Fifty-two percent of more than 1,000 consumer-facing websites analyzed for their privacy and security practices qualified for the Online Trust Alliance's honor roll, a 5 percent improvement from last year, said an OTA news release Tuesday outlining its ninth annual audit. OTA, which began operating May 1 as an initiative of the Internet Society, said most websites in the consumer services category qualified for the honor roll (76 percent), followed by internet retailers (48 percent), news and media (48 percent), ISPs and email providers (46 percent), government (39 percent) and banks (27 percent). Among the top 50 sites praised are: Airbnb, Fitbit, the FCC, several Alphabet/Google sites including Gmail and YouTube, Instagram, Microsoft Outlook, Snapchat and Twitter. OTA analyzed websites between mid-April and end of May. Internet Society Chief Internet Technology Officer Olaf Kolkman said there has been an increase in sites using end-to-end encryption, showing it's becoming the "norm for site traffic."

Manufacturers should give consumers "clear information about whether, how, for how long, and at what cost their IoT devices will receive security support," the FTC commented on NTIA's multistakeholder initiative on security patching for such devices (see 1610190051). A Monday news release said commissioner voted 2-0 to file the comment in response to an NTIA working group draft document outlining how companies can better inform consumers about IoT security updates. The FTC said companies should, before selling an IoT device: say whether the device can receive security updates, how it receives those updates and when security support will end. On the last point, the commission said manufacturers should provide "a minimum security support period," for "clear, concrete information" compared with an "anticipated timeline" that could be misconstrued as a guarantee. The commission said manufacturers should give a date for starting and ending support. Plus, companies should disclose "key use limitations" before consumers buy a "smart" device so they know it will stop working or become vulnerable when security support ends, said the FTC. It recommended companies adopt a uniform security notification method and give consumers a way to sign up for real-time notifications. The commission said the working group shouldn't require manufacturers to explain how they evaluate, verify or test updates to consumers because those elements may impose "significant communication costs" to industry while providing little to no consumer benefit.

Without encrypting data, nearly 6 billion records may be exposed in security breaches resulting in nearly $220 billion in damages by 2020, the Internet Association said Thursday in a news release on research about the role of encryption. "This research contributes even more evidence to the consensus that encryption is a necessary part of keeping our country safe. Mandatory security vulnerabilities or encryption back doors do not make us safer," said IA President Michael Beckerman. IA said security breaches are potentially increasing at "exponential rates" and "unencrypted data is now a threat to every industry and internet user." The research also cited state-sponsored cybercrime, especially from China, as a threat to U.S. companies. It said Chinese industries use hacking rather than R&D to copy American IP.

The number of records stolen via data breaches in 2016 globally rose nearly 54 percent compared with the prior year, said India-based technology company Wipro, which released its first cybersecurity report Thursday. The report was based on interviews with chief information security officer teams in 139 organizations across various sectors and in 11 countries in Asia, Europe, Middle East and North America. In a news release on the report, Wipro said user credentials were stolen in 56 percent of the breaches, meaning more damage could be perpetrated. It said 56 percent of all malware attacks last year were a result of Trojans, viruses accounted for 19 percent, and worms were 20 percent. It said IoT devices with low memory and processing footprint have "very little security capabilities" such as patching and are "easy prey" for hackers.

Global spending on IoT deployments is expected to grow 16.7 percent year over year in 2017, reaching just over $800 billion, IDC said in a Wednesday report. By 2021, global IoT spending is expected to total nearly $1.4 trillion “as organizations continue to invest in the hardware, software, services, and connectivity that enable the IoT,” IDC said. "The discussion about IoT has shifted away from the number of devices connected," it said. "The true value of IoT is being realized when the software and services come together to enable the capture, interpretation, and action on data produced by IoT endpoints.” Hardware will be the largest spending category until the last year of the five-year forecast, when the faster-growing services category will overtake it, IDC said.

Some of the 18 previously secret opinions from the Foreign Intelligence Surveillance Court (FISC) acquired by the Electronic Frontier Foundation show the intelligence community "overstepped" restrictions in the Section 702 of the Foreign Intelligence Surveillance Act (FISA), blogged EFF senior staff attorney Mark Rumold Wednesday. Rumold said the opinions were sent by DOJ Tuesday night as a result of EFF's lawsuit last year. He said three opinions indicate the program -- which allows intelligence agencies to target and collect internet and phone communications of suspected foreign terrorists abroad -- needs reform. "The opinions show that, almost from the outset of the law in 2008, the intelligence community has overstepped the court-imposed legal restrictions on the operation of the surveillance." Rumold said the documents show intelligence agencies overstepping authority, getting reprimanded by FISC, yet being allowed to continue. He also said two opinions show a service provider challenging the legality of a 702 directive in 2014 "as well as the government's refusal to provide it access to other FISC opinions cited in the government's legal briefs." The court ultimately upheld 702, which will expire by Dec. 31 unless reauthorized, and ordered the provider to comply, he added. Neither DOJ nor NSA commented.

The enterprise wearable camera market is projected to approach 24 million shipments in 2022, with privacy and data protection concerns rising accordingly, ABI Research reported Tuesday. Publicity about massive data leaks heightened public concern over the security of wearable camera recordings, said analyst Stephanie Lawrence. Some platforms have authentication, password and data encryption mechanisms that ensure only authorized personnel have access to the data, the report said, and others automatically blur out faces and possessions of innocent bystanders.

NTIA seeks comment by July 13 on actions that could help address automated and distributed threats to the digital ecosystem (see 1706090008) as part of executive order 13800 (the Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure), said the agency in Tuesday's Federal Register.

The rise in ride-sharing doesn’t necessarily bode poorly for future vehicle purchase intentions of current vehicle owners, Strategy Analytics reported Monday. Ride-sharing usage increases the likelihood current vehicle owners will buy another in the next five years, SA said. “Ridesharing fills a niche that is convenient but will not supplant their personal vehicle.” Millennials with no children who use ride-sharing services at least once a week are less likely to buy another vehicle in the next five years than parents as a whole, the researcher said.

Reports that Best Buy will team with Lumoid to offer a “try before you buy” rental service are “generally accurate,” except for the product categories the service will cover, spokeswoman Paula Baldwin emailed us Monday. Contrary to the reports, “drones will not be available for rental -- but health & fitness, digital imaging and smart home devices will be,” Baldwin said. The service will launch later this month at BestBuy.com, Baldwin said. “It is a not an in-store offering,” she said: “When customers visit bestbuy.com, they’ll be able to use Lumoid to try out products” in the selected categories “for a period of time (usually about a week),” she said.