DOD must improve its IPv6 transition plans, the GAO said Monday. The Pentagon began the planning process in 2017 but "has yet to clearly define the magnitude of work involved, the level of resources required, and the extent or nature of cybersecurity risks if vulnerabilities aren’t proactively managed," GAO said. Defense Secretary Mark Esper should direct the DOD chief information officer "to complete a department-wide inventory of existing IP-compliant devices and technologies to help with planning efforts and requirements development for the transition to IPv6," the report said. The auditor recommended the CIO "develop a cost estimate" for the transition and "develop a risk analysis" for it. DOD "agreed with our recommendations to develop a cost estimate and risk analysis" but "did not agree with our recommendation to complete a department-wide inventory of existing IP-compliant devices and technologies," GAO said. The department "referred to the draft IPv6 guidance that OMB developed in March 2020, stating that the draft guidance will rescind OMB’s fiscal year 2005 IPv6 guidance, which includes the inventory requirement. DOD also said that creating such an inventory would be impractical given the department’s size. It added that it has been mitigating the risk of not having an inventory by only acquiring IPv6-capable devices since December 2009."

The National Security Commission on Artificial Intelligence seeks comment by Sept. 30 for its final report on ensuring U.S. competitiveness in AI, machine learning and other emerging technologies. The FY 2019 National Defense Authorization Act tasked the group with assessing ways to ensure U.S. competitiveness in those technologies, ways to increase investment, workforce training and national security risks. The report is due March, said Thursday's Federal Register.

A company with facial recognition tech to create so-called faceprints of a person's identity (see 2003030054) was sued for allegedly violating people's privacy. Clearview AI undertook "unlawful surreptitious capture and storage of millions of Illinoisans’ sensitive biometric identifiers," alleged the American Civil Liberties Union, Chicago Alliance Against Sexual Exploitation, Sex Workers Outreach Project Chicago, Illinois State Public Interest Research Group and Mujeres Latinas en Accion. They told a state court in Cook County Thursday Clearview violated the Illinois Biometric Information Privacy Act: "Clearview has captured more than three billion faceprints from images available online, all without the [subjects'] knowledge." It's the first such case to attempt to "force any face recognition surveillance company to answer directly to groups representing survivors of domestic violence and sexual assault, undocumented immigrants, and other vulnerable communities uniquely harmed," the ACLU emailed. The company didn't comment.

President Donald Trump threatened to “strongly regulate” or shut down social media platforms, citing political bias against conservatives a day after Twitter included fact-check warnings for a series of his tweets. “Republicans feel that Social Media Platforms totally silence conservatives voices,” he wrote Wednesday. “We will strongly regulate, or close them down, before we can ever allow this to happen.” Social media companies don’t have anti-conservative bias and are rightly collaborating with civil society and government to combat online misinformation, Information Technology and Innovation Foundation Vice President Daniel Castro said: “While there may be occasional missteps, the private sector has shown a tremendous commitment to addressing this problem in a fair and transparent manner.” Twitter didn’t comment. Computer and Communications Industry Association President Matt Schruers raised free speech concerns, asking, “Are we a nation that tolerates its President threatening private enterprise for daring to contradict him?” Sen. Richard Blumenthal, D-Conn., tweeted that Trump’s “fear-mongering & conspiracy theory peddling is irresponsible, inexcusable, & authoritarian.” The First Amendment "significantly constrains any action the president could take to regulate social media platforms,” said American Civil Liberties Union Senior Legislative Counsel Kate Ruane. “The First Amendment also clearly prohibits the president from taking any action to stop Twitter from pointing out his blatant lies about voting by mail.”

The FCC Communications Security, Reliability and Interoperability Council will consider a final report by its Managing Security Risk in the Transition to 5G Working Group during a June 10 teleconference meeting, the FCC said Tuesday. Members will vote on a “Report on Risks to 5G From Legacy Vulnerabilities and Best Practices for Mitigation,” the FCC said. The call starts at 1 p.m. EDT.

California might enforce its privacy law three months before final regulations by Attorney General Xavier Becerra (D), said privacy attorney Christina Gagnier on a Carlton Fields webinar Thursday. The AG hasn't announced timing for California Consumer Privacy Act rules, but “it’s been communicated that the regulations might not be out until October,” even though Becerra hasn’t budged on starting enforcement July 1, she said. COVID-19 has moved many things back but it’s also brought “a heightened awareness of privacy,” Gagnier said. “The AG’s office is basically balancing those two things.” The final rules probably won't deviate much from proposed regulations as revised a few months ago (see 2004020043), unless the legislature this summer passes major changes like what’s proposed in AB-3119 by Assemblymember Buffy Wicks (D), the lawyer said. Wiley heard the same, attorney Joan Stewart emailed us. "While the AG hasn’t provided guidance yet on how enforcement would work in a world without implementing regulations -- we anticipate that initially enforcement could be focused on the requirements of the statute, rather than compliance specifics tied to the regulations." Expect the AG to "go after businesses that have made no effort to comply rather than businesses that have made a good faith effort but fell short." The International Association of Privacy Professionals blogged Monday about the possible delay to CCPA rules. "For regulations to become effective July 1, they must be filed with the Office of Administrative Law by May 31," but they haven't been submitted, IAPP said. If the AG doesn't meet that deadline, "their effective date will likely slip until Oct. 1." Becerra is "committed to enforcing the law starting July 1," a spokesperson emailed. "We encourage businesses to be particularly mindful of data security in this time of emergency."

The Internet Governance Forum USA conference will be held virtually July 22-23, IGF-USA said Wednesday. Originally planned to be in Washington, the now two-day conference will cover topics including 5G security, IoT, COVID-19 response, education technology, network security, encryption, privacy, content moderation and artificial intelligence.

A Canadian company falsely claimed its smart locks were secure and failed to follow industry best practices to protect data, the FTC alleged Wednesday in a settlement. Contrary to representations to consumers, Tapplock “failed to take reasonable precautions or follow industry best practices to protect the consumer data it collected through its app,” the agency said. With 5-0 commissioner approval, the settlement requires the company to “implement a comprehensive security program and obtain independent biennial assessments.”

T-Mobile is launching the 5G Open Innovation Lab, partnering with Intel and NASA and working with Amazon Web Services, Google and other companies, T-Mobile President-Technology Neville Ray blogged Tuesday. The lab will focus on “emerging applications for edge computing, artificial intelligence and more, developing groundbreaking applications and services that unleash the potential of 5G networks,” he said.

Members of Facebook’s oversight board defended the body Monday as politically neutral and free from undue company influence (see 2005120056). Board members wouldn't have taken the position if they thought they were “providing cover” for Facebook, said University of Oklahoma College of Law professor Evelyn Aswad during an Aspen Institute webcast: The goal is to be as neutral as possible and look at every issue from various angles. Members will be paid, and individual payment amounts aren’t publicly available, said Stanford Law School professor Michael McConnell. Pay is based on what each member could command with alternative use of their time, he noted, saying he expects to spend about 15-20 hours monthly. The board will make binding decisions on content moderation, and can advise on content moderation policies, said Columbia Law School professor Jamal Greene. “We’re not front lines internet cops,” said McConnell, calling it a deliberative body for appeals. Facebook will refer policy questions to the board for nonbinding guidance, McConnell added, noting the company must respond publicly with its decisions on whether it agrees with the guidance. Cato Institute Vice President John Samples said his understanding is that decisions about advertising content will be within the remit of the panel. He called the body an attempt to challenge the content moderation status quo, which people are unhappy with. It’s better than the alternative of having a stronger government role, he said.