The U.K. privacy watchdog is dealing with its first general data protection regulation cases, but "it's too early to speculate on enforcement action," an Information Commissioner's Office spokesperson emailed Wednesday. The ICO started using its "powers of assessment and audit in order to begin looking at certain organisations' data protection practices." French data protection agency CNIL (Commission Nationale de l'Informatique et des Libertes) said it hasn't yet issued fines based on the GDPR. With the regulation having taken effect May 25 (see 1805230001), "the complaints brought before the CNIL in relation to the GDPR are currently in a trial phase and we do not yet know when the CNIL will deliver its decisions," a spokesperson emailed. No enforcement issues have arrived at the European Data Protection Board, a spokeswoman told us. The EDPB is involved only if there's a cross-border dimension that requires national supervisory authorities to work together to ensure the GDPR is consistently applied, she said. Under that mechanism, the board issues opinions or, if there's a dispute between national data protection authorities, binding decisions to arbitrate. "It's the calm before the storm," emailed Hogan Lovells (London) data protection attorney Eduardo Ustaran.

The FTC cleared the way for Cisco to buy Duo Security, said an early termination notice dated Friday and released Monday. That ends the $2.4 billion deal's (see 1808020041) Hart-Scott-Rodino waiting period.

Google Search is suppressing conservative sources of information and favoring negative news about the administration, President Donald Trump said in a series of tweets Tuesday. “[T]hey have it RIGGED, for me & others, so that almost all stories & news is BAD. Fake CNN is prominent. Republican/Conservative & Fair Media is shut out. Illegal?” Google denied Trump’s assertion. “Search is not used to set a political agenda and we don't bias our results toward any political ideology,” a spokesperson emailed. “Every year, we issue hundreds of improvements to our algorithms to ensure they surface high-quality content in response to users' queries. We continually work to improve Google Search and we never rank search results to manipulate political sentiment.”

Four percent of state government websites passed recent security tests for HTTPS and Domain Name System Security, the Information Technology and Innovation Foundation reported Monday. HTTPS and DNSSEC are a set of protocols to verify authenticity of IP addresses associated with particular domain names. Reviewing 400 state government websites, ITIF found 99 percent failed “at least one important measure of performance for page-load speed, mobile-friendliness, security and accessibility.”

The Hart-Scott-Rodino waiting period for Broadcom’s $18.9 billion buy of software company CA Technologies ended, Broadcom announced Friday. The transaction is expected to close in Q4 2018.

The FTC will kick off hearings on consumer protection and competition (see 1808210026) Sept. 13-14 at Georgetown University Law Center, the agency announced Friday. Chairman Joe Simons will deliver opening remarks, followed by two days of discussion from topic experts. Panels will discuss competition and consumer protection law and policy; concentration of power in the U.S. economy; consumer data regulation; antitrust law’s consumer welfare standard; and vertical merger analysis. The commission scheduled additional hearings Sept. 21 at the FTC Constitution Center; Oct. 15-17 at George Mason University Antonin Scalia Law School; Oct. 23-24 at FTC Constitution Center; Nov. 6-7 at American University Washington College of Law; and Nov. 13-14 at Howard University School of Law. The Sept. 21 hearing covers antitrust law, mergers and monopsony power. The Oct. 15-17 event is on collusive, exclusionary and predatory conduct by tech platforms, acquisition evaluation; and antitrust analysis of labor markets. The Oct. 23-24 agenda includes innovation and intellectual property policy. The Nov. 6-7 event is on privacy, big data and competition. The Nov. 13-14 hearing concerns algorithms, artificial intelligence and predictive analysis.

ICANN, which plans to change the domain name system (DNS) cryptographic keys, published a guide (available here) to tell users what to expect. The changing of the keys, known as the "Root Key Signing Key (Root KSK)" is scheduled for Oct. 11, pending approval by the ICANN board, the organization blogged. The DNS was signed with Domain Name System Security Extensions (DNSSEC) in 2010 and has two kinds of keys: zone-signing keys (ZSKs) that sign the main data in the root zone and key-signing keys that sign only the root key sets in the root zone, the guide said. The rollover occurs when the Root KSK is changed and the new KSK starts signing the root key set for the zone, the guide said. The new KSK is KSK-2017; all validating resolvers, which are configured with a set of trust anchors -- copies of the keys or key identifiers that match the root KSK -- will have to add KSK-2017 to their trust anchor configuration. Most resolvers either did that manually when KSK-2017 was created and published or had the change made for them by their software vendor, ICANN said. Some resolver operators, however, didn't update their configuration and are unprepared for the rollover because they're still using KSK-2010 as a trust anchor. When rollover occurs, those operators will have no valid trust anchors, and will start to fail to validate the answers they get from authoritative DNS servers. (Authoritative name servers are defined as a network of hundreds of servers in many countries that are configured in the DNS root zone as 13 named authorities). When such failures happen "is not predictable," the guide noted. Failure starts when the ZSK can't be validated, it said. Whenever a validating resolver gets a response from an authoritative name server, it checks the signature and saves the validation status of the signature on each name in its cache. For example, ICANN said, validating the signature on a name such as "www.example.com" means resolvers must validate the signatures on the root, on ".com," on "example.com" and on "www.example.com." At some point within 48 hours after the change, DNS queries from some users -- either individuals or automated systems -- will begin to fail, which could mean a web page becoming unavailable or the inability to receive new email, ICANN said. The failures will then "cascade until no program is able to show new information from the Internet." Once operators discover that their resolvers' DNSSEC validation is failing, they should change their resolver configuration to temporarily disable DNSSEC validation, which should fix the problem immediately, the guide said. Data analysis "suggests that more than 99% of users whose resolvers are validating will be unaffected by the KSK rollover," ICANN said.

Nearly 500 pages of redacted FTC documents about the handling of Consumer Protection Bureau Director Andrew Smith’s potential conflicts of interest (see 1807190040) drew the ire of Public Citizen Friday. The documents obtained through a Freedom of Information Act request from Public Citizen were almost all “wholly or partially redacted,” Civil Justice and Consumer Rights Counsel Remington Gregg said, saying he has seen documents with national security implications that had fewer redactions: “Rather than release the documents that would show just how he will remove himself from real or perceived conflicts of interests when these companies are investigated by the agency, the FTC has chosen instead to send a mix of documents that quite literally say nothing.” The FTC didn’t comment.

Consumers are “conflicted” as they weigh artificial intelligence, excited about innovations in self-driving and robotics, fearful of the “misuse of personal data,” reported Elicit Thursday. The consulting firm canvassed a nationally representative sample of nearly 700 adults in the spring and found they are divided in “general level of comfort with AI,” it said. A third worry AI “won't stay focused on mundane tasks and leave the real thinking to humans.” Consumers “have a healthy skepticism about what companies will do with AI,” it said. Seven of 10 said they think some companies “will go too far” with AI, it said.

Consumers are “torn” on the role emerging technologies will play in their lives, with equal proportions expressing the thought that future technologies “will create as many new problems as they do solutions,” Intel reported Wednesday. It canvassed 1,000 consumers online May 9-20, with 102 identifying as “tech elites,” 25 and older with at least a college education, household income of $100,000 and higher and a tendency to follow tech news. Fifty-seven percent of consumers and 88 percent of elites agreed that they “generally feel excited about emerging technologies,” said Intel. Sixty-one percent of elites agreed that “I pride myself in having the latest technology,” compared with 21 percent of consumers. People generally “express the most excitement toward familiar, established technologies such as computers and smartphones,” the chipmaker found: In 50 years, they “expect these same technologies to be the most important, along with smart home technology.”