Federal Trade Commission

FTC, Justice Dept. takes coordinated action against robocallers

Posted by | caller id, department of justice, Director, Federal Communications Commission, Federal Trade Commission, Mobile, neologisms, privacy, Security, telemarketing, telephony | No Comments

Federal authorities have announced its latest crackdown on illegal robocallers — taking close to a hundred actions against several companies and individuals blamed for the recent barrage of spam calls.

In the so-called “Operation Call It Quits,” the Federal Trade Commission brought four cases — two filed on its behalf by the Justice Department — and three settlements in cases said to be responsible for making more than a billion illegal robocalls.

Several state and local authorities also brought actions as part of the operation, officials said.

Each year, billions of automatically dialed or spoofed phone calls trick millions into picking up the phone. An annoyance at least, at worse it tricks unsuspecting victims into turning over cash or buying fake or misleading products. So far, the FTC has fined companies more than $200 million but only collected less than 0.01% of the fines because of the agency’s limited enforcement powers.

In this new wave of action, the FTC said it will send a strong signal to the robocalling industry.

Andrew Smith, director of the FTC’s Bureau of Consumer Protection, said Americans are “fed up” with the billions of robocalls received every year. “Today’s joint effort shows that combatting this scourge remains a top priority for law enforcement agencies around the nation,” he said.

It’s the second time the FTC has acted in as many months. In May, the agency also took action against four companies accused of making “billions” of robocalls.

The FTC said its latest action brings the number of robocall violators up to 145.

Several of the cases involved shuttering operations that offer consumers “bogus” credit card interest rate reduction services, which the FTC said specifically targeted seniors. Other cases involved the use of illegal robocalls to promote money-making schemes.

Another cases included actions against Lifewatch, a company pitching medical alert systems, which the FTC contended uses spoofed caller ID information to trick victims into picking up the phone. The company settled for $25.3 million. Meanwhile, Redwood Scientific settled for $18.2 million, suspended due to the inability for defendant Danielle Cadiz to pay, for “deceptively” marketing dentistry products, according to the FTC’s complaint.

The robocalling epidemic has caught the attention of the Federal Communications Commission, which regulates the telecoms and internet industries. Last month, its commissioners proposed a new rule that would make it easier for carriers to block robocalls.

Powered by WPeMatico

Alexa, does the Echo Dot Kids protect children’s privacy?

Posted by | Advertising Tech, Amazon, Amazon Echo, Amazon.com, artificial intelligence, center for digital democracy, coppa, Disney, echo, echo dot kids, eCommerce, Federal Trade Commission, Gadgets, nickelodeon, privacy, privacy policy, smart assistant, smart speaker, Speech Recognition, terms of service, United States, voice assistant | No Comments

A coalition of child protection and privacy groups has filed a complaint with the Federal Trade Commission (FTC) urging it to investigate a kid-focused edition of Amazon’s Echo smart speaker.

The complaint against Amazon Echo Dot Kids, which has been lodged with the FTC by groups including the Campaign for a Commercial-Free Childhood, the Center for Digital Democracy and the Consumer Federation of America, argues that the e-commerce giant is violating the Children’s Online Privacy Protection Act (COPPA) — including by failing to obtain proper consents for the use of kids’ data.

As with its other smart speaker Echo devices, the Echo Dot Kids continually listens for a wake word and then responds to voice commands by recording and processing users’ speech. The difference with this Echo is it’s intended for children to use — which makes it subject to U.S. privacy regulation intended to protect kids from commercial exploitation online.

The complaint, which can be read in full via the group’s complaint website, argues that Amazon fails to provide adequate information to parents about what personal data will be collected from their children when they use the Echo Dot Kids; how their information will be used; and which third parties it will be shared with — meaning parents do not have enough information to make an informed decision about whether to give consent for their child’s data to be processed.

They also accuse Amazon of providing at best “unclear and confusing” information per its obligation under COPPA to also provide notice to parents to obtain consent for children’s information to be collected by third parties via the online service — such as those providing Alexa “skills” (aka apps the AI can interact with to expand its utility).

A number of other concerns about Amazon’s device are also being raised with the FTC.

Amazon released the Echo Dot Kids a year ago — and, as we noted at the time, it’s essentially a brightly bumpered iteration of the company’s standard Echo Dot hardware.

There are differences in the software, though. In parallel, Amazon updated its Alexa smart assistant — adding parental controls, aka its FreeTime software, to the child-focused smart speaker.

Amazon said the free version of FreeTime that comes bundled with the Echo Dot Kids provides parents with controls to manage their kids’ use of the product, including device time limits; parental controls over skills and services; and the ability to view kids’ activity via a parental dashboard in the app. The software also removes the ability for Alexa to be used to make phone calls outside the home (while keeping an intercom functionality).

A paid premium tier of FreeTime (called FreeTime Unlimited) also bundles additional kid-friendly content, including Audible books, ad-free radio stations from iHeartRadio Family and premium skills and stories from the likes of Disney, National Geographic and Nickelodeon .

At the time it announced the Echo Dot Kids, Amazon said it had tweaked its voice assistant to support kid-focused interactions — saying it had trained the AI to understand children’s questions and speech patterns, and incorporated new answers targeted specifically at kids (such as jokes).

But while the company was ploughing resource into adding a parental control layer to Echo and making Alexa’s speech recognition kid-friendly, the COPPA complaint argues it failed to pay enough attention to the data protection and privacy obligations that apply to products targeted at children — as the Echo Dot Kids clearly is.

Or, to put it another way, Amazon offers parents some controls over how their children can interact with the product — but not enough controls over how Amazon (and others) can interact with their children’s data via the same always-on microphone.

More specifically, the group argues that Amazon is failing to meet its obligation as the operator of a child-directed service to provide notice and obtain consent for third parties operating on the Alexa platform to use children’s data — noting that its Children’s Privacy Disclosure policy states it does not apply to third-party services and skills.

Instead, the complaint says Amazon tells parents they should review the skill’s policies concerning data collection and use. “Our investigation found that only about 15% of kid skills provide a link to a privacy policy. Thus, Amazon’s notice to parents regarding data collection by third parties appears designed to discourage parental engagement and avoid Amazon’s responsibilities under Coppa,” the group writes in a summary of their complaint.

They are also objecting to how Amazon is obtaining parental consent — arguing its system for doing so is inadequate because it’s merely asking that a credit or debit/debit gift card number be inputted.

“It does not verify that the person ‘consenting’ is the child’s parent as required by Coppa,” they argue. “Nor does Amazon verify that the person consenting is even an adult because it allows the use of debit gift cards and does not require a financial transaction for verification.”

Another objection is that Amazon is retaining audio recordings of children’s voices far longer than necessary — keeping them indefinitely unless a parent actively goes in and deletes the recordings, despite COPPA requiring that children’s data be held for no longer than is reasonably necessary.

They found that additional data (such as transcripts of audio recordings) was also still retained even after audio recordings had been deleted. A parent must contact Amazon customer service to explicitly request deletion of their child’s entire profile to remove that data residue — meaning that to delete all recorded kids’ data a parent has to nix their access to parental controls and their kids’ access to content provided via FreeTime — so the complaint argues that Amazon’s process for parents to delete children’s information is “unduly burdensome” too.

Their investigation also found the company’s process for letting parents review children’s information to be similarly arduous, with no ability for parents to search the collected data — meaning they have to listen/read every recording of their child to understand what has been stored.

They further highlight that children’s Echo Dot Kids’ audio recordings can of course include sensitive personal details — such as if a child uses Alexa’s “remember” feature to ask the AI to remember personal data such as their address and contact details or personal health information like a food allergy.

The group’s complaint also flags the risk of other children having their data collected and processed by Amazon without their parents’ consent — such as when a child has a friend or family member visiting on a play date and they end up playing with the Echo together.

Responding to the complaint, Amazon has denied it is in breach of COPPA. In a statement, a company spokesperson said: “FreeTime on Alexa and Echo Dot Kids Edition are compliant with the Children’s Online Privacy Protection Act (COPPA). Customers can find more information on Alexa and overall privacy practices here: https://www.amazon.com/alexa/voice [amazon.com].”

An Amazon spokesperson also told us it only allows kid skills to collect personal information from children outside of FreeTime Unlimited (i.e. the paid tier) — and then only if the skill has a privacy policy and the developer separately obtains verified consent from the parent, adding that most kid skills do not have a privacy policy because they do not collect any personal information.

At the time of writing, the FTC had not responded to a request for comment on the complaint.

In Europe, there has been growing concern over the use of children’s data by online services. A report by England’s children’s commissioner late last year warned kids are being “datafied,” and suggested profiling at such an early age could lead to a data-disadvantaged generation.

Responding to rising concerns the U.K. privacy regulator launched a consultation on a draft Code of Practice for age appropriate design last month, asking for feedback on 16 proposed standards online services must meet to protect children’s privacy — including requiring that product makers put the best interests of the child at the fore, deliver transparent T&Cs, minimize data use and set high privacy defaults.

The U.K. government has also recently published a whitepaper setting out a policy plan to regulate internet content that has a heavy focus on child safety.

Powered by WPeMatico

FTC tells ISPs to disclose exactly what information they collect on users and what it’s for

Posted by | broadband providers, Federal Trade Commission, FTC, Government, isps, Mobile, Policy, privacy | No Comments

The Federal Trade Commission, in what could be considered a prelude to new regulatory action, has issued an order to several major internet service providers requiring them to share every detail of their data collection practices. The information could expose patterns of abuse or otherwise troubling data use against which the FTC — or states — may want to take action.

The letters requesting info (detailed below) went to Comcast, Google, T-Mobile and both the fixed and wireless sub-companies of Verizon and AT&T. These “represent a range of large and small ISPs, as well as fixed and mobile Internet providers,” an FTC spokesperson said. I’m not sure which is meant to be the small one, but welcome any information the agency can extract from any of them.

Since the Federal Communications Commission abdicated its role in enforcing consumer privacy at these ISPs when it and Congress allowed the Broadband Privacy Rule to be overturned, others have taken up the torch, notably California and even individual cities like Seattle. But for enterprises spanning the nation, national-level oversight is preferable to a patchwork approach, and so it may be that the FTC is preparing to take a stronger stance.

To be clear, the FTC already has consumer protection rules in place and could already go after an internet provider if it were found to be abusing the privacy of its users — you know, selling their location to anyone who asks or the like. (Still no action there, by the way.)

But the evolving media and telecom landscape, in which we see enormous companies devouring one another to best provide as many complementary services as possible, requires constant reevaluation. As the agency writes in a press release:

The FTC is initiating this study to better understand Internet service providers’ privacy practices in light of the evolution of telecommunications companies into vertically integrated platforms that also provide advertising-supported content.

Although the FTC is always extremely careful with its words, this statement gives a good idea of what they’re concerned about. If Verizon (our parent company’s parent company) wants to offer not just the connection you get on your phone, but the media you request, the ads you are served and the tracking you never heard of, it needs to show that these businesses are not somehow shirking rules behind the scenes.

For instance, if Verizon Wireless says it doesn’t collect or share information about what sites you visit, but the mysterious VZ Snooping Co (fictitious, I should add) scoops all that up and then sells it for peanuts to its sister company, that could amount to a deceptive practice. Of course it’s rarely that simple (though don’t rule it out), but the only way to be sure is to comprehensively question everyone involved and carefully compare the answers with real-world practices.

How else would we catch shady zero-rating practices, zombie cookies, backdoor deals or lip service to existing privacy laws? It takes a lot of poring over data and complaints by the detail-oriented folks at these regulatory bodies to find things out.

To that end, the letters to ISPs ask for a whole boatload of information on companies’ data practices. Here’s a summary:

  • Categories of personal information collected about consumers or devices, including purposes, methods and sources of collection
  • how the data has been or is being used
  • third parties that provide or are provided this data and what limitations are imposed thereupon
  • how such data is combined with other types of information and how long it is retained
  • internal policies and practices limiting access to this information by employees or service providers
  • any privacy assessments done to evaluate associated risks and policies
  • how data is aggregated, anonymized or deidentified (and how those terms are defined)
  • how aggregated data is used, shared, etc.
  • “any data maps, inventories, or other charts, schematics, or graphic depictions” of information collection and storage
  • total number of consumers who have “visited or otherwise viewed or interacted with” the privacy policy
  • whether consumers are given any choice in collection and retention of data, and what the default choices are
  • total number and percentage of users that have exercised such a choice, and what choices they made
  • whether consumers are incentivized to (or threatened into) opt into data collection and how those programs work
  • any process for allowing consumers to “access, correct, or delete” their personal information
  • data deletion and retention policies for such information

Substantial, right?

Needless to say, some of this information may not be particularly flattering to ISPs. If only 1 percent of consumers have ever chosen to share their information, for instance, that reflects badly on sharing it by default. And if data capable of being combined across categories or services to de-anonymize it, even potentially, that’s another major concern.

The FTC representative declined to comment on whether there would be any collaboration with the FCC on this endeavor, whether it was preliminary to any other action and whether it can or will independently verify the information provided by the ISPs contacted. That’s an important point, considering how poorly these same companies represented their coverage data to the FCC for its yearly broadband deployment report. A reality check would be welcome.

You can read the rest of the letter here (PDF).

Powered by WPeMatico

Apple is selling the iPhone 7 and iPhone 8 in Germany again

Posted by | antitrust, Apple, apple inc, China, Europe, Federal Trade Commission, Germany, Intel, iPhone, lawsuit, licensing, Mobile, mobile phones, patent litigation, patents, Qorvo, Qualcomm, smartphone, standards-essential patents | No Comments

Two older iPhone models are back on sale in Apple stores in Germany — but only with Qualcomm chips inside.

The iPhone maker was forced to pull the iPhone 7 and iPhone 8 models from shelves in its online shop and physical stores in the country last month, after chipmaker Qualcomm posted security bonds to enforce a December court injunction it secured via patent litigation.

Apple told Reuters it had “no choice” but to stop using some Intel chips for handsets to be sold in Germany. “Qualcomm is attempting to use injunctions against our products to try to get Apple to succumb to their extortionist demands,” it said in a statement provided to the news agency.

Apple and Qualcomm have been embroiled in an increasingly bitter global legal battle around patents and licensing terms for several years.

The litigation follows Cupertino’s move away from using only Qualcomm’s chips in iPhones after, in 2016, Apple began sourcing modem chips from rival Intel — dropping Qualcomm chips entirely for last year’s iPhone models. Though still using some Qualcomm chips for older iPhone models, as it will now for iPhone 7 and iPhone 8 units headed to Germany.

For these handsets Apple is swapping out Intel modems that contain chips from Qorvo which are subject to the local patent litigation injunction. (The litigation relates to a patented smartphone power management technology.) 

Hence Apple’s Germany webstore is once again listing the two older iPhone models for sale…

Newer iPhones containing Intel chips remain on sale in Germany because they do not containing the same components subject to the patent injunction.

“Intel’s modem products are not involved in this lawsuit and are not subject to this or any other injunction,” Intel’s general counsel, Steven Rodgers, said in a statement to Reuters.

While Apple’s decision to restock its shelves with Qualcomm-only iPhone 7s and 8s represents a momentary victory for Qualcomm, a separate German court tossed another of its patent suits against Apple last month — dismissing it as groundless. (Qualcomm said it would appeal.)

The chipmaker has also been pursing patent litigation against Apple in China, and in December Apple appealed a preliminary injunction banning the import and sales of old iPhone models in the country.

At the same time, Qualcomm and Apple are both waiting the result of an antitrust trial brought against Qualcomm’s licensing terms in the U.S.

Two years ago the FTC filed charges against Qualcomm, accusing the chipmaker of operating a monopoly and forcing exclusivity from Apple while charging “excessive” licensing fees for standards-essential patents.

The case was heard last month and is pending a verdict or settlement.

Powered by WPeMatico

German court tosses Qualcomm’s latest iPhone patent suit

Posted by | apple inc, China, Europe, Federal Trade Commission, Germany, Intel, iPhone, lawsuit, Mobile, patent, Qualcomm, smartphones | No Comments

Qualcomm has had a patent lawsuit against Apple dismissed by a court in Mannheim, Germany, as groundless (via Reuters).

The chipmaker had argued Intel -powered iPhones infringed a transistor switch patent it holds. But in an initial verbal decision the court disagreed. Qualcomm has said it will appeal.

In a statement, Don Rosenberg, Qualcomm’s executive VP and general counsel, said: “Apple has a history of infringing our patents. Only last month the Munich Regional Court affirmed the value of another of Qualcomm’s cutting-edge patents against Apple’s infringement and ordered a ban on the import and sale of impacted iPhones in Germany. That decision followed a Court-ordered ban on patent-infringing iPhones in China as well as recognition by an ITC judge that Apple is infringing Qualcomm’s IP. The Mannheim court interpreted one aspect of our patent very narrowly, saying that because a voltage inside a part of an iPhone wasn’t constant the patent wasn’t infringed.  We strongly disagree and will appeal.”

We’ve reached out to Apple for comment. Update: The company told us: “We are happy with the decision and thank the court for their time and diligence.  We regret Qualcomm’s use of the court to divert attention from their illegal behavior that is the subject of multiple lawsuits and proceedings around the world.”

The pair have been embroiled in an increasingly bitter and global legal battle in recent years, as Apple has shifted away from using Qualcomm chips in its devices.

Two years ago the FTC also filed charges against the chipmaker accusing it of anticompetitive tactics in an attempt to maintain a monopoly (Apple is officially cited in the complaint). That trial began early this month.

Cupertino has also filed a billion-dollar royalty lawsuit accusing Qualcomm of charging for patents “they have nothing to do with”.

While the latest court decision in Mannheim has gone in Apple’s favor, a separate ruling in Germany late last year went Qualcomm’s way. And earlier this month Apple was forced to withdraw the iPhone 7 and 8 from its retail stores in Germany, after Qualcomm posted €1.34BN in security bonds to enforce the December court decision — which related to a power management patent.

Although the affected iPhone models remain on sale in Germany via resellers. Apple is also appealing.

Qualcomm also recently secured a preliminary injunction banning the import and sales of some older iPhone models in China. Again, Apple is appealing.

Powered by WPeMatico