Kevin Grooms, 23, pleaded guilty in federal court Monday to cyberstalking his ex-girlfriend, said a news release from the office of the U.S. Attorney for the Southern District of West Virginia. Grooms used his cellphone to send 158 threatening messages, which included photographs, to his ex-girlfriend on Instagram and via text in an eight-hour time span, the release said. He was under a domestic violence protection order when he sent the threats. Grooms faces a sentence of up to two years in prison and a maximum fine of $250,000, it said.

“To retain the value of human dignity and prevent individuals [from] being reduced to mere data subjects,” European Data Protection Supervisor (EDPS) Giovanni Buttarelli urged the EU and other international organizations to promote an “ethical dimension in future technologies” and announced the creation of a new EU data protection ethics board to help define new digital ethics, an EDPS news release said Friday. “The future technological environment will be made up of an interdependent ecosystem of legislators, corporations, IT developers and individuals” who are equally responsible for “shaping it,” Buttarelli said. “Any imbalance of power risks its sustainability,” he said. “The continued, massive and indiscriminate collection of personal information by governments and businesses risks killing the golden goose,” Buttarelli said. Buttarelli also urged passage of future-oriented laws that redress power imbalances and modernize data protection frameworks and said organizations should be accountable and have a new ethical approach to handling personal data they collect, which includes creating codes and policies that safeguard human dignity. He also asked the IT industry to design privacy-conscious technology.

OkCupid hasn’t implemented HTTPS sitewide to ensure user data is safeguarded, three years after the Electronic Frontier Foundation “first called out” the site, wrote EFF Activism Director Rainey Reitman in a blog post Friday. “For users who haven’t upgraded to paid accounts, their emails, chat sessions, searches, clicked links, pages viewed, and usernames are transmitted over the Internet in unencrypted plaintext, where they can be intercepted and read by anyone on the network.” OkCupid has enabled some HTTPS encryption on its site for those who pay to use the site and during the initial log in, she said. Failing to enable HTTPS across the entire site leaks a lot of data about most users, she said. Reitman encouraged the public to sign a petition started by Fight for the Future (see 1509110041) to “pressure the company into doing the right thing.”

The FBI warned of possible cybercrime opportunities that have emerged due to an increased number of IoT devices. “Unsecured or weakly secured devices provide opportunities for cyber criminals to intrude upon private networks and gain access to other devices and information attached to these networks,” the Thursday alert said. “Devices with default passwords or open Wi-Fi connections are an easy target for cyber actors to exploit.” Among recommendations the FBI offered consumers are to: isolate IoT devices on their own protected networks; disable UPnP on routers; consider whether devices are ideal for their intended purpose; purchase devices from manufacturers with a trusted security record; update devices with security patches when available; change default passwords and open Wi-Fi connections; and be aware of device capabilities, especially if the device is used for medical purposes, is capable of remote operation or transmits data.

In the wake of the Ashley Madison breach, Fight for the Future, a nonprofit aiming to “expand the Internet’s power for good,” announced Thursday it created a petition that asks dating site OkCupid to stop cutting corners and to implement basic user privacy protections. OkCupid “doesn’t use basic HTTPS encryption to protect user privacy, so everything you do on the site can be seen by anyone who wants to spy on you,” the petition says, which includes every question a user has answered, even those questions that were answered privately, every message sent, and every profile a user visited. “Dating sites house some of our most personal and potentially embarrassing data,” such as sexual preferences and health, drug use and other illegal activity, and political and religious views, the petition said. Cutting corners on security isn’t just sloppy, it’s unsafe, it said. OkCupid didn’t comment.

The Electronic Privacy Information Center filed an “expedited FOIA request to obtain a secret agreement between U.S. and EU law enforcement agencies concerning the transfer of personal data,” said a post on EPIC’s website Thursday. “‘There is an urgency to inform the public’ about the contents of the agreement.” The Department of Homeland Security has 10 days to respond to EPIC’s Freedom of Information Act request for information on the umbrella agreement, it said.

California Gov. Jerry Brown (D) vetoed a drone bill Wednesday that would have allowed trespassing charges to be filed against an individual flying drones less than 350 feet above real property without the express permission of the property owner, regardless whether anyone’s privacy was violated. In his veto message to the Senate, Brown said drone technology raises “novel issues that merit careful examination” but said he vetoed SB-142 because, “while well-intentioned,” it “could expose the occasional hobbyist and the FAA-approved commercial user alike to burdensome litigation and new causes of action.” Brown asked the state Senate to look at this issue more carefully. Brown signed a bill proposed by Sen. Anthony Cannella (R), SB-676, that enables easier prosecution of those who engage in cyber exploitation and revenge porn. Meanwhile, California’s Electronic Communications Privacy Act (SB-178) passed the Senate 32-4 Wednesday.

Dropbox joined the Internet Association, IA said in a news release Thursday. “We’re proud to join the Internet Association and look forward to supporting public policy outcomes that advance the interests of people who use Dropbox," said Amber Cottle, head of Dropbox global public policy and government affairs.

The Center for Democracy & Technology, Electronic Frontier Foundation, New America’s Open Technology Institute and the World Privacy Forum filed an amicus brief in Spokeo v. Robins Tuesday. They asked the court to “preserve the ability of individuals to file private claims for privacy violations as granted by federal laws,” a CDT news release said. In the case, Thomas Robins filed a claim against data broker Spokeo under the Fair Credit Reporting Act, citing inaccuracies in the report. The 9th U.S. Circuit Court of Appeals ruled Robins had the legal standing to sue, but Spokeo appealed to the Supreme Court in 2014. “Limiting the ability of individuals to file claims would be a step in the wrong direction,” said CDT Policy Counsel G.S. Hans, because spreading inaccurate information is pervasive and potentially catastrophic for individuals because the information can be used in credit reports that affect loans, housing and employment decisions, the release said. “In the digital age, the Fair Credit Reporting Act's private right of action plays a central role in promoting accuracy and limiting unfair decisions, just as it did when it was first enacted forty-five years ago,” Hans said. “A broad ruling in this case could prevent claims under a host of other federal privacy laws that remain relevant in the modern era, going well beyond the Fair Credit Reporting Act.”

Microsoft released 12 updates to address vulnerabilities in Microsoft Windows that may allow an attacker to take control of an affected system, said a U.S. Computer Emergency Readiness Team alert Tuesday.