The month of November is quickly slipping by – this is the time to be looking at the 2014 cybersecurity and data privacy goals and updates and planning ahead.
Our selected bits and bytes for this Monday:
FTC Denies AssertID, Inc.’s Application for Obtaining Verifiable Consent Under the COPPA Rule
The FTC recently announced (press release) that the Commission voted 4-0 to deny AssertID, Inc.’s (“AssertID”or “Company”) application for a proposed verifiable parental consent (“VPC”) method submitted for approval under the Voluntary Commission Approval Process provision of the COPPA Rule (“Rule”). The Company submitted their proposed VPC method, ConsentID, for approval on July 1, 2013, the FTC published the application in the Federal Register on August 21, and the public comment period closed on September 20, 2013. The Commission received six (6) comments on the application and the commentators urged the FTC to deny AssertID’s application on the basis that the AssertID VPC method primarily because the proposed method is not “reasonably calculated, in light of available technology, to ensure that the person providing consent is the child’s parent,” as required bySection 312.5(b)(1) of the Rule. You can access our prior blog post describing the AssertID VPC method here.
In its letter to AssertID informing the Company of the Commission’s decision, the FTC stated that the Company has failed to show that its proposed VPC method satisfies the criteria required by Section 312.5(b)(1). Specifically, the Commission expressed concern about the reliability of the social-graph verification method proposed by AssertID, noting, as the commentators on the AssertID VPC method have, that (1) Facebook profiles can very easily be fabricated, in fact, according to Facebook’s 10-Q filing, there are 83 million fake Facebook accounts, and (2) many children under 13 have created social media accounts by falsifying age information. In the Commission’s view, AssertID’s limited beta testing of its VPC method was not sufficient to demonstrate that social-graph identity verification will be effective and sufficiently reliable in verifying in a live environment that the individual providing consent is in fact the child’s parent. The FTC declined to opine on whether the services that AssertID provides on behalf of Web site operators as part of the ConsentID service to satisfy their direct notice obligation under the Rule indeed satisfy the requirements of the Rule, as the Commission did not consider these services integral to the proposed VPC method.
SCOTUS Declines to Hear Electronic Privacy Information Center’s NSA Surveillance Challenge
The Supreme Court today refused to consider the challenge to the controversial NSA surveillance program filed by the Electronic Privacy Information Center. For more, read Dennis Fisher’s post at threatpost.