The European Commission said it's requiring Google parent Alphabet, Facebook and Twitter to change terms of service and improve responsiveness to removing content aimed at committing consumer fraud within one month or face “enforcement action.” The EU has been scrutinizing the three firms’ practices, including their ability to detect and remove scam content like fake promotions and ads for counterfeit products. Friday’s announcement followed a Thursday meeting between EC officials and representatives from three companies. Social media companies generally “need to take more responsibility in addressing scams and frauds,” said Justice, Consumers and Gender Equality Commissioner Věra Jourová in a news release. “It is not acceptable that EU consumers can only call on a court in California to resolve a dispute.” Social media companies’ terms of service must comply with European consumer law, which requires a balance between parties’ rights and obligations, and those terms be drafted in plain language, the EC said. The decision came soon after Germany said it was proposing a law that would allow fines of up to $53 million against social media firms if they fail to remove libelous or threatening posts. Google, Facebook and Twitter didn’t comment.

ICANN's Governmental Advisory Committee urged the organization's board Wednesday to “take into account the serious concerns expressed by some GAC members” about ICANN's policy to allow domain registries to sell two-letter domain names that match county code top-level domains (ccTLDs). The board in November agreed to release all two-letter names while requiring registrants not to claim they are affiliated with the country whose ccTLD corresponds with a registered domain name. The board also required registries to investigate governments' complaints about registered two-letter names. The ICANN board should “engage with concerned governments” before the organization's planned June 26-29 meeting in Johannesburg “to resolve these concerns” and “immediately explore measures to find a satisfactory solution of the matter to meet the concerns of these countries before being further aggravated,” GAC said in its communique. The board also should “provide clarification of the decision-making process and of the rationale” for its November release of the two-letter domain names, GAC said. Brazil, China, the EU and Iran are among countries that raised concerns about ICANN's decision. Governments don't have a legal right to second-level domains that correspond to their ccTLD strings, said ICANN board member Chris Disspain during a Wednesday meeting with GAC during the organization's conference in Copenhagen. Some GAC members disagreed. Iranian GAC member Kavouss Arasteh said that “the multistakeholder process was not easily accepted by many countries. Still, people have difficulty with that.” Arasteh threatened to seek ITU involvement in the issue at its 2018 Plenipotentiary Conference “if the matter is not resolved.” It's “not always commercial; government also has some powers, and we exercise our powers,” Arasteh said.

Intel’s proposed $15.3 billion buy of Israeli-based Mobileye (see 1703130015) “kills the myth that Israelis can’t build big companies” and that Jerusalem “is not a hotbed of innovation,” said Lou Kerner, who manages Flight VC's Israeli Founders Syndicate, in a Medium.com blog post Tuesday. The Mobileye deal also “turns the world’s focus to Israel, in a highly positive way, for at least a period of time,” Kerner said. “But most importantly for the Israel tech sector, tech ecosystems, when they are humming, are virtuous circles,” he said. Israel’s tech sector “was already booming,” but the Mobileye deal “just adds more fuel to Start Up Nation’s roaring bonfire,” he said. Mobileye's deal with Intel “is unique" because instead of Mobileye being integrated into Intel, Intel's Automated Driving Group “will be integrated into Mobileye,” and will be “headquartered in Israel,” senior Mobileye management told employees Monday in announcing the deal.

ICANN released a publicly available “testing platform” Sunday of its rollover of the root zone key signing key (KSK), which acts as the “master” key for the Domain Name System Security Extensions. ICANN Chief Technology Officer David Conrad urged DNS operators Monday to use the test bed, saying during the organization’s Copenhagen conference (see 1703100062 and 1703130010) “we have to make sure that everyone is aware that the KSK rollover will happen.” ICANN will also do a briefing on the test bed during a Tuesday session in Copenhagen. The KSK switchover is set for Oct. 11.

BT agreed to Ofcom requirements to spin off its Openreach network division, the British regulator said in a release Friday. "Openreach will become a distinct company with its own staff and management, together with its own strategy and a legal purpose to serve all of its customers equally," Ofcom said. "BT has agreed to all of the changes needed to address Ofcom’s competition concerns. As a result, Ofcom will no longer need to impose these changes through regulation. The reforms have been designed to begin this year."

President Donald Trump’s second immigration executive order (see 1703060043) keeps “key provisions” from the first that the courts previously “enjoined” as being unlawful, so the second order should be barred from taking effect March 16 as the administration wants it to, the state of Washington argued Thursday in court documents (in Pacer). Though the terms in the second order “differ slightly from their original incarnations, the differences do not remove them from the ambit of this Court’s injunction,” the state told U.S. District Court in Seattle, which granted Washington and Minnesota a temporary restraining order (TRO) Feb. 3 that prevented the first order from being enforced. Tech groups sided in court with the two states. Though the ban in the second order, unlike in the first, won’t apply to green-card holders, visa holders and refugees living in the U.S., “it bars entry for virtually all other aliens from the listed countries,” Washington said. When a court "enjoins a defendant from implementing policies,” as U.S. District Judge James Robart did when he issued his TRO, “the defendant cannot evade that injunction simply by reissuing the same basic policies in a new form,” the state said. “Courts do not issue injunctive relief in a game of whack-a-mole, forced to start anew at a defendant’s whim.” Administration lawyers didn’t comment Friday.

Interception and surveillance of EU citizens' personal data sent to the U.S. is allowed by laws in America and subject "to limited, if any, judicial oversight," said the Electronic Privacy Information Center Wednesday in a submission to the Irish High Court. It's hearing a case involving whether Facebook's use of standard contractual clauses (SCCs) provide adequate privacy protections for European citizens (see 1702060029). EPIC is one of several parties selected as amici curiae in the case, which may be referred to the European Court of Justice to decide the validity of SCCs in transferring data. EPIC said U.S. laws don't really provide "adequate safeguards" for such data and effective redress if there are violations. "Many of the privacy safeguards under U.S. law in fact operate to the exclusion of E.U. citizens situated outside the United States," said EPIC. Experts expect the ECJ, which invalidated the safe harbor agreement in October 2015 leading to the creation of Privacy Shield, will hear the case. The office of Irish Data Protection Commissioner Helen Dixon said in a recent update that the Irish court case, which began Feb. 7, may last until mid-March.

The American Civil Liberties Union, ACLU of Oregon and Electronic Frontier Foundation are asking the full 9th U.S. Circuit Court of Appeals to rehear the case of Mohamed Osman Mohamud, a Somali-born, naturalized U.S. citizen, after a three-judge panel in December upheld his conviction for attempting to bomb a Portland, Oregon, ceremony in 2013 (see 1607050073). The 9th Circuit panel ruled that since the government was targeting a foreign national overseas under Section 702 of the Foreign Intelligence Surveillance Act, no warrant was required to intercept that person's communications or Mohamud's emails that were incidentally collected in the investigation. Section 702 allows U.S. intelligence agencies to collect information about non-U.S. persons located overseas; but critics say Americans' personal information is swept up (see 1605100001). In Monday's amici filing requesting an en banc hearing, the three groups said the panel "improperly" relied on the "incidental overhear" rule to create a new exception to the warrant requirement, but that rule wasn't recognized as an exception. Such a misreading creates "a dangerous end-run around the warrant requirement -- including in ordinary criminal investigations," the filing said. The groups said the panel held that the third-party doctrine "diminished" Mohamud's expectation of email privacy. The advocacy groups said the panel "inexplicably carved out of its decision" the government practice of intentionally searching the Section 702 databases for Americans' communications.

High-ranking government officials from France and Germany are backing EU legislation that could jeopardize encrypted communications across Europe, said Christian Borggreen, Computer & Communications Industry Association director-international policy, in a blog post Friday. He said German Interior Minister Thomas de Maiziere and his French counterpart, Bruno Le Roux, sent a letter last week to European Commission officials seeking legislation in October after both countries' general elections. Borggreen said the letter, which is written in French, is a "u-turn" from the EU's prior "strong opposition" to back doors. He also cited a Politico story that reported an EC spokesperson seemed to endorse the proposal. Borggreen said it's unclear how service providers would give law enforcement access to encrypted data. It would "pose serious risks to the overall security and confidentiality of Europeans’ communications, which seems inconsistent with existing legal protections for personal data," he wrote. The EC's justice spokesman and French and German interior ministry offices didn't respond to emails seeking comment.

Sentinel Labs, SpyChatter and Vir2us settled separate but similar FTC allegations that they allegedly deceived consumers about their participation in the Asia-Pacific Economic Cooperation's (APEC) voluntary data-transfer system, said the commission in a Wednesday news release. Commissioners voted 2-0 to accept the three proposed consent orders, which will be published in the Federal Register soon, for comment through March 24. The commission will then decide whether to make the agreements final. The FTC alleged the companies said in their online privacy policies that they participated in the APEC Cross-Border Privacy Rules system when they didn't. The system "facilitates privacy-respecting data transfers between APEC member economies through a voluntary, enforceable mechanism, which certifies companies as being compliant with ... program requirements," said the FTC. The agency also said security company Sentinel Labs, which also does business as SentinelOne, "falsely" claimed participation in TRUSTe's privacy program. SpyChatter provides a secure messaging app while Vir2us is a cybersecurity company. The settlements bar the companies "from misrepresenting their participation, membership or certification in any privacy or security program sponsored by a government or self-regulatory or standard-setting organization." The companies didn't comment.