Google closed on its $5.4 billion buy of cybersecurity platform Mandiant in an all-cash deal (see 2203080002), said the buyer Monday. It will incorporate Mandiant into Google Cloud and keep the Mandiant brand, it said. Combining Google Cloud’s existing security portfolio with Mandiant’s cyberthreat intelligence “will allow us to deliver a security operations suite to help enterprises globally stay protected at every stage of the security lifecycle,” blogged Google Cloud CEO Thomas Kurian Monday.
Comments are due Nov. 14 for the Cybersecurity and Infrastructure Security Agency’s cyber incident reporting requirements, CISA announced Friday. The Cyber Incident Reporting for Critical Infrastructure Act (see 2203160051), which President Joe Biden signed into law in March, requires public comment for proposed regulations on cyber incident and ransom payment reporting. CISA will host a series of listening sessions. “I’m excited to see CISA move forward with implementing this cybersecurity law, which will help us counter the growing threat of cyberattacks against our institutions and allies,” said Senate Intelligence Committee Chairman Mark Warner, D-Va., who co-authored the law.
The FTC will hold an open meeting at 1 p.m. Thursday, the agency announced. The tentative agenda includes a vote on a policy statement on “enforcement against unfair, deceptive, and anticompetitive practices related to gig work,” which often involves digital apps. FTC staff will deliver a report on dark patterns, and the commission will vote on whether to issue the report. Staff will also present findings from public comments related to the agency’s NPRM to address “government, business, and nonprofit impersonation fraud.” The commission will vote on whether to formally initiate a rulemaking.
FCC Commissioner Brendan Carr backed legislation that would ban TikTok from collecting U.S. user data from China and block installation of the social media app on government devices. Calling it a “strong bill,” Carr tweeted support Tuesday for the Block the Tok Act, a bill from Rep. Dusty Johnson, R-S.D. Carr’s office in July scheduled a meeting with TikTok over its data collection practices (see 2207150064).
House Speaker Nancy Pelosi, D-Calif., should block the House Commerce Committee’s privacy bill and not let it override California’s privacy law, consumer groups wrote the speaker Wednesday. Consumer Action, Children’s Advocacy Institute, Consumer Protection Policy Center, Consumer Watchdog and Privacy Rights Clearinghouse signed. Their letter follows a separate letter from other consumer groups urging Pelosi to hold a floor vote (see 2208250040). Pelosi issued a statement a few days after the first letter saying the House bill isn’t strong enough (see 2209010066). “The bill will exempt companies that provide data to government agencies, leave the law vulnerable to weakening by industry lobbyists, and swiftly cancel years of progress in California,” the groups said in the latest letter.
The FTC doesn’t have to produce documents Meta requested about the agency’s review of the Instagram and WhatsApp acquisitions, Judge James Boasberg ruled Tuesday in 1:20-cv-03590 before the U.S. District Court for the District of Columbia, denying Meta’s motion to compel the documents (see 2208010050). Meta argued the FTC’s recommendation packages from its Competition and Economics bureaus contain “relevant factual information about the contemporaneous state of market competition that is unavailable anywhere else.” The FTC argued the materials are privileged, most notably due to deliberative-process privilege. Meta said the privilege doesn’t apply, and if it did, the agency waived that privilege when it shared the materials with the House Judiciary Committee in 2019. Boasberg ruled the release of the documents would harm “deliberative processes of the government by chilling the candid and frank communications necessary for effective governmental decision-making.”
Meta's Instagram will appeal the $401 million fine levied by the Irish Data Protection Commission for breaching the general data protection regulation, it told us. A DPC spokesperson confirmed the amount of the fine Tuesday, saying full details of the decision are due next week. The inquiry began in September 2020 based on information provided by a third party and in connection with processing identified by the DPC itself, the spokesperson emailed. The inquiry involved two types of data processing done by Facebook Ireland: (1) The company allowed child users between 13 and 17 to operate "business accounts" on the Instagram platform that, at certain times, required and/or facilitated publication to the public of the children's phone number and/or email address. (2) At times Facebook ran a user registration system for Instagram in which the accounts of child users were set to "public" by default, making their social media content public unless the account was otherwise set to "private" by changing privacy settings. The inquiry "focused on old settings that we updated over a year ago" and Meta has since released new features to help keep teens safe and their information private, its spokesperson emailed. The company "has engaged fully with the DPC" but disagrees with how the fine was calculated and intends to appeal it.
The Biden administration’s development of a national cyber strategy is “well underway,” the GAO said in a report Monday, citing comments from the national cyber director. The federal government must develop a comprehensive cyber strategy to have a “clear roadmap” for overcoming threats, the GAO said, noting Congress created the top cyber position in 2021. The national cyber director’s office is gathering feedback from “federal entities,” including the National Security Council, the GAO said.
Infrastructure and enterprise spending, “from our vantage point,” is “very much holding,” said Broadcom CEO Hock Tan on an earnings call Thursday for fiscal Q3 ended July 31. Broadcom’s net revenue growth of 25% in the quarter to $8.46 billion was driven by “robust demand” in sales from cloud, wireless service providers and enterprise computing, said Tan. Semiconductor revenue increased 32% year on year to $6.6 billion and infrastructure software revenue grew 5% to $1.8 billion, he said: “We expect ... continued investment by our customers of next generation technologies in data centers, broadband and wireless." Revenue in Broadcom’s broadband sector grew 20% year on year to $1.1 billion, and was 17% of semiconductor sales in the quarter, said Tan. “This steady growth was driven by major service providers continuing to deploy next generation broadband fiber to the home globally, with high attach rates of Wi-Fi 6 and 6E,” he said. Broadcom expects the first Wi-Fi 7 deployments in the second half of 2023 in home gateways, “enterprise access points” and smartphones, he said. Broadcom’s Q3 wireless revenue of $1.6 billion generated a quarter of its semiconductor sales, said Tan. “Sustained demand from North American customers drove wireless revenue up 14% year on year, in line with our guidance,” he said. In Q4, “we expect wireless revenue to be seasonally up 20% sequentially and to grow 10% year on year,” he said.
Credit Karma used “dark patterns” to mislead and entice consumers to apply for credit card offers they often didn’t qualify for, the FTC announced in a settlement with the credit services company Thursday. The commission voted 5-0 to issue a proposed settlement requiring the company to pay $3 million to consumers for their “wasted time” applying and to “stop making these types of deceptive claims,” the agency said. The agency alleged Credit Karma “used claims that consumers were ‘pre-approved’ and had ‘90% odds’ to entice them to apply for offers that, in many instances, they ultimately did not qualify for.” The company’s deception resulted in unnecessary credit checks and harm to consumers’ credit scores, the FTC said: About one-third of some preapproved offers resulted in denied applications. Credit Karma fundamentally disagrees with the FTC’s claims but reached the settlement to “avoid disruption to our mission and maintain our focus on helping our members find the financial products that are right for them,” said Credit Karma Chief Legal Officer Susannah Wright. The allegations focus on “historical use of the term ‘pre-approved’ for a small subset of the credit card and personal loan offers available on Credit Karma’s platform prior to April 2021, and do not challenge the approval odds language Credit Karma has provided to its members since April 2021,” the company said.