NTIA's recommendations on botnets and other automated threat issues focus almost “exclusively” on domestic threats, despite NTIA’s acknowledgement that “effective action against botnets requires greater international coordination,” said NCTA in comments on NTIA's draft interagency report to the president (see 1801110006). The comments were released last week. The Information Technology Industry Council suggested that to achieve progress on the draft report’s action items, coordination will be needed with various stakeholders, including: NTIA, the National Institute of Standards and Technology, the Department of Homeland Security and other U.S. stakeholders; small, medium and large private sector entities; and international private and public sector partners. CTA wrote that the report takes a “promising, but still somewhat dour view of existing” security tools. “CTA continues to urge caution with respect to regulatory approaches generally, as they usually tend toward static, prescriptive compliance regimes that inhibit security innovation over time,” the group wrote. The Computer & Communications Industry Association said the “chief educational burden” for policymakers, regulators and cybersecurity professionals is a better understanding of the “things” that make up IoT. The Internet Society suggested government collaborate with stakeholders in clarifying how current liability and consumer protection regulations apply to IoT. “Without clear up-front liability, users are often the ones who pay the price for poor IoT security,” the group wrote, saying liability and consumer protection laws can be a strong incentive for investing in security. Samsung echoed those comments, agreeing with the draft report’s call for the federal government to “lead by example and create market incentives for IoT product vendors to adopt” more secure products. The company recommended Congress and the administration avoid duplicating efforts, such as NIST’s Cybersecurity for IoT Program. The U.S. Chamber of Commerce wrote more dialogue is needed on “so-called market incentives,” saying regulation would “stunt security and innovation, including deployment of IoT.”

Adding government access to data weakens the security of encrypted products and services, but absence of access hampers official investigations, said a report issued Thursday by the National Academies of Sciences, Engineering and Medicine. It was meant to inform policymakers and the technical community when deciding government authorization to access encrypted data, NASEM said in a release. The report results from an 18-month effort from a group that includes law enforcement, computer science, civil liberties, law and other disciplines, it said. “Our hope is that this report and the framework it presents will cut through the rhetoric, inform decision-makers, and help enable an open, frank conversation about the best path forward,” said Fred Cate, a law professor at Indiana University and chair of the committee that wrote the report, in a statement. NASEM said the framework can be applied to regulatory requirements for when “a manufacturer has to ensure lawful access to their products”; funding decisions to support government access; and other details. The report lists several challenges for lawmakers in the debate, including incomplete information about encryption’s impact on investigations and limits in measuring security risks. BSA Senior Director-Policy Tommy Ross called the report “one of the most important analytical examinations of this issue since the debate began.”

The GAO recommended various agencies, including the Department of Homeland Security and the National Institute of Standards and Technology, consult sector partners in adopting NIST’s cybersecurity framework (see 1801190057), in a report. DHS, NIST, sector-specific agencies and others initially identified four challenges to adopting the cybersecurity framework. The agencies and groups explained that: ability may be limited in committing necessary resources for adoption; necessary knowledge and skills may be lacking; various regulatory, industry and other requirements may inhibit adoption; and other priorities may take precedence over conducting cyber-related risk management or adopting the framework. GAO recommended DOD, the departments of Energy, Health and Human Services, Transportation and Treasury, the EPA, the General Services Administration and DHS “take steps to consult with respective sector partners … to develop methods for determining the level and type of framework adoption by entities across their respective sector.” Five agencies agreed with the framework, and four others “neither agreed nor disagreed,” GAO said. NIST scheduled a 2018 Framework Workshop for Sept. 11-13. The agency is reviewing comments for Draft 2 of Framework Version 1.1.

As the Trump administration “dismantles” various consumer protections in a new era of monopolies, outgoing FTC Commissioner Terrell McSweeny called Wednesday for increased support for American consumers. McSweeny, a former domestic policy adviser to Vice President Joe Biden, lamented what she perceives as the administration’s scaling back of consumer choice on sensitive data, rolling back of net neutrality rules and freezing of programs meant to aid defrauded students with their loans. The "administration is brazenly dismantling basic consumer protections that are vital to the economic well-being of American families -- all to favor a small number of dominant companies,” she wrote in The Hill. She said a new antitrust movement is growing, “reminiscent of trust-busting during the Progressive Era or the anti-monopoly movement of the New Deal.” Anti-monopoly champions are taking aim at the political and economic powers propelling inequality and monopolization of online commerce by "tech titans," she wrote. An FTC nomination hearing Wednesday also keyed into this issue (see 1802150035).

April 18 is the deadline for comments on the National Institute of Standards and Technology draft report on IoT standardization, the agency said Wednesday. The report cites several IoT applications -- connected vehicles, consumer, health, smart buildings and smart manufacturing. It said there isn't a universal IoT description, but it has two foundational concepts: Components are connected by a network providing the potential for a many-to-many relationship, and some have sensors and actuators that let the parts interact with the physical world.

Though “meaningful” artificial intelligence deployments are just beginning, nearly half the chief information officers surveyed by Gartner “have developed plans to do so,” the researcher reported Tuesday. "Despite huge levels of interest in AI technologies, current implementations remain at quite low levels," said Gartner. "However, there is potential for strong growth as CIOs begin piloting AI programs through a combination of buy, build and outsource efforts." Early adopters “are facing many obstacles to the progress of AI in their organizations,” said the report. It cautioned CIOs against falling into the “trap” of seeking hard financial gains through AI deployments. "In general, it’s best to start AI projects with a small scope and aim for 'soft' outcomes, such as process improvements, customer satisfaction or financial benchmarking," said the report: “Expect AI projects to produce, at best, lessons that will help with subsequent, larger experiments, pilots and implementations. In some organizations, a financial target will be a requirement to start the project.”

BSA I The Software Alliance suggested NTIA’s draft interagency report to the president on botnets and other automated threat issues (see 1801110006) should focus on developing “more sophisticated, risk-informed” policy approaches for IoT cybersecurity. Monday's comments recommended emphasis on increasing the cybersecurity workforce and supported NTIA's emphasis on security integration into software development processes and cybersecurity education for consumers. Tuesday, the agency released all such comments.

The FTC's 2018-22 plan has as goals to “protect consumers from unfair and deceptive practices,” “maintain competition to promote a marketplace free from anticompetitive mergers, business practices or public policy outcomes,” and advance agency performance through “excellence in managing resources, human capital and information technology.” Acting Chairman Maureen Ohlhausen said the strategy, required every four years, better reflects the agency’s “active role” in consumer protection, competition law enforcement, advocacy and educational efforts. The plan was released as President Donald Trump proposed a FY 2019 budget and agencies including the trade commission weighed in (see 1802120037).

Driven by video content and gaming, the virtual reality market in China is projected to grow at a 46 percent compound annual growth rate, reaching 20.5 million units by 2022, said a Monday ABI Research report. Consumers bought nearly 60 percent of VR headsets sold in China last year, it said. As competition among Chinese video streaming services heats up, VR is being used as a differentiator with video, gaming and live concert streaming content, said the report. The market research firm also sees a VR opportunity in e-commerce, it said.

Imposing more regulations on tech companies has costs and government should proceed with caution, Larry Downes, senior fellow at the Georgetown Center for Business and Public Policy, wrote in the Harvard Business Review. The drumbeat continues to break up some of the biggest tech players, or at least impose new regulations, he said. “What if, for example, artificial intelligence puts an entire generation out of work? … What if social media companies learn so much about us that they undermine -- intentionally or otherwise -- democratic institutions, creating a tyranny of ‘unregulated’ big data controlled by a few unelected young CEOs?” Downes asks. “The problem with such speculation is that it is just that. In deliberative government, legislators and regulatory agencies must weigh the often-substantial costs of proposed limits against their likely benefit, balanced against the harm of simply leaving in place the current legal status quo.”