Jeff Kosseff

Subscribe to all posts by Jeff Kosseff

Senate Panel Debates Law Enforcement Access to Encrypted Communications

The Senate Judiciary Committee today held a hearing about the increased challenges that encryption poses for law enforcement. Government officials testified that advances in encryption technology make it more difficult for them to monitor communications, but there was little indication that lawmakers are prepared to require technology providers to ensure that law enforcement has backdoor … Continue Reading

Supreme Court Limits Criminal Law’s Reach to Social Media Posts; Avoids First Amendment Issue

In the U.S. Supreme Court’s first opinion involving social media, the majority held that posting a threat is not a federal crime without proof of the defendant’s mental state. Anthony Douglas Elonis posted rap lyrics on Facebook that contained violent statements about his wife, co-workers, a kindergarten class, and law enforcement.  He was charged with … Continue Reading

Ninth Circuit Asks California Supreme Court to Define the Scope of Song-Beverly Act

The U.S. Court of Appeals for the Ninth Circuit on Tuesday asked the California Supreme Court to resolve a longstanding dispute over the interpretation of a retail privacy statute.  If the state court rules on the issue, its decision could affect the ability of California retailers to collect information from consumers who make in-store payments using … Continue Reading

NTIA Seeks Comment on Drone Privacy; Markey and Welch Introduce Drone Privacy Bill

The National Telecommunications and Information Administration today requested public comment on privacy issues related to the use of drones, or unmanned aircraft systems (“UAS”).  The request came a day after two members of Congress introduced a bill that would impose significant privacy restrictions on drone operators. The NTIA request is a result of a Feb. … Continue Reading

White House Releases Drone Privacy Memorandum

On Sunday, the White House released a memorandum that outlines privacy protections that federal agencies must take when they use drones, and directs the National Telecommunications and Information Administration to work with the private sector to establish voluntary privacy practices for commercial drone use. The White House issued the memorandum on the same day that … Continue Reading

Senate Subcommittee to Continue to Focus on Privacy Issues

The Senate Judiciary Committee will continue to dedicate a subcommittee to privacy and technology issues. Sen. Chuck Grassley, R-Iowa, the new chairman of the Senate Judiciary Committee, announced today that Sen. Jeff Flake, R-Ariz., is the new chairman of the Subcommittee on Privacy, Technology, and the Law. Former Judiciary Committee Chairman Patrick Leahy created the … Continue Reading

President Obama to Release Cybersecurity Proposal

President Obama plans to continue his focus on privacy and data security today with an announcement of cybersecurity-related proposals. In remarks scheduled for later today at the National Cybersecurity Communications Integration Center (NCCIC), President Obama will announce an updated cybersecurity legislative proposal, which would encourage the private sector to quickly share cyberthreat information with NCCIC.  … Continue Reading

President Obama Announces Privacy Proposals Today

At a speech to the Federal Trade Commission today, President Obama will announce a number of cybersecurity and privacy proposals.  In a statement released this morning, the White House noted that consumer concerns about cybersecurity threats and identity theft “can lead to less interaction with technology, less innovation, and a less productive economy.”… Continue Reading

New State Privacy Laws Go Into Effect on Jan. 1, 2015

State legislators have recently passed a number of bills that impose new data security and privacy requirements on companies nationwide. The laws include new data breach notification requirements, marketing restrictions, and data destruction rules. Below is an overview of the new laws and amendments that will go into effect on January 1, 2015.… Continue Reading

Senate Proposal Would Impose Severe Regulations on Drone Use

In his final days as a United States senator, West Virginia Democrat Jay Rockefeller released a draft bill that would subject drone operators to unprecedented new privacy regulations. Currently, commercial organizations cannot operate drones unless they get special approval from the Federal Aviation Administration. The FAA is preparing a proposal to allow the commercial use … Continue Reading

Recent Ninth Circuit Decisions Address Whether Consumers Must Explicitly Agree to User Terms

The Ninth Circuit recently issued two opinions addressing whether companies should require customers to explicitly agree to key provisions of user terms and other policies. On Monday, a unanimous three-judge panel issued an opinion in Knutson v. Sirius XM Radio.  In this case, the plaintiff purchased a Toyota that included a trial subscription to Sirius.  … Continue Reading

Ten Ways the 2014 Election May Affect Privacy and Data Security Law

When Republicans take over the Senate in January, new leaders will control key committees that oversee privacy and data security issues, and their priorities will differ significantly from those of their predecessors.  Privacy issues, however, generally tend not to break neatly along party lines and there will remain bipartisan support – and bipartisan opposition – … Continue Reading

Federal Judge Denies Motion to Reconsider FACTA Lawsuit Dismissal

A New York federal judge last week affirmed his earlier dismissal of a civil action alleging that a restaurant chain willfully violated the Fair and Accurate Credit Transactions Act (“FACTA”). FACTA requires businesses that accept credit cards to redact from customers’ receipts the card’s expiration date and all but the last five digits of the … Continue Reading

‘Video Rental Privacy Act’ Covers Magazines, Court Holds

A federal court opinion released this week is a reminder that Michigan’s Video Rental Privacy Act (VRPA) may apply to far more than just videos. The Michigan VRPA restricts the disclosure of customers’ personal information by companies “engaged in the business of selling at retail, renting, or lending books or other written materials, sound recordings, … Continue Reading

Federal Appellate Court to Consider FTC Data Security Authority

The U.S. Court of Appeals for the Third Circuit this week agreed to consider whether the Federal Trade Commission has the authority to regulate companies’ data security practices. On Tuesday, the Third Circuit granted Wyndham Hotel and Resorts’ petition for interlocutory review of Judge Esther Salas’s denial of a motion to dismiss a FTC lawsuit … Continue Reading

FTC Commissioner Argues for Balanced Approach to Unfairness Cases

As the Federal Trade Commission takes an increasingly broad view of its authority to regulate privacy and consumer protection, one of the agency’s five commissioners is calling for a more cautious approach. In a speech today to TechFreedom and the International Center for Law and Economics in Washington, D.C., Commissioner Joshua D. Wright disagreed with … Continue Reading

Court Denies Company’s Request for Identity of Online Commenter

A New York state trial court last week rejected a publicly traded company’s request to obtain the identity of an individual who anonymously wrote negative comments about the company on an online financial bulletin board. In February 2014, an individual with the pseudonym “Pump Terminator” posted an article about Nanoviricides, Inc. on, a financial … Continue Reading

Wyndham Data Breach Ruling Cleared for Potential Appeal to Third Circuit

U.S. District Court Judge Esther Salas ruled on Monday that the U.S. Court of Appeals for the Third Circuit can review her conclusion that Section 5 of the Federal Trade Commission Act provides the FTC with authority to bring actions arising from companies’ data security violations. In April of this year, Judge Salas denied Wyndham … Continue Reading

California AG Releases Online Tracking Disclosure Guidelines

California Attorney General Kamala Harris today released guidelines to help websites comply with a state law that went into effect on January 1, 2014, pertaining to online tracking disclosures. The law, which amended the California Online Privacy Protection Act (“CalOPPA”) and which we previously blogged about here, requires website operators to disclose (1) how they … Continue Reading

Ten Key Take-Aways From the White House Big Data Report

On Thursday, the White House Big Data Working Group, led by senior presidential advisor John Podesta, released a 79-page report that outlines a number of key observations and recommendations for privacy in both the private sector and government.  Although the report does not create binding law, it provides insight into the administration’s  priorities on a … Continue Reading

Ten Things You Should Know About the SEC’s New Cybersecurity Examinations

Last week, the Securities and Exchange Commission announced that it will conduct more than 50 cybersecurity examinations to identify risks and ensure that broker-dealers and investment advisers are adequately protecting customer information.  Below are some key takeaways from the Risk Alert that the SEC’s Office of Compliance Inspections and Examinations released with its announcement:… Continue Reading