I’ve been quiet of late — mostly because our Lawfare readership is so self-evidently (and, I might add, appropriately) engaged in questions of greater immediacy relating to the coming debate over Syrian intervention. I would be remiss, however, if I did not pop up my head briefly to highlight two rather notable events in the cyber world from last week:
First, there was this story in the New York Times about an FTC enforcement action against TRENDnet. TRENDnet manufactures an internet-based Web-enabled security camera. The camera can be used for everything from baby-monitoring to personal home security. Unfortunately, the TRENDnet product had a security flaw, allowing hackers to circumvent limitations and, in effect, turn the cameras into spyware within a home. The FTC brought this enforcement action — the first, we are told, of its kind to ever address Web-enabled vulnerabilities — and TRENDnet agreed to settle the suit and to a consent order, including a 20-year security compliance program. Astute readers will recall that I had earlier highlighted a case in which Wyndham hotels is challenging the FTC’s authority to take these sorts of enforcement actions at all. But the new trend (if you will forgive the slight pun) of extending the FTC’s authority to web-based applications confirms what I’ve suspected — if the FTC is not prohibited from doing so by the courts it will soon become the preeminent Federal agency for enforcing cybersecurity standards, through its consumer protection mission.
The second big story was a decision by Acxiom to allow consumers to see the data it collects about them. Privacy advocates who are concerned about big data collection by the NSA are equally concerned about how commercial entities collect data. And Acxiom is one of the biggest, if not the biggest commercial data collector in the world. In a decision announced last week, the company opened up a new website — aboutthedata.com — where, after verifying their identity consumers will be able to see a portion of the treasure trove of data Acxiom holds on them, and, if they want, correct it. I haven’t decided whether to go look myself yet — part of me doesn’t want to do their work for them and part of me is a bit afraid of what I’ll see! — but this effort at transparency will give many individuals a bit of a peek behind the curtain of big data collection and analytics.