The Computer & Communications Industry Association raised concerns Tuesday about a joint France-Germany push for what the industry group believes is a plan to weaken encryption. French Interior Minister Bernard Cazeneuve and German Interior Minister Thomas de Maizière called Tuesday for EU legislation aimed at clarifying the rights and obligations of telcos and ISPs doing business in EU countries, including “obligations on operators deemed uncooperative in the removal of illegal content or decryption of messages.” Meanwhile, the European Commission is working on a new “ePrivacy proposal” that likely will include a loophole that allows governments to request access to encrypted data, CCIA said. “We are worried that EU proposals can allow governments to challenge end-to-end encryption and thus threaten the security and confidentiality of Europeans' communications,” said CCIA Europe Director Christian Borggreen in a statement. “It is certainly understandable that some would respond to recent tragedies with backdoors and more government access. But weakened security ultimately leaves online systems more vulnerable to all types of attacks from terrorists to hackers. This should be a time to increase security -- not weaken it.”

Infidelity website Ashley Madison parent ruby violated privacy laws in Australia and Canada by falsely presenting itself as a secure service while having inadequate cybersecurity, a panel reported Tuesday. Ashley Madison and other services owned by ruby -- then known as Avid Life Media -- were hacked last year, resulting in the theft of sensitive and personal records of about 40 million people (see 1507200017). The offices of Australian Information Commissioner and of Canada Privacy Commissioner identified violations of privacy laws, particularly because the company's lack of a comprehensive privacy and cybersecurity framework despite ruby's awareness that discretion and security were key to Ashley Madison's business model. The website marketed itself as a “100% discreet service” and used a fabricated security trustmark online to back up its security claims, the privacy offices said. They said cybersecurity protections “were insufficient or absent and, although [ruby] did have some personal information security protections in place, the company fell short when it came to implementing those security measures.” There were “inadequate” authentication processes for ruby employees who accessed the company's systems remotely, and the company had “poor” key and password management practices, the privacy offices said. Ruby encrypted all web-based communications but stored the encryption keys on its systems in “plain, clearly identifiable text” that put the keys at risk of unauthorized disclosure, the privacy offices said. Stored passwords displayed as “clearly identifiable text” in emails, while text files containing the passwords were stored on ruby's systems, the privacy offices said. They said ruby retained personal information on users who left, and failed to ensure email addresses on file were accurate. “Privacy breaches are a core risk for any organization with a business model based on the collection and use of personal information,” said Canada Privacy Commissioner Daniel Therrien in a news release. “Where data is highly sensitive and attractive to criminals, the risk is even greater. Handling huge amounts of this kind of personal information without a comprehensive information security plan is unacceptable.” The firm cooperated with and entered into a court-enforceable compliance agreement on recommendations for improvements. “We hope that by openly speaking about the breach and our commitments to the [privacy offices], we can help other organizations and business leaders who are facing increased cyber security challenges,” said CEO Rob Segal in a statement. “The company has cooperated with the Commissioners throughout their investigation and will continue to share information with them as we honour the terms of the compliance agreement and enforceable undertaking.”

AT&T filed at the FCC its service agreement with Empresa de Telecomunicaciones de Cuba allowing calls between its subscribers and customers of the Cuban provider. AT&T also filed a notification with the International Bureau saying it agrees to accept the terms and conditions for a waiver of the benchmark rate applicable to Cuba. Parts of the publicly filed document were redacted. The agreement is to take effect when signed by both parties and after regulatory approvals in the U.S. “It shall remain valid and in effect for an initial period of one (1) year from the Effective Date and will be automatically extended and shall continue in full force and effect for the same one (1) year consecutive periods, unless terminated by either Party,” the agreement says.

The Department of Commerce approved an initial group of U.S. companies to be self-certified under the EU-U.S. Privacy Shield. The department released a list of 34 companies, including Microsoft, Salesforce and Workday, that will have to follow more stringent requirements to transfer the personal data of Europeans (see 1608050007).

British regulator Ofcom estimates 15 million U.K. internet users have embarked on “digital detox” self-help therapy “to strike a healthier balance between technology and life beyond the screen,” said a Thursday report. Ofcom canvassed 2,025 adults on their online habits and found that one in three adult internet users (34 percent), equivalent to 15 million people in the U.K., has “sought a period of time offline,” with one in 10 having done so in the previous week, it said. Of those “digital down-timers,” 25 percent spent up to a day internet-free, while 20 percent took up to a week off and 5 percent went internet-free for up to a whole month, Ofcom said. Respondents had mixed opinions about the benefits and drawbacks of their internet abstinence, it said. A third of those canvassed (33 percent) said they felt “more productive” as a result, and 27 percent found it “more liberating” to stay offline, Ofcom said. But 16 percent said they experienced the “fear of missing out,” 15 percent said they felt “lost,” and 14 percent “cut off,” it said. Ofcom estimates millions of U.K. consumers built their “digital detox” strategies into their vacation plans. Of U.K. adult internet users canvassed, 16 percent reported “purposely” visiting a vacation destination with no internet access, and 9 percent said they intentionally traveled “to a place with neither internet nor mobile phone coverage,” Ofcom said. The internet “has revolutionised our lives for the better,” said the agency. “But our love affair with the web isn’t always plain surfing, and many people admit to feeling hooked. So millions of us are taking a fresh look at the role of technology in our lives, and going on a digital detox to get a better tech-life balance.”

Recent negotiations between the U.S. and EU on the Transatlantic Trade and Investment Partnership (TTIP) included telecom and e-commerce language, said the European Commission in a report released Thursday. During the TTIP meetings in Brussels July 11-15, the two sides "covered all provisions put forward by the EU and the US for the E-commerce chapter and many of the provisions of both sides on telecommunications," said the EC. "On telecommunications, the discussion addressed in particular licensing requirements, the role of the regulatory authority and interconnection," it said. "Both sides agreed on a detailed list of follow-up action items in order to achieve further progress at the next Round." Within discussions on information and communications technology, the EU said it's pleased by a "textual proposal on cooperation on market surveillance activities which intends to improve cooperation between enforcement authorities for products subject to radio and electromagnetic compatibility requirements." Among other issues were "e-labelling for electronic products with an integrated screen," encryption and spam.

Alfa, the Lebanese wireless carrier managed by Orascom Telecom, working with Nokia, launched that nation's first 4G LTE-Advanced network, Nokia said in a news release Tuesday. “The network enables Alfa to offer its subscribers significantly higher download speeds of up to 262.5 Mbits/sec for accessing high-definition video and other data-intensive applications.”

Neustar said it will continue to provide number portability services in Canada to telecom carriers under an agreement with the Canadian LNP Consortium. The pact with CLNPC is through 2018, said Steve Edwards, Neustar senior vice president-data solutions, in a release Tuesday. “This agreement benefits Canadian consumers and service providers and provides an opportunity to build on Neustar’s exceptional performance and customer support for the industry.” CLNPC President Jacques Sarrazin said in the release: "The Canadian telecommunications industry has signaled its continued confidence in Neustar's ability to provide uninterrupted and reliable number portability services. We believe this step is critical to positioning the CLNPC in planning for 2019 and beyond, and we look forward to ongoing discussions with Neustar with respect to future requirements for number portability services in Canada.” Neustar lost its number portability contract with the FCC for the U.S. (see 1607250029).

TechFreedom joined Engage Cuba, a coalition of companies, trade associations and civil society organizations seeking to end the travel and trade embargo on Cuba. “Normalizing relations with Cuba is a win-win, especially for technology,” said TechFreedom Policy Counsel Tom Struble in a Friday news release. “Lifting the embargo opens a new market for American companies, and Cubans will gain access to online services that provide jobs, foster free speech, and enable more cultural diffusion.” For example, Airbnb would help Cubans make money from an influx of travelers, he said: “Travel is essential to the Cuban tech sector, as U.S. companies and experts need the freedom to help spur startups and accelerate broadband deployment on the Island.”

An Irish High Court judge Tuesday accepted the U.S. government, two technology associations and a U.S.-based privacy group as amici curiae in a case involving Facebook's use of standard contractual clauses to transfer Europeans' personal data across the Atlantic (see 1607060009). But Justice Brian McGovern refused applications by several other civil liberties, human rights and privacy associations, an Irish business group and a data protection expert to advise the court. In his judgment, McGovern said the U.S. has a "significant and bona fide interest in the outcome of the proceedings. ... The imposition of restrictions on the transfer of such data would have potentially considerable adverse effects on EU-US commerce and could affect US companies significantly." Applications from industry associations BSA|The Software Alliance and Digital Europe also were accepted as was one from the Electronic Privacy Information Center. McGovern said EPIC would "offer a counterbalancing perspective" to the U.S. government's stance. McGovern acknowledged that Max Schrems, the Austrian privacy activist who brought the complaint against Facebook, is an EPIC board member, but the judge said there are 93 other board members and Schrems won't provide any advice or help preparing submissions or have contact with the group. McGovern denied applications from the American Civil Liberties Union, Electronic Frontier Foundation, the Irish Council of Civil Liberties and the Irish Human Rights and Equality Commission, saying they wouldn't provide any particular assistance or new perspective. He also denied assistance from Ireland-based industry group IBEC and Kevin Cahill, who was described as an IT expert in the decision but who has been also identified as a U.K.-based journalist and data privacy campaigner in other media reports. The case, which was brought by Ireland's data protection commissioner, is expected to be transferred to the European Court of Justice soon.