PC shipments in the U.S. are expected to grow 2.3 percent annually in the next five years, Daniel Research Group said in a Tuesday report. Though shipments of desktop PCs and laptops are expected to decline 0.8 percent this year, “we anticipate healthy growth” in 2018, when shipments increase 4.3 percent, the company said. It forecasts an economic slowdown in 2019 and 2020 that will keep growth rates under 2 percent in each of those years, before shipments rebound with 5 percent growth in 2021, fueled by consumer demand for replacement models.

President Donald Trump's planned renegotiation of the North American Free Trade Agreement should include policy positions supported by the tech sector, the Internet Association said Tuesday. Trump said last month he plans to update the 1994 deal (see 1705180050). A NAFTA revamp should include a specific e-commerce chapter that would “maintain an open internet,” language protecting the fair use doctrine and Digital Millennium Copyright Act Section 512 safe harbors, IA said. The update should ensure trade rules protect e-commerce because the agreement's existing rules “do not accommodate package-level e-commerce export, the industry group said. “Promoting internet-friendly disciplines in NAFTA on data flows, balanced copyright, intermediary liability, and customs represents a massive opportunity for the internet sector and the U.S. economy as a whole,” said President Michael Beckerman.

President Donald Trump's blocking of certain Twitter users violates the First Amendment, wrote the Knight First Amendment Institute at Columbia University. Tuesday's letter addressed to Trump said clients Holly O'Reilly and Joseph Papp were blocked from @realDonaldTrump "because they disagreed with, criticized, or mocked you or your actions as President." The letter said Trump's account is a "designated public forum" just like open city council or school board meetings. The institute said blocking O'Reilly and Papp is "unconstitutional" and it wants the president to unblock them and any others. The letter was written by Jameel Jaffer, the institute's founding director, and attorneys Alex Abdo and Katherine Fallow. It was also sent to White House counsel Donald McGahn, Press Secretary Sean Spicer and Director of Social Media Dan Scavino. The White House didn't comment.

Short, low-volume distributed denial-of-service attacks aimed at masking “more serious network intrusions” are the “greatest DDoS risk” for most entities, Corero Network Security reported Monday. Ninety-eight percent of DDoS attack attempts that Corero measured during Q1 were less than 10 Gbps in volume and 71 percent lasted 10 minutes or less, the cybersecurity firm said. “Short DDoS attacks might seem harmless, in that they don't cause extended periods of downtime,” said CEO Ashley Stephenson in a news release. “IT teams who choose to ignore them are effectively leaving their doors wide open for malware or ransomware attacks, data theft or other more serious intrusions.”

The Supreme Court is being urged to review a 2016 9th U.S. Circuit Court of Appeals decision that the Electronic Frontier Foundation said in a Monday news release could transform the Computer Fraud and Abuse Act into "a mechanism for criminalizing password sharing and policing Internet use." In an amicus brief filed Monday, EFF said CFAA originally was intended to criminalize hacking to access or alter data, but it doesn't define what "without authorization" means. The organization cited the appeals court ruling last year against David Nosal, an ex-employee of executive search firm Korn Ferry, which revoked his computer access credentials after he left to start his own firm (see 1609130012 and 1610110003). A firm employee gave to colleagues who were defecting with Nosal a password that enabled them to download information from Korn Ferry's database on his behalf. The 9th Circuit panel found Nosal violated the CFAA. EFF Staff Attorney Jamie Williams said in the release the "ruling threatens to turn millions of ordinary computer users into criminals,” whether it's logging into a friend's social media account or spouse's bank account "with their permission but in violation of a corporate prohibition on password sharing," possibly resulting in a prosecution. She said the 30-year-old anti-hacking statute needs to be updated and the Supreme Court can give "'authorization' an appropriately narrow definition, specifically clarifying that password sharing is not -- and was never intended to be -- a crime."

Cybersecurity needs board oversight and isn't just an IT issue, "it’s an enterprise wide risk management issue," blogged Internet Security Alliance Senior Director Stacey Barrack. "Most corporate boards are comprised of 'digital immigrants'" who "need to learn how to understand cyber-risk," she wrote Friday. Such risk management takes "strategic thinking" that doesn't treat information security as a "siloed" issue, Barrack wrote. She noted, as did another expert in a blog Thursday (see 1706010018), that "several significant cyberbreaches did not actually start within the target’s IT systems, but rather from vulnerabilities in one of its vendors or suppliers."

Baby Pet Vet Doctor app developer Tiny Piece modified the app and its advertising in response to a Children's Advertising Review Unit inquiry, the Council of Better Business Bureaus' division said Thursday. CARU initially decided Baby Pet Vet Doctor included a children's category, but the app's registration process didn't collect an email address for parents of child users and failed to obtain consent for the collection of information from children. The app also didn't include a visible privacy policy, CARU said. Google Play rated the app T for teen even though it was described as “the perfect game for children.” The app included advertising for T-rated games like Pregnant Mommy's Surgery, My Ex-Boyfriend Comes Back and Plastic Surgery Simulator, CARU said. Tiny Piece responded by no longer collecting email addresses for child-age users, removed the children's category from the app and posted a privacy policy. Tiny Piece also modified its description to reflect that the game is aimed at people aged 12 years and older.

Target's 2013 data breach with a record $300 million in damages should be a wake-up call on cybersecurity, blogged Shane Tews of the American Enterprise Institute. She noted the company recently settled with 47 states over the credit card incident. "If Target had taken IT management seriously ... it could have saved itself hundreds of millions of dollars and a damaged reputation," wrote the AEI Center for Internet, Communications and Technology Policy visiting fellow Thursday. She sought "clear, responsible guidelines for IT management and data security" for companies sharing data on customers. Senior executives should understand that such protections are "part of their management responsibilities," Tews wrote. "A company’s incident-response plan can make the difference between a momentary slow down and a full day or weeks-long fiasco." Target didn't comment.

As media reports swirled Thursday about the prospect of Apple launching an Echo-like music speaker based on the Siri digital assistant at its Worldwide Developers Conference starting Monday, Apple instead focused on promoting revenue gains from its app business. A Thursday news release said its app developers have brought in more than $70 billion from the App Store since it launched in 2008. The App Store’s active paid subscriptions are up 58 percent year over year, and the subscription business model is available to developers across 25 app categories, Apple said. It highlighted popular apps, including Netflix and Hulu for video streaming, the mobile-first Tastemade cooking network, and photo editing apps Over and Enlight. Developers create apps for customers in 155 countries, with gaming and entertainment top-grossing categories, Apple said. Lifestyle and health and fitness apps had 70 percent growth in gross earnings in the past year, and photo and video apps jumped 90 percent during the period, it said. Downloads have grown more than 70 percent in the past 12 months, Apple said, with “hit” apps including Pokemon Go, Super Mario Run, CancerAid, Space by Thix, Zones for Training with Exercise Intensity, Vanido, Ace Tennis and Havenly, it said. The company didn't comment on reports of a Siri-based speaker.

The National Institute of Standards and Technology should morph work on how to effectively measure use of the Cybersecurity Framework into development of “an analytical tool that will enable individual entities to assess their unique threats on a monetized basis,” Internet Security Alliance CEO Larry Clinton blogged. NIST has been working with stakeholders on a proposed v1.1 update including metric language aimed at starting a conversation (see 1701100084). Stakeholders urged the agency to be cautious (see 1704110045 and 1705160072). NIST should develop a tool to help entities “assess which elements of the [framework] will be most cost-effective in addressing them” rather than identify “which elements of the [framework] are cost-effective in general,” Clinton said Wednesday: Use of the framework “is effective, but exactly what elements” are effective “and the degree of effectiveness likely changes from organization to organization based a number of variables such as size, sector, culture and business plan."