President Barack Obama's latest executive order creating a Federal Privacy Council boosts the privacy profession and spotlights the need for privacy along with security, wrote two top executives with the International Association of Privacy Professionals in a piece posted Thursday on the group's website. IAPP President-CEO Trevor Hughes and Omer Tene, vice president-research and education, said the Tuesday executive order, which was part of a larger cybersecurity plan (see 1602090068), is "focused on fomenting agency and inter-agency privacy management programs; creating and sharing best practices for protecting privacy and implementing appropriate privacy safeguards; and improving the processes for hiring, training, and professional development of privacy professionals in government." The executive order also recognized that privacy is "a key standalone concept" that must be considered along with data security, they wrote. "It means being transparent, responsible, and ethical in organizational uses of personal data, managing individuals’ expectations, and minimizing data flows." They said the "dichotomy between privacy and security is a false one," and the concepts are "two sides of the same coin." For instance, without privacy, they said, surveillance agencies would do their jobs unfettered by human rights considerations and employers would scrutinize their workers' every move. Hughes and Tene said the executive order is the beginning of a process for more privacy-conscious workers and privacy that is translated into action.

A co-founder of competitive videogaming company Vulcun -- which recently settled FTC allegations that it used a Google Chrome browser extension to launch ads without users' permissions (see 1602050036) -- said the commission's consent order contained "many inaccuracies and blatant factual errors." Posting the company's response on Medium.com Tuesday, Murtaza Hussain, who was named in the complaint with co-founder Ali Moiz, wrote that when Vulcun bought the browser extension and replaced it with its own, the company offered an "explicit" opt-in for users. "There was disclosure. Of the 200K users, about 15% or so Opt’ed in," he wrote. Rejecting an FTC allegation that users were barraged with ads, Hussain said the only ones shown were disclosed on the Chrome start page and they were the top apps of the day, which Vulcun didn't get paid for. He said the company promoted an ad one time when it garnered about 30,000 opt-in users. Many users liked it, but about 1 percent of users complained, mainly because "some of them had simply forgotten that they opt'ed in to this program and were surprised why/how this app got on their phone," he wrote. In response, Vulcun suspended the promotion and tried to improve the model, he wrote, but the company decided it couldn't eliminate the bad user experience and shut down the program in December 2014. The FTC opened the investigation in July 2015 as a result of the user complaints. "We decided to sign their order and move on. And then boom  --  many months after signing I see this press release that makes us look almost like con-artists," wrote Hussain. "As entrepreneurs we live and die by our reputations and I felt that I needed to set the record straight and tell my part of the story.”

Despite the bigger risks of hacks posed by IoT deployments, more than seven of 10 corporate IT departments spend less than 20 percent of their time “securing the corporate network and data assets,” a Strategy Analytics survey found. The research firm canvassed 600 firms worldwide and found that 56 percent of respondents acknowledged their firms had experienced an IoT breach in the previous 12 months, and 39 percent said their networks didn't suffer any security breaches, it said. "The survey results are a huge wake-up call,” Strategy Analytics said. “IoT environments exponentially increase the size of the attack vector since companies have so many more devices, end points and applications to secure," it said. "IoT deployments can potentially be very risky business.” Other survey findings: (1) 44 percent of corporations that got hacked were unable to determine the source or the type of security attack or the duration of the breach, “which is alarming," Strategy Analytics said. (2) Only 7 percent of firms’ IT departments spend more than half their time on security. (3) 56 percent of respondents cited “end user carelessness” as the top security threats to their IoT networks, followed by 42 percent who cited “malware” as the biggest IoT security threat.

ICANN is moving a June 27-30 policy forum from Panama City, Panama, to a to-be-determined location “due to the severity of the Zika Virus outbreak” in Panama and other nations in Latin America, the group said Friday. The Centers for Disease Control has identified active Zika virus transmissions as far north as Mexico and as far south as Brazil, with Panama’s government reporting 50 cases of Zika infection. “A search is currently underway to identify an alternate location where the Zika Virus is not a concern,” ICANN said. It said in October that it was revamping its meetings strategy in part by replacing its traditional June meetings with shorter policy-oriented meetings that don’t include topic sessions, public forums or an ICANN board meeting.

The Electronic Privacy Information Center launched an educational initiative to put privacy and data protection front and center in the 2016 presidential election. "Data breaches, identity theft, and government surveillance are critical issues facing American voters, yet the candidates have said hardly a word," said President Marc Rotenberg in a statement Sunday announcing the Data Protection 2016 campaign. The campaign provides information about privacy and data protection, provides a link to register voters, and will market materials such as buttons and stickers to help support the group. EPIC said it won't endorse any candidate, party or platform.

Content-Centric Networking/Named Data Networking (CCN/NDN) could solve a lot of the drawbacks inherent to IP when it becomes ready for deployment in three to five years, CableLabs said in a white paper released Monday. CCN/NDN "promises to significantly improve network scalability, performance and reduce cost over a network built on the Internet Protocol," CableLabs said. With HTTP/IP being ubiquitous in networks, it may "seem daunting to consider the use of a non-IP protocol," it said, though the likelihood is that technology and time will bring a replacement. Replacing HTTP/IP with CCN would require phasing it in to avoid disruptions and cost, and the replacement itself requires CCN-HTTP translation and CCN/IP tunneling technologies, CableLabs said. CCN/NDN still has some issues to be worked out, CableLabs said, including optimized CCN router and cache implementation, congestion avoidance and network control, it said. In a blog post Monday, CableLabs Distinguished Technologist Greg White said CCN/NDN "provides a more elegantly scalable, faster, and more efficient network infrastructure for the majority of traffic on the Internet today" by moving from a "host-centric" network approach, involving delivering data from one specific host to another, to a "content-centric" approach that identifies and routes content by the use of globally unique names. "To get a sense of how big a mind shift this is, consider this: in CCN/NDN devices don’t have addresses at all," White said. "A device can retrieve content by requesting it by name, without needing to have a way of identifying a server where that content is stored, or even identifying itself." CableLabs is experimenting with CCN/NDN and looking into applications that could drive its adoption, said White, who wrote the white paper with CableLabs Lead Architect-Advanced Technology Group Greg Rutz.

The European Commission will unveil finalized text of the new EU-U.S. Privacy Shield in the "2nd half of February," tweeted European Justice Commissioner Věra Jourová Monday (see 1602020040). In a separate tweet, she wrote that the new updated safe harbor framework "is part of a wider effort to restore trust in transatlantic data flows. Adoption of #JudicialRedressAct is now key." European officials have sought passage of the bill. It's awaiting a vote by the full Senate and provides European citizens a way to pursue legal action if they believe U.S. government agencies have abused their personal data (see 1601290021).

Control4 acquired networking and cloud network-management company Pakedge Device & Software for about $32.7 million cash, the company confirmed Thursday. The next day, Control4 shares closed 22 percent higher at $8.08. “As more and more devices are connected in the home, and as streaming services become more prevalent -- especially high-definition streaming services and video over IP -- the demand on the network becomes exponentially greater,” said Jeff Dungan, Control4 senior vice president-supply chain and business development, in a pre-briefing to us.

Online game company Vulcun agreed to settle FTC allegations that it "unfairly" replaced a Google Chrome browser extension game, which the company bought, on consumers' Android devices with its own extension without getting people's permission and risking their privacy, the commission said in a news release Friday. Commissioners voted 4-0 to issue an administrative complaint and accept the consent agreement, which will be published in the Federal Register soon and be open to public comment through March 8, FTC said. After Vulcun bought the Running Fred extension used by more than 200,000 consumers, the company "used it to install a different app, commandeer people's computers, and bombard them with ads," said Consumer Protection Bureau Director Jessica Rich. Consumers complained to Google that the extension opened multiple tabs and windows advertising various apps or that apps were installed on their mobile device without their permission, reinstalling themselves even after being deleted, the FTC said. Vulcun risked people's privacy because apps installed on devices could have "easily accessed" their address books, photos, location and device identifiers or even more sensitive data, the commission alleged. Plus, Vulcun misled consumers by telling them their extensions "provided independent and impartial selections of apps, as well as misrepresenting third-party endorsements received by the extensions," FTC alleged. The settlement requires Vulcun to inform consumers about all types of information that its products or services access and how that data would be used, show any built-in permissions notice when a product or service is installed, and get people's "express affirmative consent." Vulcun didn't immediately comment.

Amazon is co-hosting an event Wednesday at SmartBear’s headquarters in Somerville, Massachusetts, to teach developers how to build voice capabilities, called “skills,” for Alexa, the digital brain behind Echo and other Alexa-enabled devices. Skills enable users to interact with devices in “more intuitive ways” using just voice, said the companies. The training shows how to use Amazon Web Services with the Alexa Skills Kit to create and test a skill using SmartBear’s tools, they said. The free event includes an open hackathon where attendees can get hands-on experience building a new Alexa skill with help from Alexa experts and have a chance to win Amazon devices.