Tuesday, 30 August 2022

FTC consultation on commercial surveillance

The U.S. Federal Trade Commission is requesting comments from the public on what the FTC should do about Commercial Surveillance and Data Security.

A timely topic, and an important one of the FTC to address.

I’ve submitted written testimony and plan to testify at the public forum to be held on Thursday, 8 September 2022 as part of the FTC’s public consultation.

My answers… to these questions [in the FTC’s notice] highlight two unrecognized or under-appreciated issues that should be priorities for the FTC in its rulemaking and enforcement activities and its legislative recommendations to Congress: the inability of individuals to see what information has been collected about them (“subject access rights”), and gaps or uncertainties between Federal agencies with respect to the boundaries of regulatory and enforcement jurisdiction, particularly with respect to transportation and communications common carriers and their service providers.

I urge the FTC to prioritize, through rulemaking, enforcement, and if necessary legislative recommendations, (A) subject access rights and (B) jurisdictional gaps and uncertainties related to transportation and communications common carriers and their service providers - especially the computerized reservation systems or global distribution services that host extremely sensitive but currently poorly-secured airline and other travel reservation data.

As discussed in my comments, these are issues that I and others have been raising for many years with both the FTC and the U.S. Department of Transportation. Perhaps the current FTC consultation will finally lead to meaningful action.

If you agree with my comments, I encourage you to say so in your own comments. The deadline is 21 October 2022.

Link | Posted by Edward on Tuesday, 30 August 2022, 15:08 ( 3:08 PM)
Comments

With respect to the ADPPA bill currently pending in Congress, see Nexus Of Privacy, "How well does ADPPA protect against post-Roe threats?":

https://nexusofprivacy.net/adppa-post-roe-threats/

When people travel out of state to get abortions, does ADPPA protect their data?

Let's start with an easy one.

No.

ADPPA doesn’t cover airlines or other transportation common carriers. As travel-related human rights expert Ed Hasbrouck points out, “while the most common real-world attackers of travel reservations data have been stalkers and domestic abusers, this data could also be used to identify (even in advance) and track post-Roe interstate abortion travellers.”

Hasbrouck's "What's in a Passenger Name Record (PNR)?" goes into detail about various information that's associated with reservations – including home address, phone number, who paid for the travel, who's traveling together, and timestamped IP address. As "Sabre and Travelport help the government spy on air travelers" discusses,

Travelers’ data is routinely made available by Sabre and other CRS/GDS companies not only to US and other government agencies but publicly, without even passwords, through online check-in, PNR viewing, and remote stalking sites and apps such as Sabre’s VirtuallyThere.com.

And, ADPPA doesn’t cover employee data including benefits. So people whose employers pay for abortion-related travel are doubly at risk.

Posted by: Edward Hasbrouck, 15 September 2022, 10:52 (10:52 AM)
Post a comment









Save personal info as cookie?








Bio | Blog | Blogroll | Books | Contact | Disclosures | Events | FAQs & Explainers | Home | Newsletter | Privacy | Resisters.Info | Search | Sitemap | The Amazing Race | The Identity Project | Travel Privacy & Human Rights | Twitter

"Don't believe anything just because you read it on the Internet. Anyone can say anything on the Internet, and they do. The Internet is the most effective medium in history for the rapid global propagation of rumor, myth, and false information." (From The Practical Nomad Guide to the Online Travel Marketplace, 2001)
RSS 2.0 feed of this blog
RSS 2.0 feed of this blog
RSS 1.0 feed of this blog
Powered by
Movable Type Open Source
Movable Type Open Source 5.2.13

Pegasus Mail
Pegasus Mail by David Harris
Notices