ICYMI, the @FTC proposed a settlement addressing allegations that @zoom_us undermined the #security and #privacy of its users. I dissented because the settlement failed to recognize and solve for the privacy implications of the security failures at issue. ftc.gov/public-stateme…
Too often we treat data security and privacy as distinct concerns that can be separately
preserved. In reality, protecting a consumer’s privacy and providing strong data security are
closely intertwined, and when we solve only for one we fail to secure either.
This case provides a perfect example of how things that might seem superficially to be security failures (here, encryption levels and overriding 3rd-party security features) are really about privacy as well.
We must recognize the reality that the reason customers care about the security of their Zoom calls is because they want to protect the privacy of the sensitive information they share over the service.
The @FTC’s proposed settlement requires @zoom_us to establish an information-security program and submit to third-party audits—good steps. But the settlement requires no direct improvements, transparency, or oversight of Zoom’s approach to #consumer privacy.
A more effective order would require a review of the risks to #consumer privacy posed by @zoom_us
products and services, procedures to routinely review such risks, and privacy-risk mitigation before implementing any new or modified product, service, or practice.
I highlight the security/privacy issue here because I think it implicates an important part of a larger policy debate over data abuse in the US. But I had other objections, including the fact that the settlement provided no recourse for affected customers.
Of course I understand that settlements are rarely perfect, and I readily support accepting a settlement that is less than ideal to preserve resources and avoid lengthy litigation, but *only if* the proposed settlement provides meaningful and adequate relief.
For more on why the majority thought this settlement met that test, their statement is available here: ftc.gov/public-stateme…
• • •
Missing some Tweet in this thread? You can try to
force a refresh
America's workers are under siege on many fronts; they need the protection of our labor laws more than ever, but the Trump admin is pushing through an 11th hour rule that will make things worse not better. I urged them to stop. ftc.gov/public-stateme…
My objections to the Rule and the deficiencies of the record are in my comment, but the tl;dr version is that the rule is not only bad for labor, it's also bad for competition; it's built on a record that doesn't adequately consider those issue; and it should go. Specifically:
Today the @FTC announced its settlement with @facebook. I voted no, as did @chopraftc. The majority explained its decision in a statement, and we both wrote dissents - all long, but worth reading (as is the order itself). Links below. First, a more concise version of my views.
I voted no b/c I do not believe either the money or the injunctive relief will ensure accountability or that @facebook changes how it treats user data. And the release of liability is not justified.
We shouldn't analyze the settlement terms against prior settlements; we should analyze them against the specific facts in this case. On that metric, the settlement falls short.
It was a good day for consumers and for antitrust law in the Supreme Court (a sentence I can say all too rarely). Below is a brief thread of some of my favorite lines from the decision in Apple v. Pepper. supremecourt.gov/opinions/18pdf…
(but first, a reminder that I wrote about how this outcome was the correct and logical way to resolve this case back in December.) nytimes.com/2018/12/12/opi…
"The broad text of §4 [of the Clayton Act]—“any person” who has been “injured” by an antitrust violator may sue—readily covers consumers who purchase goods or services at higher-than-competitive prices from an allegedly monopolistic retailer."
First - our enforcement does not happen in a vacuum, nor do we have a universe of perfect choices. There was no dispute that Speedway screwed up its compliance with the original order, and that was unacceptable. 2/
I certainly don’t think, and the majority opinion does not suggest, that Speedway’s behavior was “fine.” The question was how bad was it and what do we do about it. 3/