Yesterday, the Senate Homeland Security and Governmental Affairs Committee’s Permanent Subcommittee on Investigations released its report on a probe into the 2017 Equifax hack stating that the company’s response was both “inadequate” and “hampered by [a] neglect of cybersecurity.” The report finds that the company’s shortcomings are both “long-standing” and “reflect a broader culture of complacency toward cybersecurity preparedness.”
Today, Senator Brian Schatz (D-HI) led a group of 15 senators in introducing the “Data Care Act of 2018,” which would require online service providers like Facebook and Google to responsibly protect individually identifying information about consumers. Public Knowledge welcomes the bill as a good starting point for a discussion about what responsibilities custodians of our personal information should have.
Today, Public Knowledge sent a letter to the House Financial Institutions and Consumer Credit Subcommittee of the House Financial Services Committee opposing the Data Acquisition and Technology Accountability and Security Act, which Subcommittee Chairman Blaine Luetkemeyer (R-MO) has indicated he plans to move imminently. In the letter, Public Knowledge urges Congress to pass strong consumer protection legislation and analyzes many concerns with this narrow bill.
Facebook and Cambridge Analytica. By now we know the basic facts: Aleksandr Kogan, purporting to be a researcher, developed an authorized Facebook application. As was Facebook’s practice at the time, when users connected the app to their Facebook accounts, the app scooped up not only the users’ personal information, but also their friends’ personal information. In this manner, Dr. Kogan was able to amass information about 50 million Facebook users – even though only 270,000 individuals used the app. Dr. Kogan then, exceeding his authorized use of the data, funneled that information to Cambridge Analytica, a firm that purported to engage in “psychographics” to influence voters on behalf of the Trump campaign.