A Washington state committee cleared a proposed update to the state’s emergency communication law for next-generation 911. The House Appropriations Committee adopted HB-1703 by unanimous voice vote at a virtual hearing Thursday. Washington 911 “needs to stay up to date with modern technology,” said sponsor Rep. Cindy Ryu (D) at the hearing. The bill would also coordinate 911 with the state’s new 988 system, she said. The committee heard testimony but didn’t vote on digital equity and right-to-repair bills. CTIA opposed requiring carriers to participate in broadband adoption programs envisioned by HB-1723, which cleared another House committee earlier this month (see 2201180057). Such a mandate is preempted by federal law; legislators should make wireless participation voluntary, said CTIA lobbyist Jeff Gombosky. Seattle Digital Equity Program Manager David Keyes supported the adoption bill as a "critical companion to infrastructure support." Industry slammed HB-1810, which would require manufacturers to make documentation, parts and tools available to owners and independent repair providers on fair and reasonable terms. It passed another committee this month (see 2201190049). TechNet opposes requiring manufacturers to provide “unvetted third parties with sensitive diagnostic information and software, tools and parts without requiring the critical consumer protections afforded by authorized repair networks,” said Vice President-State Policy David Edmonson. The market gives consumers a wide range of repair choices, said CTIA Director-State Legislative Affairs Lisa McCabe. Adding a private right of action would reduce enforcement costs for the Washington attorney general’s office, suggested Consumer Protection Division Assistant AG Amy Teng.

Three Michigan men pleaded guilty to defrauding Amazon by leasing textbooks through Amazon’s rental program and selling them for profit on the internet and through local bookstores, said DOJ Wednesday. Paul Larson, 32, of Kalamazoo, and Gregory Gleesing, 43, and Lovedeep Singh Dhanoa, 25, both of Portage, participated with ringleader Geoffrey Mark Talsma, 36, also of Kalamazoo, in a scheme to create numerous Amazon accounts using fake names, multiple street addresses and multiple email accounts to circumvent Amazon’s limit of 15 textbook rentals per customer, said DOJ. Talsma is scheduled to stand trial April 5 in U.S. District Court in Lansing on mail fraud and other charges, it said. The other three are scheduled for sentencing in May and June, facing up to 20 years each in federal prison, said DOJ. All will also be ordered to pay restitution to Amazon, it said. Efforts to reach attorneys for the four Thursday were unsuccessful. Amazon didn’t comment.

The National Institute of Standards and Technology should establish coherence between its AI, cyber and privacy frameworks, the Information Technology Industry Council commented. NIST sought input on its AI Risk Management Framework through Tuesday to inform the first draft of the document. NIST plans a workshop this year and to release its AI RMF 1.0 in 2023. Privacy and cyber risks should be considered in context with managing AI risks so users can understand how all three frameworks can be used together, ITI said. It seeks standard international terminology and clarification for how risks differ for human-facing and non-human-facing AI.

There won’t be progress on the cyber front without collaboration between government and industry, state and industry officials agreed Wednesday at an Information Technology Industry Council event. “Self-preservation” often incentivizes companies not to seek government aid in breaches, said Florida Chief Information Officer James Grant. He cited industry’s fear of losing jobs, or shame over cyberincidents: “We have to establish trust that threat actors don’t care about branches or divisions of government, and we are only as strong as our weakest vulnerability.” Entities need to “get away from victim-blaming,” said Texas Chief Information Officer Amanda Crawford. “There is no silver bullet for any of this, so we need to understand there isn’t a shame to this. You need to be able to report and get back on your feet.” Texas successfully responded to a 2019 ransomware attack because it had a statewide cyber plan, she said, noting Gov. Greg Abbott’s (R) declaration of a state of disaster, the first time a cyberincident triggered that. The ultimate goal should be statewide and citywide visibility of threats, consistent reporting and rapid response, said Cisco's U.S. Sled Systems Engineering Director Mike Witzman. “We really welcome that industry partnership with government.” He said government and organizations should implement multifactor authentication and zero trust architecture as standards.

House Oversight Committee leadership introduced legislation Tuesday to streamline federal government cyber roles. Introduced by Chairwoman Carolyn Maloney, D-N.Y., and ranking member James Comer, R-Ky., the Federal Information Security Modernization Act would define operational and oversight roles for the national cyber director, OMB and the Cybersecurity and Infrastructure Security Agency. It would require agencies to “keep inventories of all internet-accessible information systems and assets, as well as all software.” The bill would advance a “risk-based cybersecurity posture,” modernize “reporting requirements to enhance security through automation” and expand “inventories and information-sharing for improved security,” they said.

Data compromises increased 68% in 2021 from 2020, the Identity Theft Resource Center said Monday in its annual data breach report. ITRC publishes data about “publicly reported U.S. compromises.” The 1,862 compromises reported in 2021 was an all-time high, 23% more than the previous record of 1,506 reported in 2017. There were 1,603 cyber-related compromises reported in 2021, the report said.

Google deceived and manipulated consumers while tracking their location data and made it “nearly impossible” to opt out, four attorneys general alleged in separate lawsuits Monday. Despite assurances users could opt out, there's “effectively no way for consumers to prevent Google from collecting, storing, and profiting from their location data,” alleged Washington, D.C., AG Karl Racine. His complaint detailed behavior dating back to at least 2014, including reliance on "dark patterns," or manipulative tactics. AGs in Texas, Washington and Indiana sued in their states. Google tells users they can turn off location history, but the company “continues to track users’ location through other settings and methods that it fails to adequately disclose,” said the office of Texas AG Ken Paxton (R). Google has “prioritized profits over people,” said Indiana's Todd Rokita (R). Washington state's Bob Ferguson (D) cited “hard-to-find location settings, misleading descriptions of location settings, repeated nudging to enable location settings and incomplete disclosures of Google’s location data collection.” The cases are “based on inaccurate claims and outdated assertions about our settings,” a Google spokesperson emailed. “We have always built privacy features into our products and provided robust controls for location data. We will vigorously defend ourselves and set the record straight.”

The Supreme Court docketed a mass surveillance case involving AT&T and Verizon customers (see 2011020063), the 9th U.S. Circuit Court of Appeals said Thursday in 19-16066. The Electronic Frontier Foundation sued NSA in 2008 over an alleged illegal dragnet program that EFF says involved AT&T and Verizon. A federal district court ruled in the government’s favor, saying revealing classified information at issue would threaten national security by giving adversaries a road map for surveillance practices. A 9th Circuit three-judge panel denied a petition for panel rehearing in October with little explanation. Jewel v. NSA was docketed with the Supreme Court as 21-1017 and awaits consideration.

Communications companies should review a recent cybersecurity advisory from the Cybersecurity and Infrastructure Security Agency, FBI and NSA, said an FCC public notice Friday. The advisory urges entities to “adopt a heightened state of awareness and to conduct proactive threat hunting.” All communications companies should follow the advisory’s recommendations, notify CISA of cyberthreats, and share threat information with industry stakeholders, the PN said.

California Republicans proposed carving out veterans’ telehealth apps from the state’s net neutrality law. Assemblymember Jordan Cunningham (R) floated AB-1669 Wednesday to clarify that the open-internet law doesn’t ban ISPs “from exempting the use of telehealth applications administered” by the Department of Veterans Affairs from a customer’s data usage allowance. The bill was co-sponsored by 12 Republicans in the chamber where the GOP has 19 of 80 seats. The VA was working with California DOJ last year to resolve a zero-rating issue possibly affecting veterans’ mobile telehealth services (see 2103260050). The VA and California DOJ didn’t comment Thursday.