The Federal Trade Commission (FTC) recently filed a series of comment letters with the Federal Communications Commission (FCC) supporting that agency’s consideration of privacy and data security in the development of its Broadband Plan. The first of these letters,[1] dated December 9, 2009, highlights the extent to which federal agencies, including the FTC and FCC, are focusing their resources on privacy and data security issues in response to the rapid expansion in recent years of Internet-based software and data services (commonly referred to as “cloud computing”), and the growing dependence by businesses on authentication and credentialing (what the FTC terms “identity management”).

By way of background, the FCC’s National Broadband Plan[2] sets various goals aimed at providing affordable broadband coverage to areas of the U.S. that go underserved in the current market, including homes, schools, hospitals and local government. The plan also focuses on improving public safety, both through expanding or enhancing broadband services, and promoting cybersecurity and the protection of critical broadband infrastructure. In this respect, the plan makes a number the recommendations, including the creation by the FCC of a “cybersecurity certification regime” and (in conjunction with the Department of Homeland Security) “a cybersecurity information reporting system.” The depth and breadth of these recommendations appears to move the FCC closer to the regulation of data security, an area where activity at the federal level, at least with respect to consumers, has generally fallen under either the Justice Department through criminal investigations, or the FTC via enforcement actions and various other initiatives.

The letter goes on to emphasize some of the FTC’s more significant efforts in this regard, including a 2007 workshop on customer authentication technology and policy, followed by a 2008 report on the same topic, and most notably, the Commission’s enforcement action and $15 million settlement against ChoicePoint for failure to follow reasonable data protection procedures ,— the largest civil money penalty in FTC history. The letter also mentions some of the Commission’s more recent efforts to address privacy challenges surrounding cloud computing, including three roundtable forums on privacy in the age of cloud computing and social networking, the last of which took place in March of 2010.

Is text-messaging protected against surveillance by an employer? Currently, it is if the employer is a governmental entity. But for how long? The Supreme Court recently agreed to review the Ninth Circuit’s panel opinion in Quon v. Arch Wireless, 529 F.3d 892 (9th Cir. 2008), cert. granted sub. nom. City of Ontario v. Quon, ___ U.S. ___, 130 S.Ct. 1011, 175 L.Ed.2d 617 (Dec. 14, 2009).

The central issue in Quon was whether a policeman who was issued a text message pager by the city for police business had a reasonable expectation that his personal messages sent over the pager would remain private. The city argued that there was no reasonable expectation of privacy in personal messages, because it had a written policy that personal use of city computer equipment and software for personal use was considered a violation of city policy, and that use of the Internet and the email system outside the course of business was expressly deemed not confidential. Quon had acknowledged in writing having read the policy. Quon had also been informed that text messages were considered email and would be subject to audit.

The Ninth Circuit disagreed and found Quon did have a reasonable expectation of privacy in personal messages, on the ground that the foregoing city policy was not actually followed. Officer Quon’s immediate superior had told Quon that, if Quon paid for overruns on his monthly allotment of characters, his text messages would not be audited. But in the fullness of time, Officer Quon’s messages were audited when he continued to exceed his monthly limit, and it was discovered that many of his text messages were personal. Officer Quon sued, alleging that the police department and City employees who reviewed the text messages violated Quon’s rights under the Fourth Amendment of the U.S. Constitution and similar provisions of the California constitution. The District Court and the Ninth Circuit found that Officer Quon was entitled to rely on his superior’s assurances that his text messages would remain private on the conditions stated.

PEMBROKE PINES, Fla. — A student who set up a Facebook page to complain about her teacher – and was later suspended – had every right to do so under the First Amendment, a federal magistrate has ruled.

The ruling not only allows Katherine “Katie” Evans’ suit against the principal to move forward, it could set a precedent in cases involving speech and social networking on the Internet, experts say.

The courts are in the early stages of exploring the limits of free speech within social networking, said Howard Simon, the executive director of the Florida ACLU, which filed the suit on Evans’ behalf.

A type of “driver’s license” for the Internet. Yeah. That’s what Craig Mundie, Microsoft’s chief research and strategy officer, proposed this week at the World Economic Forum in Davos, Switzerland.

It’s not as ominous as it sounds since Mundie was suggesting a simple solution for the complex world of cybercrime, and his analogy was a “driver’s license” for the Internet.

I wasn’t in Davos, so I’ll let Time magazine’s Barbara Kiviat explain it better:

WASHINGTON – Internet search firm Google Inc. is finalizing a deal that would let the U.S. National Security Agency help it investigate a corporate espionage attack that may have originated in China, the Washington Post reported yesterday.

The aim of the investigation is to better defend Google, the world’s largest Internet search company, and its users from future attacks, the Post said, citing anonymous sources with knowledge of the arrangement.

The sources said Google’s alliance with the NSA — the intelligence agency is the world’s most powerful electronic surveillance organization — would be aimed at letting them share critical information without violating Google’s policies or laws that protect the privacy of online communications.

The ongoing conflict between Google and China escalated earlier this month as Google announced it had discovered that the hacking of its servers had originated from the Chinese government.

The hacking code used was traced to China’s territory, but not to the Chinese government, which, not surprisingly, denies any connection to the attack. How Google came to the conclusion that the hack had come from the Chinese government has yet to be disclosed.

China currently has the most Internet users of any country in the world. JP Morgan and Chase estimates that Google will make roughly six hundred million dollars in the Chinese market in 2010. Withdrawing from China would clearly be a poor business decision.

The state’s high court said today that sexually explicit instant messages used by a Beverly man to arrange a sexual encounter with someone he thought was a 13-year-old girl are not illegal under current state law.

The Supreme Judicial Court reversed the conviction of Matt H. Zubiel, who in 2006 used IMs to chat not with a teenager but with Plymouth County Deputy Sheriff Melissa Marino, who was searching the Internet for child predators.

In 2007, Zubiel was convicted in Plymouth Superior Court of attempted dissemination of materials harmful to a minor and was sentenced to one year in jail.

China’s police are working with the country’s highest investigative organ and the Supreme People’s Court to release a judicial interpretation on hacking crimes, according to the People’s Daily, the official paper of the Communist Party, citing a Chinese police representative. The report gave no details, but such documents are used to direct lower-level Chinese courts on how to apply laws.

The move would be the latest of China’s efforts to strengthen laws against cybercrime, which have come alongside a growing number of reported arrests and court sentences for hacking in the country in the last year.

The report comes after Google last month drew global attention to hacking in China by saying it had been hit by cyberattacks from the country. Google cited the attacks, which resulted in the loss of intellectual property, as one reason it plans to stop censoring its China-based search engine, even if the move forces it to shut down its China offices.

Twitter reset passwords for an unknown number of users on Tuesday whose accounts appeared to have been compromised via phishing.

“As part of Twitter’s ongoing security efforts, we reset passwords for a small number of accounts that we believe may have been compromised offsite,” the company said in a statement.

Some Twitter users apparently “used their Twitter username and password to sign up for an untrusted third-party application which then posted Tweets to their account,” a spokeswoman said.

PITTSBURGH (AP) – A federal appeals court has revived part of a western Pennsylvania couple’s lawsuit against Internet search engine Google Inc.

But the 3rd U.S. Circuit Court of Appeals ruling says Aaron and Christine Boring will have to prove the pictures of their home on Google’s “Street View” actually hurt them to collect more than $1 from a federal court jury.

A federal magistrate last year threw out the lawsuit saying the Pittsburgh-area couple couldn’t prove the pictures actually harmed them.