A U.S. District Court, Louisville, law clerk granted Tempur Sealy’s request Monday to serve a Digital Millennium Copyright Act subpoena on Amazon for information leading to the identity of a third-party merchant that the bedding manufacturer alleges is selling counterfeit goods on the e-commerce site, court records show. The subpoena (in Pacer) gives Amazon three weeks to turn over to Tempur Sealy's attorneys any documents it has on the merchant, Astonishing Goods, that identify the operator’s name and physical and email addresses. Tempur Sealy wants the information “only for the purpose” of protecting its intellectual property, said the attorneys (in Pacer). The lawyers also asked Amazon (in Pacer) to "immediately take steps" to disable access to the "infringing materials" and notify anyone who participated in the distribution of the goods that "their conduct was illegal and could be subject to enforcement." Tempur Sealy holds Amazon as "the party responsible for hosting the user's storefront," they said. They didn't explicitly accuse Amazon of contributory infringement but said Tempur Sealy is "not waiving its right to engage in other enforcement activities, and reserves all rights to do so at any time." Amazon didn’t comment. Under DMCA provisions, copyright holders can request federal subpoenas to stop alleged online infringement without filing an actual lawsuit and without requiring a judge's signature.

An ICANN policy panel made "important progress" toward revising the Whois system to comply with the EU general data protection regulation, Georgia Institute of Technology School of Public Policy professor Milton Mueller blogged. Meeting in Los Angeles Sept. 24-26, the expedited policy development group (ePDP) pushed past the "same old conflicts of interest" to strike a tentative approach, he said Friday. Stakeholder groups need to approve the proposals, and the ePDP must submit an initial report for review at the Oct. 20-26 ICANN meeting in Barcelona. The ePDP "finally recognized a clear distinction" between the purposes for data collection and third-party legitimate interests in gaining access to that information, said Mueller, an ICANN participant. The panel identified the purposes of the database, the data required for them, and which GDPR rules apply to the data processed, he said: "Progress almost broke down" over "Purpose B" on enabling third-party access to nonpublic registrant data. The group compromised for lawful access for legitimate third-party interests to registration data already collected and identified, and to classify Purpose B as a registry/registrar, rather than ICANN, purpose. Other proposals include establishing rights of a registered name holder in a registered name and coordinating development and implementation of policies for resolving disputes over registration of domain names.

Facebook discovered Tuesday that hackers stole access to as many as 90 million user accounts, it announced Friday. “While I'm glad we found this, fixed the vulnerability, and secured the accounts that may be at risk, the reality is we need to continue developing new tools to prevent this,” CEO Mark Zuckerberg said. The vulnerability, which allowed exploitation of the “view as” feature, was patched Thursday, and law enforcement notified, said Vice President-Product Management Guy Rosen said. The feature lets users see what their profiles look like from another's perspective. The vulnerability let hackers steal “access tokens” and take control of accounts. “Access tokens are the equivalent of digital keys that keep people logged in to Facebook so they don’t need to re-enter their password every time they use the app,” Rosen said. Facebook reset access to almost 50 million accounts “we know were affected,” and as a “precautionary measure,” reset access tokens for another 40 million “that have been subject to a ‘View As’ look-up in the last year.” The feature is disabled until the security review is completed. The vulnerability “stemmed from a change we made to our video uploading feature in July 2017,” Rosen said. Sen. Mark Warner, D-Va., said a swift investigation should be made public: “Congress needs to step up and take action to protect the privacy and security of social media users. ... The era of the Wild West in social media is over.”

The White House wants an update to the national artificial intelligence strategy on research and development, and opened the process to public comment, an AI advisory board announced Wednesday. The Office of Science and Technology Policy’s Select Committee on Artificial Intelligence (see 1805100065), which is under the National Science and Technology Council, “began updating” the National Artificial Intelligence Research and Development Strategic Plan Wednesday. “By updating our strategic plan for AI R&D, we help ensure that the United States continues to lead in cutting edge AI innovations that address the most pressing AI challenges of today,” said Deputy Assistant to the President-Technology Policy Michael Kratsios. BSA|The Software Alliance Vice President-Global Policy Aaron Cooper said: “Ensuring that the federal government’s funding is used efficiently and effectively -- both on basic research and in addressing workforce shifts -- is a key pillar of a national AI strategy.” Comments are due Oct. 26.

Four companies settled with the FTC over allegations they “falsely claimed certification under the EU-U.S. Privacy Shield framework,” the agency said Thursday. The settlement establishes a consent agreement with the companies that carries a $41,484 civil penalty for future infractions. The defendants were IDmission, mResource, SmartStart Employment Screening and VenPath. FTC alleged VenPath and SmartStart also failed to follow Privacy Shield requirement that companies ending participation in the program “affirm to the Department of Commerce that they will continue to apply the Privacy Shield protections to personal information collected while participating in the program.”

Uber reached a $148 million settlement with all 50 states and the District of Columbia on the company’s yearlong delay in reporting a data breach affecting some 600,000 drivers and riders (see 1804120056), Missouri Attorney General Josh Hawley (R) announced Wednesday. Uber learned about the breach in November 2016 but didn’t report it until November 2017, said Hawley. “Even though some of that information triggered Missouri law requiring Uber to notify affected Missouri residents, Uber failed to report the breach in a timely manner,” Hawley’s office said. Affected Missouri drivers are eligible for $100 in compensation, Hawley said. “Instead of notifying impacted consumers of the breach within a reasonable amount of time, Uber hid the incident for over a year – and actually paid the hackers to delete the data and keep quiet,” Pennsylvania AG Josh Shapiro (D) said. “That is outrageous corporate misconduct.” Uber will "continue to invest in protections to keep our customers and their data safe and secure, and we’re committed to maintaining a constructive and collaborative relationship with governments around the world," Uber Chief Legal Officer Tony West said Wednesday.

AT&T exclusively will offer the Harman Spark connected car device starting this week at $79.99 under a variety of rate plans. Under a limited-time offer, those who buy a Samsung Galaxy S9, S9+ or Note9 smartphone can get a Spark for $29.99, the carrier said. The Spark works on cars 1996 and newer to deliver connectivity features including emergency crash assistance, roadside assistance manager, geofencing and a Wi-Fi hot spot.

The White House is exploring antitrust action to prevent political bias on online platforms, said a draft executive order reportedly circulated over the weekend. By using search and social media, consumers count on platforms to provide “reliable information to shape a host of decisions ranging from consumer purchases to votes in elections,” the order said. Antitrust enforcers should use their authority to “promote competition and ensure that no online platform exercises market power in a way that harms consumers, including through the exercise of bias,” it said. President Donald Trump recently attacked Google, Facebook and other online platforms for alleged conservative bias. DOJ officials are expected to meet with state attorneys general Tuesday to discuss big tech competition concerns (see 1809210047). The White House didn’t comment.

California Attorney General Xavier Becerra (D) is planning on DOJ holding its Tuesday meeting in Washington, D.C., to discuss tech industry issues (see 1809140033 and 1809110041), an official said Friday, despite a report Justice was considering delaying the event. DOJ didn’t comment. A spokesperson for Iowa AG Tom Miller (D), who declined to attend, said her understanding was that the National Association of Attorneys General proposed Justice reschedule the meeting to coincide with an NAAG event Nov. 27-29 in Charleston, South Carolina, but DOJ rejected the idea. An NAAG spokesperson directed questions to individual AG offices. Iowa cited a scheduling conflict and “the lack of an agenda” in declining DOJ’s invite. “We’d be interested in a substantive, bipartisan discussion in which all states were invited,” the spokesperson said. Seven offices for various states AGs told us they are either interested in or will attend Tuesday's meeting. Seven other offices told us they aren’t attending. Justice sent invites to at least 24 AGs. We’ve contacted all 50 state law enforcements chiefs multiple times. Law enforcement chiefs in Texas (R), Louisiana (R) and California (D) said they plan to attend, though they didn't confirm if they are sending the AG or representatives. A spokesperson for Arizona' Mark Brnovich (R) said he's unable to attend, but the office will send staff. Offices in Nebraska (R), Washington (D) and Wisconsin (R) said they were invited. Law enforcement chiefs in Ohio (R), North Dakota (R), Arkansas (R) and North Carolina (D) said they won’t attend due to scheduling conflicts. Democrats in New York and Massachusetts said they aren’t interested. Ten offices told us there weren't invited: Colorado (R), Connecticut (D), Delaware (D), Hawaii (D), Iowa (D), New Hampshire (R), Ohio (R), Oklahoma (R), Oregon (D) and Rhode Island (D). The office for Tennessee's Herbert Slatery (R) directed questions to DOJ. Justice’s inquiry into tech company bias is “misguided,” several groups wrote the department Friday. TechFreedom, Engine Advocacy and Information Technology and Innovation Foundation were among those expressing skepticism the DOJ inquiry will produce any legal action, since the First Amendment bars government from attempting to correct political bias, including through antitrust.

App developers may share Gmail user data with third parties as long as they are transparent and adhere to Google privacy policies. Vice President-Public Policy and Government Affairs Susan Molinari disclosed those details in response to questions from GOP Sens. John Thune, S.D.; Roger Wicker, Miss.; and Jerry Moran, Kan. (see 1807100060). If Google allows third-party sharing, the lawmakers asked what action Google has taken to recover the data. Preventing abuse before it happens is the goal, Molinari said: “When we detect anomalous behavior, we investigate. And when we suspend apps, we warn users to remove the apps’ access to their data.” Developers must obtain consent from the user and offer a privacy policy explaining how the data will be used, Molinari said. Those developers are subject to Google’s user data policy and application programming interface terms of service. “Our verification process … reviews the privacy policy and works to ensure that developers’ requests for access to user data make sense in light of those disclosures,” Molinari wrote. “We make the privacy policy easily accessible to users to review before deciding whether to grant access.”