ICANN Chairman Steve Crocker clarified the board’s position on the Cross Community Working Group on Enhancing ICANN Accountability’s (CCWG-Accountability) second draft proposal, after a heated conversation Wednesday (see 1509030025). “We are in agreement on key concepts set forward in the CCWG’s proposal,” he wrote. He cited accord on things like fundamental bylaws; specific requirements for empowering the community into the bylaws adoption process; internal review panel enhancements; board and director removal; ICANN’s mission and core values; strengthening requirements for empowering the community in the budget, operational and strategic planning process; incorporating the affirmation of commitments reviews into ICANN bylaws; and allowing the community to enforce the accountability mechanisms in the bylaws, in a blog post Thursday. “Where the current proposal still warrants much detail” is what mechanisms should be used to deliver community enforceability, Crocker said. The board has suggestions on how these could be operationalized, he said. “It is critical that we work together to build enhanced accountability for ICANN and continue to refine and flesh out details of the impressive work already done by the community and complete the IANA Stewardship Transition.”

The American Civil Liberties Union, Amnesty International, Electronic Frontier Foundation, Human Rights Watch, National Association of Criminal Defense Lawyers, Rutherford Institute, Wikipedia and other educational, legal, human rights and media organizations asked a federal court to reject the U.S. government’s motion to dismiss Wikimedia Foundation v. National Security Administration, a lawsuit against the NSA, Justice Department and their directors over the government’s mass surveillance programs of all international text-based communications, a news release said Friday. “Government officials argue that any harm to the organizations from the government’s spying program is speculative.” The groups argued in their opposition to the defendant’s motion to dismiss at U.S. District Court in Maryland that the “NSA’s program involves copying and sifting through the contents of international internet traffic,” or “Upstream surveillance,” a program that involves copying Internet traffic -- including emails, chat, Web browsing and other communications -- as the data traverses the fiber backbone of the Internet, EFF Staff Attorney Andrew Crocker wrote in a blog post Thursday. “Upstream surveillance sweeps in readers’ online interactions with libraries and bookstores, including sensitive information like readers’ choice of reading material, which is protected by the First Amendment,” Crocker said. “As the Supreme Court has explained, the constitutional guarantee of free speech also includes protections for the things that go along with free speech: publishing and receiving information anonymously and associating privately.”

Spotify took note of positive feedback after the company’s commitment (see 1508210044) to write its privacy policy in plain language and decided to incorporate a plain-language introduction to the privacy policy itself, wrote Spotify CEO Daniel Ek in a blog post Thursday. “The Introduction is intended to be a clear statement of our approach and principles about privacy,” Ek said. Spotify provides more detail in the body of the policy, but its fundamental privacy principles are outlined in the Introduction, he said.

Kids app developers are doing a better job of notifying users as to what information is being collected and with whom it is shared, and on telling parents about the apps’ practices, FTC Mobile Technology Unit Chief Kristin Cohen and FTC Paralegal Specialist Christina Yeung wrote in a blog post Thursday. It followed the conclusion of the FTC Office of Technology Research and Investigations’ follow-up survey on kids apps. Surveys from 2012 found many apps shared kids’ information with third parties without notifying parents, and parents had little to no access to information about the apps’ privacy practices, an FTC news release said Thursday announcing a series of blog posts that included the survey’s findings. “The new survey looked at 364 kids’ apps in Google Play and the Apple App Store, and in today’s post the FTC examined what privacy disclosures are available to parents,” the release said. One-hundred sixty-four “of them (45%) had privacy policies that could be viewed from a direct link on the app store page,” Cohen and Yeung said. “An additional 38 include privacy policies in harder-to-find places -- for example, within the app or on the app developer’s webpage,” they said. “We don’t know for certain why there has been an increase in easy-to-locate privacy policies since our last survey, but a few factors may have contributed to this welcome development,” like widening the definition of children’s personal information under the Children’s Online Privacy Protection Act, and an agreement between California and major mobile platform providers to have a privacy policy available, Cohen and Yeung said. “Whatever the reasons for the increase in direct links to kids’ app privacy policies, it’s a step in the right direction,” they wrote. “That said, a significant portion of kids’ apps still leave parents in the dark about the data collected about their children -- so there’s more work to be done.”

Strong security and end-user controls are “critical to protect personal information,” FTC Commissioner Terrell McSweeny wrote in a blog for the Huffington Post Thursday. “Most of us are just beginning to be aware of the amount of sensitive information we are sharing or transmitting each time we download a new app or connect up a new wearable, sensor, household appliance or device.” With estimates of 25 billion to 50 billion connected devices by 2020, that's a “target rich environment for bad actors,” she said. Companies collecting and storing data have an obligation to secure it and should do more to protect against breaches, she said. The FTC is urging companies to embrace security by design because the impact of major breaches may be reduced the more users’ data and communications are encrypted end to end, but there's no such thing as perfect security, McSweeny said. “Each of us can play an important role in protecting our information on laptops, desktops, and smartphones by using strong end-user controls, such as disk encryption and firmware passwords.” McSweeny encouraged policymakers to “carefully weigh the potential impact” of requiring “back doors,” saying if consumers don’t trust the security of their devices, innovation could be stymied and privacy and security protections could be weakened for consumers.

AOL agreed to buy end-to-end mobile monetization platform Millennial Media, the acquirer said in a news release Thursday. AOL, which was recently acquired by Verizon (see 1505120019), said its buy of Millennial Media will enhance the advertising scale of its mobile-first programmatic platform, One, and bring more than 65,000 apps currently using Millennial Media's platform to its publisher suite of offerings. Jennifer Fritzsche, Wells Fargo analyst, emailed investors that the acquisition values Millennial Media at nearly $238 million, and is "designed to strengthen Verizon and AOL's programmatic advertising platform as it prepares to launch" Verizon's over-the-top video service (see 1506230044). The transaction is expected to close this fall, AOL said, and will make Millennial Media a wholly owned AOL subsidiary.

The FTC approved its final order against retail location tracker Nomi Technologies, after the close of the public comment period, the agency said in a news release Thursday. Nomi was accused of misleading consumers about the available choices to opt out of the company’s mobile device tracking program (see 1504230036) and will now be “prohibited from misrepresenting consumers’ options for controlling whether information is collected, used, disclosed or shared about them or their computers or other devices, as well as the extent to which consumers will be notified about information practices,” the release said. The commission vote to approve the final order was 3-1, with Commissioner Maureen Ohlhausen dissenting. Commissioner Julie Brill issued a statement saying “this order provides companies with an incentive to periodically review the statements they make to consumers, and make sure their practices line up with those statements.” Brill said Ohlhausen “expresses concern that our order will deter companies from offering privacy choices in the marketplace,” but it’s because of the order that Nomi no longer offers a deceptive choice. In her dissenting statement, Ohlhausen said the enforcement action may “undermine the FTC’s own established privacy goals,” saying commenters (see 1505270012) generally agreed the order would “diminish companies’ incentives to be transparent about their privacy practices,” and would “discourage companies from offering privacy choices to consumers.” Brill tweeted Thursday that the order makes the point that “basic consumer protection principles apply to new technologies.” Nomi had no comment.

Google released Chrome v 45.0.2454.85 to address multiple vulnerabilities for Linux, Mac and Windows, said a U.S. Computer Emergency Readiness Team alert Tuesday. Exploitation of the vulnerabilities may allow an attacker to take control of an affected system, it said.

The FTC agreed to settle deceptive advertising charges against Machinima, an online entertainment network, it said in a news release Wednesday. Machinima allegedly paid “influencers” to post YouTube videos endorsing Microsoft’s Xbox One system and several games, but the influencers didn’t disclose that they were paid for their reviews, the release said. Under the proposed settlement, Machinima is prohibited from similar deceptive conduct and is required to ensure influencers clearly disclose when they're compensated, it said. “When people see a product touted online, they have a right to know whether they’re looking at an authentic opinion or a paid marketing pitch,” said FTC Consumer Protection Bureau Director Jessica Rich. The vote to issue the complaint and accept the proposed consent order for public comment was 5-0. Comments on the proposed settlement will be accepted until Oct. 2, after which a decision on making the consent order final will be made.

As President Barack "Obama prepares to welcome Chinese President Xi to the White House this month, cybersecurity concerns should be a priority topic of discussion,” wrote Information Technology Industry Council resident China trade policy expert John Lenhart on an ITI blog Wednesday. “U.S. and Chinese frustrations continue to run high due to concerns over Chinese involvement in the recent high-profile hack of the Office of Personnel Management, as well as continued Chinese concerns following the revelations of former NSA contractor Edward Snowden,” Lenhart said. “But pursuing actions of escalation would only serve to widen the divide between the two countries.” Strong and constructive engagement during the presidential summit would best be focused in a few key areas like committing to market competition and free trade, establishing consultative cybersecurity mechanisms, and addressing policies that create barriers to interconnectivity, Lenhart said. “The two countries cannot allow further escalation of cyber-tensions, as it threatens to undermine the mutually beneficial policies of commercial engagement we have enjoyed for the past 35 years.”