TIME privacy

Activists Flood Congress With Faxes to Protest Cybersecurity Bill

"We figured we’d use some 80s technology to try to get our point across"

Internet activists opposed to a controversial cybersecurity bill are trying to get Congress’ attention the old-fashioned way: by flooding its fax machines.

The nonprofit group Fight For the Future has set up eight phone lines to convert emails and tweets protesting the Cybersecurity Information Sharing Act (CISA) into faxes that will be sent to all 100 U.S. senators. Supporters can fax their own messages via FaxBigBrother.com or with the hashtag #faxbigbrother.

The legislation, first introduced last year by Senator Dianne Feinstein (D-Calif.), would give tech companies more freedom to collect user data and share it with federal agencies in the name of cybersecurity; the data they share would then be exempt from Freedom of Information Act requests.

“Groups like Fight for the Future have sent millions of emails [about the issue], and they still don’t seem to get it,” campaign manager Evan Greer told the Guardian on Monday. “Maybe they don’t get it because they’re stuck in 1984, and we figured we’d use some 80s technology to try to get our point across.”

 

 

 

MONEY privacy

Ashley Madison and the Rise of Data Kidnapping

Ashley Madison's Korean web site
Lee Jin-man—AP South Korea banned Ashley Madison in 2014. Now hackers are pressuring the site to shut down completely by threatening to expose the names of all its members.

It's more profitable to extort someone than it is to use their stolen credit card information to get money.

Some secrets are more valuable than others. And some secrets are more valuable to others. In perhaps the most predictable extortion hack ever, cheating website Ashley Madison has confirmed to Brian Krebs that some of its data has been stolen. It now appears that tens of millions of people are at risk of being exposed. As you’ve already deduced, Ashley Madison users are not really all that worried about having the credit card numbers stolen and used for fraud.

According to Krebs, the hackers — who go by the name The Impact Team — say they will slowly dribble out data from the site until its owners take the cheating site, and companion site “Established Men,” offline.

“Avid Life Media has been instructed to take Ashley Madison and Established Men offline permanently in all forms, or we will release all customer records, including profiles with all the customers’ secret sexual fantasies and matching credit card transactions, real names and addresses, and employee documents and emails,” Krebs quotes the hackers from a post they left behind.

This is Hacking 2.0. It’s not about the data, it’s about the context. Using stolen data, like credit cards, to get money is hard work. Extorting someone who has more to lose than money is a lot more profitable.

When Sony was hit by a combination hack/extortion plot in December, I described this new era of hacking. Sony corporate emails were stolen by hackers, who then embarrassed the heck out of the firm.

Criminals don’t have to steal financial information to make money hacking. They just have to steal any data that’s valuable to anyone.

Making matters worse for corporate security teams is this reality: In recent years, they’ve all invested heavily in protecting financial data, spending money fortifying the most valuable data. Credit cards, yes. Email servers, maybe not. Slowly, this will change. But right now, every executive at every firm in the country should be hard at work doing an honest assessment about what their valuable data really is. Then, they need to invest wisely in protecting data that might seem inconsequential if stolen in one context, but a disaster of stolen in another. Because every company will have to plan for ransom and extortion requests now.

It’s hard to understand why Ashley Madison’s owners didn’t see this coming … particularly when AdultFriendFinder.com was hacked two months ago. But that is how these things go.

The next question in this incident is: How will Avid Life Media get out of this mess? One possibility is paying a ransom. A few months ago, I started researching ransom and what I’ll call “data kidnapping” after I’d gotten a whiff this was going on. The raging success of malware called cryptolocker, which forced victims to pay a few hundred dollars’ ransom to unscramble their data, certainly proved extortion demands can work. Cryptolocker made $27 million just in its first two months, from both home users and small organizations.

What Happens Now?

When I talked to Lisa Sotto, a cyberlaw expert at Hunton & Williams, about this recently, she said she believes things are only going to get worse.

“That’s exactly how I see it going. Companies and individuals paying, because they potentially have no choice,” Sotto said to me. In fact, ransoms are already common, she said. “I do not believe there is a heck of a lot of negotiation involved … . They are not asking for exorbitant amounts, so for the most part, what I hear is people are paying.”

In February, a blog post by Christopher Arehart made me even more convinced that ransom and extortion are hacking 2.0. Arehard is is the global product manager for crime, kidnap/ransom and extortion, and workplace violence expense insurance for the Chubb Group of Insurance Companies. In his post, he warned companies that cyber-insurance policies often don’t cover extortion situations.

“Cyber liability insurance policies may help companies deal with first-party cleanup costs, the cost of privacy notifications and lawsuit expenses, but these policies may only provide limited assistance with extortion threats. Extortion threats should be investigated and handled by professionals and small businesses need to know where to turn for assistance,” he wrote.

He then wrote that many businesses should consider adding the same kind of insurance that multinational companies purchase when they must send employees into dangerous parts of the world.

“A kidnap and ransom policy — technically a kidnap, ransom and extortion (KRE) policy — responds when an extortion threat has been made against a company, before there has been any data breach,” he wrote.

I tried to ask Arehart and Chubb about incidents involving extortion or “data kidnapping,” but the firm just pointed me back to his blog.

“Although some criminals eventually back down and do not follow through with their extortion threats, some threats do get carried out and these incidents can often be expensive. The tools available to criminals are vast and they have the power of the Internet behind them. Businesses, especially small businesses, need access to security consultants to help them manage these threats. A KRE policy would provide small businesses with access to those professionals.”

In other words, kidnapping and ransom policies aren’t just for dealing with employees who might run into the Mexican drug cartel any more.

They are for anyone who has data that might be valuable to someone, in some future context. Secrets are almost always valuable to someone.

More from Credit.com:

MONEY privacy

Your Facebook Photos Are Fair Game for Prosecutors

facebook-privacy-new-york-court
Bloomberg—Bloomberg via Getty Images

A state appeals court ruling this week has big privacy implications.

A New York state court ruled Tuesday that Facebook must comply with search warrants allowing government prosecutors to sift through users’ photos, messages and personal account information as part of an investigation of Social Security fraud.

The appeals court ruling said that the social network cannot challenge search warrants for 381 users’ Facebook data, although individual defendants can move to suppress the evidence. New York law enforcement agents have used Facebook photos showing public employees riding jet skis, playing golf and performing martial arts to prove that the defendants were lying about physical disabilities, Reuters reports.

“In many cases, evidence on their Facebook accounts directly contradicted the lies the defendants told to the Social Security Administration,” a spokeswoman for the district attorney’s office told Reuters.

So far, 108 people have pleaded guilty to felony charges, and they must pay back about $25 million, according to Bloomberg.

A Facebook spokesman told Reuters that the company—which has argued that the search warrants give prosecutors too much access to private information—is considering an appeal.

MONEY privacy

This Is the Group That Most Wants to Be Forgotten by Google

right-to-be-forgotten-google
Michael Gottschalk—Photothek/Getty Images

95% of "Right to Be Forgotten" requests are from ordinary citizens.

Nearly all of Google’s “right to be forgotten” requests have come from normal citizens trying to protect their privacy, according to a new report from the Guardian.

Last year, the European Union’s highest court affirmed the right of EU residents (and residents of some nearby countries) to ask the search company to remove certain pages from its search results “on the ground that that information may be prejudicial to him or that he wishes it to be ‘forgotten’ after a certain time.”

According to Google’s support page, the company adjudicates requests by balancing “the privacy rights of the individual with the public’s interest to know and the right to distribute information.”

Google has never publicly released data on the how it deals with these requests, which only apply to its European search results. But the Guardian discovered records of the requests in the source code in archived versions of Google’s transparency report.

The London-based paper found over 95% of more than 220,000 requests did not come from public figures, criminals, or politicians, but from regular people seeking to protect their privacy. The Guardian’s data shows roughly half of all requests have been approved, including less than 1% of those that apply to non-typical citizens.

Google acknowledged the paper’s information was authentic, but cautioned that the accounts was merely part of a “test” that was discontinued “because the data was not reliable enough for publication.”

Read more at The Guardian.

MONEY privacy

When Debt Collectors Can See Your Medical Records

You may be giving them permission without realizing it.

If you’ve received medical care anytime in the last few years, you’ve no doubt been given medical privacy forms to sign. These forms, required under the Health Insurance Portability and Accountability Act, commonly referred to as HIPAA, are designed to help protect the privacy of sensitive medical information. But what happens when you owe a medical debt and that information is shared with debt collectors? Is that illegal?

Recently two readers shared their questions with us. After what he described as a “heart procedure,” Patrick said he was in financial ruin. In an effort to get his credit back on track, he’s been trying to verify collection accounts. He asked on the Credit.com blog:

I asked this collection agency to validate the debt, sent them my letter and they validated this bill with a detailed billing statement and exactly what procedures where done. IE blood work, ECG, Heart Cath, Is this protected hipaa information?

Another reader who goes by the screenname “Ronni,” had a similar question:

I live in the state of CA. I asked a collection agency to validate my debt. They shortly after sent me a letter stating that they were going to forward my request to the Hospital it was originally from. They did however provide me with a simple print out of the fee’s. A couple days after that I received (from the Collection Agency) a full print out in detail of treatment/procedures done. My question is was this a HIPAA Violation? I assumed the Hospital would have sent me that info, not the (collection) agency right? Please help!

If you have a medical debt that goes into collection, the collector will not routinely get detailed information about your medical bills or treatments, but if you ask the collector to validate the debt, it’s possible that information may be passed along. Leslie Bender, an attorney for a national collection agency, explains:

If you specifically ask either a healthcare provider or its collection agency to provide you with verification of the specifics of a medical debt you incurred, you are in essence giving them permission under HIPAA to get you that information and supply it to you. In some instances a collection agency’s client, the Hospital or Physician, may choose to send you that information directly.

If you don’t want the collector to see or share this information with you, you could request the information directly from the healthcare provider. “Under HIPAA you may request your Hospital or Physician directly to provide you with that information and per HIPAA’s Privacy Rule they too must respond to you,” says Bender. But based on the information our readers shared, her opinion is that “It does not appear that either the collection agency or the hospital violated HIPAA. “

Indeed, the Department of Health and Human Services states on its website that it is “not aware of any conflict between the Privacy Rule and the Fair Debt Collection Practices Act. Where a use or disclosure of protected health information is necessary for the covered entity to fulfill a legal duty, the Privacy Rule would permit such use or disclosure as required by law.”

Bender notes there may be state laws that relate to medical privacy and so consumers may also want to check with their state attorney general’s office or a consumer law attorney for more information.

Health care bills that go unpaid can seriously affect your credit scores. This collections crash course explains your rights and options when dealing with debt collection accounts of all types.

More From Credit.com:

MONEY privacy

This Privacy Breach Scares People More Than Revenge Porn

Broken door
Alamy

A new survey lays bare our greatest fears.

Want to know what’s worse than having naked pictures of yourself leaked online? Having your financial information stolen or compromised — or so said 55% of those polled in MasterCard’s Emotion of Safety & Security Research survey, released today.

Even more would rather have their homes robbed (59%) or email hacked (62%) than have financial data stolen or compromised. Interesting as those statistics are, most criminals don’t ask potential victims which crime they would prefer. And so we’re left to try to figure out how to keep safe.

Almost half (48%) feel personally responsible for keeping their data safe, and virtually everyone (92%) reports doing at least something to protect themselves (here are some ways to keep identity thieves at bay).

The survey was conducted by phone by Braun Research from May 8 – 12 among 1,000 adult consumers in the U.S. The survey has a margin of error of +/- 3.1% at the 95% confidence level.

People generally get that the problem of data privacy is serious — that a Social Security number can enable someone to open a new line of credit in your name or drain your bank account, or that an intercepted credit card number can allow someone far away to to use a the card that seems to be safely tucked in your wallet.

But there are so many kinds of identity theft that sometimes our response is simply to be overwhelmed — which results in inaction, says identity theft and personal security expert Robert Siciliano.

Which is how security can fall by the wayside. While there are things we can — and should — do to protect ourselves, we don’t necessarily do them. We know we should change passwords regularly, use strong passwords (upper and lowercase letters, numerals and special characters) and be careful about using public Wi-Fi, but who has time? Besides, it’s a numbers game, and consumers may assume that if they’ve gotten away without taking precautions before, their luck probably will hold out.

Siciliano said that if you haven’t changed your password in more than a year, “your passwords are more than likely in the hands of a criminal.” Just because it hasn’t been used yet doesn’t mean it won’t be.

Siciliano says trying to protect yourself online isn’t unlike taking care of car safety. It’s easy to think it’s as simple as buckling up, forgetting that we also need to have brakes serviced periodically, change oil and do other maintenance to keep our cars running safely. And yet when the brake light comes on, most of us take time to address the problem. But tell us we need to install a computer update, and we are often too busy. We will do it later.

Among the things people could do but often dismiss as too time-consuming or inconvenient are using a virtual private network (VPN) when using public W-Fi, Siciliano said. Many VPNs are free, but they will take about 10 minutes to install (and that, he says, is precisely why many of us do not have them). A VPN masks and encrypts your data. It doesn’t take any longer to get on your network than it would to update your status on Facebook, he said.

Other simple things: Update your computer, smartphone and/or tablet’s operating system regularly. Updates address vulnerabilities. Also, schedule scans to be sure your computer is free of known viruses and spyware. If you use credit cards, favor those with chips, Siciliano advises. Most cards are updating to chip and PIN technology, but some still have magnetic stripes. Siciliano said many larger issuers are sending chip cards when old ones expire, but some also offer new cards on request. Carolyn Balfany, senior vice president of product delivery – EMV, MasterCard, said the chip credit and debit cards will better protect against fraud. “Chip cards have embedded computer chips on the front of the cards which create unique codes for every purchase. The unique codes make the cards nearly impossible to copy. U.S. financial institutions have already started issuing payment cards with chip technology to their customers,” she said. Further, consumers are never held responsible for fraud regardless of which kind of card they use.

Checking your financial accounts, as well as your credit reports and credit scores, regularly can also tip you off to a problem that you need to correct before it becomes an even bigger problem. You can sign up for account alerts to notify you whenever a transaction is made, or you can just log in every day to look at your statements. You can get your free annual credit reports from AnnualCreditReport.com.

More From Credit.com:

MONEY privacy

Time Warner Cable Must Pay $229,500 to Woman It Robocalled 153 Times

102662417
Jonathan Croft—Getty Images

That's $1500 per call.

Many people dislike receiving robocalls. Araceli King disliked receiving 153 of them from a single company.

Time Warner Cable Inc must pay the insurance claims specialist $229,500 for placing 153 automated calls meant for someone else to her cellphone in less than a year, even after she told it to stop, a Manhattan federal judge ruled on Tuesday.

King, of Irving, Texas, accused Time Warner Cable of harassing her by leaving messages for Luiz Perez, who once held her cellphone number, even after she made clear who she was in a seven-minute discussion with a company representative.

The calls were made through an “interactive voice response” system meant for customers who were late paying bills.

Time Warner Cable countered that it was not liable to King under the federal Telephone Consumer Protection Act, a law meant to curb robocall and telemarketing abuses, because it believed it was calling Perez, who had consented to the calls.

But in awarding triple damages of $1,500 per call for willfully violating that law, U.S. District Judge Alvin Hellerstein said “a responsible business” would have tried harder to find Perez and address the problem.

He also said 74 of the calls had been placed after King sued in March 2014, and that it was “incredible” to believe Time Warner Cable when it said it still did not know she objected.

“Defendant harassed plaintiff with robo-calls until she had to resort to a lawsuit to make the calls stop, and even then TWC could not be bothered to update the information in its IVR system,” Hellerstein wrote.

The last 74 calls, he added, were “particularly egregious violations of the TCPA and indicate that TWC simply did not take this lawsuit seriously.”

A trial had been scheduled for July 27. Time Warner Cable spokeswoman Susan Leepson said the New York-based company is reviewing the decision.

“Companies are using computers to dial phone numbers,” King’s lawyer Sergei Lemberg said in a phone interview. “They benefit from efficiency, but there is a cost when they make people’s lives miserable. This was one such case.”

Charter Communications Inc agreed in May to buy Time Warner Cable for $56 billion. The merger has yet to close.

The case is King v Time Warner Cable, U.S. District Court, Southern District of New York, No. 14-02018.

MONEY privacy

5 Secrets Identity Thieves Know About You

128081125
Getty Images

Here's how to get your peace of mind back.

Identity thieves don’t want you to read this article.

They’ve made an entire industry out of living off of other peoples’ good names. And when you know their typical tricks, stealing your identity is much harder.

Unfortunately, not enough people know what puts their identities at risk for theft. And that has helped keep identity theft the No. 1 consumer complaint to the Federal Trade Commission for 15 years running. Do you like the idea of thieves using your name to make money and cause you financial headaches? Of course not. So take a minute to make sure you’re aware of five foolish behaviors that identity thieves love and how to fix them.

1. You Hand-Deliver Valuable Personal Information

To identity thieves, your trash can and recycling bin are seen as an “inbox.” They appreciate when you toss out anything with personally identifying information — especially credit card offers, bank statements, insurance-related materials, and medical statements or records.

The fix:

  • Buy a quality crosscut shredder and give identity thieves an impossible puzzle to solve.
  • Shred everything with your name and any other important information on it before throwing it out (thieves will move on to easier targets).

2. You Leave Virtual Doors Open

There are entire organizations dedicated to computer hacking and scams. So if you’re using a simple password or not employing the right security measures on your computers, smartphones and tablet devices, your information is at a much greater risk. It’s like leaving a door open with money sitting on a table just inside.

The fix:

  • Be sure to use security software that includes a firewall, antivirus and spyware programs, and regularly update them.
  • Set your devices to automatically install security updates from manufacturers.
  • Use strong passwords that contain a mix of eight or more numbers, symbols and upper and lowercase letters. Don’t use anything obvious, such as your child’s or pet’s name. Also be sure to change passwords often, and use unique passwords for important sites.

3. You Provide Ready Access to IDs & Documents

Your house and office have a treasure trove of documents with identifying information and important IDs, including passports, Social Security cards, birth certificates and much more. If they’re not locked up, anyone with access to your house could take a quick smartphone picture or even grab them.

The fix:

  • Put important IDs and files into secure drawers, closets or safes.
  • Keep them locked away when you’re not using them.

4. You’ve Never Visited AnnualCreditReport.com

Your credit reports include any credit- or loan-related accounts that are opened in your name. Even if you don’t need to apply for credit or a home or car loan, it’s important to ensure that your credit is clean and your credit score is as high as possible for when you do need it.

The fix:

5. You Don’t Guard Your Social Security Number

A Social Security number is like a master kay. Once identity thieves have it, along with a few other personal details, they can establish credit or potentially gain access to your existing accounts. That’s why you want to limit how and where you share your Social Security number.

The fix:

  • Don’t carry your Social Security card or number in your wallet or purse.
  • Never give your SSN to someone you don’t trust.
  • Provide your SSN only when it’s required.
  • Avoid using your SSN as an identifier (if a company or medical provider wants to do this, ask them not to).

By taking these steps, you can rest more easily knowing you’re not an easy target for identity theft.

Read next: I Ate Thanksgiving Dinner With My Identity Thief for 19 Years

More From Credit.com:

MONEY privacy

The New Technology Advertisers Use to Track Everything You Do

155098353
vm—Getty Images

The FTC is currently accepting public comments on the tracking programs.

Several years ago, you may have reached the Internet through only a desktop or laptop computer, where advertisers could gather information on your activities and interests through cookies that tracked the places you visited online.

Today, you may be using a laptop, a tablet, a mobile phone and a desktop to roam the Web. Add a wireless fitness gadget or other connected device and it gets very challenging for companies to seamlessly track where you’ve been and to judge the effectiveness of their online advertisements.

To better keep tabs on your online movements in the multiple-device age, advertisers are turning to cross-device tracking programs, which help them determine if, say, you opened your laptop to buy the product that was advertised on your smartphone. While the technology may hold benefits for marketers and consumers, it’s also raising privacy concerns.

Cybersecurity and privacy attorney Michael Morgan, of counsel at Jones Day, says mobile advertising agencies are looking to cross-device tracking to better show clients the value of mobile advertising “and to be able to point to desktop purchases or purchases on iPads that may have been the result of advertisements that were first presented to consumers on a smartphone or other device.”

“As more of our lives migrate to the online world, companies are able to have a more clear picture and better understanding of their customers and potential customers,” says Morgan.

That could benefit consumers in certain ways. Say you start shopping at your favorite e-tailer on your home computer, then abandon your cart and later try to finish your purchase on your phone. The website may be able to tailor your experience so you don’t have to re-add items to your shopping cart or re-enter credit card information.

But to get that level of convenience, you will have to give up some privacy. “The privacy advocates have raised some concerns about the level of information, or the amount of information [that] currently can be known about a consumer from all of their various online activities,” says Morgan.

Sign of a post-cookie world
The Federal Trade Commission will hold a workshop Nov. 16 to explore privacy issues, security risks and potential benefits arising from cross-device tracking of consumers for advertising and marketing purposes. “With the advent of new tracking methods … it’s important to ensure that consumers’ privacy remains protected as businesses seek to target them across multiple devices,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection, in a news release in March.

The agency noted the decreasing effectiveness of cookies in tracking consumers’ online activities. “A cookie may paint an incomplete picture of the consumer who switches between different Web browsers at home and at work. Further, a cookie stored on a consumer’s browser cannot provide insight into the consumer’s activities or preferences within the ‘sandboxed’ apps on the consumer’s phone,” the FTC said.

Attorney and data privacy expert Michael Whitener, a partner in the VLP Law Group in Washington, D.C., sees significance in the FTC’s decision to hold the workshop. “It reflects the fact that we’re entering a post-cookie world, and so the FTC is trying to get a handle on the privacy implications of the new cross-device tracking technologies,” he says.

The self-regulatory industry group Network Advertising Initiative, meanwhile, has said it will issue guidance on cross-device, interest-based advertising and has asked its members to provide comments on the relevant standards, according to Whitener. The NAI recently issued member guidance on use of non-cookie technologies but explicitly said it doesn’t cover cross-device identification or data collection yet, says Whitener.

Logins and ‘digital fingerprints’
The industry uses different approaches to try to follow consumers. It can be as simple as requiring you to log in to a site or service from whatever device you’re using. But there are also complex analytics programs that assemble user characteristics to try to identify you from one device to another.

This “probabilistic” tracking method involves the collection of such information as device type, operating system, fonts and Internet Protocol address “to create a digital fingerprint to link a user to different devices,” the FTC says. This kind of tracking “is generally invisible to consumers and, unlike tracking through cookies, the consumer has no ability to control it. Accordingly, this practice raises a number of privacy concerns and questions.”

Digital Advertising Association Executive Director Lou Mastria considers cross-device privacy an emerging area for the industry, which has been focused most recently on mobile-environment privacy issues. The group will conduct a review of what cross-device means and what privacy protections can be provided, he told CreditCards.com.

The Better Business Bureau, the DAA’s partner in applying industry self-regulatory policies, issued a compliance warning in 2014 noting that the DAA’s privacy principles are enforceable “irrespective of the technology employed to collect and use consumer web surfing activity to serve interest-based ads.”

Attorney Whitener says he agrees with the position that privacy principles should apply regardless of the tracking technologies being used. He thinks the industry’s self-policing may ward off any new regulations. “The FTC may well take the position it took after its workshop on the Internet of Things, which is that specific legislation would be premature and could stifle innovation in this area.”

Opting out
While there are a number of up-and-coming tracking companies, BlueCava, Tapad, and Drawbridge are the big names, Whitener says. The firms gather various pieces of information about Internet users to try to connect them to specific devices. They also offer opt-out mechanisms.

Tapad, for instance, says on its website that its proprietary technology “assimilates billions of data points to find the human relationship between smartphones, desktops, laptops, tablets, connected TVs and game consoles.” The firm says its algorithms provide “the highest possible probability that devices are related.”

Among the data it may collect is an “obfuscated user identifier, such as email address, but only to evaluate the probability and nature of connections between devices, never to identify the individual.” The firm says it’s involved in developing industrywide standards for consumer privacy, including clear notice and opt-out choices complying with the Digital Advertising Alliance program for advertising linked to consumer online behavior.

“Notice plus opt-out opportunity is the gold standard in the current environment,” says Whitener.

Consumers should keep in mind, however, that the clients of these technology firms — the websites you interact with — will have their own privacy policies, which could allow for data collection beyond what the vendor’s policy provides, according to Whitener. Ideally, the website will spell out both how it and its service providers collect data, he says.

Writing on the International Association of Privacy Professionals blog early this year, Whitener suggested that digital marketers be fully transparent regarding their data collection and consumer tracking practices; that they provide clear opt-out abilities; and that they be cautious about making no-personal-information-collected claims.

“Privacy policies commonly assert that cookies used by a website operator collect no personal information or that data collected is ‘anonymous,'” Whitener wrote. “That assertion may not be true of some cross-device ID methods, which enable identification of specific individuals.”

Consumers speak out
The FTC is accepting public comments on cross-device tracking, and several citizens have written to oppose tracking and call for the ability to easily opt out.

“I am opposed to any tracking by any entity,” wrote Blanche Wallace of Florida. “If I desire a product or service, I am quite capable of locating a provider. There should be a quick, easy, and obvious way to opt out of tracking.”

Jonathan Bernstein of Illinois wrote: “The most obvious thing to do would be to require any company that tracks any consumer to notify the consumer exactly who is tracking, what is being tracked, and where that data can be shared, each time the consumer logs onto a site that is party to tracking, either with a pop-up window or an email, in real-time at the point of tracking.”

The question, Whitener says, is how companies achieve meaningful notice and choice. “If the consumer has to dig through a long and jargon-filled privacy policy to learn how personal information is collected, how it’s used, and how to opt out of that collection and use, it’s not very meaningful,” Whitener says. “I like the ‘surprise minimization’ principle that California has endorsed: If consumer data is being collected and used in unexpected ways, the ad industry has an obligation to take extra steps to alert the consumer.”

More From CreditCards.com:

TIME celebrities

Bill Cosby Fights to Maintain Confidentiality of ‘Embarrassing’ Court Records

Bill Cosby during an interview in Washington on Nov. 6, 2014.
Evan Vucci—AP Bill Cosby during an interview in Washington on Nov. 6, 2014.

An obscure rule allows the unsealing of court records after two years

On Wednesday, Bill Cosby told a Pennsylvania judge he’s not a public figure, there’s “no legitimate public interest” in an old sex abuse lawsuit, and confidentiality should be maintained on materials described as posing a “real, specific threat of serious embarrassment.”

This all dates back to a dispute that ended nine years ago. There, the embattled comedian settled a lawsuit brought by Andrea Constand, who was the first woman to publicly come forward with allegations that he drugged and sexually assaulted her. The settlement happened in the midst of discovery as Cosby confronted charges that there were other women who were victims.

After the settlement happened, the Associated Press filed motions to intervene to challenge the sealing of certain motions brought in the case. At the time, the judge agreed with Cosby’s arguments about why various discovery motions — including ones that talked about Cosby’s deposition — shouldn’t be open to the media.

Last December, amid a media frenzy as more women came forward to accuse Cosby of sexual abuse, the AP sent a letter to the court demanding a review of the sealing order under a local rule of civil procedure that presumes an unsealing of records after two years unless the judge dictates otherwise.

That’s led to a new showdown over materials that according to Cosby’s brief on Wednesday, not only includes more about the sexual misconduct allegations, but also issues relating to Cosby’s health, use of prescription drugs, financial affairs and personal relationships.

Cosby’s attorney George Gowen argues there is no public right to access discovery motions and would violate his client’s privacy.

“Moreover, unlike a deposition in a typical case, there is a voracious media appetite for Defendant’s deposition, and public release of it would quickly become widespread public knowledge of it,” states the brief. “There is no doubt that public disclosure of the motions and Defendant’s sworn deposition testimony, which delves into the most intimate subjects imaginable, would generate a firestorm of publicity.”

Although the rules might be set up towards the presumption of public access to judicial records, the brief further argues that he “is not a public official, nor is the relevant information important to public health or safety… Defendant’s status as a well-known comedian and entertainer does not render him a ‘public’ person within the meaning of the law.”

Cosby’s attorney later argues that lifting the seal would undermine the settlement with Constand, interfere with a defamation lawsuit brought against Cosby in Massachusetts, and takes a shot at reporters by saying “the media has had no apparent difficulty flooding the airwaves and press with reports on this story, even without access to the discovery materials. Nor is there any credible argument that public knowledge of the details of those motions will serve some public purpose.”

The AP argues otherwise in its own brief.

“The defendant is the only party who objects to unsealing the record,” writes the wire service. “However, now that the circumstances that he relied upon to gain preliminary sealing in this matter are nothing more than historic references, bypassed by recent public events, the files at issue should be unsealed.”

The judge is asked to consider the fact that Constand is not objecting, the “Jane Doe” accusers in the original suit have publicly come forward, there’s no longer a jury pool to be tainted, and “the Court has already ruled, in accordance with firmly established precedent, that defendant’s fear of embarrassment and humiliation is insufficient to support a finding a good cause.”

The AP adds that Cosby is “unquestionably a public figure” and his conduct “a legitimate matter for public scrutiny.”

This article originally appeared on The Hollywood Reporter

More from The Hollywood Reporter:

Your browser is out of date. Please update your browser at http://update.microsoft.com