NTIA

Last week, the National Telecommunications and Information Administration (“NTIA”) released submissions it had received from the Federal Trade Commission (“FTC”) staff and many other parties on NTIA’s proposed framework for advancing consumer privacy while protecting innovation.  Although NTIA did not request comments on a possible federal privacy bill, most submissions took the opportunity to inform NTIA of what such a federal privacy bill should look like.
Continue Reading NTIA Publishes Stakeholder Comments on Consumer Privacy Proposal

Last week, the National Telecommunications and Information Administration (NTIA) published a request for comments on how it should approach consumer privacy policy.  NTIA noted that federal action is needed because a growing number of countries and U.S. states have adopted distinct policy approaches with respect to consumer privacy, which risks a fragmented regulatory regime that will harm innovation.
Continue Reading NTIA Requests Comments Regarding Federal Approach to Consumer Privacy

On July 20, 2018, the U.S. Department of Commerce’s National Telecommunications and Information Administration (“NTIA”) published comments it received from a wide array of tech and telecom companies, trade groups, civil society, academia, and others regarding its “international Internet policy priorities for 2018 and beyond.”  NTIA’s Office of International Affairs (“OIA”) had requested comments and recommendations from interested stakeholders in four broad categories: (1) free flow of information and jurisdiction; (2) the multistakeholder approach to Internet governance; (3) privacy and security; and (4) emerging technologies and trends.  NTIA plans to harness the comments it received to help it identify “priority” issues, and to leverage its resources and expertise to effectively address stakeholders’ interests.  
Continue Reading NTIA’s International Internet Policy Priorities for 2018 and Beyond

The FTC released public comments yesterday on the National Telecommunications and Information Administration’s (NTIA) draft “Early Stage” Coordinated Vulnerability Disclosure Template released in December 2016.  The draft template was released by the NTIA Safety Working Group as part of a multistakeholder process that convened security researchers and software and system developers and owners to address security vulnerability disclosure.

The FTC’s comments highlighted the importance of coordinated vulnerability disclosure efforts, stating that “companies should communicate and coordinate with the security research community as part of a continuous process of detecting and remediating software vulnerabilities,” and cited its prior enforcement actions and Staff guidance on the subject.  The FTC encouraged transparency in vulnerability reporting by both researchers and companies, and promoted the model vulnerability disclosure policy language in the draft template as “a useful asset for companies seeking to draft a public-facing vulnerability disclosure policy that helps forge common expectations with researchers regarding vulnerability handling timelines and processes.”
Continue Reading FTC Comments on NTIA’s Cybersecurity Vulnerability Disclosure Template

Last week, the multistakeholder group convened by the National Telecommunications and Information Administration (“NTIA”) to create set of voluntary best practices for the commercial use of facial recognition technology finalized its guidelines.  While the three-page code of conduct was praised by industry groups, including the Software & Information Industry Association and Consumer Technology Association, many consumer groups, who withdrew from the process before the guidelines were finalized, criticized the final product as weak and flawed.

The guidelines are the result of a more than two-year process, first announced by the NTIA in December 2013.  They recommend commercial entities do the following:

  • Disclose their practices regarding collection, storage, and use of facial template data to consumers, including any sharing, retention, and de-identification policies;
  • Provide notice to consumers where facial recognition is used on a physical premises;
  • Consider privacy concerns when developing data management programs;
  • Protect facial recognition data by implementing a program that contains administrative, technical, and physical safeguards appropriate to the entity’s size, complexity, the nature of its activities, and the sensitivity of the data;
  • Take reasonable steps to maintain the integrity of the data collected; and,
  • Provide a means for consumers to contact the entity regarding its use of the data.

Continue Reading NTIA Multistakeholder Group Reaches Consensus on Best Practices for Commercial Use of Facial Recognition Technology

By Stephen Kiehl and Hannah Lepow

Over the last year, the National Telecommunications and Information Administration, an arm of the Department of Commerce, has convened a series of meetings regarding voluntary best practices for privacy, accountability and transparency in the use of drones (“UAS”) by commercial and private users.  A number of stakeholders have participated in these meetings, including representatives of insurance companies, technology companies, news organizations, drone manufacturers, and consumer and privacy groups.  This week the stakeholders reached consensus on a “Best Practices” draft document that contains voluntary privacy guidance, which the NTIA has posted on its website.

Importantly, the document recognizes that the benefits of UAS are substantial, and that UAS integration will have a significant positive economic impact in the United States.  The document also stresses that the best practices it outlines are voluntary and do not create a legal or regulatory standard, nor should they be used as a basis for any local, state or federal law or regulation.  The privacy guidance focuses on data collected by a UAS — and not on data collected by any other means.  And, as we discuss below, the best practices do not cover newsgathering activities.
Continue Reading NTIA Multistakeholder Group Reaches Consensus on Best Practices for Drone Privacy

By Rani Gupta

More than 50 commenters have offered their thoughts on privacy and transparency issues regarding non-government use of unmanned aircraft systems, better known as drones or UAS.

The comments responded to a request by the National Telecommunications and Information Administration.  As we previously reported, the NTIA is planning a multi-stakeholder process to formulate best practices for drone-related privacy, transparency, and accountability issues.  That process was spurred by a White House memorandum calling for further study of these issues as the Federal Aviation Administration issued a proposal to allow the limited commercial use of drones.Continue Reading Groups Weigh In On Drone Privacy

By Gabriel Slater and Kurt Wimmer

As reported in the press, President Obama plans to issue an Executive Order authorizing the Commerce Department’s National Telecommunications and Information Administration (“NTIA”) to coordinate the development of privacy guidelines for commercial drone operations. More specifically, we understand that NTIA would coordinate a “multi-stakeholder process” — a procedure used

The National Telecommunications & Information Administration (“NTIA”) announced today that it will convene a series of meetings about the commercial uses of facial recognition technology.  The goal of the meetings will be to develop a voluntary, enforceable code of conduct specifying how the Obama Administration’s “Consumer Privacy Bill of Rights” applies to facial