You are here: Home / Services / PTSlug / 2017-04-13Corrected-PTSlug.txt

2017-04-13Corrected-PTSlug.txt

by Ned Schumann last modified Apr 13, 2017 10:14 PM
Corrected Text version of Ned Schumann's ISP Privacy talk for PTSlug

2017-04-13Corrected-PTSlug.txt — Plain Text, 5 kB (6028 bytes)

File contents

- Quotes on privacy
	- Oliver Goldsmith in The Traveller 1755 line 429:
		- “How small, of all that human hearts endure, 
		That part which laws or kings can cause or cure. 
		Still to ourselves in every place consign'd, 
		Our own felicity we make or find”
	- John Perry Barlow
		-  “Relying on the government to protect your privacy is like asking a peeping tom to install your window blinds.”
	- Scott McNealy
		- "You have zero privacy anyway. Get over it.
	- Bruce Schneier
		- https://www.schneier.com
- Who knows what?
	- What can ISPs know?
		- IP addresses accessed
		- Domain names accessed
		- Contents of email not using encrypted transport (TLS)
		- If ISP is also email provider, the contents of email is typically stored on the email server unencrypted
			- Edge providers such as Google also store email left on server unencrypted
		- Contents of http web visits
		- DNS leaks from VPN
		- Location
		- Online Privacy and ISPs:
		ISP Access to Consumer Data is Limited and Often Less than Access by Others by The Institute for Information Security & Privacy at Georgia Tech
			- http://www.iisp.gatech.edu/sites/default/files/images/online_privacy_and_isps.pdf
	- What can ISPs not know?
		- Data transported by VPN
		- Contents of https web visits
	- What can VPN providers know?
		- Same as What can ISPs know
	- What can edge providers such as Google, Facebook, Twitter know?
		- That’s another big topic
- ISP Privacy Law Timeline
	- 2015-02-26 and before
		- Privacy law, policies
			- The Privacy Act of 1974 (social security numbers), Social Security Act §1942, The Financial Monetization Act of 1999, The Fair Credit Reporting Act
			- Electronic Communications Privacy Act
			- HIPAA enforcement by HHS
			- State privacy laws
			- Company privacy policies
			- FTC privacy regulations
		- Privacy enforcers
			- FTC is the sole federal online privacy regulator with a goal othat “any privacy framework should be technology neutral.”
	- 2015-02-26 FCC reclassified ISPs as common carriers.
		- The Obama FTC in a unanimous bipartisan comment critized this action as ‘not optimal’.
	- 2015-02-26 and after
		- Now have two privacy regulators
			- FTC remains the privacy regulator for edge providers (Facebook, Google)
			- FCC becomes the privacy regulator for ISPs
	- 2016-10-27 FCC Adopts Broadband Consumer Privacy Rules
		- Rules scheduled to become effective at the end of 2017.
			- These rules rever came into effect
		- The rules would have required explicit consent from consumers if sensitive data — like financial or health information, or browsing history — were to be shared or sold.
		- These rules wouldn't have applied to edge providers such as Google or Facebook
			- https://www.nytimes.com/2017/03/29/opinion/republicans-attack-internet-privacy.html?_r=0
	- 2017-03-28 Congress nullified the FCC’s broadband privacy rules.
	- 2017-04-04 the FCC and FTC commissioners statement
		- “The American people deserve a comprehensive framework that will protect their privacy throughout the Internet. And that’s why we’ll be working together to restore the FTC’s authority to police ISPs’ privacy practices.”
		- “The Obama administration fractured our nation’s online privacy law, and it is our job to fix it. We pledge to the American people that we will do just that.”
			- https://www.washingtonpost.com/opinions/no-republicans-didnt-just-strip-away-your-internet-privacy-rights/2017/04/04/73e6d500-18ab-11e7-9887-1a5314b56a08_story.html <https://www.washingtonpost.com/opinions/no-republicans-didnt-just-strip-away-your-internet-privacy-rights/2017/04/04/73e6d500-18ab-11e7-9887-1a5314b56a08_story.html?utm_term=.476ba1afa4c4>
- The FCC and FTC Commissioners speak
	- Tom Wheeler: How the Republicans Sold Your Privacy to Internet Provider
		- Tom Wheeler was the FCC Commissioner under Obama
		- “The bill is an effort by the F.C.C.’s new Republican majority and congressional Republicans to overturn a simple but vitally important concept — namely that the information that goes over a network belongs to you as the consumer, not to the network hired to carry it. It’s an old idea: For decades, in both Republican and Democratic administrations, federal rules have protected the privacy of the information in a telephone call. In 2016, the F.C.C., which I led as chairman under President Barack Obama, extended those same protections to the internet.”
		- “To my Democratic colleagues and me, the digital tracks that a consumer leaves when using a network are the property of that consumer. They contain private information about personal preferences, health problems and financial matters. Our Republican colleagues on the commission argued the data should be available for the network to sell. The commission vote was 3-2 in favor of consumers.”
		- https://www.nytimes.com/2017/03/29/opinion/how-the-republicans-sold-your-privacy-to-internet-providers.html?_r=1#story-continues-1
	- Ajit Pai and Maureen Ohlhausen: No, Republicans didn’t just strip away your Internet privacy rights
		- Ajit Pai and Maureen Ohlhausen are the FCC and FTC Commissioners under Trump
		- https://www.washingtonpost.com/opinions/no-republicans-didnt-just-strip-away-your-internet-privacy-rights/2017/04/04/73e6d500-18ab-11e7-9887-1a5314b56a08_story.html?utm_term=.2f0d72b0b250
	- Jon Leibowitz on FCC Overreach: Examining the Proposed Privacy Rules
		- Jon Leibowitz was FTC Commissioner under Obama. He writes the following as a lobbiest for the 21st Century Privacy Coalition, a carrier group.
		- http://docs.house.gov/meetings/IF/IF16/20160614/105057/HHRG-114-IF16-Wstate-LeibowitzJ-20160614.pdf
- VPN Antidotes per Oliver Goldsmith
	- Simple VPN Comparison Chart
		- https://thatoneprivacysite.net/simple-vpn-comparison-chart/
	- Post-FCC Privacy Rules, Should You VPN?
		- https://krebsonsecurity.com/2017/03/post-fcc-privacy-rules-should-you-vpn/
- Future
	- Individual’s privacy requirements housed in a blockchain, enforced by tort.