Crumbling the Supercookie, and Other Ways the FCC Protects Your Internet Traffic

Presented at Black Hat USA 2016, Aug. 4, 2016, 3:50 p.m. (50 minutes).

You've probably heard of network neutrality. In 2015, the Federal Communications Commission enacted transformative rules that prohibit Internet service providers from blocking, throttling, or creating "fast lanes" for online content. The Open Internet Order protects your right to enjoy the lawful content, applications, services, and devices of your choosing. But it also empowers the FCC to protect the security and privacy of your Internet traffic. This talk will give an overview of the FCC's security and privacy authorities, which now cover broadband Internet service, as well as telephone, cable, and satellite connectivity. We will explain how the FCC investigates violations of federal communications law, and how it brings enforcement actions against offenders. In just the past two years, the FCC's Enforcement Bureau has initiated several high-profile law enforcement actions related to security and privacy. We required Verizon to stop injecting a unique identifier "supercookie" into third-party web requests, unless a customer consents. We also required AT&T and Cox to improve their customer information safeguards, after their security failures led to information on hundreds of thousands of customers getting unacceptably and unnecessarily exposed.* Most recently, the FCC formally proposed new Internet security and privacy rules. The Commission recommended that, if your Internet service provider wants to share information from or about you, it should first obtain your affirmative, opt-in consent. We will explain how the rulemaking process functions, and how you can file comments on FCC proceedings. We will also leave time for a Q & A session. Whether you'd like to ask about net neutrality, robocalls, wifi router firmware (we know many of you have thoughts about that mixup!), or anything else communications related, this is your opportunity. In fact, you can even ask about your cable appointment we bet you didn't know the FCC has rules about that, too!

Presenters:

  • Travis LeBlanc - Federal Communications Commission
    Travis LeBlanc is Chief of the Bureau of Enforcement at the Federal Communications Commission where he leads the Commissions largest organizational unit, including its 24 field offices around the country. Prior to joining the FCC, LeBlanc served as Special Assistant Attorney General of California and a senior advisor to Attorney General Kamala D. Harris. In this capacity, he oversaw the California Department of Justices operations and activities involving complex litigation, legislation, and policy matters such as technology regulation, telecommunications, high-tech crime, cybersecurity, privacy, intellectual property, antitrust, and health care. He established Californias first high-tech crime and privacy enforcement units. He also secured agreements with leading technology companies to protect consumer privacy, promote online safety, and respect intellectual property rights. He is an Affiliated Scholar at the University of California Hastings College of the Law and a member of the American Law Institute. LeBlanc previously served in the Obama Administration as an attorney in the U.S. Department of Justices Office of Legal Counsel, which advises the President, Attorney General, and general counsels of executive branch agencies on the constitutionality and legality of the programs and activities of the United States government. He has worked as an attorney at Williams & Connolly LLP in Washington, D.C. and Keker & Van Nest LLP in San Francisco, where his practice concentrated on white-collar criminal defense and complex civil litigation. From 2012-2014, LeBlanc was an Appellate Lawyer Representative to the United States Court of Appeals for the Ninth Circuit and in 2012, he was selected as Columbia Law Schools Visitor from Government Practice. He clerked for the Hon. Stephen Reinhardt on the United States Court of Appeals for the Ninth Circuit. He has an A.B. from Princeton University, an M.P.A. from the John F. Kennedy School of Government at Harvard University, a J.D. from Yale Law School, and an LL.M. in International Law from the University of Cambridge.
  • Jonathan Mayer - Federal Communications Commission
    Jonathan Mayer is Chief Technologist of the Federal Communications Commission Enforcement Bureau. He is detailed to the FCC from Stanford University, where he is a Cybersecurity Fellow at the Stanford Cyber Initiative. Jonathan is also a Ph.D. candidate in computer science at Stanford University, where he received his J.D. in 2013. He was named one of the Forbes 30 Under 30 in 2014, for his contributions to technology security and privacy.

Links:

Similar Presentations: