The National Retail Federation (NRF) is creating a cybersecurity information sharing program, it said in a Monday release (http://bit.ly/Qn7P1S). The platform, dubbed the Information Sharing and Analysis Center (ISAC), follows a similar effort by the financial industry, which has already developed its own ISAC (http://bit.ly/1iSy4Eo). The retail trade industry has been under the crosshairs of federal agencies and lawmakers because of large data breaches from major retailers such as Target and Neiman Marcus. The move also comes days after the FTC and Department of Justice issued a joint policy statement saying properly sharing cyberthreat information is “not likely to raise antitrust concerns.” The NRF said it expects its ISAC to be functional in June. It will be overseen, in part, by the NRF’s IT Security Council, which includes chief information officers and tech experts from roughly 120 retailers, NRF said.
The launch of the Amazon Fire TV box is a “win” for Netflix, said Wedbush Securities analyst Michael Pachter in a research note Monday, saying Amazon listed Netflix ahead of its own Prime Instant Video service on the list of streaming apps available for the $99 box. But Wedbush maintains an “underperform” rating on Netflix, projecting a 12-month price target of $175 compared with its midday price of $326.71 on a “sum-of-the-parts” valuation of $140 for domestic streaming, $17 per share for international streaming and $18 per share for Netflix’s domestic DVD business. Pachter predicted Q1 results, to be released April 21, will likely “meet or exceed” expectations of the street driven by a high signup rate owing to House of Cards and low ad spending during the quarter. Pachter expects Netflix management to “complain about the state of net neutrality” in the U.S. on its Q1 earnings call, while downplaying the financial impact of interconnection agreements, he said. Noting the multiyear interconnection agreement Netflix signed with Comcast in February -- which Pachter estimated to be a “material” expense -- Wedbush expects Netflix to reach similar agreements with other ISPs in coming years “to minimize throttling.” Over time, Wedbush believes interconnection agreements will force Netflix to raise prices, “limiting the company’s growth potential."
RIAA, MPAA and the Justice Department are “like three blind mice,” following one another “in pursuit of meritless copyright claims against Megaupload” and founder Kim “Dotcom” Schmitz, said Ira Rothken, Megaupload counsel, by email. Four record labels (CD April 14 p14 ) and six movie studios (CD April 8 p19) filed civil action lawsuits against Megaupload and its operators last week. The suits are an “assault on cloud storage generally,” as Megaupload “used industry standard copyright-neutral technology found on popular websites like YouTube and Dropbox,” said Rothken. “We believe that the Hollywood Oligopoly is assisting the U.S. Department of Justice in a war of attrition by trying to win the cases on economics, rather than on the merits,” he said. “Like Youtube,” which “had a user rewards program and won its case,” Megaupload, Schmitz, and the other defendants “will prevail,” he said. “The recent release of specific evidence by the DoJ in its criminal complaint against Megaupload that showed massive infringement of music, as well as the statute of limitations, were both factors in our decision to file a civil lawsuit,” said a spokeswoman from RIAA by email.
The percentage of people who report having sensitive personal information stolen is rising, said research released Monday by the Pew Research Center (http://bit.ly/RigxzA). Eighteen percent of online adults said they have had information -- for instance, a Social Security number, credit card number or bank account information -- stolen, Pew said. That’s up from 11 percent in a July survey, Pew said. “Research suggests that young adults and younger baby boomers may have been especially hard hit in the second half of 2013,” said Mary Madden, a senior researcher for the Pew Research Center’s Internet & American Life Project, in a Monday blog post. However, the percentage of online adults who said they had an email or social networking account compromised stayed static at 21 percent, according to Pew. The numbers released Monday are from a survey of 1,002 adults conducted in January, said Pew.
The FTC will hold a big data workshop Sept. 15 to examine how data collection practices affect low-income and underserved consumers, it said in a Friday news release (http://1.usa.gov/1gi8J9M). “A growing number of companies are increasingly using big data analytics techniques to categorize consumers and make predictions about their behavior,” said Chairwoman Edith Ramirez. The workshop will examine “the potentially positive and negative effects” of these techniques, she said. For instance, financial institutions and retailers have used predictive analytics to offer different prices to different customers or to tailor advertising for financial products, the FTC said. “Such uses of big data are expected to create efficiencies, lower costs, and improve the ability of certain populations to find and access credit and other services,” the FTC said. “At the same time, these practices may have an unfair impact on other populations, limiting their access to higher quality products, services, or content.” In recent months, the FTC has explored similar data collection privacy issues, including two-hour seminars on mobile device tracking and alternative scoring products In May, the FTC will also hold a third seminar on healthcare data (http://1.usa.gov/1jY27hV). The FTC will accept comments ahead of its big data workshop until Aug. 15, with a post-workshop comment period until Oct. 15(http://1.usa.gov/1qo0KuX).
"Catastrophic” is how technology experts are describing the recently discovered security glitch in Secure Sockets Layer (SSL). Finnish security firm Codenomicon discovered the flaw, called the Heartbleed bug (http://heartbleed.com/), which affects OpenSSL, a cryptographic software library used to secure websites using HTTPS encryption to protect data. The company said the bug allows hackers to access websites’ code, data and passwords, as well as “eavesdrop on communications.” Internet security technologist Bruce Schneier -- a board member of the Electronic Frontier Foundation (EFF) and advisory board member of the Electronic Privacy Information Center (EPIC) -- called the bug “catastrophic,” in a Wednesday blog post (http://bit.ly/1ea7ECa0). “On the scale of 1 to 10, this is an 11,” he said, saying 500,000 sites were vulnerable to the flaw. “The probability is close to one that every target has had its private keys extracted by multiple intelligence agencies,” Schneier said. “The real question is whether or not someone deliberately inserted this bug into OpenSSL, and has had two years of unfettered access to everything. My guess is accident.” Karl Volkman, chief technology officer of network service provider SRV Network, said “the threat that this flaw poses is tremendous,” but suggested that changing one’s passwords before major websites fix the flaw “will allow hackers to still have access to personal information.” Johns Hopkins University computer science professor and cryptographer Matthew Green said Heartbleed is “the result of a relatively mundane coding error,” in a Tuesday blog post (http://bit.ly/1oN7UvE). “And predictably, this makes it more devastating than all of those fancy attacks put together.” The FTC recently settled two complaints on mobile apps with allegedly inadequate data security, highlighting both apps’ disabled SSL certificate (CD March 31 p8).
Properly designed sharing of cyberthreat information is “not likely to raise antitrust concerns,” said the FTC and Department of Justice Thursday in a policy statement. The policy statement does not change the two agencies’ existing analysis, which stems from an October 2000 review (http://1.usa.gov/1n8Zeef). “This statement should help private businesses by making it clear that antitrust laws do not stand in the way of legitimate sharing of cybersecurity threat information,” said FTC Chairwoman Edith Ramirez in a news release. The statement should also encourage the private sector to increase cybersecurity information sharing, said Assistant Attorney General Bill Baer, head of the Antitrust Division. “Cyber threats are increasing in number and sophistication, and sharing information about these threats, such as incident reports, indicators and threat signatures, is something companies can do to protect their information systems and help secure our nation’s infrastructure,” he said during a news conference, according to a prepared version of the speech (http://1.usa.gov/1hEklQr). Cybersecurity information sharing is different from actions that may raise antitrust concerns at FTC and Justice, such as sharing business plans or future price information, the agencies said. The agencies typically examine information sharing agreements through the lens of the agreement’s overall effect on competition. Cyberthreat information sharing can improve efficiency and secure networks both inside and outside critical infrastructure, the agencies said. Since cyberthreat information is typically very technical and covers a “limited category of information,” it’s unlikely to increase participants’ ability or incentive to raise prices or otherwise harm competition, the agencies said. The cybersecurity executive order President Barack Obama signed last year was meant in part to facilitate increased information sharing between companies within critical infrastructure sectors and between the private sector and the government (CD Feb 14/13 p1). The White House “will continue to work with our partners in industry to encourage the development of a network of information sharing partnerships and to identify actions we can take to further reduce barriers to information sharing,” said White House Cybersecurity Coordinator Michael Daniel in a blog post (http://1.usa.gov/1jwKTaL). Congress “must also do its part and enact meaningful solutions to enhance cybersecurity,” Senate Judiciary Committee Chairman Patrick Leahy, D-Vt., said in a statement Thursday. “Developing a comprehensive national cybersecurity strategy is one of the most serious and unmet needs confronting the nation today. Federal data privacy legislation to establish a single, national standard for data breach notification is an important component of cybersecurity legislation and is long overdue.” The House passed the Cyber Intelligence Sharing and Protection Act (HR-624) last year, but efforts to produce a similar bill in the Senate Intelligence Committee appear unlikely to succeed during the remainder of the 113th Congress (CD Jan 6 p2).
There were 40 million new broadband subscribers in 2013, which shows a steady growth in broadband adoption, a Broadband Forum study said. The global total has reached more than 678 million subscribers, the study released Wednesday said (http://bit.ly/1n4MIN0). IPTV is nearing the 100 million subs threshold, with 21 percent growth last year and 17 million new subscribers, reaching an overall total of 96 million in 2013, it said. The figures show that copper-based technologies continue to be dominant, although fiber-based technologies are taking a firmer grip, it said. China added more than 3 million subscribers in the fourth quarter of 2013, it said. After China, the U.S., Japan and Germany had the most subscribers by the end of Q4, the study said. The figures were “prepared by” Point Topic.
Six major movie studios are suing Megaupload and its operators for facilitating, encouraging and profiting from “massive copyright infringement of movies and television shows,” said an MPAA news release Monday (http://bit.ly/1mVIK9q). Megaupload’s main file-hosting site, Megaupload.com, was shut down in 2012, and its operators were indicted on federal criminal charges, MPAA said. But the new lawsuit -- filed in the U.S. District Court in Alexandria, Va. -- is a civil action “seeking damages and defendants’ profits for copyright infringement,” according to the suit (http://bit.ly/1hm6eoI). “Infringing content on Megaupload.com and its affiliates was available in at least 20 languages, targeting a broad global audience,” said MPAA Global General Counsel Steven Fabrizio. “According to the government’s indictment, the site reported more than $175 million in criminal proceeds and cost U.S. copyright owners more than half a billion dollars.” The suit pointed to Megaupload.com’s “Uploader Rewards” program as evidence the company “openly paid Megaupload users money to upload popular unauthorized and unlicensed content.” Megaupload could not be reached for comment.
"The continued success of the Internet as a platform for innovation, speech, and commerce should not be taken for granted,” the Internet Association said in comments to the FCC posted Friday (http://bit.ly/1si0Oyr). The Internet Association includes Amazon, AOL, Facebook, LinkedIn and other major edge providers. Broadband ISPs have a “gatekeeper” function and the ability to discriminate against certain types of Internet traffic, the association said: “The Commission should adopt enforceable rules to preserve the fundamental characteristics of an open Internet.” Section 706 of the Communications Act, along with Titles II, III and VI, give the FCC “the authority it needs” to protect the Internet, the association said. The group pushed transparency, no-blocking and nondiscrimination rules, and said they should apply to both the wired and wireless environments on a case-by-case basis. “Wireless broadband is no longer the fledgling platform” it was at the start of the original net neutrality proceeding, the association said. “New companies that are excluded from mobile broadband will not be able to compete fairly or effectively.” As for interconnection policies, the association said it believes the entire industry of ISPs, content delivery networks and application providers should “aspire” to settlement-free peering “because that outcome ultimately benefits all stakeholders in the Internet ecosystem.” An FCC spokesman confirmed the agency won’t consider regulating peering or interconnection as part of its new net neutrality rules, but will continue to monitor the situation in case regulation is needed in the future (CD April 2 p2).