Here are three privacy & security things you should know for your week:
1. FTC Cites TRUSTe With Misrepresenting Practices – Fines $200,000
Apparently TRUSTe hasn’t been quite so …. the fine is part of an agreed settlement with the FTC, under which the Commission has charged the “certification” company with misrepresenting practices to consumers and — contrary to its stated policies — failing to conduct annual re-certifications of companies around 1,000 times between 2006 and 2013. “TRUSTe promised to hold companies accountable for protecting consumer privacy, but it fell short of that pledge,” Edith Ramirez, the F.T.C.’s chairwoman, said in a statement. “Self-regulation plays an important role in helping to protect consumers. But when companies fail to live up to their promises to consumers, the F.T.C. will not hesitate to take action.”
FTC Press Release
PCWorld – TRUSTe Deceived Consumers About Recertification Program, FTC Says
Washington Post – Latest FTC enforcement action shows why it’s so hard to figure out who to trust online
UPDATE (11/19): TRUSTe’s Statement regarding the FTC action.
2. FBI Investigating US Government Agency Breaches Linked to Hacking
The FBI has announced that is has opened investigations into hacking attacks on the State Department and the US Postal Service that appear to be linked to espionage. “We are aware of these reports and are working with our interagency partners to investigate the matter,” FBI spokesman Joshua Campbell said in an e-mail to Bloomberg News. He declined to comment on any link between the State Department and White House attacks.
At least four government agencies and some private businesses have been disrupted in recent weeks by attacks that have been blamed on Russian or Chinese hackers. The National Oceanic and Atmospheric Administration last week reported four Web sites were hacked in recent weeks.
“The compromise of public and private sector systems is something we take very seriously, and the FBI will continue to investigate and hold accountable those who pose a threat in cyberspace,” the FBI’s Campbell said.
According to a Bloomberg News report, the rash of attacks have renewed efforts by lawmakers to pass legislation that would allow agencies and companies to share information about hackers in order to better secure vital public and private computer networks.
“Criminals, hacktivists and nation states are attacking our government networks at an alarming rate,” Rep. Michael McCaul (R-Texas), chairman of the House Homeland Security Committee, said in a statement.
The number of reported breaches on federal computer systems surged to 46,605 in 2013 from 26,942 in 2009, according to the U.S. Computer Emergency Readiness Team
“Every day that Congress does not pass vital and bipartisan cybersecurity legislation is a day Congress leaves this country vulnerable to these persistent and increasingly dangerous attacks,” McCaul said “If a larger attack occurs, it’s going to be on Congress for not acting.”
The Alliance of Automobile Manufacturers and Association of Global Automakers signed off on the code, which was presented to the FTC last week. Between them, the groups count 19 companies as members, including Chrysler, Ford and General Motors.
The announcement comes several months after the European Commission announced that two European standards-setting organizations had already completed the basic set of standards for connected cars and a year after the U.S. General Accountability Office (GAO) issued a report critical of automakers for offering only vague and “broadly-worded” explanations of data sharing practices. “Without clear disclosures, risks increase that data may be collected or shared for purposes that the consumer is not expecting or might not have agreed to,” the GAO report stated. It remains to be seen how automakers will incorporate the new voluntary Privacy Principles to better communicate with the auto-buying public.