Sunday, June 28, 2020

Privacy Roundup: CPRA Qualifies for CA Ballot, Comcast Enables Encrypted DNS

Two quick updates on privacy topics I've addressed recently:
First, California Secretary of State Alex Padilla announced on June 25 that the California Privacy Rights Act (CPRA) will appear on the ballot this November.
According to Californians for Consumer Privacy, the organization behind the ballot initiative, polling indicates that voters are likely to approve the CPRA.
For a critique of what many refer to as the CCPA 2.0, please check out my May 27 Perspective from FSF Scholars, "California Privacy Regulation Must Account for the COVID-19 Crisis."


Second, that same day Mozilla and Comcast announced that the latter will be the first ISP to provide Domain Name System (DNS) over Hypertext Transfer Protocol Secure (HTTS) (DoH) encryption to users of the Firefox browser.
According to the Press Release, "DoH helps to protect browsing activity from interception, manipulation, and collection in the middle of the network by encrypting the DNS data."
In an April 9 Free State Foundation Perspectives, "Maine's ISP-Only Privacy Law Will Not Protect Consumers," I explained how the increasing use of DoH, and HTTPS encryption generally, limit ISPs' ability to "see" what subscribers do online – and how edge providers, by contrast, have far greater access to online personal information.
This voluntary action by Comcast not only enhances subscriber privacy, it also undermines further the proffered justifications for the Maine statute.