The Senate Homeland Security Committee’s report on the 2017 Equifax data breach (see 1903070065) “highlights a glaring lack of cybersecurity preparedness that is, quite frankly, appalling given the highly sensitive consumer data” at stake, said Public Knowledge Cybersecurity Policy Director Megan Stifel Friday. PK urged Congress to pass "comprehensive privacy legislation and examine whether market incentives are sufficient to ensure consumers’ data is adequately protected.”

State attorneys general joined federal agencies in a crackdown on tech support scams, the National Association of Attorneys General said Thursday. Scammers use pop-up messages, phone calls or websites to claim a consumer’s computer is infected, and then ask for personal information or remote access to a victim’s computer to fix the problem. More than 60 percent of consumers faced them last year, said NAAG President and Louisiana AG Jeff Landry (R). “Education, prevention, and enforcement are instrumental in addressing these tech scams.” Sweep participants are DOJ, the FTC and AG offices from Arizona, Connecticut, Florida, Kentucky, Louisiana, Minnesota, Mississippi, Montana, Nebraska, Nevada, New York, North Carolina, North Dakota, Ohio, Pennsylvania, Rhode Island, South Carolina, Texas, Utah and Washington, D.C. The sweep includes "criminal charges, criminal proceed seizures, civil injunction lawsuits, and the execution of search warrants," said a DOJ fact sheet.

Opened emails are entitled to the same Stored Communications Act privacy protections as unopened emails, the 4th U.S. Circuit Court ruled Wednesday in docket 18-1306. Patrick Hately alleged David Watts, who was intimately involved with Watts’ ex-girlfriend, Nicole Torrenzano, illegally accessed Watts’ email account. Judge James Wynn wrote the opinion, joined by Judges Roger Gregory and Diana Gribbon Motz. They disagreed with the lower court that "Hately’s previously opened and delivered emails stored by a web-based email service were not in statutorily protected 'electronic storage' under federal law." The jurists sent the case back to the district court. A lawyer for the defendant didn't comment immediately Thursday. New America’s Open Technology Institute said Thursday the decision has broad implications because police will now have to secure a warrant to access email evidence, regardless of how old the emails are or if they have been opened. "A contrary ruling would have meant that spam emails nobody opens are better protected from government access than sensitive, personal messages you open and save,” said Center for Democracy & Technology Freedom, Security and Technology Project Director Greg Nojeim.

U.S. military services should develop cyber mission force training plans with specific personnel requirements to better develop a skilled cyber workforce, GAO said Wednesday. The agency suggested independent assessors evaluate Cyber Command training and that Cyber Command “establish the training tasks covered by foundational training courses and convey them to the services.” DOD “concurred with the recommendations,” GAO said.

Facebook wants to shift to a more “privacy-focused messaging and social networking platform,” blogged CEO Mark Zuckerberg Wednesday. Zuckerberg envisions a platform where communication shifts to private, encrypted services with data that remains secure and eventually disappears. “Private messaging, ephemeral stories, and small groups are by far the fastest growing areas of online communication,” Zuckerberg wrote, saying he wants the company to shift from a “town square” to more of a “living room.”

Industry representatives voiced frustration about e-commerce, seeking a more-streamlined filing system and crackdown on foreign sellers. A common complaint was lack of transparency from foreign companies when they sell through online markets, a Customs and Border Protection event was told Friday. The foreign e-commerce sellers bypass U.S. safety and testing regulations, disproportionately placing the “burden of enforcement” on the brand owners of the items, said Rebecca Mond, Toy Association vice president-federal government affairs. That leads to lapses in enforcement, she said. Cornelia Steinert, Canon Virginia senior manager-international trade, said there's “simply no visibility” for importers of e-commerce products, especially small shipments. “How do you know what they’re ordering?” she said. “A lot of times, you can’t tell where the products are being shipped from.” She wants improvements to CBP manifest filings. Footwear Distributors and Retailers of America CEO Matt Priest said one of the footwear industry’s biggest issues is “unauthorized third-party sellers” online. Priest suggested more communication between CBP and industry. “The prevalence of e-commerce has just been so difficult for our members to get their hands around” on enforcement issues, he said. That multiple filings are made to CBP and each foreign government agency involved in selling a product online is problematic, said Cindy Allen, FedEx Trade Network vice president-regulatory affairs and compliance.

Emerging technologies have “significant potential to assist older adults with successfully aging in place," via cognition, communication, social connectivity, personal mobility, transportation and access to healthcare, a White House task force reported Tuesday. Challenges include user adoption, system requirements, functionality, privacy and security. “Cutting-edge technologies hold significant promise for older Americans, enhancing their mobility and independence, strengthening ties to their communities, and keeping them healthy and safe,” said Director Kelvin Droegemeier of the Office of Science and Technology Policy, which issued the report. It recommends continued research and development. The National Science and Technology Council convened the task force from across federal agencies.

The FTC approved changes to two rules under the Gramm-Leach-Bliley Act. Safeguards rule revisions add more detailed requirements for what should be included in the comprehensive information security program the rule mandates for financial institutions. Commissioners Noah Phillips and Christine Wilson dissented, saying it’s “premature” and substitutes the FTC’s “judgment for a private firm’s governance decisions,” may take the commission in a direction that's “unwarranted,” may “have negative repercussions” and moves the rule away from its now-flexible approach. Privacy rule changes, OK'd 5-0, are to make that rule’s scope “clear on its face,” removing “examples of financial institutions that do not apply to motor vehicle dealers,” a release said. The rules also clarify which automotive dealers must provide annual privacy notices. Comments on both are due 60 days after Federal Register publication.

Sen. Shelley Moore Capito, R-W.Va., and state Gov. Jim Justice (R) hailed Facebook's Monday commitment to build a 275-mile-long fiber network segment in the state this year. It's part of a larger Facebook network to run from Ashburn, Virginia, to Columbus, Ohio. Capito addressed her concerns about broadband connectivity in the state during the Senate Commerce Committee's hearing last year with Facebook CEO Mark Zuckerberg (see 1806050044).

Thales must divest its General Purpose Hardware Security Module business to resolve competition concerns and complete its $5.6 billion acquisition of Gemalto, DOJ announced Thursday evening. GP HSMs are “secure encryption processing and key management devices” most frequently used as components of complex encryption systems used by industry and government to secure sensitive data. Thales and Gemalto are the “world’s leading providers of GP HSMs and are significant direct” U.S. competitors, DOJ said. Friday, Thales didn’t comment.