Backpage CEO Carl Ferrer is facing a maximum of five years in prison after pleading guilty to conspiracy to facilitate prostitution and money laundering, DOJ announced Thursday (see 1804090025). Ferrer, 57, admitted the “great majority of Backpage’s escort and adult advertisements” are prostitution ads, according to DOJ. He agreed to shutter the website and forfeit all corporate assets and Backpage-related property.

Uber agreed to expand data breach disclosure and record-keeping requirements as part of a revised settlement proposed by the FTC in 2017, stemming from allegations the ride-hailing company “deceived consumers about its privacy and data security practices,” the agency announced Thursday. Civil penalties are possible if Uber fails to disclose future data breach incidents, the FTC said. The agency’s revised complaint alleges Uber learned in November 2016 that intruders accessed third-party cloud storage files containing more than “25 million names and email addresses, 22 million names and mobile phone numbers and 600,000 names and driver’s license numbers of U.S. Uber drivers and riders.” Uber failed to disclose that breach while the FTC was investigating the company for a similar 2014 data breach that was settled in August 2017, the FTC said. Uber paid intruders involved in the 2016 breach $100,000 as part of its third-party “bug bounty” program, but didn't alert consumers about the situation until November 2017, the FTC said. Acting FTC Chairman Maureen Ohlhausen said the expanded settlement is “designed to ensure that Uber does not engage in similar misconduct in the future.” Uber Chief Legal Officer Tony West wrote in a statement he's “pleased that just a few months after announcing this incident, we have reached a speedy resolution with the FTC that holds Uber accountable for the mistakes of the past by imposing new requirements that reasonably fit the facts.”

The FTC will launch an educational campaign to help small businesses improve cyber defense and data security measures, the agency announced Tuesday. It will distribute “reader-friendly educational materials with information about cybersecurity that small businesses need,” the agency said.

Qualcomm wants to make the connected home more intelligent and efficient, with a platform based on edge computing, it blogged Wednesday. The chipmaker announced the first in a family of SoCs for the development of IoT smart devices. A home security camera that notifies a user every time it senses motion might be entertaining but not very useful. More compelling is a camera pointed to the front door that’s able to differentiate between a son or daughter who has been locked out or a burglar, it said. “This level of home security is possible, but it won’t happen overnight.” For such a camera to be effective, “it needs to be connected and intelligent enough to be able to process and analyze data in real time locally on the device, so it can recognize the things that matter and take immediate action,” it said. Rather than processing information in the cloud, the camera has intelligence to respond based on “what it knows,” it said, saying such integration will “push the IoT ecosystem forward, as developers move away from the cloud and focus on the capabilities of the device.”

Verizon said ransomware attacks are "a key cybersecurity threat," citing a highlight of its 2018 Data Breach Investigation Report. "Ransomware is the most common type of malware, found in 39 percent of malware-related data breaches -- double that of last year’s DBIR -- and accounts for over 700 incidents," said a Verizon release Tuesday. "What’s more, Verizon’s analysis show that attacks are now moving into business critical systems, which encrypt file servers or databases, inflicting more damage and commanding bigger ransom requests." The report "also flags a shift in how social attacks, such as financial pretexting and phishing, are used," Verizon said. "Attacks such as these, which continue to infiltrate organizations via employees, are now increasingly a departmental issue. Analysis shows that Human Resource (HR) departments across multiple verticals are now being targeted in a bid to extract employee wage and tax data, so criminals can commit tax fraud and divert tax rebates." George Fischer, Verizon Enterprise Solutions president, said, “Businesses find it difficult to keep abreast of the threat landscape, and continue to put themselves at risk by not adopting dynamic and proactive security strategies.”

DOJ filed a federal indictment against Backpage.com owners, executives and employees on Monday, which drew praise from Sen. Rob Portman, R-Ohio, author of recently passed anti-sex trafficking legislation. DOJ’s seizure of Backpage is proof that the legislation is needed, lawmakers said last week, while one critic argued it proves current law is working. The Senate passed the SESTA-FOSTA (the Stop Enabling Sex Traffickers-Allow States and Victims to Fight Online Sex Trafficking) package last month (see 1803210064), and Portman expects President Donald Trump to sign the legislation this week. “This bipartisan measure will make it easier to hold online sex traffickers accountable,” Portman said, calling DOJ’s seizure good news for victims and survivors of online sex trafficking. Co-sponsor Sen. Claire McCaskill, D-Mo., said police “need this bill to enable them to take swift action against websites that knowingly facilitate sex trafficking of children online.” Meanwhile, TechFreedom argued that the seizure of Backpage proves law enforcement already has plenty of legal tools to pursue action against illicit actors and just needed to make it a priority. “Sex trafficking was exploited as an emotional pretext to chip away Section 230 immunity,” TechFreedom President Berin Szoka said, referring to a portion of the Communications Decency Act. Missouri Attorney General Josh Hawley (R) said law enforcement will continue to find human sex traffickers and bring them to justice. Backpage unsuccessfully sued Hawley to block an investigation of the website.

YouTube's data collection policies are in direct violation of the Children's Online Privacy Protection Act (COPPA) for young users of the video sharing service, consumer and other groups said in a FTC complaint filed Monday against the Google-run service. They said YouTube knows children use the service, portions of YouTube are directed at children and YouTube uses information collected from users such as geolocation and unique device identifiers to target advertising without giving parents notice or obtaining advanced verifiable parental consent as COPPA requires. The groups said YouTube can't use the "age gate" exception under COPPA since it requires registration only to post videos, not to watch them. They asked the FTC to enjoin Google from further COPPA violations and to assess "substantial" civil penalties of "tens of billions of dollars." Signing the complaint were 23 groups, including Campaign for a Commercial-Free Childhood, the Consumer Federation of America, Consumers Union, the Electronic Privacy Information Center, the Parents Television Council and the Privacy Rights Clearinghouse. A YouTube spokesman emailed that the company is reviewing the complaint and will evaluate if there are ways to improve. The spokesman also said protection of children has been a top priority and pointed to creation of the YouTube Kids app offering a children-focused alternative to the service. The spokesman said its Terms of Service Section 12 makes clear the service isn't for users under 13, and its advertising policies restrict advertisers from targeting personalized ads at or collecting personally identifiable information from children under 13.

Customs and Border Protection is seeking input through the Commercial Customs Operations Advisory Committee about what new statutes or regulations are needed to get CBP more authority over e-commerce issues, two COAC members told us. The request relates to recent testimony from Brenda Smith, executive assistant commissioner in the CBP Office of Trade, who was pressed by lawmakers to describe next steps for gaining such authority (see 1803070009). The agency didn't comment.

The FTC won't oppose Splunk buying cybersecurity firm Phantom Cyber, the agency announced Wednesday. The deal is valued at about $350 million.

The most common form of security breaches are SQL injections (23 percent), domain name system attacks (21 percent), pirated content (20 percent) and distributed denial of services attacks (17 percent), said a recent Akamai survey of 200 U.S. tech groups the company released Wednesday.