The volume of first-half 2021 phishing attacks jumped 22% from a year earlier, but phishing volume in June “dipped dramatically” for the first time in six months, immediately after a very high volume in May, reported PhishLabs Tuesday. Bad actors are using phishing “to fleece proprietary information” in increasingly more sophisticated attacks, “based on growth in areas such as cryptocurrency and sites that use single-sign-on,” said Chief Technology Officer John LaCour. Of the significant decline in bad behavior from May to June, “we’ll continue to monitor through the summer and analyze if we’re seeing a trend in the right direction, or if attackers simply took a summer vacation.”
States having passed new, bipartisan laws on cybersecurity, privacy and other issues gives Colorado’s attorney general optimism that Congress can do similar. Opening the Technology Policy Institute conference in Aspen, Colorado AG Phil Weiser (D) noted there haven't been recent new U.S. laws on such areas, despite “strong bipartisan support“ on data privacy legislation in states, including here in Colorado, and cybersecurity “wake-up calls“ with breaches of Colonial Pipeline and others. “We cannot give up hope“ on getting such federal laws, he said Sunday night. Political polarization “makes it harder for people to work together to solve problems,“ he noted. “We worry about this hyper-extreme“ divide. He hopes historic norms return in terms of “collaboration“ and “problem-solving." Weiser called the U.S. Senate-approved $1 trillion infrastructure bill with broadband money “a very modest step forward.“ Asked by an audience member about big tech scrutiny, he said it's “a moment that feels a lot like" circa 1900, when there were public worries about corporate control. “Why shouldn’t we have requirements for transparency” with online political ad disclosure, akin to what broadcast stations must do, Weiser asked. Answering a question about robocalls, Weiser said, “We have had bipartisan collaboration," as “everybody hates robocalls." He noted the Trace Act means big carriers have now implemented Stir/Shaken and he hopes smaller carriers do so quickly. The month-over-month decline in robocalls is encouraging, but fraudulent texting has increased, Weisser told TPI: “You’ve got to continue to have what they call constant” vigilance.
Amazon’s palm-print recognition and payment system, Amazon One, could be used to “further cement” the company’s “competitive power and suppress competition across various markets,” wrote Sens. Amy Klobuchar, D-Minn., Bill Cassidy, R-La., and Jon Ossoff, D-Ga., to the company Friday. They noted reports about Amazon “offering credits to consumers to share their biometric data with Amazon One.” Expansion of biometric data “raises serious questions about Amazon’s plans for this data and its respect for user privacy, including about how Amazon may use the data for advertising and tracking purposes,” the senators wrote. The company didn’t comment.
ATIS announced the launch of a “User-Controlled Privacy Initiative,” to adopt and advance solutions to help industry establish a self-sovereign identity (SSI). “Combining this SSI along with verifiable credential proofs of information greatly enhances individuals' control and rights over their personal data,” ATIS said Thursday. “SSI can address personal data in a way that fosters greater trust between consumers and businesses, while also helping companies comply with new privacy regulations,” said ATIS President Susan Miller. ATIS is looking for member companies to participate.
The FCC wants Privacy Act comment by Sept. 10 on a matching agreement between the Universal Service Administrative Co. and the Department of Housing and Urban Development, says Wednesday's Federal Register. The agreement lets officials verify the eligibility of emergency broadband benefit program applicants beginning Sept. 10 by determining whether applicants receive federal public housing assistance. Comments also are due that date on an FCC agreement with the Mississippi Department of Human Services to allow officials to verify eligibility by determining whether applicants receive Medicaid or Supplemental Nutrition Assistance Program benefits.
The FTC should create an office of civil rights to better enforce against algorithms and commercial data models that reinforce structural racism, advocacy groups wrote the agency last week. Public Knowledge, Access Now, the Anti-Defamation League, the Center for Digital Democracy, the Center for Democracy and Technology, the Electronic Privacy Information Center and Public Citizen signed the letter, which was shared Wednesday. They urged the FTC to “regulate unfair and deceptive practices” and “increase enforcement against tech companies.” The agency confirmed receipt of the letter.
Colorado is nearly done requesting preliminary data from Google to understand surface-level information about the company’s data gathering practices, an attorney representing Colorado Attorney General Philip Weiser told U.S. District Court in Washington during a status hearing (in Pacer) Friday in docket 1:20-cv-03010 (see 2102160052). Colorado expects to make “full-fledged” data requests by the end of September in its antitrust case against Google, Jonathan Sallet told Judge Amit Mehta. The preliminary data will help plaintiffs understand what data Google has, how it measures impact on consumers and what it sees about consumer behavior, said Sallet. Google attorney John Schmidtlein said the company is on track to deliver on this batch of requests, which involves hundreds of thousands of documents. The latest DOJ request is being converted and should be available next week, and the company expects to deliver documents to Colorado by the end of August, he said. DOJ Civil Division trial attorney Kenneth Dintzer said there are “looming” third-party issues to be resolved. Mehta told the attorneys the court will address those after August deposition proceedings.
The FTC should use its rulemaking authority to ban “corporate use” of face-scanning technology, nearly 50 advocacy groups wrote Thursday. Fight for the Future, MediaJustice, Open Markets Institute, Open MIC and Public Citizen signed the letter, which says Amazon is the “perfect case study to showcase” dangers of corporate surveillance. They cited security and privacy threats for “Amazon’s smart home ecosystem, deceptive use of facial recognition technology, and the tech giant’s ever-expanding partnerships with police departments in over 2,000 cities.” They urged a ban on continuous surveillance in places of public accommodation and an end to “industry-wide data abuse.” The FTC and Amazon didn’t comment.
The North American Numbering Council was rechartered for two years, said an FCC Wireline Bureau public notice Thursday. The next NANC meeting is virtual, Oct. 13 at 2 p.m. EDT, to consider recommendations from the call authentication trust anchor working group on deployment of secure telephone identity revisited and signature-based handling of asserted information using tokens (Stir/Shaken) by small voice service providers. Acting Chairwoman Jessica Rosenworcel appointed Massachusetts Department of Telecommunications and Cable Commissioner Karen Charles Peterson, NARUC's representative, as chair, and NCTA Vice President-Associate General Counsel Jennifer McKee as vice chair. For a partial list of other members of the panel, see the personals section of this issue.
House Commerce Committee Republicans released Wednesday 32 discussion drafts aimed at holding “Big Tech accountable by improving transparency and content moderation accountability, reforming” Communications Decency Act Section 230, “promoting competition, and preventing illegal and harmful activity.” Committee Republicans want “Big Tech to be transparent, uphold American values for free speech, and stop their abuse of power that is harming our children,” said ranking member Cathy McMorris Rodgers of Washington. The drafts include one from McMorris Rodgers and House Judiciary Committee ranking member Jim Jordan, R-Ohio, to amend Section 230 to “remove liability protections for companies who censor constitutionally protected speech on their platforms, require appeals processes, and transparency for content enforcement decisions.” Jordan in June previewed plans for the legislation in response to House Judiciary advancement of Big Tech competition measures he saw as a bid at pursuing “radical” antitrust policy (see 2106240071). House Communications Subcommittee ranking member Bob Latta, R-Ohio, proposes amending 230 “to remove liability protections from companies that act as Bad Samaritans and knowingly promote, solicit, or facilitate illegal activity.” Former House Commerce Chairman Fred Upton, R-Mich., seeks to remove liability protections for actions the FTC takes against a company. Rep. Dan Crenshaw, R-Texas, proposes barring companies from blocking or preventing access to lawful content, along with degrading or impairing access. Rep. Billy Long, R-Mo., wants to require companies disclose how they develop their content moderation policies. Additional content moderation measures target revenge porn, child porn and doxxing. A bid by Rep. Markwayne Mullin of Oklahoma would require edge providers contribute to USF. Senate Commerce Committee ranking member Roger Wicker of Mississippi and other committee Republicans propose the FCC explore such a requirement (see 2107210067).