An Illinois court denied Clearview AI’s motion to dismiss a privacy lawsuit alleging the company’s facial recognition technology violated people’s privacy. The American Civil Liberties Union and others said the company violated the Illinois Biometric Information Privacy Act (BIPA) (see 2005280032). “This case touches on matters of significant public interest,” Illinois Circuit Court in Cook County Judge Pamela McLean Meyerson wrote Friday. The complaint can’t be dismissed on jurisdictional grounds because Clearview targeted Illinois customers, the judge said. She disagreed with Clearview that BIPA doesn’t apply to face-prints. Clearview’s dormant Commerce Clause argument -- that BIPA can’t be applied because it would control the company’s conduct outside Illinois -- “would reward reckless disregard of the law in blind deference to technology,” she said. The judge disagreed that BIPA violates the First Amendment, saying BIPA restrictions on Clearview’s free speech “are no greater than what’s essential to further Illinois’ interest in protecting its citizens’ privacy and security.” The judge said Friday’s decision doesn’t mean the court found Clearview liable for violating BIPA but that the court has jurisdiction and the complaint “states a cause of action for which relief may be granted.” ACLU praised the ruling. “Without regulations like BIPA, companies like Clearview could end privacy as we know it,” said Vera Eidelman, staff attorney-ACLU Speech, Privacy and Technology Project. “This ruling protects our clients’ rights, and sends a strong message to lawmakers across the country that they can protect privacy without running afoul of the First Amendment.” Clearview AI didn't comment by our deadline.

President Joe Biden’s engagement with industry leaders to develop cybersecurity solutions is encouraging, Information Technology Industry Council CEO Jason Oxman said Wednesday, after Biden met with several tech and other CEOs. Among CEOs in attendance were Amazon's Andy Jassy, Apple's Tim Cook, Google's Sundar Pichai, IBM's Arvind Krishna and Microsoft's Satya Nadella. “A strong partnership between the Biden Administration and the world’s leading innovators is key to both keeping U.S. networks secure and resilient, and to expanding the cybersecurity workforce,” said Oxman. CEOs from several of the Bank Policy Institute’s member companies attended the meeting hosted by the White House and the National Security Council, said BPI.

The ransomware threat “continues to rise,” and the average ransom demand in 2021's first half grew 518% from a year earlier, said Palo Alto Networks CEO Nikesh Arora on an earnings call Monday for fiscal Q4 ended July 31. “Ransomware readiness” is one of Palo Alto’s “key engagements,” he said. It did 39 readiness “assessments” in the quarter and has 300 more in the “pipeline,” he said. Quarterly billings of $1.87 billion were up 24% year over year, "well ahead of our guided 22% to 23% growth," said Chief Financial Officer Dipak Golechha. Revenue growth of 28% "was above the high end of our guidance range," he said. "Growth was driven by strong demand across all geographies and major product areas." The stock closed 18.6% higher Tuesday at $441.87.

DOJ and the Departments of Commerce and Homeland Security are among 10 agencies planning to expand facial recognition technology use through fiscal 2023, GAO reported Tuesday. Expansion plans include new face-scanning systems, pilot testing and upgrading existing systems, GAO said. DHS’ Customs and Border Protection is collaborating with the Transportation Security Administration on efforts to “automate the identity verification process at airports for travelers,” GAO said. It surveyed 24 agencies, 18 of which reported using face-scanning technology in fiscal 2020.

The Department of Homeland Security “needs to provide details” about coordination between entities “responsible for cybersecurity and those responsible for enterprise risk management,” the GAO said in recommendations released Monday. GAO cited July 2019 recommendations for DHS to “document a process for coordination between its cybersecurity risk management and enterprise risk management functions.” The department concurred with the recommendation and had estimated completion by July 31, 2020. To consider the recommendation “fully implemented,” DHS will need to follow Monday’s recommendation, GAO said.

The National Institute of Standards and Technology delayed a comment deadline on the development of AI risk management guidance, from Thursday (see 2107290065) to Sept. 15, the agency said Thursday. “The framework is being developed through a consensus-driven, open, transparent, and collaborative process that will include workshops and other opportunities to provide input,” NIST said. An initial virtual worship is set for Oct. 19-21.

A Bellevue, Washington, man pleaded guilty Wednesday to charges he netted more than $1.5 million in profits from insider trading of Netflix stock, said DOJ. Junwoo Chon, 50, is one of four men charged in the scheme that allegedly involved two former Netflix software engineers illegally providing proprietary subscriber data in advance of Netflix’s quarterly earnings announcements, said DOJ. Chon is scheduled for sentencing Dec. 3 before U.S. District Judge Richard Jones in Seattle. Efforts to reach Chon’s attorneys for comment Thursday were unsuccessful.

The FTC should investigate Tesla’s “misleading advertising and marketing” of its self-driving features, Sens. Richard Blumenthal, D-Conn., and Ed Markey, D-Mass., wrote Chair Lina Khan Wednesday. “Tesla’s marketing has repeatedly overstated the capabilities of its vehicles, and these statements increasingly pose a threat to motorists and other users of the road,” they wrote. No fully self-driving vehicles are on the market, but the company titled a 2019 YouTube video “Full Self-Driving,” they wrote, citing other examples. The company didn’t comment. The FTC confirmed receiving the letter.

Increased device mobility and complexity “are leaving schools increasingly vulnerable to security risks and potential attacks,” reported Absolute Software Tuesday. The cybersecurity company analyzed “anonymized” data from more than 10,000 schools, finding the total number of devices deployed increased 74% from 2019 to 2020, it said. “The disruption caused by digital learning -- and the flurry of new technologies needed to support it -- opened up new potential attack vectors for cybercriminals, it said, citing FBI statistics showing 57% of all reported ransomware attacks in August and September 2020 targeted K-12 schools. Absolute found that nearly half (47%) of K-12 devices in spring 2021 were located more than 25 miles from their school or district, compared with 27% a year earlier. Students and faculty spent 60% of their time online actively using officially sanctioned educational resources so far in 2021, but 21% of online activity takes place “outside established and approved education sites,” it said.

The volume of first-half 2021 phishing attacks jumped 22% from a year earlier, but phishing volume in June “dipped dramatically” for the first time in six months, immediately after a very high volume in May, reported PhishLabs Tuesday. Bad actors are using phishing “to fleece proprietary information” in increasingly more sophisticated attacks, “based on growth in areas such as cryptocurrency and sites that use single-sign-on,” said Chief Technology Officer John LaCour. Of the significant decline in bad behavior from May to June, “we’ll continue to monitor through the summer and analyze if we’re seeing a trend in the right direction, or if attackers simply took a summer vacation.”