Twenty-plus years is a long time, and the Electronic Communications Privacy Act is overdue for an update. A summary of the state of things:

Unfortunately these digital documents lack long-held privacy safeguards. Email saved in web-based email systems like Yahoo for longer than six months can be accessed with an administrative subpoena, which provides less protection than a warrant. Similarly, no matter what privacy setting you use, sensitive and personal information — photos, private journals, Facebook pages, corporate data, draft reports — shared with third parties like Google and Facebook can be accessible by police without a judge’s approval. All the government has to do is swear it’s “relevant” to an investigation.

Here’s to ensuring that the Fourth Amendment isn’t rendered moot by technological advancements.

Michael Liedtke, writing for Associated Press:

In the Safari case, Consumer Watchdog argued that the fine amounts to loose change for a company like Google, which generates about $22.5 million in revenue every four hours.

It’s a very good deal for Google, especially because they don’t need to admit liability. It’s a decent deal from the FTC’s perspective, as well, because it’s (sadly) the largest fine they’ve ever levied in this context. I’m not sure how effective it’s going to be, but if you’re unnerved by Google’s privacy issues, there’s always DuckDuckGo.

Two-factor authentication is a pain in the ass. Just ask my Google account or my Dropbox account. But it’s a no-brainer. Savvy users will flock to it, seeing the value in the headache. Less-than-savvy users don’t need to be forced into it, but Twitter is as good a platform as any to explain to folks why it’s worth the additional steps to log in sometimes.

Carl Franzen, of TPM Idea Lab:

There are two cases where the FTC believes that companies need to get a consumer’s “affirmative express consent,” that is, an “opt-in,” before using information captured via facial recognition: When identifying anonymous individuals to third parties that wouldn’t otherwise know who they were, and when using any data or imagery captured via facial recognition for purposes outside of what was initially stated by the company.

This is good news because it signals awareness on the part of the FTC that this is an issue. Mr. Franzen provides some good context in his article, so if this stuff interests or worries you, click through to read his analysis. You can also find the FTC’s press release on the issue here, the report itself, in PDF format, here, and the dissenting statement of Commissioner J. Thomas Rosch, also in PDF format, here.

Dan Goodin at Ars Technica explains how researchers found that 8% of apps in a 13,500-app sample were susceptible to man-in-the-middle attacks. Hopefully developers will revisit their SSL implementations or, better yet, Google will update future versions of the Android SDK to disallow some of the poor coding decisions that cause these vulnerabilities.

This is a good piece by Danny Sullivan of Marketing Land about the lack of coverage Microsoft’s privacy policy consolidation got this week compared to what Google got on a similar move earlier this year.

Mr. Sullivan’s analysis is thorough and worth a look, but I noticed a broader issue here for Microsoft:

Google matters and Microsoft doesn’t.

I’ll elaborate. Google got hammered by voluminous coverage because, in the minds of the tech press and many consumers, what they do with data matters. Microsoft, on the other hand, is not seen as an important player in the consumer data space. That perception may be inaccurate, particularly with the generally positive reaction to, if not widespread adoption of, SkyDrive and the new Outlook.

But it’s there: when it comes to privacy, Google is search and email and Android. Microsoft is, well, not much. Windows 8 and Surface may change that, but no one is holding their breath. In short, this looks like a case in which Microsoft got let less critical press coverage than they may have wanted: people complain about the things that are important to them. The unimportant things get ignored.

The Digital Advertising Alliance, announcing they’ll ignore “do not track” browser headers:

A ‘default on’ do-not-track mechanism offers consumers and businesses inconsistencies and confusion instead of comfort and security.

Reps. Ed Markey (D-Mass.) and Joe Barton (R-Texas), replying to the DAA statement:

If consumers want to be tracked online, they should have to opt-in to be tracked, instead of the other way around.

Advertisers should concede the default “on” status of tracking prevention. The appearance of disrespect for consumer privacy will encourage new legislation on this front, probably from Barton and Markey. It will be an easy target for viral online support campaigns, and, eventually, advertisers may face federal regulations far harsher than defaulting to no tracking.