The FTC approved a final order against AsusTeK Computer over allegations the company put personal information of thousands of consumers at risk on the internet because it didn't update software on its routers (see 1602230032), the commission said in a Thursday announcement. Commissioners voted 3-0 to approve the consent order, which requires the company to establish and maintain a comprehensive security program over the next 20 years that will be subject to independent audits. Asus must also notify customers about software updates or provide a way for customers to receive security notices, said the order. The commission said the order also forbids Asus from misleading customers about the security of its products. Asus, which settled with the FTC in February, didn't comment.

ICANN proceeded with the start of its public auction of the .web generic top-level domain (gTLD) Wednesday, after the U.S. District Court in Los Angeles ruled Tuesday against granting domain registry Donuts' application for a temporary restraining order. Donuts had sought the temporary restraining order Friday in connection with its lawsuit against ICANN, in which the registry is claiming ICANN was negligent for not exercising due diligence in investigating what Donuts believes are discrepancies in rival .web applicant Nu Dot Co's disclosures about its ownership. Donuts also claimed ICANN's failure to investigate the claims is a breach of contract and an instance of allowing unfair competition (see 1607250051). District Judge Percy Anderson faulted Donuts in his ruling (in Pacer) against the restraining order, saying he would have denied the request even if ICANN hadn't voiced its opposition (see 1607260057). Donuts failed to follow correct procedure by not contacting ICANN counsel about its restraining order request in advance of filing the lawsuit or correctly serving ICANN with the lawsuit, Anderson said. The restraining order request is also incorrect on the merits, since the evidence in ICANN's opposition filing “and the weakness of [Donuts'] efforts to enforce vague terms” in the ICANN bylaws and the gTLD application guidebook show Donuts “has failed to establish that it is likely to succeed on the merits” in the lawsuit, “raise serious issues, or show that the balance of hardships tips sharply in its favor,” Anderson said. “Moreover, because the results of the auction could be unwound, [Donuts] has not met its burden to establish that it will suffer irreparable harm in the absence of the preliminary injunctive relief it seeks.” Anderson also said Donuts didn't sufficiently prove jurisdiction in its lawsuit, but gave the registry until Aug. 8 to file an amended complaint to address the jurisdiction issue. "While we’re disappointed in the court’s decision, we recognize that the standards for granting a temporary restraining order are heightened and not necessarily indicative of the merits of the underlying case," a Donuts spokesman said. "We are now participating in" the .web auction and will continue "to reserve all available rights regarding this matter."

ICANN formally opposed domain registry Donuts’ application to the U.S. District Court in Los Angeles for a temporary restraining order to delay the planned Wednesday public auction of the .web generic top-level domain (gTLD) amid Donuts’ lawsuit against ICANN. The .web auction is to begin at 6 a.m. Pacific. Donuts filed the lawsuit Friday, claiming ICANN was negligent for not exercising due diligence in investigating what Donuts claims are discrepancies in rival .web applicant Nu Dot Co’s disclosures about its ownership. Donuts claimed ICANN’s failure to investigate is also a breach of contract and an instance of allowing unfair competition (see 1607250051). ICANN said in a filing (in Pacer) Monday the district court shouldn’t grant the restraining order because the need for emergency relief is of Donuts’ “own making.” Donuts admitted that it was aware June 7 about the statements made by Jose Ignacio Rasco, managing director of Nu Dot Co parent company Straat Investments that appeared to show that Nu Dot Co’s board included several new unidentified directors beyond those listed in Nu Dot Co’s 2012 application for .web, ICANN said. Donuts’ claims the temporary restraining order is needed because of the imminent .web auction “was caused by its own delay” in taking the issue to court. ICANN officials met with Donuts Executive Vice President Jon Nevett June 29 regarding the registry’s concerns about Nu Dot Co’s ownership information and indicated their investigation of the issue found “no evidence” of a change of ownership or management. Donuts had ample time to bring its concerns to the district court but instead “waited until July 22 to file this matter, after many facets of the Auction process had already begun,” ICANN said. Donuts didn’t comment.

The EU Article 29 Data Protection Working Party, which identified problems with the then-draft Privacy Shield three months ago (see 1604130002), said Tuesday it still has a "number of concerns" with the agreement, formally adopted by the European Commission two weeks ago (see 1607120001). But the group, composed of the national data protection chiefs, said in a news release that it "welcomes the improvements" to the data transfer mechanism with the U.S., basing the progress on the European Court of Justice's October decision that scrapped the old safe harbor agreement. European regulators said they will decide whether their current concerns will have been fixed at the first joint review of the deal between EU and U.S. authorities, about a year from now, and also see if safeguards "are workable and effective." Regulators said that review may also affect other data transfer mechanisms, including binding corporate rules and standard contractual clauses (see 1607060009). The group said it's still concerned with two issues of U.S. government access to Europeans' data. One, they "expected stricter guarantees" about the independence and clout of the U.S. ombudsperson -- a worry raised in their initial review. The ombudsperson position was created to deal with EU citizens' complaint for any misuse of their data. Second, the group said there's a "lack of concrete assurances" that bulk data collection won't occur even though the Office of the Director of National Intelligence has said it won't. European regulators also cited other concerns, including lack of specific rules on automated decisions, no general right to object and how the arrangement will apply to processors. "All in all, the uncertainty about the long term acceptance of the Privacy Shield is set to be prolonged, but on a positive note, the EU regulators appear willing to work with all the parties involved to make it work," emailed Hogan Lovells (London) data protection attorney Eduardo Ustaran. Bijan Madhani, the Computer & Communications Industry Association's public policy and regulatory counsel, said in a statement the Article 29 Working Party's "close examination of the Privacy Shield has helped produce more clarity for companies and citizens alike, and their participation in the joint annual review process is key."

The Software & Information Industry Association published a set of guidelines to help public and private sector officials develop and implement what it said are practical consumer privacy measures and practices. The association said in its report released Tuesday the guidelines are an alternative to calls for a comprehensive U.S. privacy statute such as the EU's General Data Protection Regulation and can help policymakers implement a comprehensive system or legislate or regulate a specific area "such as drones, student privacy, information service providers, or broadband privacy." During a webinar, Mark MacCarthy, SIIA senior vice president-public policy, also cited areas such as artificial intelligence, big data, cloud computing and IoT. He said the first five principles are more general while the second five are more specific. The first principle directs privacy regulators to analyze the consequences of their decisions and ensure the benefits of an adopted regulation justify costs. The second says any new privacy rule should mitigate risks to specific injuries. Technology Policy Institute President Thomas Lenard, describing the principles as a "very positive contribution," said during the webinar that the first two principles are essentially the core of the principles while the remaining eight "flesh" them out in some manner. The other eight principles are: ensuring social and business contexts are considered since norms and expectations differ and change; evaluating privacy as new technologies emerge; picking the right regulatory tool; providing transparency and consumer notices such as data breach notifications; using either an opt-in or opt-out choice; encouraging de-identification of data; assessing a data minimization policy in a risk-based process; and avoiding using data collected for one purpose for another. Center for Democracy & Technology CEO Nuala O'Connor said during the webinar there's "much to like" about the SIIA guidelines, but an organization should be mindful of collecting and retaining identifiable data since there's always a risk of a breach. But even de-identified data, which is preferable, can potentially lead to unintended consequences or bias through algorithms, she said.

President Barack Obama signed off Tuesday on a presidential policy directive clarifying federal government agencies’ responsibilities for responding to a cyberattack, including making the Office of the Director of National Intelligence responsible for leading intelligence support in response to the attack. The directive delegates the DOJ to take the lead in law enforcement activities related to a cyberattack, while the Department of Homeland Security will aid in mitigating the attack. The White House’s release of the directive came amid the fallout over WikiLeaks’ release of controversial Democratic National Committee emails believed to have been harvested from DNC servers during a 2015 hacking incident. The White House emphasized Tuesday that its planning for the directive significantly predated the DNC hacking incident. The White House’s directive directs the Cyber Response Group within the National Security Council to coordinate development and implementation of U.S. government policies in response to cyberattacks. The CRG or the larger NSC can form a cyber unified coordination group (CUCG) as the “primary method” of coordinating among federal agencies in response to “significant” cyber incidents, Obama said in the directive. The CUCG normally will include the Department of Homeland Security and other lead federal agencies for threat response and support, but also will include the FCC and other sector-specific agencies depending on the nature of the incident, the directive said. The FCC also would be called upon to participate in CRG activities when “its inclusion is warranted by the circumstances and to the extent the [FCC] determines such participation is consistent with its statutory authority and legal obligations,” an annex to the directive said. The White House directive also set up a five-level framework for rating cyber incidents. Level 1 attacks are “unlikely to affect public health, national security” or other U.S. interests, while a Level 5 incident “poses an imminent threat to wide-scale critical infrastructure services, national government or to the lives” of U.S. citizens, the directive said.

​The impending arrival of Bluetooth 5 and its technical enhancements will help boost Bluetooth-enabled device shipments to more than 5 billion units in 2021, ABI Research said in a Monday report. Bluetooth 5, coming late 2016 or early 2017, will include “significantly increased” range, speed and broadcast messaging capacity, said the Bluetooth Special Interest Group in a June announcement. With Bluetooth 5, the platform “will extend beyond cable replacements and smartphones to branch out into the wider IoT landscape and result in the development of larger scale networks that no longer rely on the smartphone as a hub,” ABI said. “Bluetooth is evolving from a smartphone and personal area network solution to a scalable, low-power wireless networking technology,” it said. “This development will unlock growth in beacons, home automation, building automation, lighting, and other smart city applications over the next decade and beyond.” By 2021, smartphones still will be 40 percent of Bluetooth product shipments, but that will be down 12 percent in volume share from 2015, it said.

General Motors' $500 million February investment in Lyft for speeding commercialization of autonomous vehicles (see 1601040068) “is accomplishing everything we set out for it to do,” GM CEO Mary Barra said on an earnings call. “We are very committed to being among the leaders or leading in autonomous technology.” GM's March buy of autonomous-vehicle innovator Cruise Automation also “was a big piece of that," Barra said of that $581 million acquisition. GM “recognized early that the fastest way to get the technology into customers' hands, and to really learn and be driven by what customer expectations are, is to get it into a ride-sharing fleet and get it out there,” Barra said Thursday. “We're demonstrating different behavior with how we're getting the technology and the innovation and the technological advancements we've done into the marketplace more quickly. ... That's something I focus on every day.”

More than half the world’s population doesn't use the internet, despite falling prices for information and communications technology, ITU said in a Friday news release about its 2016 ICT Facts & Figures report. About 3.9 billion of 7.4 billion people don’t use the internet, the ITU said. There are 2.5 billion internet users in developing countries, more than the 1 billion users in developed countries. But developed countries have higher internet penetration, it said. About 81 percent in developed countries use the Internet compared with 40 percent in the developing nations, it said. The report also said 2G mobile networks cover about 95 percent of the global population, and 4G LTE networks cover 53 percent. The number of mobile-broadband subscriptions has grown at double-digit rates in developing countries to reach a penetration rate of nearly 41 percent, but overall mobile-broadband growth has slowed, it said. The ITU predicted the total number of mobile-broadband subscriptions globally will hit 3.6 billion by year-end. Mobile broadband is cheaper than fixed, said ITU, with the average price of fixed more than twice as high as the average price of mobile, it said. “Global interconnectedness is rapidly expanding, however more needs to be done to bridge the digital divide and bring the more than half of the global population not using the Internet into the digital economy,” said Secretary-General Houlin Zhao.

Dun & Bradstreet is partnering with the Trustworthy Accountability Group to help the anti-fraud initiative (see 1605230010) verify the identities of buyers, sellers and intermediaries in the digital advertising supply chain. "With Dun & Bradstreet data, TAG can feel confident that only legitimate business entities are approved to participate in the TAG Registry," said Dun & Bradstreet CEO Bob Carrigan in a news release. "Supporting TAG in its efforts to bring transparency to online advertising aligns with Dun & Bradstreet's mission of uncovering truth from data to reveal a business' best -- or riskiest -- relationships." TAG was formed two years ago by the American Association of Advertising Agencies, Association of National Advertisers and Interactive Advertising Bureau in part to combat digital ad piracy and copyright infringement. Dun & Bradstreet will vet the identities of companies applying to be "TAG Registered" by matching their information such as address, contact emails and names, tax ID and other fields. After TAG does a final check of companies forwarded by Dun & Bradstreet, approved companies get a unique identifier "that can be appended to digital ads, and shared with advertising partners to verify the legitimacy and reputation of the business," it said. The issue has come under more scrutiny, with two Democratic senators urging the FTC to get more involved in understanding and fighting fraudulent digital ads (see 1607110016).