Cybersecurity News and Notes: June 27, 2016

In Case You Missed It

The FTC settled with mobile advertising company InMobi for $950,000 in civil penalties, along with the implementation of a privacy program, based on the FTC’s charges that InMobi impermissibly tracked the locations of both adult and child consumers for the purpose of geo-targeted advertising.  The latter, of course, also implicated allegations of violations of the Children’s Online Privacy Protection Act (COPPA) rule.  The FTC alleged in particular that, when installing an application to which InMobi’s advertising was attached, even if a user declined to share location information with the application, InMobi’s software would track the user’s location anyway using information about WiFi networks to which a user connected.

 News of Note

Pentagon officials testified before the House Armed Services Committee on June 22, stressing the need for a greater “culture of cybersecurity” at the Department of Defense and more broadly in government.  Thomas Atkin, the Acting Assistant Secretary of Defense for Homeland Defense and Global Security, stressed to lawmakers that the Department needed the cooperation of both other government agencies as well as private sector actors.  Atkin’s testimony came amidst debate between Congress and President Obama over whether the Department’s cybersecurity operations should serve as a standalone combatant command.  The cybersecurity unit currently is controlled by U.S. Strategic command.  House lawmakers want to elevate the unit, while White House officials have expressed doubts. 

Practice Tip

The InMobi settlement illustrates that practitioners should bear in mind the wide sweep of the FTC’s authority to enforce against practices that it deems deceptive.  In this case, while a consumer, strictly speaking, may have only denied a mobile application’s permission to use a phone’s internal location-tracking services, most users would assume that if they denied an application’s ability to track their locations, such a denial would be comprehensive.  Where user privacy concerns are involved, and certainly where some users are children, caution is important.  


Leave a Reply

Your email address will not be published. Required fields are marked *