A North Korean was charged for involvement in the 2017 WannaCry cyberattacks (see 1712190043) and other “malicious activities,” DOJ announced Thursday. It alleged Park Jin Hyok was involved with North Korean government-sponsored campaigns including the $81 million theft from Bangladesh Bank in 2016 and a Sony Pictures Entertainment attack in 2014. Park was charged with “one count of conspiracy to commit computer fraud and abuse, which carries a maximum sentence of five years in prison, and one count of conspiracy to commit wire fraud, which carries a maximum sentence of 20 years,” Justice said. Senate Intelligence Committee ranking member Mark Warner, D-Va., called the indictment "the result of years of hard work” and “an important step in making clear to our adversaries that these kinds of criminal activities are unacceptable.” A bill for combating state-sponsored cyberthreats passed the House by voice vote Wednesday. Cyber Deterrence and Response Act (HR-5576) from Rep. Ted Yoho, R-Fla., creates a three-step process for identifying, deterring and responding to state-sponsored cyberthreats. S-3378, a companion bill, awaits Senate consideration.

The Donuts top-level internet domains owner said a majority stake is being bought by private equity firm Abry Partners. "Individuals and businesses manage their digital identities in an increasingly complex world of proliferating devices, platforms and access points," said Abry Managing Partner Erik Brooks about what he called the biggest portfolio of new TLDs. Separately Wednesday, the FTC said it won't challenge the deal, which got an early termination notice. Abry also has invested in midsize cable operators including Atlantic Broadband; TV-station owner Nexstar; and radio broadcaster Citadel Communications.

The next meeting of the FCC Communications Security, Reliability and Interoperability Council VI -- its sixth -- is Sept. 28, 1-5 p.m., in the Commission Meeting Room, said a notice set for Wednesday's Federal Register.

NCTA's argument that edge providers are a bigger threat to internet openness and consumer privacy than ISPs and that the solution is market forces and FTC case-by-case enforcement (see 1808210026) was "inevitable" now that ISPs "are trying to take full advantage of the FCC walking away from broadband regulation," CCG Consulting President Doug Dawson blogged Friday. He said telecom regulation traditionally comes in cycles that can end up in either excessive regulation or excess laxness: "We are certainly hitting the bottom of a trough of a regulatory wave as regulations are being eliminated or ignored." He said customer privacy is likely the issue that reverses the deregulation trend, and called the idea that market forces will govern ISP behavior "pretty laughable." NCTA didn't comment.

A URL click shouldn't let government obtain a search warrant for a person’s home, the Electronic Frontier Foundation told the U.S. Court of Appeals for the Fourth Circuit Friday. In U.S. v. Nikolai Bosyk, prosecutors gained access to Bosyk's house after someone there clicked a link to a file-sharing service suspected of child pornography distribution. Bosyk, a 40-year-old Virginia-based repair shop owner, was sentenced to five years in prison for accessing child pornography from the Tor Network Forum. “Although it may be tempting to overlook law enforcement overreach when it comes to tracking down potential pedophiles, the ramifications for our Fourth Amendment rights are dire,” EFF Staff Attorney Aaron Mackey said.

The Agriculture Department added to its website a page highlighting the importance of rural connectivity and ways the agency is trying to promote broadband infrastructure in rural America, it said Wednesday. It said the page will feature information on agency programs putting more than $700 million a year into rural broadband connectivity, and the agency in coming months will nearly double that.

The U.K. privacy watchdog is dealing with its first general data protection regulation cases, but "it's too early to speculate on enforcement action," an Information Commissioner's Office spokesperson emailed Wednesday. The ICO started using its "powers of assessment and audit in order to begin looking at certain organisations' data protection practices." French data protection agency CNIL (Commission Nationale de l'Informatique et des Libertes) said it hasn't yet issued fines based on the GDPR. With the regulation having taken effect May 25 (see 1805230001), "the complaints brought before the CNIL in relation to the GDPR are currently in a trial phase and we do not yet know when the CNIL will deliver its decisions," a spokesperson emailed. No enforcement issues have arrived at the European Data Protection Board, a spokeswoman told us. The EDPB is involved only if there's a cross-border dimension that requires national supervisory authorities to work together to ensure the GDPR is consistently applied, she said. Under that mechanism, the board issues opinions or, if there's a dispute between national data protection authorities, binding decisions to arbitrate. "It's the calm before the storm," emailed Hogan Lovells (London) data protection attorney Eduardo Ustaran.

The FTC cleared the way for Cisco to buy Duo Security, said an early termination notice dated Friday and released Monday. That ends the $2.4 billion deal's (see 1808020041) Hart-Scott-Rodino waiting period.

Google Search is suppressing conservative sources of information and favoring negative news about the administration, President Donald Trump said in a series of tweets Tuesday. “[T]hey have it RIGGED, for me & others, so that almost all stories & news is BAD. Fake CNN is prominent. Republican/Conservative & Fair Media is shut out. Illegal?” Google denied Trump’s assertion. “Search is not used to set a political agenda and we don't bias our results toward any political ideology,” a spokesperson emailed. “Every year, we issue hundreds of improvements to our algorithms to ensure they surface high-quality content in response to users' queries. We continually work to improve Google Search and we never rank search results to manipulate political sentiment.”

Four percent of state government websites passed recent security tests for HTTPS and Domain Name System Security, the Information Technology and Innovation Foundation reported Monday. HTTPS and DNSSEC are a set of protocols to verify authenticity of IP addresses associated with particular domain names. Reviewing 400 state government websites, ITIF found 99 percent failed “at least one important measure of performance for page-load speed, mobile-friendliness, security and accessibility.”