House Oversight Committee leadership introduced legislation Tuesday to streamline federal government cyber roles. Introduced by Chairwoman Carolyn Maloney, D-N.Y., and ranking member James Comer, R-Ky., the Federal Information Security Modernization Act would define operational and oversight roles for the national cyber director, OMB and the Cybersecurity and Infrastructure Security Agency. It would require agencies to “keep inventories of all internet-accessible information systems and assets, as well as all software.” The bill would advance a “risk-based cybersecurity posture,” modernize “reporting requirements to enhance security through automation” and expand “inventories and information-sharing for improved security,” they said.
Google deceived and manipulated consumers while tracking their location data and made it “nearly impossible” to opt out, four attorneys general alleged in separate lawsuits Monday. Despite assurances users could opt out, there's “effectively no way for consumers to prevent Google from collecting, storing, and profiting from their location data,” alleged Washington, D.C., AG Karl Racine. His complaint detailed behavior dating back to at least 2014, including reliance on "dark patterns," or manipulative tactics. AGs in Texas, Washington and Indiana sued in their states. Google tells users they can turn off location history, but the company “continues to track users’ location through other settings and methods that it fails to adequately disclose,” said the office of Texas AG Ken Paxton (R). Google has “prioritized profits over people,” said Indiana's Todd Rokita (R). Washington state's Bob Ferguson (D) cited “hard-to-find location settings, misleading descriptions of location settings, repeated nudging to enable location settings and incomplete disclosures of Google’s location data collection.” The cases are “based on inaccurate claims and outdated assertions about our settings,” a Google spokesperson emailed. “We have always built privacy features into our products and provided robust controls for location data. We will vigorously defend ourselves and set the record straight.”
Data compromises increased 68% in 2021 from 2020, the Identity Theft Resource Center said Monday in its annual data breach report. ITRC publishes data about “publicly reported U.S. compromises.” The 1,862 compromises reported in 2021 was an all-time high, 23% more than the previous record of 1,506 reported in 2017. There were 1,603 cyber-related compromises reported in 2021, the report said.
The Supreme Court docketed a mass surveillance case involving AT&T and Verizon customers (see 2011020063), the 9th U.S. Circuit Court of Appeals said Thursday in 19-16066. The Electronic Frontier Foundation sued NSA in 2008 over an alleged illegal dragnet program that EFF says involved AT&T and Verizon. A federal district court ruled in the government’s favor, saying revealing classified information at issue would threaten national security by giving adversaries a road map for surveillance practices. A 9th Circuit three-judge panel denied a petition for panel rehearing in October with little explanation. Jewel v. NSA was docketed with the Supreme Court as 21-1017 and awaits consideration.
Communications companies should review a recent cybersecurity advisory from the Cybersecurity and Infrastructure Security Agency, FBI and NSA, said an FCC public notice Friday. The advisory urges entities to “adopt a heightened state of awareness and to conduct proactive threat hunting.” All communications companies should follow the advisory’s recommendations, notify CISA of cyberthreats, and share threat information with industry stakeholders, the PN said.
California Republicans proposed carving out veterans’ telehealth apps from the state’s net neutrality law. Assemblymember Jordan Cunningham (R) floated AB-1669 Wednesday to clarify that the open-internet law doesn’t ban ISPs “from exempting the use of telehealth applications administered” by the Department of Veterans Affairs from a customer’s data usage allowance. The bill was co-sponsored by 12 Republicans in the chamber where the GOP has 19 of 80 seats. The VA was working with California DOJ last year to resolve a zero-rating issue possibly affecting veterans’ mobile telehealth services (see 2103260050). The VA and California DOJ didn’t comment Thursday.
President Joe Biden signed a national security memorandum Wednesday, setting requirements for improving cybersecurity protection at NSA, DOD and intelligence community systems. Biden signed it as part of his May executive order. The memo establishes a framework for agencies to report cyber incidents to a national manager. Within six months, agencies will have to implement “multifactor authentication and encryption for NSS [national security systems] data-at-rest and data-in-transit,” the memo said. Agencies must implement zero trust architecture “as practicable.” Senate Intelligence Committee Chairman Mark Warner, D-Va., welcomed the news: “Now it’s time for Congress to act by passing our bipartisan legislation that would require critical infrastructure owners and operators to report such cyber intrusions within 72 hours.”
Activision Blizzard’s games "exist on a variety of platforms today, and we plan to continue supporting those communities moving forward," emailed a Microsoft spokesperson Tuesday on buying Activision Blizzard for $68.7 billion. "The acquisition is about increasing the availability of Activision Blizzard content via more platforms, including mobile." The largest deal in Microsoft’s history will “create a thriving gaming ecosystem” in which content “can more easily reach every gamer across every platform,” said Microsoft CEO Satya Nadella on a conference call. Microsoft Gaming CEO Phil Spencer said "mobile is the biggest category of gaming, and it’s an area where we have not had a major presence before."
Global e-commerce payment transactions will exceed $7.5 trillion in value by 2026, from $4.9 trillion in 2021, reported Juniper Research Monday. It credits the anticipated 55% growth on retailers’ expanding use of “omnichannel” selling that will fuel higher user e-commerce spend. Juniper estimates 37% of global e-commerce by transaction value will reside in China by 2026. Physical goods will be 82% of global e-commerce payments transaction value by 2026 that same year.
ISPs for decades have mistakenly focused just on higher bandwidth as the route to higher-quality service for end users, while latency was given less focus, misunderstood and mischaracterized, reported the Broadband Internet Technical Advisory Group Technical Working Group on Friday. The BITAG WG recommended a focus on tackling latency caused by buffering delays, which often get ignored in latency measurements. Very-low-latency networking technologies are being developed that could eliminate buffering delays and allow creating new classes of applications, but that tech requires changes in endpoint devices and network equipment, it said. There should be more measurement of and reporting on working latency and broadband providers and network equipment developers should deploy mechanisms like active queue management (AQM) to reduce buffering-caused working latency, it said. Application and operating system developers should look at future methods for very-low-latency service delivery, and policymakers and regulators should avoid creating barriers to AQM deployment and to low-latency services and networks, the WG said.