Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Democrats Government Privacy The Internet United States Technology Your Rights Online

Democratic Senators Propose 'Privacy Bill of Rights' To Prevent Websites From Sharing Or Selling Sensitive Info Without Opt-In Consent (arstechnica.com) 136

Democratic Senators Edward J. Markey (D-Mass.) and Richard Blumenthal (D-Conn.) today proposed a "privacy bill of rights" that would prevent Facebook and other websites from sharing or selling sensitive information without a customer's opt-in consent. The proposed law would protect customers' web browsing and application usage history, private messages, and any sensitive personal data such as financial and health information. Ars Technica reports: Markey teamed with Sen. Richard Blumenthal (D-Conn.) to propose the Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act. You can read the full legislation here. "Edge providers" refers to websites and other online services that distribute content over consumer broadband networks. Facebook and Google are the dominant edge providers when it comes to advertising and the use of customer data to serve targeted ads. No current law requires edge providers to seek customers' permission before using their browsing histories to serve personalized ads. The online advertising industry uses self-regulatory mechanisms in which websites let visitors opt out of personalized advertising based on browsing history, and websites can be punished by the Federal Trade Commission (FTC) if they break their privacy promises.

The Markey/Blumenthal bill's stricter opt-in standard would require edge providers to "obtain opt-in consent from a customer to use, share, or sell the sensitive customer proprietary information of the customer." Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service. The FTC and state attorneys general would be empowered to enforce the new opt-in requirements. The bill would require edge providers to notify users about all collection, use, and sharing of their information. The bill also requires edge providers "to develop reasonable data security practices" and to notify customers about data breaches that affect them.

This discussion has been archived. No new comments can be posted.

Democratic Senators Propose 'Privacy Bill of Rights' To Prevent Websites From Sharing Or Selling Sensitive Info Without Opt-In C

Comments Filter:
  • Consent (Score:5, Insightful)

    by Anonymous Coward on Tuesday April 10, 2018 @05:03PM (#56414875)

    The consent shouldnâ(TM)t be for using or sharing your data, it should be for collecting it in the 1st place

    • by Anonymous Coward

      "shouldnâ(TM)t" Congratulation it's 2018 and we have lost the ability to write normal text. While James Burke's connections series is running on the 2nd. screen and is talking about the 500 years old printing press and typesetting.

    • by dohzer ( 867770 )

      Do you mean like that sentence in the Terms and Conditions that you agree to without reading?

      • by rtb61 ( 674572 )

        No more like the laws governing psychotherapists, you know they can not publish your details. So more in that regard, you start to gather too much data and that data constitutes a potential harm to the individuals psychology via manipulation, would be considered excessive and banned. Pretty much tie all data to what the individual, individually approves, no blanket approvals. Approvals sought and confirmed for all data types and specifically renewed once a year with details provided for what information is

      • The way the tech companies will get around it is to have an Opt-In checkbox that will be checked by default and buried somewhere in the EULA/TOS, so when users say that they agree to the EULA/TOS without actually having read the legalese, the companies can say that the customers agreed to have their data mined.
    • There needs to be permission to collect the data to be able to operate a social media service, and creating an account would seem to fulfil your criterion in relation to information volunteered. This is a pretty standard term in existing laws relating to data processing.
    • Honest question here: How do you propose being able to use Facebook for people who want to refuse to consent to them collecting their data? Isn't that a bit like telling someone to build a website for you but forbidding them from storing the text you want to display on the pages?

    • Absolutely!

      Yet, it'd be interesting to see how this all can be enforced.
  • by Anonymous Coward

    A good effort in principle but ultimately worthless, all websites/apps will do is add "you explicitly consent to allow X" in their TOS and carry on as usual. a firmer action would be to make any TOS that is over 1 A4 page long legally invalid.

    • Re:Worthless (Score:5, Informative)

      by BradyB ( 52090 ) on Tuesday April 10, 2018 @05:27PM (#56414977) Homepage

      A good effort in principle but ultimately worthless, all websites/apps will do is add "you explicitly consent to allow X" in their TOS and carry on as usual. a firmer action would be to make any TOS that is over 1 A4 page long legally invalid.

      Precisely what I came into here to comment on. You nailed it. No teeth.

      • a firmer action would be to make any TOS that is over 1 A4 page long legally invalid. Wouldn't they just use an insanely small font then and call it a win?

    • Re: (Score:2, Insightful)

      by iamhassi ( 659463 )
      Exactly. How can legislators not see that this is worthless? We will have a pop up on every website/app demanding CONSENT and if we click NO the website/app won't let us have access. Congratulations on passing a law to add another pop up to all websites and apps.
      • Re: (Score:3, Insightful)

        by pak9rabid ( 1011935 )
        Because they don't care. This is just a song-and-dance to their constituents to look like give a shit.
        • Re:Worthless (Score:5, Informative)

          by thomst ( 1640045 ) on Wednesday April 11, 2018 @12:13AM (#56416357) Homepage

          pak9rabid snorted:

          Because they don't care. This is just a song-and-dance to their constituents to look like give a shit.

          No. No, it's not.

          First of all, Markey and Blumenthal's constituents neither know nor care about privacy considerations on the Web. Like most Americans (and Brits, and Aussies, and the bulk of Internet users everywhere), they haven't bothered to inform themselves about it, nor do they want to, because it's too confusing and "technical" for them to grasp. Secondly, there really hasn't been any groundswell of demand for such protections. Most of the outrage has been generated by journalists - some of whom actually do know a little bit about the implications of data breaches.

          More to the point, both Markey and Blumenthal are among the most tech-savvy legislators in Congress. They've both been opponents of restrictions on encryption and the efforts of law enforcement to get Congress to mandate back doors for their convenience. They're both suspicious of stingray cell phone data collection. They genuinely give a damn about their constituents' rights online and off - not because that plays well with voters, but because it's a subject that goes to the heart of Constitutional protections against unjustified government intrusion on individual liberty.

          Oh, and because corporate intrusions on individual privacy are, in the age of AI, potentially an even greater threat to civil liberties, as evidenced by Cambridge Analytica's conveyance of FB users' private information to the ethical black hole that now occupies the Oval Office.

          How your fact-free, unsupported opinion on this topic achieved plus ANYTHING "Informative" is beyond me ...

          • by mvdwege ( 243851 )

            How your fact-free, unsupported opinion on this topic achieved plus ANYTHING "Informative" is beyond me ...

            Because it is the kind of fact-free libertard ranting "Tuh Govemment is bad!1!!1!" that appeals to the basement dwelling nerds that resent living under their parents' authority but are too much of a failure to make it out on their own.

            And lots of these losers read Slashdot and ipso facto have mod points.

            • by thomst ( 1640045 )

              I confessed:

              How your fact-free, unsupported opinion on this topic achieved plus ANYTHING "Informative" is beyond me ...

              Prompting mvdwege to explain:

              Because it is the kind of fact-free libertard ranting "Tuh Govemment is bad!1!!1!" that appeals to the basement dwelling nerds that resent living under their parents' authority but are too much of a failure to make it out on their own.

              And lots of these losers read Slashdot and ipso facto have mod points.

              You are, of course, correct, sir.

              (I'm certain you were aware that I knew that to begin with, but - taking your .sig into account - posted your explanation anyway, for the edification and amusement of the /. masses. And to bait the bears, obviously ... )

          • First of all, Markey and Blumenthal's constituents neither know nor care about privacy considerations on the Web. Like most Americans (and Brits, and Aussies, and the bulk of Internet users everywhere), they haven't bothered to inform themselves about it, nor do they want to, because it's too confusing and "technical" for them to grasp.

            I agree with most of your post, but I somewhat disagree with this part. Markey represents Massachusetts, and there is a pretty large number of intelligent, technically-knowledgeable people there.

            • by thomst ( 1640045 )

              I asserted:

              First of all, Markey and Blumenthal's constituents neither know nor care about privacy considerations on the Web. Like most Americans (and Brits, and Aussies, and the bulk of Internet users everywhere), they haven't bothered to inform themselves about it, nor do they want to, because it's too confusing and "technical" for them to grasp.

              Prompting Dragonslicer to observe:

              I agree with most of your post, but I somewhat disagree with this part. Markey represents Massachusetts, and there is a pretty large number of intelligent, technically-knowledgeable people there.

              Obviously including you. (I say "obviously" because you used the appropriate state-of-being verb construction to agree in number with the subject of your final clause. Most people would've used the incorrect "are.")

              The thing is, Markey also represents all the Southies, and other high-school dropouts, near-dropouts, and people who barely managed to obtain their GEDs in Massachusetts. And, Harvard, Yale, and other such institutions notwithstandi

      • Reeeeeeeeeeeeeeetaaaaaaaaaaaaaaaaard

        "Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service."

      • Re:Worthless (Score:5, Informative)

        by thomst ( 1640045 ) on Tuesday April 10, 2018 @11:53PM (#56416323) Homepage

        iamhassi blathered:

        How can legislators not see that this is worthless? We will have a pop up on every website/app demanding CONSENT and if we click NO the website/app won't let us have access. Congratulations on passing a law to add another pop up to all websites and apps.

        From TFS:

        Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service.

        If you're going to opine about something, you might want to try knowing what the fuck you're talking about ...

    • Re:Worthless (Score:5, Informative)

      by HeckRuler ( 1369601 ) on Tuesday April 10, 2018 @05:59PM (#56415129)

      When you're the minority party in congress you can make a bunch of "good effort" bills that sound great to the voting masses but have no prayer of passing so as to not anger your donors.

      Both sides do it. I'm honestly not sure why we even let minority parties propose bills when the answer is just going to be "haha, no." Even if it was a damn good bill that everyone agreed on, they'd still block it simply so they could propose it themselves. Passing a bill is a good metric on your record. Hell, remember how much they fought over RomneyCare? They'd even fight it on the principle that the other side proposed it.

      • No matter what the details of any such legislation, you and I both know it wonâ(TM)t matter one damn to the NSA
        • Last I checked, the NSA did not run popular large-scale social media web sites...

          • Right, just "THE PHONE SYSTEM" [wikipedia.org]. I hear some people use it to, like, talk to people and stuff. Although I hear even with that massive farm out in Utah, they can still only store 3 days of traffic.

            • But... this bill doesn't target phone calls. It targets hosts of web sites. I'm not trying to say the NSA doesn't collect information - they obviously do. I'm saying they don't have any real reason to care about *this* bill, because it doesn't affect their affairs.

    • I can print any TOS on one A4 page.

      Provided I have a good enough printer with enough resolution, that is...

    • by mvdwege ( 243851 )

      Thank goodness that shit is going to be illegal in the EU soon.

    • I would add a minimum text size to that.
    • Except they state: "Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service."

    • Actually, I could see them offering an opt-out tier of service - limited function, limited bandwidth, and far, far more ads.

  • This will never happen as there are simply to many of the politicians from both sides on the take from the parties that make billions a year from our stolen/ proffered data. I like the concept but in the end regardless of who controls the government this will never make it out of committee.
    • well, the R's will butcher it more than the D's will.

      the R's sold us all out with the loss of net-neutrality (plus about a billion other things since the orange idiot has begin his plunder). they are clearly not for 'the people'. never really were, in recent memory.

      the D's are bought and sold, too; but they aren't quite as blatant about selling our privacy. I don't hold much hope, but if any party is going to fix this, its the D and not the R.

  • by rsilvergun ( 571051 ) on Tuesday April 10, 2018 @05:06PM (#56414897)
    let me laugh even harder.
    • by AmiMoJo ( 196126 )

      Well they are going to have obey the new European rules that are coming in, or get heavily fined and eventually shut down. So if the US simply adopted very similar rules, it would be as easy for Facebook to comply as adding the US to the list of places where it has to respect privacy.

  • by ezdiy ( 2717051 ) on Tuesday April 10, 2018 @05:13PM (#56414923)
    Presumably the bill doesn't cover data already farmed without consent, only further farming from now on.

    It could be argued that FB has farmed as much data as possible already (since its popularity is more or less shrinking now). Zuck's move is "I got mine, now let's make sure nobody else gets hands on it".

    Reminder that this discussion isn't about privacy, but straight competition between data brokers. Massive, and accurate human behavior corpuses, of which FB is one of the largest repository will be monetized in machine learning models soon enough.

    I also wonder if google search will become pay service now, or what?
    • The EU's GDPR rules cover old data too. These last few months I've been getting emails from companies asking for permission to keep my data on file. If I ignore them (don't give consent) they have to delete that data.

      In fact my own company is scrambling to get all the people on it's spam^H^H^H^H marketing mailing lists to agree to continue receiving emails, otherwise their email addresses have to be scrubbed.

    • This is about selling/sharing, not collecting. Collection of data will continue same as ever. You can certainly make an argument that it's in the interests of Facebook to stop sharing people's personal info and start protecting their data hoard. That's the approach Google has taken all along -- Google doesn't like to share your info, they like to make advertisers pay to benefit from proprietary Google data that won't be shared with them.

      • by ezdiy ( 2717051 )
        > Collection of data will continue same as ever.

        I didn't read the bill, only TFA summary, and the way I grok it is that sure, they can continue capture data all they want, but it won't longer be useful for arbitrary purpose as it is now. Meaning if the bill passes, and somebody puts scrapped data to some commercial use beyond the scope of the original service, they could be facing class action lawsuit should this come out to light.

        Indeed this looks like 180 pivot into google direction, just more ev
  • by Anonymous Coward

    These rules should apply to all businesses (and people) who obtain private information for a particular purpose.

  • This is, at best, a half measure.

  • by markjhood2003 ( 779923 ) on Tuesday April 10, 2018 @05:27PM (#56414981)
    The proposed US legislation looks weak compared to the EU General Data Protection Regulation (GDPR). Why should people in the US have weaker protection? Facebook and other data collectors should be required to conform to a GDPR equivalent in the US and North America.
    • by Anonymous Coward

      Why should people in the US have weaker protection?

      Greed.

      Facebook and other data collectors should be required to conform to a GDPR equivalent in the US and North America.

      American: "no durn tootin' way some otha' country's gonna tell ME what to do. DON'T TREAD ON ME."

  • by pots ( 5047349 ) on Tuesday April 10, 2018 @05:38PM (#56415021)
    The principle excuse trotted out for stripping away privacy protections from ISPs [eff.org], was that those protections didn't apply to websites or other tech firms. So protecting peoples' privacy wasn't fair or something... I didn't really follow that argument, but I don't think that was the point. They just needed some nonsense that they could repeat over and over again until some people started to believe it.

    Now we have a bill doing the opposite, I'm interested to see the argument they make in opposition to this one. Granted, since they're not overturning an existing rule they don't need to work as hard in justifying it, so they'll probably just trot out one of their old standbys. Something like: "Regulations bad! Thog smash responsible government!"

    However, I would love it if they just flipped that shit around and went full doublethink on us.
  • by HeckRuler ( 1369601 ) on Tuesday April 10, 2018 @05:39PM (#56415027)

    Customer Online Notification for Stopping Edge-provider Network Transgressions (CONSENT) Act

    Initially I balked at the introduction of a new bullshit term like "edge-provider", but that's a mighty fine acronym.

    And why do online services get specific punishment? Why not apply this to grocery stores? I don't want HyVee telling anyone I buy 10lbs vats of mayonnaise. (don't judge me).

    How about we extend "Browsing history" to the real world. I don't think we want companies tracking and who entered their store and what they looked at. The age of ubiquitous cameras, face-recognition, and customer databases is upon us. With a high enough resolution camera, they could even track where your eyeballs are pointed.

    Do you want a list of everyone who ever entered a gun store? Do you want to see who shops at the thrift-mart AND the ... gucci-emporium? Do you want your health insurance provider to know how often you stop at McDonalds?

    If you're going to squawk at Facebook abusing "customer" data, you might as well take a closer look at the potential abuse of everyone else's databases.

    • by Ichijo ( 607641 )

      I don't think we want companies tracking and who entered their store and what they looked at.

      That's what exactly salesmen do whenever you walk into a store, only instead of storing the information magnetically, they store it in their own grey matter. But I like your way of thinking--let's ban salesmen!

      • If they develop mentats that can remember a timestamp of every customer that walks in through the door for decades, then YES, that should be addressed.

        But as for now, we should probably acknowledge that computers fundamentally change the nature of the game and keeping databases of everyone's movements turns what was a perfectly normal and more or less unabuseable tidbit of knowledge into the building block of a dystopian nightmare.

        AND, remember, this bill is NOT about what people remember or what databases

    • ... Do you want your health insurance provider to know how often you stop at McDonalds?

      Hey, I stop at McDonald's almost every time I take bike ride. That's usally 3-4 stops a week. I get all the iced tea I want for $1 and no fat or calories. (Well, maybe one or two from the lemon juice I squeeze into it.) With the temperature at 98F (36C) today, I drank quite a bit of tea for my $1 and my insurer would think it's great. Just don't eat anything there!

      And, FWIW, the term "edge" has been standard networking

    • Initially I balked at the introduction of a new bullshit term like "edge-provider", but that's a mighty fine acronym.

      INAA*.

      I don't want HyVee telling anyone I buy 10lbs vats of mayonnaise. (don't judge me).

      I suggest that, next time, you try reversing the order in which you present those two particular fragments.

      *It's Not An Acronym.

  • When I read the definition of "edge service" it's suspiciously specific, but [excuse]my imagination is tired right now[/excuse]. What kinds of things are not edge services under this bill? (i.e. Who bought an exemption?)
    • Thats the point. This is how Markey and Blumenthal are paying back to their donors. All the corporations that arent an "edge provider" becomes indemnified with the same stroke of the pen that pretends to be for your benefit.
  • First Amendment? (Score:5, Interesting)

    by mi ( 197448 ) <slashdot-2017q4@virtual-estates.net> on Tuesday April 10, 2018 @05:52PM (#56415097) Homepage Journal

    This is, quite literally, an attempt by Congress to make a law limiting the Freedom of Speech: prohibiting them from telling others something they've learned... Learned without any prior promise not to tell others...

    If the Amendment protects the right of newspapers to publish state secrets [theatlantic.com], why wouldn't it also protect "social media" companies' right to publish our private little ones?

    • by sexconker ( 1179573 ) on Tuesday April 10, 2018 @06:55PM (#56415361)

      Try again. This is informing users and requiring them to give that data up willingly int he first place. Currently, Facebook et al rape it out of you surreptitiously.

      • by mi ( 197448 )

        Try again.

        Why, thank you kindly for the encouragement...

        This is informing users and requiring them to give that data up willingly int he first place.

        What does "this" refer to in the quoted sentence? The proposed law? The bill is informing users — and requiring them to do something?

        Currently, Facebook et al rape it out of you surreptitiously.

        The "surreptitious rape" metaphor does not add any clarity to the already convoluted text. Try again, perhaps...

    • Re:First Amendment? (Score:4, Informative)

      by fibonacci8 ( 260615 ) on Tuesday April 10, 2018 @07:19PM (#56415457)
      Signing a digital contract saying that a business may study my information but may not share additional copies with other people doesn't have anything to do with the first amendment issue at all. Nor does the bill outlining civil recourse for businesses failing to provide adequate security to uphold their side of such contract.
      What the bill actually seems to describe: Businesses that obtain information based on a digital contract have a responsibility to maintain adequate security to justify their claims of who they will and will not share that information to. Third parties obtaining information in bad faith are also the responsibility of the business. The Federal Trade Commission is defining some of the terms that apply to such digital contracts and making legal distinctions between some of them. There's more to it than that, but it's Democrat sponsored and it's unlikely to be passed. So I don't recommend anyone actually read it.
    • Great question, but this is actually quite similar to existing restrictions on free speech. For instance, according to federal wiretapping laws it’s already illegal in all states to record a private conversation without consent (the question of whose consent is necessary varies from state to state). In a sense, this law is proposing to extend that restriction to various forms of asynchronous communication, rather than just synchronous, real-time communication, ensuring that what you say in “priv

  • by ebonum ( 830686 ) on Tuesday April 10, 2018 @05:55PM (#56415111)

    Once something digital is out of your control it is gone. Everything from electronic medical records to the new AC/DC cd. Gone. Trying to regulate it into a box is futile. Collecting, copying, storing, sending costs almost nothing. No barrier. Everything will eventually be leaked or hacked.
    The answer is to keep the electronic records/data from being created in the first place (offline storage= very very good). That means someone like me will never use or touch Facebook and will block every IP address connected to Facebook. Even if that means I can't watch a few videos.

    • My favorite part today was the "we asked CA to delete data and they said they did at which point we considered the matter closed". As if the data couldn't be copied and sent around the world within the space of just his response. The very notion that you ever could get all copies of the data back is fanciful beyond belief.
  • by burtosis ( 1124179 ) on Tuesday April 10, 2018 @06:03PM (#56415139)
    Senator: Do you even understand how serious the data privacy breach is here? It's almost as if your entire business model is simply selling private data to anyone for any reason regardless of user settings. If Facebook doesn't get it together we will regulate each and every one of your competitors into bankruptcy! Are you even listening to us Mr. Zuckerberg?
  • Would every website with user profiles be required to pay for a privacy monitor to be stationed at their offices and datacenters, same way commercial fishermen have to pay for compliance officers to monitor their catches?
  • Democratic Senators Propose 'Privacy Bill of Rights' To Prevent Websites From Sharing Or Selling Sensitive Info Without Opt-In Consent

    This will end up being some variant of: "You want to see hot naked girls? We'll even share your stats with them, you gorgeous hunk! Just click OK!"

  • Local Governments, State Governments, Federal Governments all gather information in the USA. These Governments ALL Sell this information to Business. Will this Bill stop the Governments from sharing PII and HIPPA information without an Opt-In decision from the persons/citizens? If not, this Bill is a publicity stunt!
  • The double opt in... how well did that work?
  • by dweller_below ( 136040 ) on Wednesday April 11, 2018 @04:01AM (#56416787)

    Attempts to legislatively say: "Thou Shalt NOT" will probably be ineffective when the underlying economy strongly favors collecting, storing, and using private information.

    The most effective legal protections against invasive data collection are to change the economy of personal information. This sounds harsh and invasive, but it may be the only workable protection from widespread privacy threats and manipulation.

    • 1st, we need to increase the expense of collecting and storing personal data.
    • 2nd, we need to decrease the value of using personal data.

    For example, we can increase the expense of collecting, storing and exchanging personal data by:

    • * Require accurate tracking information on the collection, storage and exchange of personal data. This should include identifying information for every entity that handled the data. This should be coupled with large mandatory fines for any data that is missing past transaction history. Currently, data brokers have low overhead and bear no responsibility for their behavior. They are selling goods worth billions. Their activity should be tracked as completely as credit card transactions. Requiring accurate documentation of the personal data marketplace will increase the expense of reselling personal data.
    • * Impose aggressive taxes on collected, stored and exchanged personal information. It obviously has value. It is a major asset of Google and Facebook. It should be taxed like real estate or an economic transaction. The higher the taxes, the less incentive to collect, store and exchange personal information.
    • * Forbid exporting personal information from the country of origin. If an entity wishes to collect, store, or exchange personal information, they must do it in the country of origin.
    • * Add more teeth to "data breach" legislation. Remove any "due diligence" protection. Impose mandatory fines for data breach. Fines should be based on the number and severity of personal "facts". The higher the fines, the less incentive to collect and store personal information.
    • * Impose full breach liability on every upstream entity in the data collection stream. Currently, data collectors and brokers get rich by selling to a wide market and experiencing no liability. Imposing liability for the behavior of down-stream purchasers of personal data will greatly increase the expense of collecting, storing and exchanging personal data.

    Then we must work to harden our society against the manipulative effects of collected personal data. This is a continual challenge. Things we might consider include:

    • * Require search engines and social media to unmistakably indicate if we are viewing "Relevant, tailored for us illusion" or "Consensus Reality".
    • * Consistently penalize search engines and social media when they inaccurately represent "Consensus Reality"
    • * Require search engines and social media to provide a simple, always on-screen method to easily switch between "Relevant, tailored for us illusion" or "Consensus Reality".
    • * Impose meaningful, effective restrictions on our government's ability to attempt to manipulate "Consensus Reality"
    • * Require our government to protect it's citizens from other government's or corporation's attempts to manipulate "Consensus Reality"
    • * Impose mandatory penalties on the enabling parties for every occurrence of identity theft. This means penalize the banks, the credit reporting agencies, and even the IRS. If identity theft occurred, then their process must have immediate, corrective feedback.
    • * Require multi-factor authentication when authenticating to critical resources.
    • * Educate our society that biometrics might be identifiers, but should never be an authentifier.

    Ultimately, dealing with the problem of privacy abuse and invasive data collection will take much more than a legislative "Thou Shalt Not".

  • Too little and too late. If it ever becomes law, it will change nothing.
  • Edge providers would not be allowed to impose "take-it-or-leave-it" offers that require customers to consent in order to use the service.

    My first thought was "Here comes the TOS people have to sign to use the service. And this will be buried in the middle of millions of pages somehow."

  • It takes legislators years to tumble to the fact that something is out of control.
  • I think this is a great idea, as long as no government institution is exempted.
  • How about having something similar for the information that the government gathers -- without the person's consent -- for one purpose that is used for another?

    And don't say it never happens. Here's some reminders of one especially awful one. Census Bureau. Japanese. FDR. Internment camps.

    And simple failure to safeguard information. Sensitive personal information about me is now in China, thanks to the federal government's failure. And of millions of others, of course.

You know you've landed gear-up when it takes full power to taxi.

Working...