Vladimir Tsastsin, 35, of Estonia, pleaded guilty Wednesday to wire fraud and computer intrusion charges “arising from his operation of a massive and sophisticated Internet fraud scheme that infected” more than four million computers in more than 100 countries with malware, said a news release from the Southern District of New York’s U.S. Attorney’s office. “The malware secretly altered the settings on infected computers, enabling Tsastsin and the six other charged defendants -- Timur Gerassimenko, Dmitri Jegorov, Valeri Aleksejev, Konstantin Poltev, Andrey Taame and Anton Ivanov -- to digitally hijack Internet searches, re-route computers to certain websites and advertisements, and receive payment for the hijacked Internet traffic,” the release said. Tsastsin faces a maximum sentence of 20 years in prison for wire fraud and five years in prison for computer intrusion. Sentencing is Oct. 14.

Vonage joined the NYC Media Lab and will work with the lab and its university partners on innovation-oriented projects and programs, the group said in a release Wednesday. NYC Media Lab connects digital media and technology companies with members of New York City's universities, and Vonage will collaborate with experts in "engineering, data science, computer science, design and more" to further its innovation goals, the group said. Other NYC Media Lab company members include The Associated Press, Bloomberg, ESPN, Hearst, MLB Advanced Media, NBCUniversal, News Corp., Publicis Group, Rogers Communications, Showtime, Tenfore Holdings, Time Warner Cable, Verizon and Viacom. Members participate in annual seed projects, which can yield research papers and prototypes.

Anonymous online reviewers are entitled to basic First Amendment protections, the Washington state Court of Appeals ruled Monday. The ruling came in a case brought by Tampa-based attorney Deborah Thomson, who received negative reviews on Avvo, Google and Yelp for how she handled a client’s divorce proceeding in September 2013, said a news release from Avvo, an online legal marketplace that was asked to reveal the identity of an anonymous reviewer. Thomson filed a defamation suit in May 2014 in Hillsborough County, Florida, and sought a subpoena in Washington state on June 25, 2014, hoping to “unmask” the critic who posted on Avvo, the release said. A Washington trial court rejected Thomson’s request in July 2014 and she appealed, it said. Thomson didn’t seek a subpoena in California where Google and Yelp are based, it said. "Whether they're leaving reviews on Amazon or commenting on an op-ed in their local paper, consumers have a right to protect their anonymity online, and to freely express their opinions on the products and services provided by businesses," Avvo General Counsel Josh King said. "This is a developing area of the law, and this case helps set a precedent for consumers' legal rights when expressing themselves online,” he said. “In order for us to deliver consumers the transparency they've come to expect, we need to protect and provide the ability to comment on the quality and delivery of professional services without fear of a lawsuit from a disgruntled attorney," King said. Currently, 12 states, the District of Columbia and many federal courts have adopted standards providing strong First Amendment protections to anonymous online reviewers, the release said. Thomson had no immediate comment.

“It is a pity” that the nine groups representing consumers and privacy advocates walked out of the NTIA’s facial recognition multistakeholder process (see 1506190041), said a blog post last week from Brian Brackeen, CEO of Kairos, a face recognition and emotion analysis software company. By leaving, the participants distracted media attention from the talks' real focus and purpose, Brackeen said. “Many valuable and helpful uses" for this technology "are in danger of being overlooked because of the media focus on privacy threats,” he said. “Discussion needs to move away from potential threats of Big Brother tracking your every movement, to showing how we can use the technology to better society,” Brackeen said. “At Kairos we are not against the concept of people having to opt in to using facial recognition in most circumstances, certainly in the commercial and retail situations that are the focus of these talks,” he said. Kairos believes “at a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard of are tracking their every movement -- and identifying them by name -- using facial recognition technology,” he said. These talks were designed to create a set of voluntary guidelines commercial facial recognition companies could choose to adhere to and will not impact the federal government, law enforcement, the military, etc., he said. “While we are disappointed that some important parties left the table, we are still wholeheartedly supporting the efforts, and we look forward to opting into a new standard.”

“Google’s failure to offer U.S. users the ability to request the removal of search engine links from their name to information,” as the company does for Europeans under the right to be forgotten policy, is an unfair and deceptive practice, Consumer Watchdog said in a complaint filed Tuesday with the FTC. Google has removed 348,794 URLs from its search results out of a requested 997,008, or 41.3 percent of links that were deemed inadequate, irrelevant no longer relevant or excessive, Consumer Watchdog said in a news release. Google’s “refusal” to consider such requests in the U.S. is unfair and deceptive, a violation of the FTC Act’s Section 5 authority, said Consumer Watchdog Privacy Project Director John Simpson. Google’s recent announcement that it would honor requests to remove links to revenge porn (see 1506190048) is proof Google could “easily honor Right To Be Forgotten requests in the U.S.,” Simpson said. “We urge the Commission to investigate and act,” he said. The right to be forgotten isn't censorship, because the content isn't removed from the Web, the complaint said. Before the Internet, youthful indiscretions and embarrassments “slipped from the general public’s consciousness,” the complaint said. “The Digital Age has ended that,” it said. “Everything -- all our digital footprints -- are instantly available with a few clicks on a computer or taps on a mobile device,” the complaint said. Examples of URLs that Consumer Watchdog said could be removed from search results in the U.S. include photos of a California woman who was decapitated in a car accident that were “wrongfully leaked by California Highway Patrol officers"; a mug shot photo of a woman who scratched her “violent” boyfriend’s chest as he came at her with a knife; photos of a woman who had worked as a lingerie model between the ages of 18-20 and lost her guidance counselor job after the photos surfaced, despite having previously disclosed her modeling career. In Europe, Google has removed URLs to newspaper articles about victims of rape and other crimes, the release said. Google has refused to remove some search results such as for a Swiss financial professional who was arrested and convicted for financial crimes or those who were dismissed from their jobs for committing sexual crimes, the release said. “Removal won’t always happen, but the balance Google appears to have found between privacy and the public’s right to know demonstrates Google can make the Right to Be Forgotten work in the United States,” the complaint said. “FTC investigations are non-public and we do not confirm or deny the existence of any investigations," an FTC spokesman told us. "We welcome complaints from consumers and consumer groups and review them carefully," he said. Google had no immediate comment.

Harvard University “discovered an intrusion on the Faculty of Arts and Sciences and Central Administration information technology networks” June 19, said Provost Alan Garber and Executive Vice President Katie Lapp in a joint statement Wednesday. “Since discovering this intrusion, Harvard has been working with external information security experts and federal law enforcement to investigate the incident, protect the information stored on our systems, and strengthen IT environments across the University,” the statement said. Garber and Lapp said there's no indication now that personal data, research data or PIN system credentials were compromised but said Harvard login credentials may have been used to access individual computers, and university email accounts “have been exposed.” To further secure data, the university is requiring those who are part of the Faculty of Arts and Science, Harvard Divinity School, Radcliffe Institute for Advanced Study or Central Administration to change the password associated with their Harvard account. Those part of the Graduate School of Design, Graduate School of Education, School of Engineering and Applied Sciences, or School of Public Health are required to change their email password. “Password changes will be required again at a later time,” the statement said. Those who are part of the business, Kennedy, law, medical or dental schools “do not need to take any action at this time,” the statement said.

The Electronic Frontier Foundation (EFF) and the Online Abuse Prevention Initiative were among 36 digital rights, privacy and women’s advocacy groups that signed a letter to ICANN opposing proposals to ban owners of domain names connected to commercial websites from using proxy services to mask ownership information on the WHOIS registration database. EFF is also one of the groups that have been leading campaigns against the proposed proxy services ban for commercial websites, contained in an initial report from the Generic Names Supporting Organization’s Policy Development Process Working Group on Privacy & Proxy Services Accreditation Issues (see 1507010065). The proposed ban “will physically endanger many domain owners and disproportionately impact those who come from marginalized communities,” EFF and the other groups said in their joint letter. “People perceived to be women, nonwhite, or LGBTQ are often targeted for harassment, and such harassment inflicts significant harm.” The proposed ban would make it easier for commercial website owners to become targets of “doxing” -- maliciously publishing someone’s personal information -- and “swatting” -- using personal information to send in false tips to law enforcement, the groups said.

“Universal strong encryption will protect all of us -- our innovation, our private thoughts, and so many other things of value -- from thieves of all kinds,” but there also are many costs associated with the use of encryption, FBI Director James Comey wrote in a post for the Lawfare blog on Monday. “Public safety in the United States has relied for a couple centuries on the ability of the government, with predication, to obtain permission from a court to access the ‘papers and effects’ and communications of Americans,” Comey wrote. When the government can no longer see an individual’s communications, while respecting Fourth Amendment rights, public safety is affected, he said. The Islamic State group in Syria is recruiting and “tasking dozens of troubled Americans to kill people, a process that increasingly takes part through mobile messaging apps that are end-to-end encrypted, communications that may not be intercepted, despite judicial orders under the Fourth Amendment,” he said. It’s not just the Islamic State, but criminal actors throughout the U.S. and world “can communicate with impunity in a world of universal strong encryption,” he said. The American people will decide if the public safety benefits outweigh the privacy costs of universal strong encryption, but from his perspective, Comey said, strong encryption “will inexorably affect my ability” to keep people safe.

The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) is seeking comment on proposals to explore email security and the addition of derived personal identity verification (PIV) and other second-factor identifications for smart card logons as part of the center’s “building blocks” for companies to demonstrate their cyber capabilities, NIST said Thursday. NCCoE building blocks are cybersecurity implementations that the center uses in many of its sector-specific use cases. The email security building block proposes using the Domain Name System-Based Authentication of Named Entities (DANE) protocol to prevent unauthorized viewing of email. The second-factor identifications building block proposes a method for allowing mobile devices to use two-factor authentication -- derived PIV or other smart card plus a password -- rather than only relying on a password. Both proposals are open for public comment until Aug. 14, NIST said.

In comments submitted to the FTC after the agency's sharing economy workshop June 9 (see 1506090046), the Free State Foundation “credited the sharing economy with fostering innovation, creating value, and providing cost saving options for consumers,” FSF Research Associate Michael Horney wrote. Eight takeaways FSF gleaned from the workshop include: reputational feedback mechanisms have enabled bisymmetrical trust; bisymmetrical trust relationships balance privacy with transparency; self-regulation is not the same as no regulation; deregulate down rather than regulate up to address legitimate equity considerations; horizontal mergers are only a concern if regulations eliminate contestability; positive externalities and spillovers of the sharing economy were not discussed enough; and the sharing economy benefits low-income users more than high-income users. Horney said there wasn’t much discussion on how the FTC will or should regulate the sharing economy, which he found appropriate because “a deregulatory approach has been vital to the emergence and success of the sharing economy.”