ISPs should disclose Internet traffic differentiation practices that affect end-user access, implement efficient network resource management practices, and not disrupt user-selected security in order to apply differentiated treatment, said a report issued Thursday by the Broadband Internet Technical Advisory Group. The report focuses on nitty-gritty technical issues concerning the protocols and policies of network operators engaging in differentiated treatment of traffic -- not the public policy disputes in the FCC's net neutrality order such as paid prioritization (though the disclosure recommendation echoes the agency's broadband provider transparency rule, which is less controversial). Differentiation refers to "the full range of treatments" that can be applied to manage Internet traffic flows beyond a "first in, first out" basis, the report said. "This treatment may determine the order in which routers and switches send packets from different flows across the link, the rate of transmission of a given flow, or even whether certain packets are sent at all," it said. "While the techniques used for traffic differentiation overlap with those used to manage congestion, differentiation has a broader purpose that includes meeting service level agreement (SLA) guarantees and selecting paths for traffic from different applications, among other things. Differentiated treatment of traffic can also contribute both to the efficiency of a network and to the predictability of the manner in which network resources are shared." The report said traffic differentiation is extensively used within individual networks but hasn't been implemented across provider networks. "End to end deployment would require the harmonization and cooperation of a large number, if not all, of the relevant network operators," it said.

California Gov. Jerry Brown (D) signed the California Electronic Privacy Communications Act (CalECPA SB-178) into law Thursday. The bill “protects Californians against warrantless law enforcement access to private electronic communications such as emails, text messages and GPS data that are stored in the cloud and on smart phones, tablets, laptops and other digital devices,” said one of the bill’s author’s, state Sen. Mark Leno (D), in a news release. CalECPA has support from Silicon Valley’s major tech companies, including Apple, Facebook, Google and Twitter, which have “seen a dramatic rise in requests from law enforcement for consumer data in recent years,” the release said. “Google has seen a 180 percent jump in law enforcement demands for consumer data in the past five years,” it said. “Last year, AT&T received 64,000 demands -- a 70 percent increase in a single year,” it said. “Verizon reports that only one-third of its requests had a warrant, and last year Twitter and Tumblr received more demands from California than any other state,” the release said. American Civil Liberties Union Technology & Civil Liberties Policy Director Nicole Ozer called Brown’s decision to sign the legislation into law a “landmark win for digital privacy,” in an ACLU news release. California now joins Maine, Texas, Utah and Virginia in updating privacy laws for the digital age, Leno's news release said. The ACLU hopes California’s legislation is used as a “model for the rest of the nation in protecting our digital privacy rights,” Ozer said. The Electronic Frontier Foundation and Center for Democracy & Technology also released statements supporting Brown’s decision to sign the legislation.

ICANN began collecting comments on two-character ASCII domain name labels as it considers whether to authorize the release of requested two-character domains it had previously withheld from authorization. ICANN's current registry agreement allows the release of such domains if measures are in place to “avoid confusion with the corresponding country codes.” Input from governments and registries will help ICANN “draft criteria for evaluating whether measures identified by a registry operator successfully mitigate concerns raised which relate to confusion with a related government's corresponding country code,” ICANN said Tuesday. “These criteria will be available for public comment prior to final adoption.” Comments are due to ICANN by Dec. 5.

NCTA defended the controversial Cybersecurity Information Sharing Act (S-754) Wednesday, saying concerns about how the bill would affect privacy and civil liberties protections “have been heard and important changes have been made to the bill to ensure it can in no way be misused as a 'surveillance' bill.” S-754 is likely to return to the Senate floor after Congress' upcoming one-week recess after months of negotiations to assuage critics' concerns about the bill, though privacy advocates are continuing to oppose it (see 1510060046). S-754's “scope is extremely narrow, and specifically aimed at protecting business, individuals, and critical Internet infrastructure from malicious cyber attacks,” NCTA said. “It does this by allowing companies to share cyber threat indicators, or CTIs, with other companies and the DHS portal in real time through a mandated automated process.”

Allowing encryption back doors would create security risks, economic problems for the tech sector and privacy concerns for citizens and international allies, wrote Computer & Communications Industry Association CEO Ed Black in a letter to President Barack Obama Wednesday, a CCIA news release said. There is “ongoing discussion” within the administration “regarding the growing availability of strong encryption in consumer products and communications systems, and the implications this might have for criminal and counterterrorism investigations,” Black said. Back doors “rarely remain secure and instead become means for unlawful access by criminals or others inclined to misuse such access,” he said. “The global competitiveness of the U.S. tech industry has already been damaged by the last two years of disclosures of mass surveillance by U.S. intelligence agencies,” Black said. “I urge your Administration not just to forgo limitations on its use [of encryption], but to support and promote its adoption worldwide.” TechFreedom, Libertarian think tank Niskanen Center and a coalition of free market groups also sent a letter to the White House Wednesday urging the administration to endorse the use of strong encryption, a news release said. President Barack Obama’s “failure to endorse strong encryption has given ammunition to European regulators seeking to restrict cross-border data flows and require that data on EU citizens be stored in their own countries,” said TechFreedom Policy Counsel Tom Struble. “Just yesterday, the European Court of Justice struck down a longstanding agreement (see 1510060001).that made it easier for Europeans to access American Internet services,” Struble said. “If the White House continues to dawdle, it will only further embolden ‘digital protectionism’ across the pond.”

Roku’s first Ultra HD streaming player, the Roku 4, became available for pre-order Tuesday at $129 and will be shipped Monday, the company said in an announcement. The Roku 4 has a quad-core processor for 4K streaming up to 60 frames a second with HDCP 2.2 content protection and optical audio out, the company said. It enables access “to more streaming channels for 4K entertainment than any other streaming player," the company said. The Roku 4 runs the new Roku OS 7, which also was announced Tuesday. Roku OS 7 will be rolled out to current-generation Roku players and Roku TVs through a software update beginning next week, the company said. It expects to finish the updates in November, it said.

ICANN extended to Oct. 30 the public comment period on its preliminary report on future new generic top level domain (gTLD) procedures. The report, prepared in response to questions raised by the Generic Names Supporting Organization (GNSO) Council, urged GNSO to proceed with policy development for subsequent rounds of new gTLD rollouts. Policy developments may include reevaluating the $185,000 fee for applying to be a registry for a new gTLD and ICANN’s outreach on gTLDs, ICANN said. ICANN said it believes extending the deadline on the GNSO report would give the community more time to consider the report and will mean the deadline no longer occurs before the start of ICANN’s planned Oct. 18-22 meeting in Dublin. Setting the comment deadline after the end of the Dublin meeting means “discussions about the report can occur during the meeting while the public comment period remains open,” ICANN said.

Privacy and child protection advocates expressed concern Friday after an announcement from Google the day before that it had made changes to its YouTube Kids app. The recent changes in no way address the concerns (see 1505190015) of the Campaign for a Commercial Free Childhood (CCFC) and the Center for Digital Democracy (CDD), the groups’ attorney, Angela Campbell of Georgetown University’s Institute for Public Representation, said in a statement Friday. “Google not only did not consult with CCFC and CDD, but it refused their request to meet.” Google launched its YouTube Kids app in February and promised parents only family-friendly ads would be shown, Campbell said. “Now this language is gone and the app store description has a new, vaguely worded disclaimer at the end: ‘YouTube Kids contains paid ads in order to offer the app for free. Your child may also see videos with commercial content from YouTube creators that are not Paid Ads. For more information, please check out our Parental Guide.’” The new YouTube Kids app ad policy, which prohibits advertising food, beverages and other products, only applies to paid ads sold by Google, Campbell said. “This means that the vast majority of the content available on [the app] is not subject to any limits on advertising.”

U.S. reliance on an “all-tools” cybersecurity strategy that emphasizes public-private cooperation has “raised the cost of cyber attacks and economic espionage, and made it clear that we will not tolerate the status quo,” said Assistant Attorney General-National Security Division John Carlin in remarks prepared for the American Gaming Association posted Wednesday. That strategy “altered the dialogue,” as evidenced by last week's U.S.-China agreement not to engage in cybertheft of each other's IP assets, Carlin said. “Only time will tell” whether that agreement will result in concrete actions, but “our commitment to deterrence has made a difference,” he said. That commitment will continue, so “whether you are the Syrian Electronic Army, North Korea, ISIL or a state-sponsored hacker, we can and will find you. And when we do, there will be consequences.” The U.S.'s cybersecurity commitments will also continue to require private sector involvement and the Department of Justice will continue to help private sector participants “manage your risk” via information sharing and threat response assistance, Carlin said.

The Center for Digital Democracy, National Consumer Law Center and the U.S. Public Interest Research Group filed comments Wednesday citing privacy concerns in response to the Treasury Department’s request for information on expanding access to credit through online marketplace lending. “Among the most challenging issues confronting consumers and other borrowers are new threats to their privacy and the ability to control how data are collected and used by online financial services companies,” CDD and USPIRG said in joint comments. Online lenders and financial service companies can use an array of big data-driven digital applications to “tap into the explosive growth of online, social and internal data to make better customer decisions,” they said. Given the lack of privacy protections online for American consumers, with their data freely gathered across devices by data brokers and many others, and the increasing expenditure of the financial services industry to use this information for actionable purposes, a key challenge for the Treasury Department is to propose a national consumer and small-business framework to protect privacy for online lending and related credit and lending sectors, CDD and USPIRG said. In its comments, the National Consumer Law Center expressed concern about the use of data in ways that are “potentially inconsistent with the protections of the Fair Credit Reporting Act, privacy rights and fair lending laws.” NCLC said it shared the privacy concerns other groups raised about the impact targeted advertising has on Americans, especially since most don’t know their personal data is used to “shape the offers they receive and the prices they pay online,” and particularly since lead generators gather data about potential borrowers and sell it to the highest bidder. In the payday loan market, that data can sometimes include sensitive financial information such as Social Security numbers and bank account numbers, NCLC said.