Six companies joined the Automotive Information Sharing and Analysis Center, said the group, which automakers formed in 2015 to promote industry collaboration on vehicle cybersecurity. New are Allison Transmission, Autoliv, Calsonic Kansei, Hitachi, Intel and Navistar.

Facebook should inform the estimated 50 million users whose data was allegedly misused (see 1803200047) by a political data analytics firm on behalf of President Donald Trump's 2016 campaign, said Consumer Reports in a national petition drive. Consumer Reports said Facebook should inform every user who potentially had private data scraped and sold without their knowledge or improperly handled by Cambridge Analytica. “Consumers deserve to know how their personal data is obtained by companies they've never heard of. This incident must be a teaching moment,” said Justin Brookman, director of Consumer Reports’ advocacy arm, Consumers Union. Facebook didn’t comment. Barclays analysts likened the Facebook scandal to the Equifax data breach and the Volkswagen emissions scandal, predicting the social media giant’s shares could drop sharply, “only to stabilize in 6-11 days and then recover.” Barclays doesn’t anticipate results like the BP oil spill, in which “shares fell for two full months and have yet to return to the same levels prior to the spill.”

The FTC should investigate Facebook with Privacy Shield guidelines in mind, said European Union Justice Commissioner Vera Jourová Wednesday, saying the recent scandal has major implications for personal privacy and democracy (see 1803200047). During a visit to Washington, Jourová met with Attorney General Jeff Sessions, Commerce Secretary Wilbur Ross, Sen. Chuck Grassley, R-Iowa, and Rep. Jim Sensenbrenner, R-Wis. Conversations were dominated by the Facebook/Cambridge Analytica scandal, the Privacy Shield, the EU general data protection regulation (GDPR) and the Clarifying Lawful Overseas Use of Data (Cloud) Act, she said. The discussion with Sessions involved bringing law enforcement tools up to speed for today’s digital reality, which criminals are taking advantage of, she said. Describing the digital age as a tumultuous period for privacy, Jourová said the EU is ahead of the U.S. on protecting consumer privacy. The Cloud Act and similar legislation the EU plans to adopt in April were crafted in the same vein as the GDPR, she said. She called the EU GDPR and the U.S. Cloud Act important steps in balancing security with privacy rights, which could help inform the debate before the U.S. Supreme Court in the Microsoft-Ireland case (see 1802270052).

Facebook has “responsibility to protect your data, and if we can't then we don't deserve to serve you,” posted CEO Mark Zuckerberg in his first known public comments on allegations that political data analytics firm Cambridge Analytica misused private information of more than 50 million Americans on behalf of President Donald Trump's 2016 election campaign (see 1803200047). Zuckerberg has been “working to understand exactly what happened and how to make sure this doesn't happen again,” he said. “The most important actions to prevent this from happening again today we have already taken years ago. But we also made mistakes, there's more to do, and we need to step up.” As founder, “at the end of the day I'm responsible for what happens on our platform,” said Zuckerberg. “I'm serious about doing what it takes to protect our community. While this specific issue involving Cambridge Analytica should no longer happen with new apps today, that doesn't change what happened in the past. We will learn from this experience to secure our platform further and make our community safer for everyone.”

The U.S. government has taken initial steps to secure federal networks and critical infrastructure, but the process of securing the IoT has just begun, said White House tech policy adviser Kelsey Guyselman Tuesday. Speaking at an event hosted by the American Bar Association and the FCBA, Guyselman detailed the goals of President Donald Trump’s executive order from May. Botnets and other automated threats aren't problems that can be solved by a single entity, agency or sector, she said, urging a collaborative approach to securing the IoT. Guyselman spoke in place of NTIA Administrator David Redl, who couldn't attend due to a scheduling conflict. On a separate panel, DOJ Computer Crime-Criminal Division Deputy Chief Michael Stawasz opposed the EU's general data protection regulation potentially impeding criminal investigations abroad. While working full-time to gain legal access to private data, and balancing law enforcement and privacy concerns, Stawasz said he likes the U.S.’ current framework “just fine.” The GDPR could potentially conflict with warrant compliance, he said. Wiley Rein's Megan Brown said, based on discussions with industry and officials in Europe, there has been a “slow awakening” that the GDPR could interfere with surveillance.

President Donald Trump issued an executive order Monday barring U.S. citizens from “all transactions related to, provision of financing for, and other dealings in” any “digital currency, digital coin, or digital token” issued by Venezuela’s government. Trump signed the order a month after the Venezuelan government formally rolled out its petro virtual currency to aid the nation’s sagging economy and skirt U.S. sanctions. Venezuelan President Nicolas Maduro said he’s planning to unveil a “petro gold” virtual currency backed by precious metals after the government collected $735 million in presale purchases of the oil-backed petro. Sen. Marco Rubio, R-Fla., praised Trump for banning the transactions, saying in a statement it “targets their ability to use cryptocurrencies to circumvent U.S. and international sanctions.”

Companies worldwide lose about $1.5 trillion annually to cybercrime, and insurance covers about 15 percent of the cost, reported WomenCorporateDirectors and Marsh & McLennan’s Global Risk Center. A survey by Marsh and Microsoft from January showed 30 percent of companies have a cyber response plan, the report said, and research shows 40 percent of U.S. boards have reviewed their cyber insurance coverage in the past year. The 2017-2018 National Association of Corporate Directors' Public Company Governance Survey showed 60 percent of boards reviewed breach response plans in the past year.

CSRA, providing cybersecurity to the government and others, got a rival, higher takeover bid that was an unsolicited proposal from CACI, which also provides cybersecurity. But original buyer General Dynamics said it will carry on with its all-cash $9.6 billion deal. Although about 8 percent more on a per-share basis, CACI's offer isn't all cash. CACI sees $165 million annually in cost savings, more than with GD. The antitrust waiting period under the Hart-Scott-Rodino Act has expired, said GD. CSRA's board, "in consultation with its legal and financial advisors, will carefully review and consider" the new bid, the acquiree said: The board hasn't "changed its recommendation that CSRA stockholders tender their shares of CSRA common stock pursuant to the Offer" from GD. After Sunday's developments, CSRA stock closed up 0.9 percent Monday at $41.02.

A federal court froze assets and operations of four individuals the FTC alleged engaged in cryptocurrency scams in which they “falsely promised” participants large returns if they used digital currencies to participate. Thomas Dluca, Louis Gatto and Eric Pinkston deceptively promoted Bitcoin Funding Team and My7Network, promising participants could turn $100 of investment into $80,000 in monthly income, according to FTC filings. A fourth defendant, Scott Chandler, supported Bitcoin Funding Team and another allegedly illegal scheme, Jetcoin, said the FTC. The structures ensured that “few would benefit” from investment and a majority of investors would fail “to recoup” their initial payment, FTC said. The schemes involved digital currencies like Bitcoin and Litecoin. At the request of the FTC, the U.S. District Court for the Southern District of Florida issued a temporary restraining order and froze defendants’ assets until a trial decision. The commission separately Friday said it established an agency blockchain working group, which will focus on cryptocurrency and blockchain issues. “I expect that fraudsters will repurpose old schemes to capitalize on the current glamour and mystery of cryptocurrency," said acting Chief Technologist Neil Chilson. “The FTC staff will diligently apply its expertise to identify such schemes.”

The Federal Election Commission opened public comment on draft rules for online political advertising disclosures. Commissioners approved the draft NPRM on internet disclaimers and definition of “public communication” Wednesday. The agency is seeking comment on two alternative proposals to update regulations for online ads that “contain express advocacy, solicit contributions or are made by political committees.” The FEC scheduled a hearing June 27. Senate Intelligence Committee Vice Chairman Mark Warner, D-Va., said the "simple and overdue act of strengthening these disclaimer rules” should have been completed, and this solicitation means standards for online political ads remain far behind those for political ads on TV and other media. He noted the delayed reform overlaps with the start of primary season for the upcoming 2018 midterms. Congress must recognize that current laws don't adequately deal with current national security threats, he said, urging action on the Honest Ads Act (S-1989) he introduced with Sens. Amy Klobuchar, D-Minn., and John McCain, R-Ariz.