ftc

ftc

Proposed bill pushes informed consent for P2P sharing

As reported by Ars Technica and others, Rep. Henry Waxman (D-WA) and the rest of the House Energy & Commerce Committee are pushing a bill that requires peer-to-peer (P2P) file sharing applications to provide informed consent before installation and before making files available for sharing. The bill labels a failure to provide the required consent as an unfair trade practice, which means the Federal Trade Commission (FTC) can use its authority to punish the offending software distributor. The motivation for the bill seems to be a combination of two concerns: first, that important confidential files may be inadvertently shared by government or corporate employees; and second, that individuals accused of illegal file sharing may use "I didn't know I was sharing those files" as a defense.
From my initial read of the bill (PDF), this seems like decent legislation. It is brief and clear in its definitions, and the only requirements are "clear and conspicuous notice," "informed consent," and the ability to uninstall or disable the software, all of which approximate the language we use in our software guidelines. There is an appropriate exception for software that is pre-installed on the computer (the user doesn't have to consent prior to installation but is required to be notified that the software is installed). The most notable thing about the bill is probably what isn't covered: software installed by the government (let's call that the "FBI exemption"), non-commercial software (probably because there's no entity for the FTC to punish for unfair business practices), and several specific categories of software that don't look like P2P software (servers, communications apps, and security software).
I can't help wonder about the sense in legislating behavior of only one specific type of application, but I have to admit it seems like the bill addresses the specific concerns about P2P software I alluded to earlier without overstepping. It's good to see legislation that doesn't try to dictate technical solutions and instead sticks to the basics: tell the user what is happening, and let him/her decide what to do next.
 

FTC warns about bank merger phishing attacks

The U.S. Federal Trade Commission (FTC) issued an alert this week about an uptick in phishing attacks preying on people whose banks have recently failed or been purchased:

Phishers (pronounced “fishers’) may send attention-getting emails that look like they’re coming from the financial institution that recently acquired your bank, savings and loan, or mortgage. Their intent is to collect or capture your personal information, like your credit card numbers, bank account information, Social Security number, passwords, or other sensitive information. Their messages may ask you to “update,” “validate,” or “confirm” your account information.

The alert contains a bit more information, along with a number of tips to help users avoid these attacks.

FTC updates OnGuardOnline.gov

The U.S. Federal Trade Commission has upgraded the content on its public information (about online safety) website, OnGuardOnline.gov:

Since its launch in September 2005, more than 8.5 million visitors have learned about computer security at OnGuardOnline.gov and AlertaEnLinea.gov, its Spanish-language counterpart.  Now, a Web 2.0 redesign allows users to grab and embed games and videos, search for topics on the site, and have a more interactive experience while getting useful tips and information.

There are articles and engaging games on sixteen topics – including social networking, phishing, spam scams and laptop security; plenty of buttons and banners to help you link from your site; free publications you can order; and links to the OnGuard Online partners, who are an important part of the site’s success.