TaxSlayer settled FTC allegations hackers gained access to nearly 9,000 accounts for part of 2015, allowing them to file fraudulent tax returns, said a Tuesday agency news release. Commissioners voted 2-0 and comments are due Sept. 29. The FTC said TaxSlayer violated Gramm-Leach-Bliley Act rules requiring financial institutions to protect customer data and deliver privacy notices to customers. The company failed to implement adequate authentication measures and didn't require customers to choose strong passwords, said the commission. It mustn't violate those rules for 20 years. A TaxSlayer spokeswoman said the company, among others, "was the object of a list validation attack" that targeted less than 1 percent of its users. The company "self-reported the attack to the IRS and took immediate remediation efforts that have become standardized in response to such attacks," she said. TaxSlayer has increased security measures, imposed stricter authentication and is a participant in the IRS's Security Summit that develops industry protections for taxpayer information, she added.

A federal court found Terrason Spinks and his Jet Processing liable for more than $280 million in an internet scam the FTC alleged made millions by "luring" customers into paying for government grant and money-making schemes and memberships they never enrolled in, said an agency Tuesday news release. The District Court for the District of Nevada ruled Aug. 18 after a bench trial, with the order released Thursday. The FTC said nine other individuals and dozens of corporations previously settled in the case that dates to 2010 when the commission lodged the complaints. Spinks and his company are banned from selling grant and money-making products, the release said. Contact information for the defendants couldn't be found.

Reversing a policy instituted in November, Uber will again give riders the option of whether to allow the company to track their location data after they're dropped off, which drew praise from Senate Privacy, Technology and the Law Subcommittee ranking member Al Franken, D-Minn., who criticized the practice (see 1612210039). An Uber spokeswoman said Tuesday riders told the company last year's policy change, which sought to improve user experience, "missed the mark." She said Uber is trying to "make things right" with the reversal. Post-trip collection is suspended for iOS and Android systems, and the new settings will appear in the next few weeks for iOS users, which gives them three options: always have Uber collect location information, do so only while using the app or disable location services altogether. Franken urged the company in December to rethink its policy. He now said Americans have a basic privacy right and "deserve a meaningful opportunity to decide for themselves the fate of their personal data." Two weeks ago, the company settled with the FTC over privacy and security allegations (see 1708150010).

Consumers who bought tech support products and services April 2012-November 2014 through an alleged tech support scheme have until Oct. 27 to submit a request for a partial refund, said an FTC Monday news release. Last year, Florida-based Inbound Call Experts paid $10 million to settle FTC allegations the firm deceived hundreds of thousands of consumers (see 1612220024).

Customs and Border Protection is starting a Commercial Customs Operations Advisory Committee Emerging Technologies Working Group that will examine the technology underpinning virtual currencies, acting CBP Commissioner Kevin McAleenan said during a COAC meeting last week in San Diego. "Initially, one of the things that this working group will tackle is the emerging field of blockchain and how that applies to global supply chains," he said. It's a "technology that we think could be very promising for harmonizing key aspects of the global supply chain as we move goods across multiple borders."

The First Amendment constrains what government can do to limit free speech, but it doesn't put any such restrictions on companies like GoDaddy, Google and Twitter that refused to host the neo-Nazi website Daily Stormer (see 1708180005, 1708150001 and 1708140044) or share advertising revenue with "hateful videos" after the Charlottesville, Virginia, protests, blogged American Enterprise Institute visiting fellow Daniel Lyons Friday. "And this is exactly as it should be," he wrote. "Absent some contractual provision to the contrary, companies should not be compelled to carry speech with which they disagree." Others said such actions have "somewhat disrupted the net neutrality narrative," said Lyons. But Section 230 of the Communications Decency Act not only shields service providers and ISPs from content written by others, it also protects the providers if they restrict access to material they find offensive, he added.

Consumer Watchdog filed petitions with state attorneys general asking them to investigate Amazon for allegedly engaging in deceptive pricing after the company received FTC approval to buy Whole Foods for nearly $14 billion (see 1708230064), said a Thursday news release. CW had asked the commission and DOJ to block the deal (see 1707070048). The group's Privacy Project Director John Simpson said the FTC has a "pattern of leaving high-profile enforcement action to others," citing the EU's antitrust case against Google. The group sent petitions to Colorado, Illinois, Iowa, Maine, Maryland, Massachusetts, New Jersey, New York, Pennsylvania, Virginia and Washington. Rep. Ro Khanna, D-Calif., told a media outlet the FTC's decision was "disappointing" and antitrust policy should reflect more than just impact on price. Amazon and the FTC didn't immediately comment.

The FTC won't pursue an investigation into Amazon.com's acquisition of Whole Foods Market (see 1707070048), said Bruce Hoffman, acting director-Bureau of Competition, in a Wednesday news release. He said the commission did an investigation to determine whether competition would be affected under Section 7 of the Clayton Act or "constituted an unfair method of competition under Section 5 of the FTC Act. Based on our investigation we have decided not to pursue this matter further.” Amazon and Whole Foods didn't comment.

A three-judge 9th U.S. Circuit Court of Appeals panel upheld a district court decision to approve an $8.5 million cy pres-only settlement in a class-action lawsuit against Google, which plaintiffs alleged violated their privacy by revealing their personal search engine terms. Attorney Ted Frank, of the Competitive Enterprise Institute (CEP), representing several objectors to the settlement, said he plans to appeal the decision. Judge Margaret McKeown, who wrote the Tuesday opinion (in Pacer) and was joined by Judges Jay Bybee and, in part, Clifford Wallace, said the District Court for the Northern District of California "did not abuse its discretion" in approving the settlement, to which Google agreed in exchange for a release of the claims of about 129 million people who used the search engine from 2006 to 2014. Several plaintiffs seeking class-action status sued Google in 2010, saying the company operated its search engine in a manner that violated the Stored Communications Act (SCA) and state law by disclosing users' personal information such as search terms to third parties, said a 2015 brief filed by plaintiffs who objected to the settlement. Eventually, the parties settled and the district court certified the class for settlement with final approval in 2015. Of the funds, $3.2 million were earmarked for attorneys' fees and $5.3 million for cy pres recipients: AARP; the Berkman Center for Internet & Society at Harvard University; Carnegie Mellon University; the Illinois Institute of Technology Chicago-Kent College of Law Center for Information, Society and Policy; the Stanford Center for Internet and Society; and the World Privacy Forum. They agreed to use the funds for public awareness and education and/or R&D on internet privacy. But plaintiffs against the settlement, led by CEP's Frank, said the $8.5 million was enough to fund a claims process or lottery distribution to class members and "improperly favored the third-party charities," said the 2015 brief. It also said the cy pres recipients were "tainted" since they had pre-existing relationships with class counsel and Google, which has donated money to some of those organizations. McKeown in her decision said the district court "appropriately" found the cy pres recipients could address the SCA objectives and advance interests of the plaintiffs and three organizations that disclosed past funding by Google, with some even challenging company policies in the past. She also rejected any problem with any link between the cy pres recipients and class counsel. Partially dissenting, Wallace took issue that nearly half the settlement was being donated to the alma maters of class counsel. Frank said he will "petition for rehearing and rehearing en banc on or before September 5." A Google spokesperson said it was pleased with the decision.

Web hosting company DreamHost will face DOJ in District of Columbia Superior Court Thursday over the government's demand for information on protesters in a criminal investigation of the Jan. 20 protests. Justice initially sought information about 1.3 million IP addresses that visited disruptj20.org (see 1708140063) but said in a Tuesday filing it has "no interest" in those records. "What the government did not know when it obtained the Warrant -- what it could not have reasonably known -- was the extent of visitor data maintained by DreamHost that extends beyond the government's singular locus in this case," the filing said. DOJ said it modified its warrant to minimize information collected. It said it tried to talk to DreamHost but "those attempts have proven unproductive" since the company says the warrant is improper. DOJ's move to narrow the scope of data sought is a "huge win" for privacy, blogged the company, saying much of the original demand for information is in place and that's "problematic." Justice said it still wants DreamHost to provide records for the account in question, such as subscribers' names, addresses, email addresses, phone numbers and means of payment. The department said a small group of individuals used the site to publicly spread information but also privately communicate among a small group "whose intent included planned violence." It said the investigation resulted in 19 guilty pleas and nearly 200 pending criminal cases. DOJ said the warrant won't be used to identify political dissidents.