providers, data brokers, and web browsers, perspective from dynamic young companies may help in the construction of policies that preserve the internet ecosystem that has opened doors for entrepreneurs.

Large companies tend to have established practices that are easily conveyed to users and the government. Startups, on the other hand, often change strategy, business model, or size rapidly and require a great deal of flexibility. Policymakers must be mindful of these difference as they consider rules that would affect tech companies of all ages and sizes.

Data’s regulation is one of the areas addressed in the issue book we circulated at the party nominating conventions a few weeks ago. So far, the government has taken a relatively low-impact approach to the regulation of data in the form of privacy, cybersecurity, and data breach rules. Calls for the government to become more involved have intensified in recent years. It’s critical that startups and entrepreneurs make their voices heard in this debate to ensure that the opportunity to innovate remains open.

Dialogue between entrepreneurs and lawmakers like Commissioner Brill will be critical to the success of government and business. For new rules to effectively protect customers, businesses must be able to grow, innovate, and offer new products to consumers. Engine’s goal is to foster these connections, inject startups into the policy dialogue, and promote entrepreneurship in Washington and beyond.

Photo courtesy of Priya Deonarain.

June 13 Midweek Policy Update

This week in Washington: Cybersecurity legislation may move forward in the Senate, ICANN releases a list of proposed generic top-level domains, the United States Patent Office promotes clean energy partnerships.

Cybersecurity

Senate Majority Leader Harry Reid put his colleagues “on notice” June 10, calling on democrats and republicans to work together to pass cybersecurity legislation that has stalled in previous Senate sessions. The bill faces stern resistance from many technology-focused groups concerned about its impact on privacy.

Open Data

Representative Darrell Issa announced on June 10 the OpenGov Foundation at the Personal Democracy Forum in New York City. OpenGov would allow citizens to actively engage in the policy-writing process through open, web-based technology. Issa is looking for developers to build the tool.

Patent

The USPTO held a meeting of clean technology stakeholders in an effort to improve and expand its clean technology program. Issues discussed included the importance of regional accelerators and an update on cleantech patents.

Spectrum

The FCC holds an open meeting June 13 in which the commissioners will consider moves to make more efficient use of high frequency spectrum for a nationwide interoperable public safety network.

DNS

Also on June 13, the International Corporation for Assigned Names and Numbers (ICANN) holds a press conference unveiling the generic top-level domains applied for in the organization’s expansion program. The application window for the new domains -- which could include .lol and .nyc -- closed May 30. A release from the organization reports that more than 1,900 applications were received.

Midweek Policy Roundup

Immigration

Senators Jerry Moran, Mark Warner, Marco Rubio, and Chris Coons introduced Startup Act 2.0 on May 22, building on measures introduced in December 2011 that create more visas for immigrants with advanced degrees in STEM fields, among other critical reforms for startups. Engine’s coverage here.

Privacy

The Federal Trade Commission announced the final agenda for a May 30 workshop focused on privacy disclosures for advertising and social media on mobile devices. The workshop, titled “In Short: Advertising & Privacy Disclosures in a Digital World,” will include participants from companies such as Facebook, Groupon, and TRUSTe. 

The FTC also announced the hiring of Paul Ohm, an associate professor at the University of Colorado, to serve as senior policy advisor for consumer protection and competition issues in the agency’s Office of Policy Planning. Mr. Ohm specializes in information privacy, computer crime law, intellectual property and criminal procedure, according to his personal website

Spectrum

The Federal Communications Commission held a workshop on channel sharing May 22. Channel sharing is an approach to broadcasting where two stations use the same broadcast infrastructure and television channel. This may maximize the amount of spectrum available in new wireless auctions. The commission will also consider a report and order on plans to ease the transition from 2G to more advanced technologies at its open hearing May 24

Cybersecurity

On May 21, Senator Ron Wyden gave a speech on the Senate floor opposing any cybersecurity legislation that would limit Americans’ privacy. The speech came as the Senate is said to be considering new cybersecurity legislation. Watch the speech here

Midweek Policy Highlights

This week in Washington: the FTC goes deeper on privacy, Facebook amends its SEC filing to account for potential regulatory review, and immigration and spectrum remain hot topics.

Finance

Facebook amended its S-1 filing with the Securities and Exchange Commission ahead of its initial public offering May 15. The filing extended the expected closure date of the $1 billion Instragram purchase from the second quarter of 2012 to 2012 generally. The move could signal deeper scrutiny by regulators on the competitive impact of the deal. Currently, the transaction is in a procedural 30-day review under the Hart-Scott-Rodino Act premerger notification program. Engine will continue to monitor the review and its potential impact on future startup acquisitions.

Privacy

Associate director of the Federal Trade Commission’s division of privacy and identity protection Maneesha Mithal spoke at a Congressional Internet Caucus event on Monday about the agency’s recent report on privacy. She highlighted recent settlements with social networks including MySpace that involved companies’ adherence to their privacy policies.

Edward Felton, the agency’s chief technologist on leave from Princeton University’s Center for Information and Technology Policy, also blogged this week on the technical details of recent moves by the government to address privacy on social media platforms.

Immigration

Engine blogged earlier this week on moves by the Department of Homeland Security and Congress that may help startups gain access to more highly-skilled immigrant workers. Senator John Cornyn is said to be introducing a bill that would boost the number of visas available to immigrants with graduate degrees in science, technology, engineering, and mathematics fields.

Spectrum

Federal Communications Commission chairman Julius Genachowski is slated to give a speech May 17 at 10:30 EST on spectrum reallocated to support “medical body area networks” (MBAN). GE Healthcare and Philips Healthcare are scheduled to demo MBAN devices. Repurposing spectrum for new technologies is a major priority to open innovation across industries and MBAN is a major development in the healthcare field. A live stream can be viewed here.

Health IT Dashboard Opens More Government Data

Developers have expanded access to government health IT data through a dashboard released Wednesday -- a move which opens up possibilities for the creation of new applications and tools in the health IT sector. The Heath IT Dashboard allows the public to track and analyze data from the Office for the National Coordinator for Health IT. The information is beneficial to the startup ecosystem, expanding a valuable toolkit for the development of products using data.

Open government data can fuel products that empower citizens and

grow businesses. At a May 7 Code for America event in San Francisco, Ellen Miller of the Sunlight Foundation and Tom Steinberg of MySociety demonstrated tools built on government data that give everyday individuals valuable information on government services and a voice in their communities. These web-based tools demonstrate the potential market for developers to both build businesses and add value to local, state and national governments.

There are plans to expand the dashboard in June. More data are to be added on electronic health records and other health care technologies implemented by the federal government. Technology may play a critical and non-partisan role in making care more affordable, accessible, and straightforward for patients in the United States.

In addition, the expansion of wired and wireless broadband to remote communities may open the door to telemedicine for rural Americans. Mobile medical applications and innovative medical devices offer the opportunity for startups to make a move into the health care market as well. Open government data is one step to opening up data-driven innovation across government and industry, with health care representing just one field for growth.

Privacy from a Developer's Perspective

Micah

 

Micah Jaffe is the Engineering Lead at Hattery, working on iOS and Android development with one published app on iTunes. After 15 years as a developer in Silicon Valley at Stanford, Yahoo and many startups he has a special interest in and appreciation for the legal and ethical issues which developers must navigate. Follow him on Twitter @zeade.

Data is at the core of mobile technology offered by startups across the United States. The popularity of smartphones, tablets and other connected devices has led to an explosion of data consumption and generation by consumers. Pervasive mobile technologies -- paired with new businesses, social networks, and applications -- have created opportunities for innovators to grow a vibrant market of applications. Aggregate data from Google and Apple show 40 billion downloads of available mobile apps, according to a March post by Flurry and a May post by the Verge

Reviews, geolocation, status updates, and a host of other information create a base upon which thriving startups provide exciting and unforeseen services to consumers. Without access to this data, many companies growing the national economy would not have the opportunity to develop new products or enhance services for their customers.

It is in this context that lawmakers in the U.S. and around the world are considering new rules and regulations for consumer privacy protection. The Federal Trade Commission released its final report on consumer privacy in March including recommendations for businesses and policy makers. The FTC also announced a workshop on mobile privacy to be held May 30, 2012. 

Despite efforts in Washington, the requirements and responsibilities for app developers remain unclear. There seems to be a broad, if unofficial, consensus that the app maker should be accountable for consumer privacy -- but there isn’t a roadmap for developers to navigate this challenging legal landscape.

Last week I attended the App Developer Privacy Summit, hosted by the Future of Privacy Forum. The event’s purpose was to engage mobile app developers on present and emerging privacy regulation on the use of consumer data in apps. As a developer, this seemed like a rare opportunity to have some of my questions about privacy answered and to participate in the process of policy development. However, I was disappointed with the lack of clarity provided to developers on how to implement sound privacy practices.

What we need is a new perspective on privacy. Often, when we say “privacy,” we really mean “trust of personal information.” A privacy policy is about creating trust, and when a user feels that trust has been broken, that’s when strong measures like litigation come into play. App makers must be vigilant -- and government should legislate accordingly -- to protect and secure personal information online.

The fact is, there are very few practical tools to achieve perfect compliance with the demands for consumer privacy, especially for startups. Small business startups are feeling the most pressure; as the financial and opportunity cost expended on understanding and complying with policy become larger and the fear of litigation grows. To prevent a chilling effect on innovation in the mobile app space, there needs to be a transparent process that clearly dictates the following:

  • To policy makers: what compliance looks like.
  • To developers: transparency regarding the spirit of what you’re planning to do with the consumer data you collect.
  • To the users: clear expectations of what specific types of information will be used for regardless of context, in order to “future-proof” the process.
  • To the enforcer: when to enforce based on what contravenes “safety” in this space.

These are the questions that should be addressed in state and federal legislation. Too much regulation, poorly conceived regulation, or ill-informed enforcement must be avoided. Private sector solutions may prove to be the best way forward.

Clear privacy policies are a good start -- like those created by generators including iubenda and other concise policies. Clear communication of the spirit of the policy in regards to the app is also important. For example, it’s expected that an address book app would in fact read your address book, but taken out of context, that behavior seems much more sinister -- as was the case with Path.

By altering our approaches to these types of data, policy makers and app developers can move the privacy debate into new territory and take steps to create an environment where startups will continue to thrive. I’m hopeful that government and startups will take the right steps together toward security, privacy, and openness by developing more a mutual understanding of data.

Another Way to Start the Conversation

Startupweekend

This past weekend in Seattle, the first ever government focused Startup Weekend was held in City Hall. It followed the usual Startup Weekend model of building a product over the span of just one weekend, but with a special emphasis on taking advantage of open data to build businesses that worked with government to provide a product or service to the public. Seattle Mayor Mike McGinn, already a big proponent of open data, opened the event.

If you’re not already familiar with Startup Weekend, it’s an event series hosted worldwide in which enterprising developers, designers, and business experts come together, pitch ideas for businesses, form teams, and then get it done -- all in the span of a weekend. Come Sunday night, the teams present a demo of their product and their business plan in a pitch, and the best are selected as winners.

In this session, there was no shortage of ideas to fuse open data with private sector entrepreneurship, from web and mobile apps that engaged with arts and events data, to local community volunteer opportunities, socially curated legislation, and a directory for Seattle’s best locally grown businesses. WhichBus, a public transit trip planner that showed route safety based on crime data, tied first place with ArtRover, a mobile app that used geolocation technology and data on public art works to make the art of Seattle’s streets easier to access. The teams from these apps will meet with Mayor McGinn to discuss their business ideas. 

Participants proved their mettle at finding private sector solutions to public sector challenges, often under the mentorship of local government attendees, and in a shorter time than many who are familiar with the general timeline in the public sector might think possible. And while these businesses are not fully formed at the end of a weekend, some teams will stick together and keep working at it.

Zachary Cohn, facilitator of the event, noted Startup Weekend’s knack for bridging divides for common cause -- the Startup Weekend held in Gaza sparked business ideas that Israelis and Palestinians formed teams to work on together in easy accord, he said. With previous successes like that, bridging the divide between public data and private sector entrepreneurship was easy by comparison. And the teams that competed this past weekend demonstrated this, with great ideas transforming into great products in a very short amount of time.

Startup Weekend hopes to continue these open government workshops, including one coming up in Washington in June. We’re very supportive of their efforts and look forward to working with companies that grow out of these and other Startup Weekends in the months and years to come.

 

Splunk IPOs, The Need For Data Scientists Remains

Big data may be the next big thing in business and innovation, but is the United States developing systems and training the experts needed to tackle the opportunities presented by the growing collection of unstructured data?

Big data can be amazingly powerful. If properly harnessed, big data processing can deliver cutting edge business intelligence or be used in developing cures for diseases. Decoding the first human genome -- that’s analyzing 3 billion base pairs -- took 10 years the first time it was done in 2003. Now we can do it in a week. So, there are ways of managing these vast amounts of digital data. But there are relatively few solutions for management of big data right now.

Companies like Splunk provide end to end tools for big data management, and their initial public offering proved that the market for these tools is wide open. A Wall Street Journal article identified the biggest detriment to our ability to use and understand big data as a lack of data scientists who are trained specifically in managing and understanding the unique workings of big data.

It’s an emerging field, and that means we have to play catch up with education, and in the meantime, harvest talent from wherever we can get it to ensure that we harness the capabilities of big data.

CISPA Amendments Submitted, Concern Remains

Members of the House of Representatives submitted a slew of amendments to CISPA this afternoon in an effort to address the concerns of many in the digital activist community, including the Electronic Frontier Foundation and Center for Democracy and Technology. The amendments aim to protect consumer privacy, restrict the amount of time that information may be retained by the government, and prevent data mining of information generated by the private sector for cybersecurity purposes, among other changes submitted by lawmakers.

The proposed amendments haven’t satisfied all concerns -- CDT released a statement following rumors that they had dropped their opposition to the bill, saying that although the potential changes are promising, the issues of flow of internet data directly to the NSA, as well as the use of information for purposes unrelated to cybersecurity still need to be addressed.

Engine dropped its formal opposition to CISPA after working with the House Permanent Select Committee to remove provisions dealing with intellectual property, which, as written, left open the potential for innovation-crippling abuses.

House Intelligence Committee Releases Discussion Draft of CISPA

Policy Update

This afternoon, the House Permanent Select Committee on Intelligence released a revised discussion draft version (text here) of the Cyber Intelligence Sharing and Protection Act, or CISPA — a piece of important cybersecurity legislation. We in the startup community raised concerns about the bill’s broadly defined terms, which posed a potential threat to innovation. Others even drew comparisons with SOPA and PIPA. In this draft, substantive changes have been made which, in our eyes, have significantly improved the bill.

We raised concerns — specifically around the inclusion of intellectual property, definitions around private and government information, and regulatory burdens for small business — directly with the Committee and with the office of Chairman Mike Rogers (R-MI). The Committee has taken into consideration our concerns as well as others from the community and has released a revised version of the bill. The new version preserves CISPA’s stated purpose of protecting networks and systems and preventing theft of information from these networks, while enhancing clarity around the focus of the bill.

The willingness of the Committee to work with those in our community was heartening. We were able to craft legislation that protects sensitive data — such as Research and Development and financial records — without including provisions that are harmful to technology startups.

Engine is committed to acting in the best interests of our community, and that includes protection of the critical infrastructure and networks upon which our companies are built. With these changes in place, Engine no longer opposes the legislation. We will continue to monitor CISPA through the amendment process to ensure that these changes stick so that our community is protected and innovation can thrive.

Child Protection in the Digital Age

This week, Engine is fortunate to have Alan Simpson (no, not the former senator of Wyoming) posting here about online child safety. We’ll be seeing that post later this week, but in the meantime, we want to share the scope of the existing debate around the pros and cons of new media for the under-13 set.

Here’s a little background: the main piece of legislation that has dealt with children’s safety online for the past decade is the Children’s Online Privacy Protection Act of 1998 (COPPA). COPPA mandates specific requirements that web operators must adhere to for children under that age of 13 — namely requiring parental permission before collecting any personal information from children and not distributing the information to third parties. Standard stuff.

The bill was written over ten years ago, though, and technology has changed markedly in that time — social media, smartphones, and tablets have made COPPA both restrictive in some areas and inadequate in others. Amendments were proposed last year by the FTC to ease the way for parental authorization and to institute additional protections for location based and facial recognition technologies.

The FTC amendments were lauded by the internet community, who had long seen COPPA as a thorn in its side. The legislation, for instance, prevents children under the age of 13 from signing up for Facebook, which CEO Mark Zuckerberg said impedes the educational potential of social networking. Zuckerberg may not be the most impartial commentator on the issue, but he is not alone; plenty of others advocate for the educational possibilities of new technology.

Alan Simpson is one of those advocates. His argument? It doesn’t matter whether you think the internet is good or bad — It’s not going away. This is a world in which kids are growing up and media is a huge part of their lives. There are enormous positives that come out of that, and there are also things that you as a parent might decide are negative. The positives are pretty universal: the opportunities especially in education and learning that new media create for kids and adults are widespread. Giving people more tools to address the downsides — without dismissing the positives — allows parents to maintain the ability to be a filter without having to completely ban a technology which is an integral part of our lives now and will be even more so in 10, 20 years time when these kids are entering the workforce.

Look out for Simpson’s post here in the next couple days.

70 Groups Ask Congress to Halt Work On SOPA and PIPA

In the wake of all successful protest movements, once the dust settles, the time comes to take positive action. With SOPA and PIPA dead in the water, thanks to the sustained and comprehensive efforts of the internet community; the thousands of phone calls we made, the millions of us that signed Google’s petition, it’s time for our community to come up with alternative legislation - a solution that addresses online copyright infringement without compromising free speech and innovation. 

A letter sent today to Congress and signed by 70+ companies, including Engine, Mozilla, and Public Knowledge, urged Congress to “to take a breath, step back, and approach the issues from a fresh perspective.” 

The letter warned against repeating the mistakes of SOPA and PIPA, and requested that legislative debate surrounding the issue be “open, transparent, and sufficiently deliberative to allow the full range of interested parties to offer input and to evaluate specific proposals.” That means taking into account the views from tech companies and media companies. It means seeking out information and statistics from unbiased sources.

It means keeping the users of the internet in the loop, because our input matters, and we have shown that we can and will make ourselves heard.

Read the letter, in full, here from Public Knowledge.

#censorship? Not So Much.

The well-publicized January 18th blackout was so effective for SOPA and PIPA opposition that legions of Twitter users refused to Tweet last Saturday, January 28th, organizing their go dark movement via #TwitterBlackout. The protest was over a change in Twitter’s censorship policy, and, perhaps still rabid over the (very real) threat to open internet, Twitter users flew their freedom of speech flags defiantly.  Given a few days to meditate on the issues at hand, though, it seems clear that the righteous indignation of these protesters may have been a little hasty.

Twitter will indeed be censoring tweets - on a country by country basis according to the laws of the country being tweeted in. So, if a country’s government outlaws certain content, offending tweets will be taken down - but only in that country. Olivier Basille, from Reporters Without Borders, drafted a letter urging Twitter to reconsider a policy that from his point of view, kowtows to localized censorship and could therefore potentially contravene international free speech standards.  Basille posits that the change will stifle online dissidents who have previously used Twitter to great effect to stay informed and organize protests, such as last year’s social media fuelled revolution in Egypt.

But there are plenty of arguments to suggest that this won’t be the case.  For starters, the new policy differs from their previous one in only one respect: until now, these tweets would have had to be blocked worldwide. This means that instead of completely censoring any content deemed illegal by any government, all content will be available everywhere, with limitations only in effect for the country with the legality issue. And for those worried that localized censorship will hinder activism, John Castone over at Mashable makes a good point when he says that activists are smart enough to tweet in code if need be.  Twitter explicitly says they can’t block a user unless there is “valid and applicable legal order”.

Furthermore, Twitter will be posting all its take downs on watchdog site ChillingEffects.org. It’s also worth noting that all sites have to censor content to stay within the bounds of the law (in order to avoid being shut down) -- including eBay, Google, and Facebook. Most of them just don’t tweet about it.

On balance, it appears there will actually be less censorship than before - and more transparency when censorship does occur. As effective an activism tool as it has proven to be, even Twitter can’t operate outside of the bounds of the law. By complying with government regulations, despite any questions as to the morality of these laws, the platform can remain in countries where activism might be needed most.