• On September 21, 2011, the U.S. Department of Commerce and U.S. Department of Homeland Security published a request for information about the “requirements of, and possible approaches to creating, a voluntary industry code of conduct to address the detection, notification and mitigation of botnets.” Botnets are collections of computers that are remotely controlled by a malevolent third party and “are often used to disseminate spam, to store and transfer illegal content, and to attack the servers of government and private entities with massive, distributed denial of service attacks.” The DOC and DHS are concerned about botnets because a “botnet infection can lead to the monitoring of a consumer’s personal information and communication, and exploitation of that consumer’s computing power and Internet access.” The DOC and DHS seek comment on “detection, notification, prevention, and mitigation of botnets’ illicit use of computer equipment.” More information is available here.
  • On October 5, 2011, Mary K. Engle, FTC Associate Director for Advertising Practices, testified before the House Subcommittee on Commerce, Manufacturing and Trade about the agency’s proposed changes to the rules implementing the Children’s Online Privacy Protection Act (COPPA) (see below). The FTC has proposed the rule changes due to evolution in technology since the rules were first promulgated in 2000. More information is available here. Ms. Engle’s written testimony is available here.
  • The FTC seeks comment on proposed changes to its Children’s Online Privacy Protection Rule promulgated under the Children’s Online Privacy Protection Act (COPPA). The proposed changes include updating the definition of “personal information” to include geolocation information and other types of persistent identifiers, such as tracking cookies used for behavioral advertising. The FTC also proposes adding new methods for obtaining verifiable parental consent, including electronic scans of signed parental consent forms and video-conferencing, and eliminating “e-mail plus” verification of parent consent which is considered less reliable. The FTC also proposes to strengthen oversight of self-regulatory “safe harbor programs” by implementing reporting and auditing requirements. Comments are due November 28, 2011. The FTC press release about the proceeding is available here. The text of the Federal Register notice is available here.