Items tagged "security"

Press Release

New Public Knowledge Paper Proposes Security Shield Label to Support Sustainable Cybersecurity

January 29, 2019 Cybersecurity , security , security shield , sustainability

Today, we’re happy to announce our newest white paper, “Security Shield: A Label to Support Sustainable Cybersecurity,” by Public Knowledge Cybersecurity Policy Director Megan Stifel and Policy Fellow Dylan Gilbert. The paper proposes the creation of a “Security Shield” label to inform purchasers that a product has followed recognized best cybersecurity practices and should be more secure than similar products without such a label.

Read More
Press Release

White House Releases VEP Charter, Increases Transparency of Cybersecurity Disclosures

November 16, 2017 Cybersecurity , Legislation , Privacy , security , white house

Today the White House released the Vulnerabilities Equities Policy and Process (VEP) Charter. The Charter establishes a Vulnerabilities Equities Review Board to oversee the government’s disclosure of vulnerabilities that are not publicly known in information technology products and systems. Public Knowledge commends the government for increasing the transparency of its approach to disclosing hardware and software vulnerabilities.

Read More
Press Release

Public Knowledge Commends Sen. Leahy for Consumer Privacy Protection Act of 2017

November 14, 2017 Consumer Privacy , Cybersecurity , Equifax , Privacy , security

Today, Senator Patrick Leahy (D-VT) introduced the Consumer Privacy Protection Act of 2017. The bill would place requirements on companies with sensitive consumer information, such as Equifax, to maintain safeguards to ensure the privacy and security of such data, and to notify consumers when that sensitive data is breached. Public Knowledge applauds Senator Leahy and the bill’s co-sponsors, including Senators Markey, Blumenthal, Wyden, Franken, Baldwin, and Harris for prioritizing consumer privacy in the wake of the Equifax security breach.

Read More
Post

As Congress Works Towards Federal Privacy Legislation, There Are Some Protections It Should Not Overlook

October 24, 2019 Data Portability , Data Protection , interoperability , Legislation , Privacy , Private Right of Action , security

Last year, Representative Suzan DelBene (D-WA) introduced a privacy bill, the Information Transparency & Personal Data Control Act (Data Control Act). Public Knowledge provided input to Rep. DelBene’s office on the development of its discussion draft. However, we were disappointed to see that, upon introduction, the substance of the bill had been watered down from […]

Read More
Post

App Store Control Is Less Important Than Human Rights, Actually 

October 11, 2019 Apple , Free Expression , Free Speech , Global , Human Rights , Privacy , security

I have written about app stores at length before but it is worth reiterating a few points given the recent news about Apple removing access to the Hkmap.live app (which helps people track police activity) and Google removing access to The Revolution of Our Times (a protest game).  First, Apple’s (and Google’s) explanations don’t pass […]

Read More
Post

Facebook Shows Why We Need Data Security and Breach Notification Requirements

March 25, 2019 Data Protection , Facebook , Legislation , Privacy , security

Last week, thanks to investigative reporting, we learned that Facebook discovered in January that it was storing millions of users’ passwords in plain text format, making them fully readable for thousands of its employees. Facebook has acknowledged that this was a serious security error and privacy breach on its side, as its systems, ideally, “are designed to mask passwords using techniques that make them unreadable”, and promised that it “will be notifying everyone whose passwords we have found were stored in this way.” There is no evidence that any of the thousand employees with access to these unencrypted passwords actually accessed them, but Facebook’s decision to remain mum reveals an important lesson for the overarching privacy and security policy debate. Importantly, data security incidents are a widespread problem that goes well beyond Facebook.

Read More
Post

We Don’t Have to Sacrifice User Safety and Convenience to Make App Stores Competitive

March 15, 2019 Competition , Platform Competition , Platform Regulation , Privacy , security

App stores, such as Google Play and Apple’s App Store, have been good for consumers and independent developers in a number of ways. When they work well, they provide consumers with a convenient way to find and buy software that is safe and functional. I remember when my non-technical friends would never install software on their PCs, assuming that it was all a scam or malware of some kind. Now these same people can confidently install, use, and uninstall apps without fearing that it will ruin their devices or steal their personal information. Again, this is when things are working right. There are always bad actors to be vigilant against, and different app store curators do their jobs more and less well.

Read More
Post

Our Thoughts on Facebook’s WhatsApp + Messenger + Instagram Integration

January 30, 2019 Competition , Data Protection , Platform Regulation , Privacy , security

Last week, the New York Times reported that Facebook has decided to integrate the back-end infrastructures of its three fully-owned messaging products: Facebook Messenger, WhatsApp, and Instagram. At Public Knowledge, aware of the different nature, features, and conditions of use of these three services, we are carefully following the possible privacy and security and competition implications of this market-changing move.

Read More
Post

The First Tangible Effects of the GDPR

May 10, 2018 Data Protection , European Union , GDPR , Priavcy , security

Over the past two weeks, you’ve probably received numerous privacy policy updates from online companies. For example, last week LinkedIn sent its users an e-mail informing them of changes to its Terms of Service and Privacy Policy, explaining, “[w]e now meet the high standard for data privacy introduced by the new European data protection law known as the General Data Protection Regulation (GDPR), which goes into effect later in May.”

Read More
Post

Is the GDPR Right for the United States?

April 9, 2018 Cybersecurity , Data Protection , GDPR , Privacy , security

Europe’s new privacy law, the General Data Protection Regulation (GDPR) will enter into force in May 2018. Understandably, given that data breaches and privacy violations have been in the headlines lately — and given that the GDPR will reshuffle privacy protection in Europe and beyond — many in the United States are looking to the GDPR for ideas of what to do – and what not to do. We think that it would be impractical and ineffective to copy and paste the GDPR to U.S. law — the institutions and legal systems are just too different.

Read More