Terrell McSweeny, commissioner of the Federal Trade Commission, got a somewhat unique introduction at the DefCon security conference in Las Vegas on Aug. 5. When McSweeny was introduced to a large audience, the FTC was described as a federal agency that many in the hacker community actually really like.
“I’m really interested in protecting consumer privacy and data security,” she said.
The increasing rise of connected devices, commonly referred to as the internet of things (IoT), is top of mind for McSweeny, though she’s not a fan of the term “IoT” itself.
“I think the term ‘internet of things’ is overused; it’s the internet of a lot of stuff,” McSweeny quipped. “Really what’s going on is we are connecting ourselves and the stuff in our lives in new and exciting ways.”
“The FTC has almost nothing to do with federal trade policy and everything to do with consumer protection and competition,” McSweeny said.
Primarily what the FTC does is bring civil cases against companies that may be engaged in deceptive practices or are not properly protecting consumer privacy and data, she said. One recent case the FTC was engaged in was a settlement with Oracle over Java updates and security.
One of the many challenges that faces the FTC—as well as consumers—is the fact that while there are different compliance specifications and various privacy laws, there is no single comprehensive data security law in the U.S., according to McSweeny. As such, she noted that the FTC doesn’t just work on enforcement, but also on education to try to address data security and privacy issues.
Among the biggest issues that McSweeny said the FTC sees today are vendors ignoring vulnerability reports, slow response times by vendors to vulnerability reports, lack of data protection, failure to store passwords securely and lack of proper security configuration.
The FTC is also working to improve its own technology capabilities, which is where Lorrie Cranor, the FTC’s chief technologist, plays a key role. That said, the FTC didn’t come to DefCon just to tell people what the agency does; it came to recruit information and security experts.
Cranor said the FTC is interested many topics and areas of security research. Among the topics of interest are IoT security and best practices and research into online bots and how consumers interact with them.
“When consumers interact with bots, we wonder if they even know that they are interacting with a machine, so we want research on how consumers can become aware of bots,” she said.
Virtual reality is another area where the FTC is looking for research into privacy and security, as the technology is just now starting to enter the mainstream. Cranor noted that the FTC is also interested in tools that can help consumers to protect their own information across different technologies.
Additionally, the FTC is interested in research that can help consumers assess the risks posed by breach vulnerabilities. Cranor commented that the FTC is also looking for research into what can be done to protect consumers from malvertising and ransomware.
“We can’t solve all the challenges that are going to be confronting consumers in a hyperconnected environment without a lot of partnerships, particularly with the security researcher community,” McSweeny said. “If there is one takeaway here, we really want to forge a partnership and hear from you.”
Originally published on eWeek
Quiz: What do you know about privacy?
Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…
Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…
Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…
Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…
Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…
Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…