FTC Commissioner Looking For Hackers’ Help With Consumer Privacy

Terrell McSweeny, commissioner of the Federal Trade Commission, got a somewhat unique introduction at the DefCon security conference in Las Vegas on Aug. 5. When McSweeny was introduced to a large audience, the FTC was described as a federal agency that many in the hacker community actually really like.

“I’m really interested in protecting consumer privacy and data security,” she said.

The increasing rise of connected devices, commonly referred to as the internet of things (IoT), is top of mind for McSweeny, though she’s not a fan of the term “IoT” itself.

“I think the term ‘internet of things’ is overused; it’s the internet of a lot of stuff,” McSweeny quipped. “Really what’s going on is we are connecting ourselves and the stuff in our lives in new and exciting ways.”

FTC privacy

The IoT is bringing innovation to consumers, but it is also coming with privacy and security issues. The FTC is very focused on helping to protect consumers from potential risks associated with the IoT, McSweeny said. While the FTC has “trade” in its name, she was quick to point out that her efforts have almost nothing to do with trade.

“The FTC has almost nothing to do with federal trade policy and everything to do with consumer protection and competition,” McSweeny said.

Primarily what the FTC does is bring civil cases against companies that may be engaged in deceptive practices or are not properly protecting consumer privacy and data, she said. One recent case the FTC was engaged in was a settlement with Oracle over Java updates and security.

One of the many challenges that faces the FTC—as well as consumers—is the fact that while there are different compliance specifications and various privacy laws, there is no single comprehensive data security law in the U.S., according to McSweeny. As such, she noted that the FTC doesn’t just work on enforcement, but also on education to try to address data security and privacy issues.

Interested in security research

Among the biggest issues that McSweeny said the FTC sees today are vendors ignoring vulnerability reports, slow response times by vendors to vulnerability reports, lack of data protection, failure to store passwords securely and lack of proper security configuration.

The FTC is also working to improve its own technology capabilities, which is where Lorrie Cranor, the FTC’s chief technologist, plays a key role. That said, the FTC didn’t come to DefCon just to tell people what the agency does; it came to recruit information and security experts.

Cranor said the FTC is interested many topics and areas of security research. Among the topics of interest are IoT security and best practices and research into online bots and how consumers interact with them.

“When consumers interact with bots, we wonder if they even know that they are interacting with a machine, so we want research on how consumers can become aware of bots,” she said.

Virtual reality is another area where the FTC is looking for research into privacy and security, as the technology is just now starting to enter the mainstream. Cranor noted that the FTC is also interested in tools that can help consumers to protect their own information across different technologies.

Additionally, the FTC is interested in research that can help consumers assess the risks posed by breach vulnerabilities. Cranor commented that the FTC is also looking for research into what can be done to protect consumers from malvertising and ransomware.

“We can’t solve all the challenges that are going to be confronting consumers in a hyperconnected environment without a lot of partnerships, particularly with the security researcher community,” McSweeny said. “If there is one takeaway here, we really want to forge a partnership and hear from you.”

Originally published on eWeek

Quiz: What do you know about privacy?

Sean Michael Kerner

Sean Michael Kerner is a senior editor at eWeek and contributor to TechWeek

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago