Twitter is providing tools to give users more access to their information and "more granular control" over how their data is used and is also updating its privacy policy, the company blogged Wednesday. "Demographic and interest data, and advertisers that have included you in their tailored audiences" will be available, it said. Plus, personalization and data settings will give users more power over how Twitter uses their data such as opting out including for sharing with third parties. When users log in, their device will be associated with their account for authentication and personalization purposes, said Twitter. Changes to the privacy policy include expanding how it uses and stores data from other websites that integrate Twitter content like embedded tweets, the company said. Twitter also said it updated how non-personal, aggregated and device-level data is shared, including some data linked to users' names but only when they give consent in the policy.

Anti-child sex trafficking and public interest groups Wednesday reported (see 1705160078) that Google funded groups and individuals that defended Backpage.com, which has been sued by sex-trafficking victims and was the subject of a nearly two-yearlong government investigation. "Legal scholars and groups supported by Google have written letters and amicus briefs in support," reported Consumer Watchdog, DeliverFund, Faith and Freedom Coalition, The Rebecca Project and Trafficking in America Task Force. "More than half of the 42 signatories of a letter opposing a bill to tackle online child trafficking -- 22 in all -- were either directly funded by Google, or worked at institutions that were funded by the company." The groups seek to change Section 230 of the Communications Decency Act, which is designed to protect website operators from lawsuits arising out of third-party content. The report said the Center for Democracy & Technology and the Electronic Frontier Foundation defended Section 230 and benefited from Google's funding. Like other internet companies, Google has "long contributed" to organizations like CDT and EFF for their advocacy of privacy, surveillance reform and the open Internet and related issues, a company spokeswoman said. "We will continue to use our technology to combat the tragedy of child sex trafficking, will continue our significant funding of organizations that combat this crime, and maintain our zero-tolerance approach to ads for this illegal activity.” EFF has defended Section 230 "practically since the inception of our organization because it's essential to free speech on the Internet," emailed Legal Director Corynne McSherry. "The suggestion that our advocacy is at the behest of any one organization is ludicrous." CDT didn't comment. Backpage.com has been at the center of Senate Permanent Subcommittee on Investigations probe, which issued a report in January saying the company knowingly facilitated prostitution and child sex trafficking and edited content to conceal evidence (see 1701100001).

A student privacy guide is available for parents, the Parent Coalition for Student Privacy (PCSP) and Campaign for a Commercial-Free Childhood (CCFC) announced Tuesday. The toolkit provides an overview of federal student data laws, tips to protect children's privacy, a guide to understand privacy policies, sample opt-out forms and questions to ask schools. PCSP co-Chair Rachael Stickland said many parents are "under the false impression" that their children's records are stored in a paper file in the principal's office. A recent Electronic Frontier Foundation report said student privacy is being compromised by major tech companies without parents' knowledge (see 1704140050). "You shouldn’t need a PhD or law degree to ensure that your child’s sensitive student data isn’t shared with commercial entities," said CCFC Executive Director Josh Golin.

Some cyberattacks are on the rise, Akamai reported Tuesday, with the U.S. the top source country for web applications attacks, showing an increase of 57 percent in Q1 year over year. Risks to the internet and to certain sectors "continue to evolve," said Martin McKeay, senior security advocate. "Use cases for botnets like Mirai have continued to advance and change, with attackers increasingly integrating Internet of Things vulnerabilities into the fabric of DDoS botnets and malware. It’s short sighted to think of Mirai as the only threat," he said of the distributed denial-of-service attack. Botnet families like BillGates, elknot and XOR are "mutating," he added.

Advocacy groups will report Wednesday about Google's support for Section 230 of the Communications Decency Act, which they said protects "notorious hub of child sex trafficking, Backpage.com, from any accountability," said Consumer Watchdog Tuesday. CW, the Faith & Freedom Coalition, Rebecca Project, Trafficking in America Task Force and "Nacole S.," the mother of a trafficking victim will urge tech companies to back a change in Section 230 -- which is designed to protect website operators from lawsuits arising out of third-party content -- that will permit families of trafficking victims to hold accountable websites that aid and abet child sex traffickers. Google didn't immediately respond. Nacole S.'s daughter sued Backpage.com in 2014 with two other victims, saying the company engaged in sex trafficking of minors in violation of the federal 2008 Trafficking Victims Protection Reauthorization Act and the Massachusetts version (see 1603180035). In January, Nacole S. testified before the Senate Permanent Subcommittee on Investigations, probing the online classified advertiser for 20 months at the time. Backpage.com executives were said to have knowingly facilitated prostitution and child sex trafficking and edited content to conceal evidence (see 1701100001). The 1 p.m. EDT news conference can be viewed via Facebook.

Symantec’s dome-shaped Norton Core, billed as a “secure” Wi-Fi router, is available for preorder from Amazon and Best Buy, said the cybersecurity company Monday. Select Best Buy stores will have interactive touch-screen displays where consumers can learn about the router this summer, when the product is scheduled to ship. Symantec researchers identified security vulnerabilities in 50 different connected home devices such as smart thermostats and smart hubs that could be targets for cyberattacks. Computers in many countries were hit Friday with a major cyberattack (see 1705150008).

President Donald Trump “deserves credit” for firing FBI Director James Comey, CTA President Gary Shapiro said Friday in an American Spectator blog post that bore the headline: "Firing Comey Proved Trump Acts Like America’s CEO." According to Shapiro, "if you don’t trust someone, if they use bad judgment, or if they are hurting the enterprise, then every day of delay inflicts unnecessary pain on the company or enterprise.” Had Trump waited for the Russian probe to end before terminating Comey, "he might have been waiting years, and in the process allowed further damage to the FBI’s reputation,” Shapiro said. Comey’s investigation into Russian meddling in the 2016 presidential election “does not make him immune to criticism or mean we can forget about his past mistakes,” said Shapiro, accusing the former FBI chief of playing “fast and loose with the facts.” Shapiro thinks “comparisons to Nixon’s Watergate scandal are unfair,” he said of the wrongdoing that force President Richard Nixon to resign in 1974. “Trump is no Nixon, this is no Watergate, and Trump did the right thing.” Trump “can solve the situation by offering no resistance to the congressional investigation,” Shapiro said. “He can and should insist the FBI investigation continue with the resources it needs. He can offer to share documents and witnesses on an expedited basis. He can even call for a special prosecutor. If he has nothing to hide, then there is no issue.”

Google is introducing technology that quickly removes certain ads that violate policies, wrote Scott Spencer, director-sustainable ads, in a Monday blog post. In the past, the company typically removed all advertisements from a publisher's site for policy violations but the new technology will allow Google to remove ads on select pages while keeping ads on the rest of the site, he wrote. "We’ll still use site-level actions but only as needed. And when it's necessary, such as in the case of egregious or persistent violations, we'll still terminate publishers. Altogether, this means fewer disruptions for publishers." Spencer also announced a new one-stop shop -- piloted with thousands of AdSense customers -- where publishers can learn about policy actions that affect their sites and pages. In another blog post, Senior Privacy Counsel Peter Fleischer wrote two issues will be considered in the coming months involving EU citizens' right to be forgotten. The European Court of Justice will consider "whether people have an absolute right to request removal of lawfully published, but sensitive, personal data from search results. Or whether, as is the case now, search engines should continue to balance the public interest in access to information with the individual’s right to privacy." Fleischer said automatic delisting from search engines creates a "dangerous loophole." The other issue -- being considered by the French Conseil d'Etat (Council of State) -- deals with whether the right to be forgotten should extend beyond Europe, which Fleischer said would "set a grave precedent." Less open and democratic countries could order "Google to remove search links for every citizen in every other country of the world," he said. Since EU citizens gained their right to be forgotten three years ago, Fleischer said the company has assessed 720,000 requests and removed about 43 percent of 2 million links submitted.

A massive worldwide ransomware attack called "WannaCry" resulted in more than 45,000 infections in 74 countries, mostly in Russia, said cybersecurity firm Kaspersky Lab in a Friday blog post. It said Spain's Computer Emergency Response Team CCN-CERT posted a notification that several organizations in that country were affected, plus 16 National Health Service organizations in the U.K., according to the post. Ukraine and India also were affected, but Kaspersky didn't mention the U.S. "It’s important to note that our visibility may be limited and incomplete and the range of targets and victims is likely much, much higher," said Kaspersky. It said the malware encrypts files and drops and executes a decryptor tool. "The request for $600 in Bitcoin is displayed along with the wallet," said the post. "It’s interesting that the initial request in this sample is for $600 USD, as the first five payments to that wallet is approximately $300 USD. It suggests that the group is increasing the ransom demands."

Sen. Orrin Hatch, R-Utah, and industry stakeholders diverged Thursday and Friday in statements on President Donald Trump’s cybersecurity executive order. The order, released Thursday after months of delays and drafts (see 1701310066 and 1702280065), directs the Office of Management and Budget and the Department of Homeland Security to assess all federal agencies' cybersecurity risks. It directs DHS and the Department of Commerce to explore ways to “promote action by appropriate stakeholders to improve the resilience of the internet and communications ecosystem and to encourage collaboration with the goal of dramatically reducing threats perpetrated by” botnets (see 1705110058). The EO “is an important step in modernizing and improving federal cybersecurity policies and protocols,” Hatch said. “For several years, I have been very concerned about the state of our federal government’s cybersecurity and computer systems.” Hatch said the order “mirrors the intent” of his enacted 2015 Federal Computer Security Act, which “was to require federal agencies to be accountable and proactive about securing critical infrastructure and computer systems from cyberattacks.” The Information Technology Industry Council believes the order “is a promising start for the administration’s cyber efforts,” said President Dean Garfield. “We are pleased to see the Trump Administration embrace actions we have consistently advocated for, including orienting federal government cybersecurity risk management around the [National Institute of Standards and Technology] Cybersecurity Framework and utilizing public-private partnerships to advance cybersecurity.” Cybersecurity IT company CSRA sees the EO as providing “a monumental boost to the effort to update and secure the government’s IT infrastructure,” said CEO Larry Prior. “Aging systems and outdated requirements are costing our government time and money, and jeopardizing our security.” The Information Technology and Innovation Foundation is “disappointed to see that this executive order is mostly a plan for the government to make a plan, not the private sector-led, actionable agenda that the country actually needs to address its most pressing cyber threats," said Vice President Daniel Castro. “This order leans heavily on the government for ideas and implementation rather than a public-private partnership approach.”