Senate Intelligence Chairman Richard Burr, R-N.C., should listen to constituents who are “loud and clear that they not only want [Section 215 of the Patriot Act] to end, but that they are also incredibly dubious about the NSA’s collection practices,” wrote Electronic Frontier Foundation Legislative Analyst Mark Jaycox in a blog post Monday. Burr’s “reliance on the program being effective ignores the conclusions of two independent investigations tasked with looking at the calling records program,” Jaycox said: “The Director of National Intelligence and the Attorney General have written a letter expressing the need to reform the authorities, and essentially end the current program as it currently is.” Jaycox said “if the Executive branch, the Judicial branch, and two independent commissions can't convince Senator Burr, then maybe their fellow lawmakers can.”

The FTC wants the court-appointed consumer privacy ombudsman in RadioShack’s bankruptcy case to recommend against the sale of personal customer data as a stand-alone asset, Consumer Protection Director Jessica Rich told the ombudsman, an agency news release said. RadioShack obtained personal data, including consumers’ names, addresses, email addresses and purchase histories from tens of millions of consumers, Rich said. RadioShack had extensive privacy promises it made to consumers online and in stores, including the promise to not sell consumers’ information or the company’s mailing lists, Rich said. Consumer information should be sold only to another entity that's substantially in the same line of business as RadioShack and that buyer should be bound by the RadioShack privacy policies that were in place when the consumers’ data was collected, Rich said. The buyer should also give consumers notice their data was bought and obtain affirmative consent if the data is to be used in a manner that differs from promises RadioShack made, she said. Rich pointed to FTC intervention in the bankruptcy case of the online retailer Toysmart, which sought to sell customers’ information despite promises made in its privacy policies, as an example of how conditions successfully can be put on the sale of data both to allow the company to divest assets and to protect consumers’ information, the release said. RadioShack’s privacy policy had said (see 1504020032) that “we will not sell or rent your personally identifiable information to anyone at any time.”

Reddit administrators and users are unhappy with harassing behavior on its site, so the site has updated its practices to better curb harassment, an administrators' blog post said Thursday. “For the past six months we have been examining and reviewing reddit’s community policies and practices, collecting and analyzing data, defining our own goals, and making some hard decisions,” reddit said. “We value privacy, freedom of expression, open discussion, and humanity, and we want to make sure that we uphold these principles for all kinds of people,” they said. Some changes have already been made, such as an annual transparency report showing when private information was shared with law enforcement and when content was taken down in response to legal demands or for privacy reasons, the administrators said. In March, reddit’s privacy policy was updated to address revenge porn, and on Wednesday, additional changes were made to be “even more transparent about content that reddit removes for legal reasons,” they said. Reddit announced on Thursday administrators have been looking “closely at the conversations on reddit and at personal safety.” Reddit values freedom of expression and relies on volunteer moderators to determine and uphold rules for subreddits, allowing administrators to step in only when “we see threats to our values of privacy and safety,” they said. As use of the Internet and information available evolves, reddit said, it has seen more harassment and different types of harassment emerge, such as posting links to private information on other sites. “Instead of promoting free expression of ideas, we are seeing our open policies stifling free expression; people avoid participating for fear of their personal and family safety,” reddit said. “Because of this, we are changing our practices to prohibit attacks and harassment of individuals through reddit with the goal of preventing them,” they said. Harassment is defined as: “Systematic and/or continued actions to torment or demean someone in a way that would make a reasonable person (1) conclude that reddit is not a safe platform to express their ideas or participate in the conversation, or (2) fear for their safety or the safety of those around them,” the administrators said.

To ensure law enforcement uses body cameras in a way that enhances civil rights, New America’s Open Technology Institute and 35 other privacy and civil rights organizations and advocates Friday released principles they embraced. They would among other things require law enforcement agencies implementing cameras to: develop camera policies in public; commit to a set of narrow and well-defined purposes for cameras; specify clear operational policies for recording, retention and access; make footage available to promote accountability, an OTI news release said. The principles were spearheaded by the Leadership Conference on Civil & Human Rights. Other groups that supported the principles include the American Civil Liberties Union, Center for Democracy & Technology, Electronic Frontier Foundation and Public Knowledge.

The non-profit Technology Business Management Council established a Commission on IT Cost Opportunity, Strategy and Transparency (IT COST) Wednesday to “define a set of recommendations and best practices for Federal departments and agencies to transparently measure and communicate their IT costs so that Federal CIOs [chief information officers] are better equipped to govern their IT spending and support agency missions with limited resources,” a news release said. The federal government spends more than $78 billion on technology per year, but each agency uses its own standards to measure, benchmark and communicate the value of its technology investments, the release said. Lack of standardization creates numerous challenges and complications, it said. CIOs from the departments of Health, Transportation, Interior, Commerce and Agriculture are participating in the first IT COST Commission meeting, to be held in June. CIOs from Cisco, Hewlett-Packard and DirecTV are also participating. The goal is to release a report in early 2016 outlining a series of recommendations to reduce waste and increase efficiency, demonstrate cost, quality and value of IT spend, and aid in the implementation of the new Federal IT Acquisition Reform Act, the release said.

The FTC launched IdentityTheft.gov Thursday, in hopes of making it easier for identity theft victims to report and recover from identity theft, a news release said. The new website has an interactive checklist for those who learn their identity is stolen and has advice for those notified their personal information was exposed in a data breach. A Spanish version of the site is available at RobodeIdentidad.gov.

The Mozilla Foundation released security updates Tuesday to address vulnerabilities in Firefox, Firefox ESR and Thunderbird, said a notice from the U.S. Computer Emergency Readiness Team. U.S.-CERT said the vulnerabilities in Firefox may have let a remote hacker “cause a denial-of-service condition or steal sensitive information." Adobe also released security updates Tuesday for Acrobat, Flash Player and Reader, a U.S.-CERT notice said. It said exploitation of Adobe vulnerabilities may let an attacker take control of an affected system.

The Department of Commerce Internet Policy Task Force extended the comment deadline on identifying substantive cybersecurity issues from May 18 to May 27, said a notice in Wednesday's Federal Register. Comments may be submitted via email or mail.

The Online Trust Alliance is welcoming experts from private and public industry to join its initiative to develop a security, privacy and sustainability trust framework for IoT devices, it said in a Wednesday news release. OTA said the framework is intended to provide clarity and confidence to consumers as they shop and use connected devices, with an initial focus on the connected home and wearable/fitness technologies. OTA hopes the framework will be used as a basis for a potential certification program for IoT devices and applications, it said. A draft will be shared in a panel at the TRUSTe IoT privacy summit June 17, it said. “With the rapid introduction of Internet of Things products into the market, we must ensure that security and privacy best practices are integrated to maximize consumer protection,” said OTA Executive Director Craig Spiezle. “According to preliminary data from OTA’s forthcoming Online Trust Audit, 14 percent of leading IoT products did not have a discoverable privacy policy for consumers to review prior to purchase,” Spiezle said. “We welcome industry leaders to join in the multi-stakeholder effort to raise the bar and make security, privacy and sustainability key product attributes.” OTA’s next full working group meeting is June 16 in Mountain View, California. Leaders in the security and privacy community, app developers, manufacturers and international retailers were invited to provide input. TRUSTe CEO Chris Babel welcomed OTA’s initiative to extend the work of the IoT Privacy Tech Working Group to include the security and sustainability issues arising out of the explosion of data collection from connected devices, he said. “Considering that 79 percent of U.S. consumers are concerned about data collected by connected devices, we urge companies to join this important endeavor to develop clear standards for privacy and security in the Internet of Things.”

The Trustworthy Accountability Group, the advertising industry's initiative to improve the digital ecosystem, said it plans to create, maintain and share its database of domains that have been identified as known sources of fraudulent bot traffic for digital ads. The TAG fraud threat list program was unveiled Monday at an Interactive Advertising Bureau conference in New York by Mike Zaneis, interim CEO of TAG, and Jim Norton, global head of media sales at AOL, which Verizon Tuesday agreed to buy. The technical proposal for the fraud threat list program will be at tagtoday.net and comments from ad industry stakeholders will be accepted for 30 days before the program is finalized. The pilot phase of the program battling the $6.3 billion issue of fraudulent ad traffic has been implemented, and broader deployment of the final program is expected in Q3, said TAG. The program lets ad companies “take power back from the criminals who are undermining our industry,” Zaneis said. “By gathering and sharing known sources of fraudulent impressions across the digital advertising ecosystem, TAG will give companies the information they need to find and remove non-human traffic from their inventory.” The list will be compiled using information from participating companies with “specific insight on domains that are driving significant fraudulent ad traffic to the ad industry” such as AOL and Yahoo, and will be available to advertising networks, publishers and technology providers, said TAG.