Your research can help the FTC protect consumers
By: Lorrie Cranor | Jan 17, 2017 10:35AM
Over the past year, I have spoken to a large number of researchers at conferences (see for example my keynote presentation at SOUPS 2016) and in my visits to universities, and I have talked with them about the FTC’s mission to improve the welfare of US consumers. Many researchers have asked me how they can help.
Continue Reading Your research can help the FTC protect consumers
Cross-Device Tracking: Measurement and Disclosures
By: Aaron Alva | Jan 5, 2017 9:28AM
We are pleased to announce that OTech’s research on cross device tracking has been accepted for publication in the Proceedings on Privacy Enhancing Technologies, and is available online now. This paper stems from research OTech presented at the FTC Cross-Device Tracking workshop, and OTech continues to be interested in this emerging area.
Continue Reading Cross-Device Tracking: Measurement and Disclosures
New Workshop on Technology and Consumer Protection
By: Joseph Calandrino | Dec 21, 2016 10:54AM
Earlier this year, I joined the FTC as the Research Director of our Office of Technology Research and Investigation. As a computer science PhD, the opportunity to conduct research relevant to consumer protection has been an immensely satisfying experience, so I wanted to share an opportunity for other computer scientists to do the same.
Continue Reading New Workshop on Technology and Consumer Protection
Meet Organizations Supporting Privacy Research at the FTC
By: Lorrie Cranor | Dec 15, 2016 1:30PM
With the FTC’s 2017 PrivacyCon event on January 12 and various other privacy-related events in the area that week, Washington, DC will see an influx of Privacy Researchers in early January. Given this short-term wealth of privacy experts, we’re taking the opportunity to host a pre-PrivacyCon networking event on January 11, 2:30 to 4:30 pm.
Continue Reading Meet Organizations Supporting Privacy Research at the FTC
Reflections on the FTC’s Disclosure Evaluation Workshop
By: Lorrie Cranor | Nov 30, 2016 11:11AM
On September 15, 2016, the FTC convened a public workshop, Putting Disclosures to the Test, that examined ways of testing and evaluating the effectiveness of disclosures in communicating a wide range of information that consumers need to make informed decisions in the marketplace.
Continue Reading Reflections on the FTC’s Disclosure Evaluation Workshop
FTC disclosure evaluation research from the archives
By: Lorrie Cranor, FTC Chief Technologist | Sep 12, 2016 1:35PM
Continue Reading FTC disclosure evaluation research from the archives
A deep dive into mobile app location privacy following the InMobi settlement
By: Nithan Sannappa and Lorrie Cranor | Aug 9, 2016 12:55PM
In June, the Commission announced its first settlement with a mobile advertising network, InMobi. Among other things, the Commission’s complaint challenges the company’s location tracking practices. In this post, we explain the mechanism that the Commission alleges InMobi used to track users’ location without permission, and discuss technical steps that mobile operating systems have taken to try to address this practice.
Continue Reading A deep dive into mobile app location privacy following the InMobi settlement
By: Lorrie Cranor, FTC Chief Technologist | Aug 1, 2016 5:18PM
In order to protect consumers in our tech economy, we could use the help of some smart and creative technologists. That’s why I’m headed to Las Vegas this week with members of the Office of Technology Research and Investigation and other FTC folks to attend BSidesLV and DEF CON. We want to learn from security and privacy researchers and let them know about our research interests.
National Privacy Research Strategy outlines US privacy research agenda
By: Lorrie Cranor, FTC Chief Technologist | Jul 19, 2016 1:16PM
The White House recently released the first ever United States “National Privacy Research Strategy,” which identifies priorities for privacy research funded by the Federal government. While focused on government, the strategy is also intended to spur similar private sector efforts. I participated in the working group that developed the strategy and am excited to see it published.
Continue Reading National Privacy Research Strategy outlines US privacy research agenda
Your mobile phone account could be hijacked by an identity thief
By: Lorrie Cranor, FTC Chief Technologist | Jun 7, 2016 11:38AM
A few weeks ago an unknown person walked into a mobile phone store, claimed to be me, asked to upgrade my mobile phones, and walked out with two brand new iPhones assigned to my telephone numbers. My phones immediately stopped receiving calls, and I was left with a large bill and the anxiety and fear of financial injury that spring from identity theft.
Continue Reading Your mobile phone account could be hijacked by an identity thief
Tell us About Your Experiences “Putting Disclosures to the Test”
By: Lorrie Cranor | Jun 1, 2016 5:04PM
As we recently announced, the Federal Trade Commission will host a public workshop on September 15, 2016 to examine the testing and evaluation of disclosures that companies make to consumers about advertising claims, privacy practices, and other information. Our goal is to encourage and improve the evaluation and testing of disclosures by industry, academics, and the FTC.
Continue Reading Tell us About Your Experiences “Putting Disclosures to the Test”
Open Police Data Re-identification Risks
By: Lorrie Cranor, FTC Chief Technologist | Apr 27, 2016 3:31PM
Last week I spoke at a White House event “Opportunities & Challenges: Open Police Data and Ensuring the Safety and Security of Victims of Intimate Partner Violence and Sexual Assault.” This event brought together representatives from government agencies, police departments, and advocacy groups to discuss the potential safety and privacy impact of open police data initiatives.
Four upcoming opportunities to submit your research to the FTC
By: Lorrie Cranor, FTC Chief Technologist | Apr 8, 2016 2:02PM
Researchers, the FTC is interested in hearing from you! Last week we announced our Fall Technology Series on emerging consumer technology issues, and this week we announced our second PrivacyCon event. Both the technology series and PrivacyCon offer opportunities for researchers to submit work that informs questions the FTC is exploring.
Continue Reading Four upcoming opportunities to submit your research to the FTC
Privacy Day, internships, and a shout out to computer scientists
By: Lorrie Cranor, Chief Technologist | Feb 1, 2016 4:01PM
This year I celebrated Data Privacy Day on January 28 by attending the Privacy Day events at Carnegie Mellon University (CMU). It was a great opportunity for people to talk about privacy issues, hear about privacy research, and learn about some steps they can take to protect their privacy.
Continue Reading Privacy Day, internships, and a shout out to computer scientists
Some key takeaways from PrivacyCon
By: Lorrie Cranor, Chief Technologist | Jan 22, 2016 11:19AM
We had a great turnout both in person and online for the FTC PrivacyCon event last week. About 400 people attended in person and over 1,500 people streamed the video online. I enjoyed the opportunity to talk in person with a large number of participants.
The virtues of strong enduser device controls
By: Ashkan Soltani, Chief Technologist | Aug 26, 2015 4:22PM
Continue Reading The virtues of strong enduser device controls
Enhancing permissions through contextual integrity
By: Nithan Sannappa, Division of Privacy and Identity Protection | May 21, 2015 1:25PM
This is the third post in my series on privacy and security in mobile computing, which builds on the Commission’s 2013 mobile security workshop. In my last post, I concluded that – despite a history of usability concerns – permissions in mobile operating systems are clearly an improvement over the opacity of traditional operating systems.
Continue Reading Enhancing permissions through contextual integrity
Secure APIs and the principle of least privilege
By: Nithan Sannappa, Division of Privacy and Identity Protection | May 7, 2015 1:12PM
Editor’s Note: As noted in a previous post, Tech@FTC is expanding to include posts by other technically minded staff at the Commission. This is the first in a series of blog posts by Nithan Sannappa, an attorney in the Division of Privacy and Identity Protection, that will explore several important issues regarding user privacy and security in mobile computing.
Continue Reading Secure APIs and the principle of least privilege
What’s the security shelf-life of IoT?
By: Ashkan Soltani, Chief Technologist | Feb 10, 2015 5:08PM
The FTC released a staff report in late January that took a comprehensive look at the emerging “Internet of Things” and security, including secure APIs, authentication, and product updates, was a key theme.
I’d like to briefly explain why I believe IoT security is so important and why the IoT ecosystem presents a unique set of factors that give rise for special attention to security.
RockYou, the FTC, and Little Bobby Tables
By: Ed Felten | Mar 27, 2012 11:10AM
Today the FTC announced that it has settled a complaint against RockYou, on charges that the company’s inadequate security led to a breach of consumer data, and that the company collected personal information from children it knew to be under 13 without parental consent.
