A Nielsen survey on consumer attitudes toward the domain name system and generic top-level domains (gTLDs) reveals that “overall awareness of generic top-level domains has grown when compared to the baseline study that was conducted last year and continues to grow,” said ICANN Global Domains Division President Akram Atallah Thursday in a news release. Nielsen surveyed more than 5,400 consumers in 24 countries in Asia, Europe, North America and South America, ICANN said. Fifty-two percent of respondents said they were aware of at least one new gTLD, with increased awareness evident in Asia, Europe and North America, ICANN said in a report on the Nielsen survey. Higher numbers of consumers were aware of legacy TLDs, with 95 percent saying they were aware of the .com domain, ICANN said. Eighty-eight percent of respondents said they were aware of the .net domain, while 83 percent were area of .org. Ninety-five percent of respondents said they trusted country-code TLDs, while 91 percent said they considered legacy TLDs trustworthy, ICANN said.

Senate legislation that would restrict an independent federal watchdog to consider the privacy and civil liberties only of U.S. citizens and permanent residents has drawn the ire of five dozen civil society, technology and other advocacy groups and individuals. They said it would harm human rights and trans-Atlantic trade. The coalition sent a letter Friday to senators, urging them to oppose the Intelligence Authorization Act for FY 2017 (S-3017) that limits the scope of the Privacy and Civil Liberties Oversight Board. Senate Intelligence Chairman Richard Burr, R-N.C. introduced the bill June 6 and has no co-sponsors. In its letter, the coalition said PCLOB planned to address the impact of electronic surveillance directed largely outside the U.S. in its next report, but that Section 603 of the bill would prohibit the board from doing that. "The President recognized the important role that the PCLOB can and should play to protect the rights of people outside the United States in the surveillance context," wrote the coalition, which includes Apple, the Center for Democracy & Technology, Google, Microsoft, New America's Open Technology Institute and Georgia Institute of Technology professor Peter Swire, who was a privacy czar during the Clinton administration. They said PCLOB would be prevented from investigating potential violations of the Fourth Amendment rights of non-U.S. persons living in the U.S. Plus, they said limiting the board's authority would "undermine" the proposed EU-U.S. Privacy Shield. "Regardless of one's view of the sufficiency of the Privacy Shield, the agreement was the product of extensive, delicate negotiations" that, in part, relies on PCLOB oversight of U.S. surveillance on non-U.S. persons, the letter said: The Senate bill would "damage the ongoing diplomatic discussions with the EU by barring PCLOB from exercising oversight of the data of Europeans and other non-U.S. persons."

Microsoft proposed three sets of cybersecurity norms Thursday in a white paper aimed at government and industry. The three sets of proposed standards include offensive rules aimed at nation-states, industry-focused tenets and defensive customs aimed at both governments and the private sector. The proposed principles include ones addressing nonproliferation of cyber vulnerabilities, coordination on vulnerability disclosure practices and mitigation of government-initiated cyberattacks. “Norms should advance common objectives where possible, regardless of whether the norms are focused on offense, defense or industry,” said Microsoft Vice President-Trustworthy Computing Scott Charney in a blog post. “While there is a strong complementary structure for nation-state norms and industry norms, they vary in two important instances: nation-states possess the ability to create mass effects through offensive cyber activities; and the global ICT industry has the ability to patch all customers, even during conflicts between and among governments.” Microsoft’s white paper also proposes a public-private forum for addressing the need for attribution of severe cyberattacks, saying further development of attribution processes is needed to make the company’s proposed cybersecurity "rules of the road" effective. “As governments commit increasing resources into offensive cyber capabilities, the global ICT industry must strengthen its resolve, and take active steps to prevent user exploitation through adherence to industry norms,” Charney said. “We must continue to raise the bar in our defensive capabilities to deter nation-states from targeting technology users.”

The Donuts domain name registry said it believes its participation in the anti-piracy Trusted Notifier partnership with MPAA "is a useful and efficient manner for addressing blatant online piracy, and we encourage others in the domain name community to follow suit with similar programs." Donuts and MPAA began their anti-piracy partnership in February, agreeing to a set of strict standards for making anti-piracy referrals (see 1602090029). MPAA has since also expanded the Trusted Notifier program to include UAE-based registry Radix (see 1605130053). MPAA has sent Donuts referrals against six websites using Donuts domain names for potentially infringing content, the registry said Wednesday in a blog post. Donuts suspended two of the domain names, and the registrar for two others deleted those domains. Another registrar took action against one of the referred domains, while another domain remains under MPAA investigation and potential Donuts enforcement action, the registry said. The Trusted Notifier program will hopefully “be a pre-cursor to a more streamlined industry-wide process that all interested parties can develop collaboratively,” Donuts said. MPAA Deputy General Counsel Dean Marks said in a blog post Wednesday “we share Donuts’ enthusiasm and positive evaluation of the constructive and cooperative voluntary relationship that we are building together. Furthermore, we share the same hope for future collaboration with more operators of domain name registries and registrars.”

U.S. broadband homes watch an average 3.8 hours of internet video on TV each week, a fifth of all video viewed on TV, said a Parks Associates report Wednesday. Consumers might increasingly use advertising-blocking technology while streaming video if digital ads disrupt the viewing experience, Parks warned. "Ad blockers have their roots in web publishing, often to prevent full-page overlays or popups that would disrupt the experience,” said Parks analyst Glenn Hower. Content and over-the-top providers and advertisers “need to ensure their methods do not interfere with the viewing experience, which would otherwise drive viewers to ad-blocking technologies,” he said. Growth in personalized OTT service offerings, automated media buying and selling, and advertising in low-income markets have driven greater interest in dynamic ad insertion, said Parks, which forecasts digital video ad revenue will jump from $14.4 billion worldwide this year to $28.9 billion in 2020. Ad blocking, meanwhile, cost the digital publishing industries an estimated $41.4 billion worldwide in 2015, Parks said, at the same time the number of OTT video services tripled from 2010. "Connecting advertisers with appropriate, and accepting, audiences is a significant challenge for ad-supported video providers," Hower said. There are opportunities for more meaningful ads with better response and overall brand retention, he said.

U.S. organizations will invest more than $232 billion in IoT software, services and connectivity this year, said an IDC report Wednesday. IoT revenue is forecast to grow at a 16 percent compound annual rate from 2015 to 2019, to more than $357 billion, IDC said. Manufacturing and transportation industries lead IoT spending for the forecast period at $35.5 billion and $24.9 billion, while cross-industry investment will approach $31 billion this year. Manufacturing, freight monitoring and smart buildings lead projected use cases, it said.

Mobile advertising company InMobi will pay $950,000 in civil penalties and institute a comprehensive privacy program, settling FTC allegations the Singapore-based company tracked locations of hundreds of millions of consumers without their knowledge or consent -- including children without parental consent -- in an effort to provide geo-targeted ads, said the commission Wednesday in a news release. Commissioners voted 3-0 to approve the stipulated order and refer the complaint to DOJ, which filed both documents with the District Court for the Northern District of California. InMobi has an ad network that reaches more than 1 billion devices globally through thousands of popular apps and can serve those ads based on consumers' locations, the release said. The FTC alleged the company "misrepresented that its advertising software would only track consumers' locations when they opted in and in a manner consistent with their device's privacy settings." But InMobi tracked consumers even when they denied permission to access their locations, FTC said. The commission also alleged the company violated the Children's Online Privacy Protection Act (COPPA) by collecting data from apps directed at children "in spite of promising that it did not do so," the release said. The agency said the settlement subjected InMobi to a $4 million civil penalty, but it was reduced to $950,000 because of the company's financial condition. InMobi also must delete all data collected from children and is prohibited from further violating COPPA. The company also needs to get express consent from consumers to collect their location data and must delete any information from consumers who didn't consent, the commission said. InMobi will implement a comprehensive privacy program that will be audited every two years for the next two decades, the FTC said. The company emailed that it has "implemented a process to exclude any publisher’s site or app identified as a COPPA app from interest-based, behavioral advertising." During the FTC's investigation, the company said it "discovered" a "technical error" on its end that resulted in some COPPA sites being served with interest-based campaigns on its network. "InMobi promptly notified the FTC of this issue as soon as it was discovered and has made it clear from the outset that this was by no way means deliberate," it said, saying it has been compliant. The company said it would only use Wi-Fi information to serve location-based targeted ad campaigns when a user "has authorized the app to collect and transmit the same."

NTIA is “reviewing” a letter from Sen. Ted Cruz, R-Texas, and three other Capitol Hill lawmakers that pressed the agency for further information on expenditures on the Internet Assigned Numbers Authority (IANA) transition process, a spokeswoman said Tuesday. Cruz and the other lawmakers -- Sen. James Lankford, R-Okla., Sen. Mike Lee, R-Utah, and Rep. Sean Duffy, R-Wis. -- jointly criticized the NTIA Tuesday in a letter to Administrator Larry Strickling for the agency's “apparent violation” of a rider in the FY 2016 omnibus spending bill that bars NTIA from using federal funds on the IANA transition through Sept. 30 (see 1606210049).

Secretary of Commerce Penny Pritzker urged the Organization for Economic Cooperation and Development Wednesday to remain committed to the group's 2011 Principles for Internet Policy Making as it continues its Ministerial on the Digital Economy in Cancun, Mexico, this week. The OECD's Principles for Internet Policy Making emphasize a flexible policymaking approach based on the multistakeholder Internet governance model. OECD Secretary-General Angel Gurría warned Wednesday that legislation on a variety of issues isn't keeping up with changes in the digital economy. “Too many countries are taking a 20th century approach to a 21st century technology that is moving faster than any other the world has seen,” Gurría said during the ministerial. “The internet is profoundly transforming the way we live and work, but we could be getting a lot more out of it. The longer we dither on the digital economy, the less benefit we will get out of it as societies.” The OECD's digital economy ministerial “is an opportunity to ask ourselves, as the representatives of governments and the leaders of nations, if we are living up to those principles,” Pritzker said in a prepared version of her speech to the ministerial: “Too often, well-intentioned efforts to address legitimate concerns over issues like privacy and security lead to unintended consequences” via the enactment of data localization laws and "onerous" technical standards designed to restrict trade. Such policies “undermine our vision of a free, open and truly global internet,” Pritzker said. “We expect such policies from authoritarian regimes that want to isolate their people -- not from nations that welcome the global exchange of ideas and commerce.” Pritzker warned against the “alarming trend” toward internet fragmentation, which she said “should concern us all. Our ability to empower entrepreneurs, build long-term prosperity, and drive innovation hinges on our collective commitment to a global, free and open internet.” Pritzker also noted a new Commerce report that chronicles efforts during President Barack Obama's administration to expand the digital economy. The report shows Commerce's commitment to OECD principles on stakeholder cooperation on cybersecurity issues, privacy and multistakeholderism, she said.

The Office of Personnel Management and three other federal agencies haven't always “effectively implemented access controls” on high-impact systems under their jurisdiction,” GAO said in a report released Tuesday. It stemmed from GAO's survey of 24 federal agencies, including 18 that identified cyberattacks from foreign governments on their systems as their most frequently occurring security threat. OPM, the Department of Veterans Affairs, NASA and Nuclear Regulatory Commission displayed control weaknesses in “protecting system boundaries, identifying and authenticating users, authorizing access needed to perform job duties, and auditing and monitoring system activities,” GAO said. “Weaknesses also existed in patching known software vulnerabilities and planning for contingencies. An underlying reason for these weaknesses is that the agencies had not fully implemented key elements of their information security programs.” All four agencies had fully implemented risk assessments but were less thorough in implementing security plans, controls assessments and action plans, the GAO said. NASA, NRC, OPM and VA “should all fully implement key elements of their information security programs,” GAO said. The four agencies generally agreed to the GAO recommendations, but OPM said it didn’t concur with the recommendation on evaluating its security control assessments.