Monthly Archives: March 2017

Bill Introduced In Illinois to Protect Online Privacy, But Threatens Small Business

The Right to Know act has been making progress in Illinois. If passed, the bill would require operators of websites or online services to notify users that reside in Illinois of any information sharing practices they partake in. The bill also requires that these sites provide a either a toll-free telephone number or email address where users can request such information, and the operator must provide a response within 30 days. The penalty for failing to adhere to this regulation would be the greater of either $10 (per individual affected) or “Actual damages”,  injunctive relief, and reasonable attorney fees.

The classification of “personal information” within the bill is quite broad. Essentially any user-generated content would be classified as personal information, and thus leave the operator liable for maintaining records of how user information is transmitted. One of the categories of personal information is “Content, including text, photographs, audio or video recordings, or other material generated by the customer”.

In other words, something as simple as allowing a user to leave a comment on an article on your personal blog could be considered transmission of personal information, and thus leave you liable to respond to user requests for who has accessed your information.
While the bill will protect the privacy of internet users by ensuring that they are aware of how various sites use their information, it may impose a significant cost on small businesses. Small businesses across the country would need to hire an expert to create a privacy policy that accurately describes their information gathering and usage if they wish to do business in Illinois. This can be difficult for some types of businesses. For example, consider an online store that uses a third party for shipping and billing, or often delivers straight through the manufacturer. The owner of the store would need to carefully track all instances where shipping information and billing information is transmitted, and then create a database that can be queried when the user requests how their data was used.

Should this law pass in its current state, small businesses with a limited tech background will likely have to hire a legal/technical consulting team to comply with the regulations imposed. Ideally, the wording of the law would be changed in a way that the company only has to disclose in what ways consumer information may be disclosed or used, rather than the ways it actually is. That way, companies do not need to spend millions of dollars implementing and maintaining a database of how user information is transmitted, but consumers are still informed of which ways their data may be used or shared.

The bill does provide a few cases where information can be disclosed to a third party without requiring notifying the user or maintaining a record. These cases are either when information is disclosed for security or fraud prevention purposes, or if there is a contract with the third party that requires that the shared data only be used to perform the services requested, such as billing,  filling orders, etc. While this does make the law easier for large corporations with legal teams to comply with, smaller business simply don’t have the resources to draft a contract with each service provider that ensures that personal information is used only as needed, in order to comply with the rules set within the bill.

A recent amendment to the bill stated that an operator would not be required to respond to a request from the same customer more than once in a 12 month period. This may be because of concerns regarding the cost of meeting the law’s requirements. However, because the bill says it requires operators to provide such information, but doesn’t say anything about answering questions(which would require human interaction), the process of sharing information via email or telephone on request could be easily automated at little to no cost. The largest cost associated with the regulations imposed in this bill would be the cost of implementing a system of tracking the ways that user information is transmitted, and creating/maintaining contracts with service providers to ensure that data is only used as needed to provide the service.

While the bill does provide privacy protections for internet users, changes in the legislation are needed to ensure that the bill does not create a situation in which small businesses cannot afford to meet regulatory standards. The bill is still quite new and off to a good start, so improvements will likely be made over time.
The bill is sponsored by Michael E. Hastings.

You can see actions taken on the bill and it’s details here

Full text

Razer Server Outage Locks Users Out of Their Own Device Functionality

Users of Razer Peripherals such as mice and keyboards are reporting the error “System Error 3803” when attempting to login into Synapse, the app used to access custom keybinding settings. As a result of the server outage, users are stuck using default keybinds- macros, custom DPI settings, and custom keybinds are inaccessible during the outage.

Cloud-based applications are a rapidly growing trend. For Razer peripherals, cloud-based configurations enable users to access their keybindings across different devices. However, this functionality is not without it’s faults. Razer’s software currently lacks the ability to cache settings locally, causing issues such as this one when outages occur. Ideally, Razer would at least enable local caching of user settings, as it would really only take a few megabytes of data to store.

While cloud-based applications are quite valuable to producers of consumer hardware and software for data gathering purposes, they pose a serious threat when they begin to hinder the user experience. This outage has left users very upset, with many threatening never to purchase a Razer device again.

The outage has been resolved according to Razer. If you find yourself encountering this issue again(such as if another outage occurs), Reddit user “VossVossVossVoss” has shared a workaround .

Read more on the /r/Razer subreddit