The California State Senate approved Democratic Sen. Mark Leno-sponsored SB-178, which modernizes California’s privacy laws to keep up with emerging technologies, in a 39-0 vote Wednesday, a Leno news release said. The bill, also known as the California Electronic Communications Privacy Act (Cal-ECPA), “protects Californians against warrantless government access to private electronic communications such as emails, text messages and GPS data that are stored in the cloud and on smartphones, tablets, laptops and other digital devices,” it said. “For what logical reason should a handwritten letter stored in a desk drawer enjoy more protection from warrantless government surveillance than an email sent to a colleague or a text message to a loved one?” Leno said. The bill was co-sponsored by Republican Sen. Joel Anderson and supported by more than a dozen tech companies including Apple, Facebook, Google and Twitter, the release said. California Executive Director of the Internet Association Robert Callahan said it’s time to update laws because Californians expect their inboxes to have the same safeguards as their mailboxes. The bill was backed by the American Civil Liberties Union, Electronic Frontier Foundation and the California Newspaper Publishers Association, it said. “Californians should be able to use smartphones, email, social networks and any other modern technology without worrying about whether their personal lives will remain private,” said Chris Conley, policy attorney with the ACLU of Northern California. “Especially after revelations of warrantless mass surveillance by the NSA, California needs to catch up with other states across the nation, including Texas and Maine, which have already updated their privacy laws for the modern digital world,” Conley said. “CalECPA is a comprehensive digital privacy bill that is consistent with the strong protections provided in the California Constitution,” said EFF Activist Adi Kamdar. “As technology increasingly becomes a part of our everyday lives, it is crucial to update state laws pertaining to electronic devices, emails, texts and more,” he said. The bill will be heard in the Assembly this summer, the release said.

FTC Commissioner Maureen Ohlhausen will deliver opening remarks at the FTC’s June 9 workshop on issues raised by the "sharing economy," a news release said Thursday. California Public Utilities Commissioner Catherine Sandoval will make a presentation in the afternoon, it said. “Panels will explore sharing economy platforms, mechanisms for trust in the sharing economy, and various perspectives on the interplay between competition, consumer protection, and regulatory issues,” the release said. “Panelists and speakers will include academics from a number of leading universities, representatives from sharing economy businesses including Uber and Airbnb and self-regulation organizations, and former and current state and local government officials.” The full agenda is on the workshop’s Web page. The workshop begins at 8:45 a.m. at the FTC’s Constitution Center offices in the A, B and C conference rooms located at 400 7th St. SW.

The Council of Europe’s Committee of Ministers adopted a declaration Wednesday urging its 47 member nations to ask ICANN to strengthen its mechanisms for respecting freedom of expression and privacy in top-level domain (TLD) decisions. The council said it adopted the resolution in response to concerns that ICANN decisions on the use of particular words or characters in TLDs, such as .xxx or .sucks, affect the right to freedom of expression. The Council of Europe’s member states should encourage ICANN to create “an explicit policy statement” committing to respect internationally recognized human rights standards and to use “due diligence mechanisms and human rights impact assessments to identify, prevent, mitigate and account for any harm ICANN may cause,” the Committee of Ministers said in the declaration. The council also urged in the resolution its member nations to work with ICANN to “ensure that a more attentive approach towards human rights and corporate responsibility contributes to the development of more transparent and accountable policy-development processes, with measurable standards and in full respect of the public interest.” The Committee of Ministers separately adopted a declaration reaffirming the Council of Europe’s support for multistakeholder Internet governance and asking the U.N. General Assembly to extend the Internet Governance Forum’s mandate through 2025.

The FCC is likely to lose an appeal of its net neutrality rules on First Amendment grounds because the rules are a violation of the rights of ISPs to function as a free press, argued Fred Campbell, executive director of the Center for Boundless Innovation in Technology, in a new paper. “If the FCC had admitted the Internet offers communications capabilities that are functionally equivalent to the printing press, mail carriage, newspaper publishing, over-the-air broadcasting, and cable television combined, it would have been too obvious that classifying broadband Internet service providers as common carriers is unconstitutional,” said Campbell, former chief of the FCC Wireless Bureau. “Like all other means of disseminating mass communications, broadband Internet access is a part of the ‘press’ that the First Amendment protects from common carriage regulation.” The FCC argued in the order that ISPs aren't entitled to freedom of expression, “but its declaration does not meet the straight face test,” Campbell said. To uphold the order, an appeals court would have to hold that “there is no constitutional right to access mass media communications,” Campbell said. “That would make the [FCC declaratory ruling] Second Internet Order a landmark First Amendment case that would be almost certain to garner Supreme Court review. Given the strong preference of lower courts for following Supreme Court precedent when deciding constitutional issues, the FCC is very likely to lose on First Amendment grounds in an initial appeal of the Second Internet Order.”

New America released databases on drone regulation and civil use, a news release said Wednesday. The database at drones.newamerica.org is a joint effort of New America’s International Security Program and Open Technology Institute. Until the release of the database, “drone users have not had a single destination with up-to-date information about worldwide drone regulations,” the release said. While regulation of unmanned aerial vehicles changes quickly in some countries, others “lack a clear regulatory regime,” which is why New America created a map to provide “the best available information about the current state of global drone regulation.” The database includes more than 120 civil drone projects to illustrate diverse uses of drones in such areas as disaster responses, mapping efforts and environmental monitoring. Drone users, regulators and interested members of the public can send details of drone-related developments to New America via Web form or email, the release said. “These databases will be a valuable resource both for people seeking to fly drones and for those seeking to understand what drones are capable of accomplishing,” said Peter Bergen, New America director-International Security and Future of War Programs.

The federal government launched a new site to be a “one-stop resource for identity theft victims,” a USA.gov email update said Monday. The website, IdentityTheft.gov, offers step-by-step checklists of what to do immediately and down the road when an individual’s private information has been compromised, depending on what information was stolen or exposed. The website also lists warning signs that an individual’s identity may have been stolen, the websites and phone numbers for organizations that individuals should contact when their identity is stolen, and has sample letters for disputing fraudulent charges, correcting credit report information and obtaining business records related to the theft.

The FTC approved its final orders resolving its complaints against TES Franchising and American International Mailing for “deceiving consumers about their participation in international privacy frameworks” Friday, after a public comment period, an FTC news release said. The settlements were first announced in April (see 1504070026). The commission vote to approve the final orders was 5-0. The FTC alleged the websites for TES Franchising and American International Mailing “indicated they were currently certified” under the safe harbor frameworks, enabling U.S. companies to transfer consumer data from the European Union to the U.S. in compliance with EU law, “when in fact their certifications had lapsed years earlier,” the FTC said. In its complaint against TES, the FTC also alleged TES “deceived consumers about the nature of its dispute resolution procedures,” and “deceptively claimed to be a licensee of the TRUSTe Privacy program,” the FTC said. TES Project Manager Marissa Ruderman previously told us the company hadn't complied with the safe harbor laws because information about renewing the safe harbor subscription had been sent to an individual who was no longer with the company (see 1504090029). Once Ruderman was notified TES was out of compliance, she said, she contacted safe harbor officials and resolved the issue within a week or two. Ruderman said the settlement with the FTC is not monetary, but involves the company's acknowledging it missed the deadline to renew its safe harbor subscription and pledging to not let it happen again. TES and American International Mailing had no immediate comment Friday.

Google rolled out two “significant improvements” to its privacy and security tools Monday, the company said in a blog post, with a “new hub for managing your Google settings called My Account, and a new site that answers important questions about privacy and security on Google.” With the new My Account tool, a user has quick access to the settings and tools that help safeguard privacy and can decide what information is used, Google Product Manager-Account Controls and Settings Guemmy Kim wrote. Users can also get a privacy and security checkup, manage ad settings, control apps that connect to a Google account and more, Kim said. Google’s new privacy site privacy.google.com “candidly” answers questions such as what data Google collects, what Google does with data, what tools users have to control their Google experience, as well as answers how to encrypt and spam filter data, Kim said. “When you trust your personal information with us, you should expect powerful controls that keep it safe and private as well as useful answers to your questions,” Kim said. “Today’s launches are just the latest in our ongoing efforts to protect you and your information on Google.”

Caution should be used by those who use a credit card at a local retailer, gas station, restaurant or bar, because the black market demand for user and credit card data has made point-of-sale (PoS) system compromises a lucrative business, said a blog post from Level 3 Threat Research Labs Friday. “As PoS systems are targeted with greater frequency, new families of malware are developed and extended at a breakneck pace.” High-profile compromises are often either a result of lax security policies and procedures or a very sophisticated targeted attack, the blog said. “With PoS malware continuously evolving and becoming more difficult to detect, the security community, as well as retailers, has a real challenge on its hands.” Merchants should have their PoS and support systems behind a properly configured firewall, with logs and alerts enabled, the blog said. Merchants should also disallow remote access to PoS networks, control access within local networked environments and ensure their software is up to date, it said. PoS malware is lucrative for malware developers around the globe and U.S. merchants are transitioning to chip and PIN technology at a slow pace, it said. “As more American merchants implement chip and PIN for credit card transactions it will be interesting to see how the malware developers adapt.”

Reps. Luke Messer, R-Ind., and Jared Polis, D-Colo., will speak at a Center for Democracy & Technology hosted event on Tuesday on privacy issues for data collected by education technologies, CDT said in a news release Thursday. “Technology in education has the potential to revolutionize learning,” the release said, but the “adoption of new technology requires consumer trust,” it said. More than 170 state student privacy bills have been introduced in 2015, the White House announced its student privacy legislative proposal in January, and now Congress is considering multiple student privacy bills, it said. Following Messer and Polis’ speeches, CDT President Nuala O’Connor will moderate a panel on student privacy; panelists are White House Policy Adviser for the Office of the Chief Technology Officer Dipayan Ghosh, Data Quality Campaign CEO Aimee Guidera, Public Policy Lead for Google's strategy and programs on youth and technology Sarah Holland, Director of Education Policy and Programs at Microsoft Allyson Knox, and Vice President-Policy at Common Sense Media Joni Lupovitz.