Your research can help the FTC protect consumers
By: Lorrie Cranor | Jan 17, 2017 10:35AM
Over the past year, I have spoken to a large number of researchers at conferences (see for example my keynote presentation at SOUPS 2016) and in my visits to universities, and I have talked with them about the FTC’s mission to improve the welfare of US consumers. Many researchers have asked me how they can help.
Continue Reading Your research can help the FTC protect consumers
New Workshop on Technology and Consumer Protection
By: Joseph Calandrino | Dec 21, 2016 10:54AM
Earlier this year, I joined the FTC as the Research Director of our Office of Technology Research and Investigation. As a computer science PhD, the opportunity to conduct research relevant to consumer protection has been an immensely satisfying experience, so I wanted to share an opportunity for other computer scientists to do the same.
Continue Reading New Workshop on Technology and Consumer Protection
DMCA security research exemption for consumer devices
By: Aaron Alva | Oct 28, 2016 2:12PM
With the stroke of a pen, the Librarian of Congress has authorized security researchers who are acting in good faith to conduct controlled research on consumer devices so long as the research does not violate other laws such as the Computer Fraud and Abuse Act (CFAA). This temporary exemption to the Digital Millennium Copyright Act (DMCA) begins today. The new temporary exemption is a big win for security researchers and for consumers who will benefit from increased security testing of the products they use.
Continue Reading DMCA security research exemption for consumer devices
National Privacy Research Strategy outlines US privacy research agenda
By: Lorrie Cranor, FTC Chief Technologist | Jul 19, 2016 1:16PM
The White House recently released the first ever United States “National Privacy Research Strategy,” which identifies priorities for privacy research funded by the Federal government. While focused on government, the strategy is also intended to spur similar private sector efforts. I participated in the working group that developed the strategy and am excited to see it published.
Continue Reading National Privacy Research Strategy outlines US privacy research agenda
Four upcoming opportunities to submit your research to the FTC
By: Lorrie Cranor, FTC Chief Technologist | Apr 8, 2016 2:02PM
Researchers, the FTC is interested in hearing from you! Last week we announced our Fall Technology Series on emerging consumer technology issues, and this week we announced our second PrivacyCon event. Both the technology series and PrivacyCon offer opportunities for researchers to submit work that informs questions the FTC is exploring.
Continue Reading Four upcoming opportunities to submit your research to the FTC
Enhancing permissions through contextual integrity
By: Nithan Sannappa, Division of Privacy and Identity Protection | May 21, 2015 1:25PM
This is the third post in my series on privacy and security in mobile computing, which builds on the Commission’s 2013 mobile security workshop. In my last post, I concluded that – despite a history of usability concerns – permissions in mobile operating systems are clearly an improvement over the opacity of traditional operating systems.
Continue Reading Enhancing permissions through contextual integrity
Usability and transparency considerations of permission-based access controls
By: Nithan Sannappa, Division of Privacy and Identity Protection | May 14, 2015 9:16AM
This is the second post in our series on privacy and security in mobile computing, which builds on the Commission’s 2013 mobile security workshop.
Continue Reading Usability and transparency considerations of permission-based access controls
Secure APIs and the principle of least privilege
By: Nithan Sannappa, Division of Privacy and Identity Protection | May 7, 2015 1:12PM
Editor’s Note: As noted in a previous post, Tech@FTC is expanding to include posts by other technically minded staff at the Commission. This is the first in a series of blog posts by Nithan Sannappa, an attorney in the Division of Privacy and Identity Protection, that will explore several important issues regarding user privacy and security in mobile computing.
Continue Reading Secure APIs and the principle of least privilege
What’s the security shelf-life of IoT?
By: Ashkan Soltani, Chief Technologist | Feb 10, 2015 5:08PM
The FTC released a staff report in late January that took a comprehensive look at the emerging “Internet of Things” and security, including secure APIs, authentication, and product updates, was a key theme.
I’d like to briefly explain why I believe IoT security is so important and why the IoT ecosystem presents a unique set of factors that give rise for special attention to security.
By: Ashkan Soltani, Chief Technologist | Dec 2, 2014 1:00PM
I’d like to introduce myself as the new Chief Technologist of the FTC, following in the footsteps of my predecessors, Latanya Sweeney, Steve Bellovin, and Ed Felten. As the Commission enters its 100th year, technological expertise will be more important than ever, and I’m excited to lead this charge.
In this regard, my agenda will include the following:
RockYou, the FTC, and Little Bobby Tables
By: Ed Felten | Mar 27, 2012 11:10AM
Today the FTC announced that it has settled a complaint against RockYou, on charges that the company’s inadequate security led to a breach of consumer data, and that the company collected personal information from children it knew to be under 13 without parental consent.
