The Electronic Frontier Foundation asked a federal appeals court to order the return of personal files of client Kyle Goodwin, a sports videographer locked out of his Megaupload.com account after the FBI in 2012 raided and seized the site, seeking evidence of copyright infringement and other crimes (see 1202020109). In a petition filed Monday with the 4th U.S. Circuit Court of Appeals, EFF said in a news release it and Goodwin's other attorneys want the court to issue a writ of mandamus ordering the District Court for the Eastern District of Virginia to give their client access to his data and "create a process" for other lawful account holders to retrieve their information from the cloud-storage provider. "It’s deeply unfair for him to still be in limbo after all this time,” said EFF senior staff attorney Mitch Stoltz. “The legal system must step in and create a pathway for law-abiding users to get their data back.” The petition said Goodwin tried several times to get access to his files through the courts, the latest attempt in October. Five years ago, DOJ charged seven individuals and two corporations with pirating online copyrighted works through Megaupload.com and other related sites. Megaupload founder Kim Dotcom was charged in the case and is fighting extradition from New Zealand where he lives. EFF said as cloud computing becomes even more popular similar cases may arise.

Sen. Ron Wyden, D-Ore., will be interviewed by Internet Association President Michael Beckerman in a live-streamed event Tuesday at 6 p.m. EDT. An IA spokesman said issues likely to be discussed include Section 230 of the Communications Decency Act, copyright and digital trade, in addition to questions from online viewers. The event is billed as a fundraiser for Wyden, who was re-elected last year to his fourth full Senate term.

The FTC approved a final consent order with Redwood City, California-based Turn, which settled with the agency in December over allegations that it deceived consumers by tracking them online and through mobile apps even after they tried to opt out (see 1612200035), the commission said in a Friday news release. Commissioners voted 2-0 to approve the order. It bars the company, which helps sellers target digital advertisements to consumers, "from misrepresenting the extent of its online tracking or the ability of users to limit or control the company’s use of their data." Turn also must offer an "effective opt-out" for customers that don't want their data used for such ads and put a "prominent" link on its home page that leads to a disclosure explaining what data is collected and used for ads, the agency added. The FTC alleged the company's privacy policy informed consumers they could block ads, but "used unique identifiers to track tens of millions of Verizon Wireless customers, even after they blocked or deleted cookies from websites."

Section 702 of the Foreign Intelligence Surveillance Act, which allows U.S. government agencies to target foreigners overseas involved in investigations, sweeps up Americans’ communications in a manner that “is in no way accidental or inadvertent,” said the American Civil Liberties Union in a Friday blog post. ACLU staff attorney Ashley Gorski said her organization released more than a dozen Section 702-related documents received from several intelligence agencies through a Freedom of Information Act (FOIA) lawsuit. “The new documents underscore many of our concerns with surveillance conducted under this law, which violates our core constitutional rights to privacy, freedom of expression, and freedom of association,” she wrote. Section 702 will sunset at the end of the year unless reauthorized (see 1702280014). One of the FOIA documents obtained, said Gorski, is an amicus brief filed by former government prosecutor Amy Jeffress with the Foreign Intelligence Surveillance Court (FISC) in 2015, when it was considering surveillance reforms. Gorski explained that Section 702 allows the government to target any foreigner abroad to gather intelligence and the 90,000 different individuals and groups that were targeted didn’t have to have a connection to criminal activity or terrorism. Intelligence agencies also conduct back-door searches of Americans from the hundreds of millions of communications annually collected through Section 702 surveillance, alleged Gorski. Citing Jeffress’ brief, Gorski said the FBI’s back-door searches are “particularly troubling, as the agency routinely conducts these searches in ordinary criminal investigations that are unrelated to national security.” She said the FISC rejected Jeffress’ contention the FBI searches are unlawful, while the government argued the searches are essential for national security. Gorski said Americans shouldn’t rely on the government to restrict itself on privacy and free expression and urged Congress to rein in the program. Several lawmakers have pressed the Office of the Director of National Intelligence for the number of Americans whose communications are intercepted annually through Section 702 (see 1704070041). DOJ didn't comment.

About 17 percent of incidents in which personally identifiable information (PII) is compromised occur without any malicious intent from those responsible, meaning it's likely human error, said a report released Thursday by the Center for Identity at the University of Texas at Austin. "Vulnerabilities caused by human error are frequently exploited by opportunistic hackers and fraudsters," said the 2017 Identity Theft Assessment and Prediction Report, which analyzed a database of about 5,000 incidents that occurred between 2000 and 2016. In another finding, the report said only 0.36 percent of incidents "spanned the whole U.S.," as did the 2013 Target data breach (see 1312200034), meaning most of the cases are "confined to a local geographic region or victim profile." The report said California had the highest number of incidents in which PII was compromised (476) followed by Florida (309), New York (303) and Texas (244). The report also said the impact of emotional distress to victims "is consistently higher than" financial and property losses and one-third of incidents were perpetrated "solely" by insiders such as company employees and family members.

The FTC "to date" has brought more than 130 spam and spyware cases, more than 120 cases targeting illegal telemarketing to those on the Do Not Call registry, more than 100 Fair Credit Reporting Act actions, about 60 data security, and 50-plus consumer privacy actions, said Thomas Pahl, the agency's acting director-Bureau of Consumer Protection, in a Thursday blog post. He said the commission also has logged nearly 30 cases involving Gramm-Leach-Bliley Act violations and 20 actions enforcing the Children's Online Privacy Protection Act. Pahl wrote the agency's enforcement involved brick-and-mortar cases and all aspects of the online ecosystem, "including social networks, search engines, ad networks, online retailers, mobile apps, device manufacturers, and participants in the Internet of Things (IoT) marketplace." The post outlined the agency's broad jurisdiction "as diverse as retail, advertising, credit reporting, health, financial, tech hardware, software, mobile, and social media," enforcement actions and work on providing guidance to industry.

An attorney for Dawn Hassell's law firm, which sued a former client for a "defamatory" review posted on Yelp, said Yelp's challenge to a California court order to remove the comment doesn't stand on solid ground. "Contrary to what appears to be a chorus of misinformed voices, this case is not a First Amendment case and does not threaten the structure or purpose of the Communications Decency Act," emailed Duckworth Peters attorney Monique Olivier Wednesday, referring to Hassell v. Bird. "Instead, it presents a narrow issue: what remedy does a party have to stop the republication of statements that have been adjudicated by a court of law -- after review of an evidentiary record -- to be false and defamatory. The First Amendment does not protect lies, whether in a print publication or an anonymous internet bulletin board. No constitutional interest is advanced by such a notion." Olivier represents Hassell, who sued Ava Bird in 2013 for posting what Hassell said is a defamatory review. Yelp wasn't party to the suit but Hassell, who won the case by default judgment, asked a state court to enter an order to have both Bird and Yelp remove the content. Yelp challenged the order but the California Court of Appeal last year upheld it. The company appealed to the California Supreme Court. In recent days, major civil society, media and tech organizations rallied around Yelp, filing amici briefs (see 1704180017) saying the company is protected by the First Amendment and from liability through Section 230 of CDA. They argued Yelp also wasn't given due process rights since it wasn't party to the lawsuit.

ICANN released its updated procedures Tuesday for handling conflicts between compliance with WHOIS domain registration data requirements and global privacy laws. The updated procedure allows an accredited domain registry or registrar to give ICANN a written statement from the concerned government stating how WHOIS data requirements conflict with the government's privacy laws. The procedure previously allowed only the registrar to invoke the procedure if the contracted party had received a “notification of an action” that WHOIS compliance clashed with privacy laws, ICANN said.

The FTC is seeking comment on proposed changes to TRUSTe's safe harbor program under an agency rule that implements the Children's Online Privacy Protection Act (COPPA), said a Wednesday news release. COPPA prohibits companies that operate websites and provide online services from "knowingly" collecting personal data from children under 13 unless the companies get parental consent before collecting, using or disclosing such information. Companies also must post comprehensive privacy policies on their sites. Companies that develop guidelines, which implement the rule's protections, and then get them approved by the commission can receive safe harbor from enforcement action by the agency, said the FTC. The commission is seeking comment -- until May 24 -- on proposed changes to TRUSTe's safe harbor program including "a new requirement that participants conduct an annual internal assessment of third-parties’ collection of personal information from children on their websites or online services." The FTC said it wants to know "whether the mechanisms used to assess compliance with the proposed modified program requirements are effective."

More than 90 letters were sent out to influencers and marketers, aimed at reminding them they "should clearly and conspicuously disclose their relationships to brands when promoting and endorsing products" on Instagram and other social media sites, said the FTC in a Wednesday news release. The agency said the letters were sent out after Public Citizen and other groups filed petitions on influencer advertising on Instagram. The FTC said if there's a "material connection" -- such as a business or family relationship, monetary payment or gift -- between an endorser and advertiser it must be clearly disclosed unless it's already clear from the context of the communication. Specifically, FTC staff letters said influencers and marketers should disclose the material connection within the first three lines of an Instagram post. Staff also said if a disclosure is included in multiple tags, hashtags or links readers may not notice them. The FTC said some letters addressed other unclear disclosures, "pointing out that many consumers will not understand a disclosure like '#sp,' 'Thanks [Brand],' or '#partner' in an Instagram post to mean that the post is sponsored."