Mobileye CEO and Intel Senior Vice President Amnon Shashua presented a mathematical formula said to prove the safety of autonomous vehicles, at the World Knowledge Forum in Seoul, South Korea. The companies said Shashua and colleague Shai Shalev-Shwartz developed the formula in an effort to “bring certainty to the open questions of liability and blame in the event of an accident when a vehicle has no human driver.” Mobileye’s proposed “responsibility sensitive safety” model provides what Shashua said are specific and measurable parameters for the human concepts of responsibility and caution and defines a “safe state,” where the autonomous vehicle “cannot be the cause of an accident, no matter what action is taken by other vehicles.” In his presentation, Shashua urged industry and policymakers to “collaboratively construct standards that definitively assign accident fault” when human-driven and self-driving vehicles inevitably collide. He said rules and regulations today are framed around the idea of a driver in control of the car, and new parameters are needed for autonomous vehicles. “Just like the best human drivers in the world, self-driving cars cannot avoid accidents due to actions beyond their control,” said Shashua, “but the most responsible, aware and cautious driver is very unlikely to cause an accident of his or her own fault, particularly if they had 360-degree vision and lightning-fast reaction times like autonomous vehicles will.” The model would formalize a way to ensure self-driving cars operate only within the framework defined as “safe” according to clear definitions of fault that are agreed upon across the industry and by regulators, he said.

U.S. critical infrastructure is less secure than 15 years ago, despite multiple government-industry efforts, said cybersecurity expert Joel Brenner of Massachusetts Institute of Technology, at an American Bar Association session Wednesday. "We continue to walk backwards on network security," said Brenner, who led a public-private effort to create better internet security when he was senior counsel at NSA. Brenner praised the presidential cybersecurity executive order released in May (see 1705110058), but said more needs to be done, citing his MIT report in March urging political leaders to address "deep strategic weaknesses in the architecture of critical systems." Systems operators are too focused on "short-term fixes and tactical improvements" and most new standards lack the teeth to make real change, Brenner said. Huge risks threaten the communications sector due to the size, complexity and interdependencies of network systems, the report said. Brenner backed liability protections for companies operating critical infrastructure to speed adoption of smarter technological solutions: "Most difficult cyber challenges are legal and commercial, not technological. Unless we can make changes, we will not become more secure."

Online shoppers plan to spend 70 percent more than in-store shoppers this holiday season, said NPD in a Tuesday report. Online shoppers anticipate spending an average of $793 this holiday season and those planning to shop exclusively in brick-and-mortar stores expect to spend an average of $467, said NPD. “On average, U.S. consumers anticipate doing nearly 40 percent of their 2017 holiday shopping online,” up from about a third only two years ago, it said. NPD canvassed nearly 3,800 consumers online aged 18 and older in September and found almost three-quarters plan to do at least some of their holiday shopping online this year, “with even higher likelihood among Millennials and Gen X,” it said. “Topping the list of anticipated holiday shopping destinations were online-only sites, like Amazon, Ebay, and Etsy,” noted by 66 percent of consumers canvassed in the survey, it said. Mass merchants and discount stores and their websites were the second most popular planned destination, followed by national chains and department stores, it said.

To fight theft of U.S. intellectual property the Trump administration should create a public-private partnership to coordinate counterintelligence efforts with industry, said an Information Technology & Innovation Foundation report. Government "too often" investigates security breaches after they happen instead of responding to threat indicators, which would be more useful, ITIF said.

Belgium researchers discovered a Wi-Fi security vulnerability affecting a wide range of Android and Linux users, as explained in a research paper. An attacker within range of a victim can penetrate security protocols using key reinstallation attacks (KRACKs) to steal sensitive information like passwords, credit cards and emails, and allow malware to be installed on computers. Mathy Vanhoef and Frank Piessens, researchers with imec-DistriNet Research Group, said the weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. The problem is with WPA2, a protocol that secures all modern protected Wi-Fi networks. "To prevent the attack, users must update affected products as soon as security updates become available," the researchers said. Google is "aware of the issue, and we will be patching any affected devices in the coming weeks," said a spokesman. Akamai blogged it's aware of the issue but the "bulk of our corporate wireless traffic access occurs over VPN" and is protected with encryption.

The Department of Homeland Security announced new security measures for email and websites run by federal agencies using .gov domains. Speaking at a Global Cyber Alliance meeting, DHS Assistant Secretary Jeanette Manfra said the agency is transitioning to an email security protocol DMARC (Domain-based Message Authentication, Reporting & Conformance) to prevent spammers and phishers from using federal agency email domains to conduct cyberattacks. Additional tools will heighten security in communications with the public, she said. The cross-sector group endorsed the move.

The IRS "temporarily suspended" a no-bid $7.25 million contract with Equifax "as a precautionary step" while it reviews the credit monitoring service's systems and security in light of a data breach (see 1710030034), said the agency Friday. House Commerce Committee Chairman Greg Walden, R-Ore., and House Digital Commerce Subcommittee Chairman Bob Latta, R-Ohio, said they're "pleased" the taxpayer identity verification contract was suspended but still want answers about its "timing and nature." Walden and Latta said their focus "remains on protecting consumers and getting answers for the 145 million Americans impacted by this massive breach." Other lawmakers, including Rep. Suzan DelBene, D-Wash., also inquired about the contract (see 1710110041, 1710040042 and 1710120016). The tax agency said the breach didn't compromise "the limited IRS data shared under the contract." Suspension means the agency "will be temporarily unable to create new accounts for taxpayers using Secure Access, which supports applications including online accounts and transcripts." Secure Access is the agency's identity authentication process for some online self-help tools. The agency said the contract doesn't affect current users or most services and tools.

Amazon is filling its ranks for the holiday season, announcing Thursday it's adding more than 120,000 positions in the U.S. in fulfillment and sorting centers and customer service sites. It expects to transition “thousands” of the positions to regular, full-time roles after the holidays, it said. New positions are available in 33 states.

The International Association of IT Asset Managers is urging Congress to rescind a no-bid $7.25 million IRS contract to Equifax in light of the credit monitoring service's massive data breach. “I have zero confidence that Equifax should be trusted to process information about U.S. taxpayers,” said IAITAM CEO Barbara Rembiesa. She said former Equifax CEO Richard Smith's testimony last week before congressional committees scapegoated one employee (see 1710030034, 1710040039 and 1710050045). Lawmakers including Rep Suzan DelBene, D-Wash., aren't pleased with IRS' explanation and plan to look deeper (see 1710110041 and 1710040042). Meanwhile, all Democratic members on the House Digital Commerce and Consumer Protection Subcommittee, led by ranking member Rep. Jan Schakowsky (Ill.), and the full committee's ranking member Frank Pallone (N.J.), seek more hearings on the Equifax data breach. In a Thursday letter to House Commerce Chairman Greg Walden, R-Ore., and subcommittee Chairman Bob Latta, R-Ohio, they said testimony from Smith was "an important first step ... but too many questions remain unanswered." Smith didn't provide good answers on how the breach occurred and seemed to give contradictory answers on that front, they said. He also couldn't fully explain how the company would move forward, they added. Democrats said they're seeking to advance bipartisan legislation before Dec. 15 that requires "enforceable robust data security practices, meaningful notice to consumers, and meaningful protections for victims of a breach."

Amazon refreshed the Kindle again, including some free cellular connectivity, and Audible, it said Wednesday.