FTC Commissioner Looking For Hackers’ Help With Consumer Privacy

Terrell McSweeny, commissioner of the Federal Trade Commission, got a somewhat unique introduction at the DefCon security conference in Las Vegas on Aug. 5. When McSweeny was introduced to a large audience, the FTC was described as a federal agency that many in the hacker community actually really like.

“I’m really interested in protecting consumer privacy and data security,” she said.

The increasing rise of connected devices, commonly referred to as the internet of things (IoT), is top of mind for McSweeny, though she’s not a fan of the term “IoT” itself.

“I think the term ‘internet of things’ is overused; it’s the internet of a lot of stuff,” McSweeny quipped. “Really what’s going on is we are connecting ourselves and the stuff in our lives in new and exciting ways.”

FTC privacy

The IoT is bringing innovation to consumers, but it is also coming with privacy and security issues. The FTC is very focused on helping to protect consumers from potential risks associated with the IoT, McSweeny said. While the FTC has “trade” in its name, she was quick to point out that her efforts have almost nothing to do with trade.

“The FTC has almost nothing to do with federal trade policy and everything to do with consumer protection and competition,” McSweeny said.

Primarily what the FTC does is bring civil cases against companies that may be engaged in deceptive practices or are not properly protecting consumer privacy and data, she said. One recent case the FTC was engaged in was a settlement with Oracle over Java updates and security.

One of the many challenges that faces the FTC—as well as consumers—is the fact that while there are different compliance specifications and various privacy laws, there is no single comprehensive data security law in the U.S., according to McSweeny. As such, she noted that the FTC doesn’t just work on enforcement, but also on education to try to address data security and privacy issues.

Interested in security research

Among the biggest issues that McSweeny said the FTC sees today are vendors ignoring vulnerability reports, slow response times by vendors to vulnerability reports, lack of data protection, failure to store passwords securely and lack of proper security configuration.

The FTC is also working to improve its own technology capabilities, which is where Lorrie Cranor, the FTC’s chief technologist, plays a key role. That said, the FTC didn’t come to DefCon just to tell people what the agency does; it came to recruit information and security experts.

Cranor said the FTC is interested many topics and areas of security research. Among the topics of interest are IoT security and best practices and research into online bots and how consumers interact with them.

“When consumers interact with bots, we wonder if they even know that they are interacting with a machine, so we want research on how consumers can become aware of bots,” she said.

Virtual reality is another area where the FTC is looking for research into privacy and security, as the technology is just now starting to enter the mainstream. Cranor noted that the FTC is also interested in tools that can help consumers to protect their own information across different technologies.

Additionally, the FTC is interested in research that can help consumers assess the risks posed by breach vulnerabilities. Cranor commented that the FTC is also looking for research into what can be done to protect consumers from malvertising and ransomware.

“We can’t solve all the challenges that are going to be confronting consumers in a hyperconnected environment without a lot of partnerships, particularly with the security researcher community,” McSweeny said. “If there is one takeaway here, we really want to forge a partnership and hear from you.”

Originally published on eWeek

Quiz: What do you know about privacy?

Sean Michael Kerner

Sean Michael Kerner is a senior editor at eWeek and contributor to TechWeek

Recent Posts

Tesla To Ask Shareholders To Reinstate Elon Musk’s $56 Billion Package

Tesla shareholders to be asked to reinstate Elon Musk's $56 billion pay package, days after…

8 hours ago

Telegram To Reach One Billion Users Within Year

Catching WhatsApp? Billionaire founder of Telegram claims encrypted platform will reach one billion users within…

9 hours ago

Judge Dismisses Some Harm Claims Against Meta, Zuckerberg

Good news for Mark Zuckerberg as judge dismisses some claims in dozens of lawsuits alleging…

10 hours ago

Google Begins Removal Of California News Ahead Of Proposed Law

Consequences of Assembly Bill 886. Google begins removing California news websites from some search results

11 hours ago

Tim Cook Says Apple Considering Factory In Indonesia

CEO Tim Cook during visit to Jakarta says Apple will look into building a manufacturing…

12 hours ago

Canada To Implement Digital Services Tax This Year

Introduction of digital services tax on tech firms will begin in 2024 Canadian government confirms,…

16 hours ago