Members of the United States Federal Trade Commission (FCC) on Wednesday asked Congress to create a national privacy law that would regulate how technology giants like Facebook and Google gather, store, and share the personal data of users.

A new bill from Senator Elizabeth Warren proposes personal, criminal liability for top executives of companies turning over more than $1B/year when those companies experience data breaches and scams due to negligence (many of the recent high-profile breaches would qualify, including the Equifax giga-breach, as well as many of Wells Fargo's string of scams and scandals).

Chrome security engineer and EFF alumna Chris Palmer's State of Software Security 2019 is less depressing than you might think: Palmer calls out the spread of encryption of data in transit and better signaling to users when they're using insecure connections (largely attributable to the Let's Encrypt project); and security design, better programming languages and bug-hunting are making great strides.

Aella was a top-earning, top-ranked camgirl who performed sex shows over the internet for money, using the popular Myfreecams platform; she quit a year ago, and has written an incredibly detailed, soup-to-nuts primer on getting started camgirling, though she warns that some of her advice is out of date.

The US Department of Homeland Security has published a new proposed rule that would make people ineligible for US citizenship if their credit-scores were poor.

Data breaches keep happening, they keep getting worse, and yet companies keep collecting our data in ever-more-invasive ways, subjecting it to ever-longer retention, and systematically underinvesting in security.

Senator Ron Wyden [D-OR] (previously) has introduced the Consumer Data Protection Act, which extends personal criminal liability to the CEOs of companies worth more than $1B or who hold data on more than 50,000,000 people who knowingly mislead the FTC in a newly mandated system of annual reports on the steps the company has taken to secure the data.

Alex Stamos stepped down as CSO for Facebook in August, after a career in which he rather fearlessly and bluntly warned about deficiencies in Facebook's security (this was totally in keeping with Stamos's character; he seems to have walked out on his job running security for Yahoo rather than building an NSA backdoor for them, making him something of a human warrant canary).

Facebook will not provide fraud protection for victims of its latest data breach, details of which were announced in a Friday news dump. It set up a page where you can check if your Facebook account was breached. — Read the rest

Joshua Browder launched DoNotPay when he started his computer science degree at Stanford; at first the app automated the process of fighting traffic tickets, then it expanded to helping homeless people claim benefits, then he automated suing Equifax for leaking all your financial data, then navigating the airlines' deliberately confusing process for getting refunds on plane tickets whose prices drop after you buy them.

Executives from Google, Twitter, AT&T, Amazon, Apple, and other big tech companies told a U.S. Senate panel today they support updating federal law to protect data privacy, but they want Congress to block California's tough new privacy rules.

Facebook's longtime Chief Security Officer Alex Stamos is quitting, as announced earlier this year. The company seems to think it doesn't need a new CSO, despite having just acknowledged Tuesday it is the subject of ongoing, sustained, coordinated information warfare attacks just ahead of the 2018 midterm elections.

The debate over whether Cambridge Analytica's harvesting of tens of millions of Facebook profiles was a "breach" turns on the question of whether Cambridge Analytica did anything wrong, by Facebook's own policies.

Adam Greenfield (previously) is one of the best thinkers when it comes to the social consequences of ubiquitous computing and smart cities; he's the latest contributor Ian Bogost's special series on "smart cities" for The Atlantic (previously: Bruce Sterling, Molly Sauter).

In 1968, the Foreign Policy Association gathered experts together to predict what life would be like in the year 2018 — and issued their forecast in the book Toward the Year 2018.

The book jacket promised that the contents were "MORE AMAZING THAN SCIENCE FICTION," and, like a lot of sci fi, it wound up frequently missing the mark. — Read the rest

The Data Security and Breach Notification Act (S2179) was introduced by three Senate Commerce Committee Democrats, Bill Nelson [D-FL], Richard Blumenthal [D-CT] and Tammy Baldwin [D-WI] in the wake of the revelation that Uber hid a breach involving 50,000,000 riders and 7,000,000 drivers for over a year after paying hush-money to the criminals who stole the data.

The US Department of Education's Free Application for Federal Student Aid program requires any student applying for federal aid for college or university to turn over an enormous amount of compromising personal information, including current and previous addresses, driver's license numbers, Green Card numbers, marital details, drug convictions, educational history, tax return details, total cash/savings/checking balances, net worth of all investments, child support received, veterans' benefits, children's details, homelessness status, parents details including SSNs, and much, much more.

The Consumer Financial Protection Bureau (previously) is practically the only US regulator we can be proud of — founded by Elizabeth Warren before she ran for the Senate, the CFRB is a consumer protection agency that has been at the forefront of reining in criminal activities like Wells Fargo's nationwide frauds and Equifax's dox attack on the USA, as well as being the best defense Americans have against predatory loan-sharks masquerading as "payday lenders," abusive debt-collectors, racial discrimination in lending, and the student loan racket.

This weekend, we learned that Discus — the commenting system we once used here on Boing Boing — suffered a breach in 2012 in which 17.5m user accounts (email addresses, signup names, account activity dates and some unsalted, weakly encrypted passwords) were stolen.

One of the major triumphs of Elizabeth Warren's Consumer Financial Protection Bureau was a rule that banned the finance industry from using binding arbitration clauses to prevent defrauded customers from joining in class action suits to sue crooked banks.