Despite more awareness of cybersecurity risks, only 37 percent of people use identity theft services and 28 percent have no plans to sign up, said a McAfee survey released Tuesday. McAfee surveyed 6,400 people globally, finding 61 percent are more worried about data security than five years ago. Thirty-three percent rank protecting identity as their No. 1 cybersecurity priority ahead of protecting privacy, connected devices, data and connected home devices.

Intel is "aware" of new security analysis revealing some software inspection methods pose security risks, it said in a Wednesday statement. The software analysis "when used for malicious purposes" has potential to improperly gather sensitive data from computing devices that are operating as designed. Intel said it believes these exploits lack potential to corrupt, modify or delete data, and it's working with other systems operators to develop an industrywide approach to resolve this issue "promptly and constructively."

The U.S. economy could benefit significantly from stronger intellectual property protections, blogged Free State Foundation researcher Michael Horney, citing a 2017 Frontier Economics report that estimated a one percentage point reduction in piracy would add up to $54 billion in economic activity for Organisation for Economic Cooperation and Development countries. IP theft hurts job creation and economic growth because it discourages artists and innovators from creating new products and services, Horney wrote, urging a stronger U.S. focus to encourage innovation and economic activity.

U.S. cybersecurity policy isn't yet equipped to meet the “immense” challenge of protecting valuable data, though there has been progress, blogged Internet Security Alliance President Larry Clinton Tuesday. Clinton praised work to improve the National Institute of Standards and Technology’s cybersecurity framework, which is headed for another update this spring. He also said corporate boards now rank cybersecurity among their top challenges, whereas a few years ago it was less of a priority. But nation-state attacks (see 1801020027) that have evolved beyond espionage to “straight out cyber crime" make it seem “no one is safe" and may soon “pose serious risk to critical infrastructure,” he said. Policymakers have yet to develop an approach that focuses on the entire cybersecurity system instead of “incremental assets," he said, and is complicated by a system that looks for scapegoats after major cyber breaches rather than developing systemic solutions. “We are all on the same side. We need to act like it,” Clinton said. In historic security models, each entity was expected to secure itself. But the internet demands a different, integrated response that's developed through a “conscious partnership” like the one NIST used to create the framework, he said.

The FTC gave final approval to a settlement with Lenovo over complaints that preinstalled software compromised security protections in order to deliver ads to consumers, the agency announced Tuesday. Commissioners voted 2-0 to approve the 20-year consent decree reached in September (see 1709050020), settling charges brought by the FTC and 32 states that Lenovo's preinstalled software program, Visual Discovery, created serious security vulnerabilities on laptops sold in the U.S. Lenovo agreed to no longer misrepresent any features of preloaded software “that will inject advertising into consumers’ Internet browsing sessions or transmit sensitive consumer information to third parties,” the FTC said. If the company does install such software, the FTC order requires Lenovo to obtain consumers’ affirmative consent before the software runs on laptops. The company is required for 20 years to implement a comprehensive software security program that will be subject to third-party audits “for most consumer software preloaded on its laptops,” the FTC said. Lenovo said the FTC informed the company of the final settlement, "which now brings this matter to a close,” a spokeswoman said.

The number of nation-state cyberattacks will grow in 2018 and will demand collective action among global governments to fend off bad actors, Microsoft President Brad Smith said in a report released Tuesday, co-authored by Carol Ann Browne, director-executive communications. Recent WannaCry and Not-Petya attacks were “akin to military assaults” that demand a “new generation of arms control discussions to address them,” the executives wrote. Microsoft praised the White House for joining with other countries publicly blaming North Korea for WannaCry (see 1712190043) as a “step in the right direction towards addressing growing nation-state cyberattacks.” Global technology leaders should adopt a cybersecurity tech sector accord to enable tech companies to act as “internet first responders,” the report said: “Look for progress over the next six months.” Microsoft also hopes governments will clarify international law in the digital space, an issue of particular significance as the company prepares for oral argument Feb. 27 in the U.S. v. Microsoft case (see 1710160009) on warrants issued for data stored overseas. The case has significant international implications as companies increasingly store data overseas so it’s closer to customers, Microsoft said. “Rather than rely on or improve existing treaties to obtain information located in other countries, the DOJ prefers to exercise jurisdiction over cloud service providers and compel them unilaterally to fetch emails in other countries and bring them to the U.S.,” the report said, arguing the government is trying to “stretch the statute in ways that Congress didn’t anticipate.” Microsoft holds out some hope that DOJ and the tech sector could craft a “late compromise” for new legislation that would “bring agreement on a more modern and international approach.” Barring that, the Supreme Court will need to decide by June on the basis of a law “not written with the 21st century in mind,” the report said. Microsoft flagged privacy and surveillance as related priority 2018 issues, citing the May 25 implementation of the European Union’s General Data Protection Regulation, which will add new requirements for companies that store personal information of European consumers no matter where the company is located. It will be up to the tech sector largely to manage the new requirements, which are still subject to “continuing deliberations” that will continue through 2018 and beyond, the report said. Net neutrality also made Microsoft's top 10 list, with the company praising ISP pledges to avoid discrimination in the absence of binding net neutrality rules. If those promises prove false, it could be the impetus for Congress to create "lasting and bipartisan" regulation that has "so far proved elusive," Microsoft said.

“This will change your mind,” reads a Thursday email blast offering a one-month free trial subscription to DirecTV Now’s $35 monthly bottom-tier, 60-channel “Live a Little” content package. Consumers who act on the offer through Jan. 1 by entering a “unique” promo code will have their accounts auto-billed for $35 a month after the free trial lapses, unless canceled, said the email.

Google agreed to extend the commitments it made to the FTC in 2012 to resolve a years-long antitrust investigation, including continuing to allow third-party search engines to access its AdWords application programming interface. The agreement, which the FTC announced in early 2013, expired Wednesday (see 1301040038). The extension came amid increasing criticism and scrutiny in the U.S. and the EU of major tech sector firms' practices. “We believe that these policies provide continued flexibility for developers and websites, and we will continue them as policies after the commitments expire,” said Google Senior Competition Counsel Michael Lawrence in a letter published Wednesday. The voluntary extension also means Google agreed to continue to abide by a pledge to stop “scraping” its rivals' content. Yelp Vice President-Public Policy Luther Lowe tweeted that the company provided “hard evidence to the FTC” in September “that Google was violating its 2012 promises 500k times per hour.” Google didn't immediately comment. "As soon as we learned of Yelp's claim we took immediate steps to look at and address any issue, as we would have had they come to us directly," a Google spokesman said. "We continue to stand by our commitments to the FTC."

Roku’s first Christmas Day as a public company had its glitches. “We are aware that some Roku users report seeing an error code 001 on the TV during the Roku activation screen,” said a Roku customer support “service interruption” bulletin posted Monday at 9:50 a.m. PST. “Try disconnecting and reconnecting the power adapter,” said the bulletin. “You should be able to continue after restart. We are working diligently to address this issue and we will update this article with any changes. You will not need to do anything, or contact support. Please just try again later. We apologize for any inconvenience this may have caused.” Less than an hour later, at 10:45 a.m. PST, customer support reported that “systems look good and all should be working normally now.” Roku is “not commenting on the specifics” of the service interruption, including whether it came under the crush of a high volume of Christmas Day activations, said spokeswoman Tricia Mifsud.

“Bit rot,” the progressive self-corruption of stored data (see 1709270048), “can manifest on any storage device, from floppy discs to hard drives,” Maureen Pennock, head of digital preservation at the British Library, told us. The library’s policy “is that content to be preserved is transferred to approved storage locations or workflows after acquisition and its bit-level integrity established so that it can be monitored thereafter,” said Pennock. The library recognized the challenges of digital preservation, and in the early 2000s “began developing our own purpose-built digital repository for long-term storage and management of our collection content,” she said. She described it as a “four-node replication system,” with copies of content and metadata packages placed in repository “nodes” located in Yorkshire, London, Wales and Scotland. The nodes undergo regular “fixity checking to ensure files have not become corrupt,” she said: “If fixity checks indicate a problem with a file on one node it can be replaced from one of the other nodes.”