ecpa
Latest
Mattress maker Casper faces lawsuit for tracking web visitors
Unless you're using strict privacy controls in your browser, you generally expect that online stores will track at least a bit of your activity, if just to send you targeted ads when you browse the web. However, a proposed class action lawsuit is claiming that Casper was far nosier. The suit alleges that the mattress-in-a-box startup violated the Electronic Communications Privacy Act by using code from NaviStone to grab personal data from web visitors without permission. Reportedly, it would collect keystrokes, clicks, IP addresses and other identifying info whether or not you actually submitted it. In theory, Casper could see what you'd typed into a form even if you backed out.
Microsoft drops its lawsuit over gag orders on DoJ searches
It's been more than a year since Microsoft sued the government (with backing from Amazon, Apple, Google and many others) over the right to tell its customers when the authorities ask it to hand over data, and now the DoJ has responded with a new policy. Microsoft says that the new rules restrict the use of secrecy orders and it says they should have defined time periods. With those conditions applied, President and Chief Legal Officer Brad Smith said Microsoft is dropping its lawsuit, but also says more changes are necessary, as he called on Congress to amend the 1986 Electronic Communications Privacy Act that is at the center of the dispute.
Supreme Court will hear challenge to Microsoft's data privacy case
Microsoft may have won its fight to protect overseas data from American search warrants, but it can't rest easy. The Supreme Court has agreed to hear the Department of Justice's petition to review the case, virtually guaranteeing that the case will set the basis for how US law enforcement can access data abroad. We don't have a court date as of this writing, but the arguments on both sides are already well-established.
Bipartisan Senate legislation would modernize digital privacy
A group of senators introduced two bills today to modernize digital privacy. The current federal statutes derive from the Electronics Communication Privacy Act (ECPA), which was passed in 1986. One of their big motions extended phone wiretap laws to include communications between computers -- but a lot has changed in the last 30 years, and the bills want to bring American law up to date.
Tech firms say FBI wants browsing history without warrant
Tech companies and privacy advocates are warning against new legislation that would give the FBI the ability to access "electronic communication transactional records" (ECTRs) without a warrant in spy and terrorism cases. ECTRs include high-level information on what sites a person visited, the time spent on those sites, email metadata, location information and IP addresses. To gain access to this data, a special agent in charge of a bureau field office need only write a "national security letter" (NSL) that doesn't require a judge's approval. It's worth noting that ECTRs don't amount to a full browsing history. If a suspected terrorist were reading this article, the FBI would only see they read "engadget.com" and how long for, rather than the specific page links. Additionally, the ECTRs won't include the content of emails, search queries, or form content, but will feature metadata, so the FBI would know who someone is messaging and when.
Google testifies before House of Representatives, calls for updated email privacy laws
Google's legal director of law enforcement and information security, Richard Salgado, is set to testify before the US House of Representatives this morning about the need for new email privacy legislation. In his written testimony, Salgado notes that the 1986 ECPA (Electronic Communications Privacy Act) doesn't reflect the internet circa 2013, noting how cloud computing has increased the amount of user information shared and stored online. Salgado's prepared statement calls for updates to ECPA that allow for greater privacy measures, while also ensuring that government agencies can obtain access to documents when necessary. He points to the ECPA's policy on government requests to view users' email -- only a subpoena is required for email 180 days or older, but viewing newer communication requires a search warrant -- as an example of the law's "inconsistent, confusing and uncertain standards." Google wants to alter the ECPA to require search warrants to access any user data stored online, regardless of their age. Salgado's testimony also touches on Mountain View's own efforts to improve transparency when it comes to user privacy, including publishing reports about government requests. Read the statement in full via the source link below.
