The Federal Trade Commission has issued a staff report showing the increasing use of “dark patterns” to manipulate consumers into buying products or giving up their information, and thus their privacy, online.

The report, titled “Bringing Dark Patterns to Light,” was released at the FTC's September public meeting  — where it was approved by the commissioners 5-0 — and stems from a workshop in April 2021.

The report cited the case of smart-TV maker Vizio, which struck a multimillion-dollar agreement to settle FTC allegations that it had enabled a default setting that allowed the company to collect and share TV-viewing activity with third parties, but did so without sufficient notice to consumers, including by giving the setting the vague, pro-consumer sounding name of “Smart Interactivity.”

“While dark patterns may manipulate consumers in stealth, these practices are squarely on the FTC’s radar,” the report concluded. That includes where those practices violated the CAN-SPAM Act and Children’s Online Privacy Protection Act (COPPA).

The Network Advertising Initiative is OK with the FTC’s “goals” of cracking down on efforts “designed to trick and trap consumers, including disguised ads, difficult-to-cancel subscriptions, buried terms, and tricks to obtain data.” But it suggested the answer is self-regulation.

The NAI pointed out it has been recommending for months that its member companies follow its NAI Best Practices for User Choice and Transparency. ▪️

The FCC plans to vote next month on the framework for preventing the use of suspect tech in U.S. networks and ripping and replacing existing suspect tech, including a process for identifying which tech to expel.

The FCC has already formally designated Huawei and ZTE as suspect tech and excluded them from $8.3 billion in Universal Service Fund broadband subsidy money.

Related: Senate Bill Would Boost Rip-and-Replace Eligibility

The item would adopt rules requiring Eligible Telecommunications Carriers (ETCs) to "remove and replace covered equipment from their networks," and create a "Secure and Trusted Communications Networks Reimbursement Program" to fund smaller carriers' removal and replacement of suspect tech, at least once Congress has appropriated the $1.6 billion the FCC has estimated it will cost.

The chairman has circulated a Second Report and Order to the other commissioners that would specifically:

•  "Adopt rules to publish and modify a list of communications equipment and services that Congress or enumerated national security agencies or interagency bodies with appropriate national security expertise determine pose an unacceptable risk to the national security of the United States or the safety and security of its people.

• "Prohibit the use of any Federal subsidy that is made available through a program administered by the Commission and that provides funds to be used for the capital expenditures necessary for the provision of advanced communications service to purchase, rent, or otherwise obtain any covered communications equipment or services.

• "Establish the Secure and Trusted Communications Network Reimbursement Program, which will provide funds for the removal, replacement, and disposal of covered communications equipment and services, and condition the start of the program on Congress appropriating the funds the Commission estimates that program will cost.

• "Require Eligible Telecommunications Carriers and participants in the Secure and Trusted Communications Network Reimbursement Program to remove, replace, and dispose of covered communications equipment and services in their networks.

• "Require all providers of advanced communications services to report whether their networks use covered communications equipment or services acquired after August 14, 2018."

FCC Chairman Ajit Pai blogged that those are "critical next steps toward securing our communications networks." 

The FCC has told a federal appeals court that Huawei is wrong on all counts in its challenge to the commission's decision to exclude suspect tech in general from its Universal Service Fund subsidies and, tentatively, Huawei in particular. 

Even if the FCC had not moved to exclude technology deemed a national security threat from the USF dollars, the Congress seconded that with legislation that required it. 

The FCC filed with the U.S. Court of Appeals for the Fifth Circuit in Huawei's appeal of the FCC decision, saying the court can make its decision based on those briefs but that it is ready to go to court for oral argument if it has to. It said the Huawei petition should be denied. 

And while the FCC lays out its argument against Huawei's position, it said the court doesn't even have jurisdiction over the Huawei petition because that petition is not "ripe," in part because the decision to exclude Huawei--and ZTE--tech from the USF funds is tentative, so not a final FCC action, so not ripe for a challenge.  

The FCC voted unanimously not to allow USF fund money to go to carriers using tech from companies that threaten the integrity of networks or supply chains, then tentatively concluded that included Chinese telecoms Huawei and ZTE. The commission told the court that it reasonably concluded that networks with security vulnerabilities that could allow for foreign surveillance "were not 'quality' networks capable of furthering the goal of universal service." 

As to Huawei's assertion that the FCC does not have the authority to make national security judgments, the FCC said they are meritless given its congressionally delegated expertise in evaluating supply chains and networks, including for national security issues.  

While Huawei said the national security call has to be made by the President, the FCC said that separation of powers is demonstrably false, pointing out that part of the FCC's charter was national defense and promoting safety of life and property. 

As to Huawei's challenge to its designation as suspect tech in need of exclusion, the FCC said that was premature since it has not made a final designation (though it will almost certainly be to exclude it). 

"Carriers may still use USF funding for Huawei products or services unless and until the Commission makes a final designation decision—at which point, Huawei can seek judicial review," said the FCC, but added: "In any event, the Commission considered ample evidence that Huawei posed a potential threat to America’s communications networks, including information it received from members of Congress and Executive agencies with national security expertise." 

Halloween came early for the cable technology world in January, when four Danish internet security researchers identified “Cable Haunt,” a security flaw affecting more than 200 million cable modems equipped with Broadcom chips in Europe alone.

The Cable Haunt vulnerability is focused on the spectrum analyzer, a standard component of Broadcom silicon that protects modems from signal surges and other disturbances piped in by the coax.

The spectrum analyzer is often used by internet service providers for debugging and improving connection quality. Access to it is typically limited to connections originating within the managed network.

Researchers at Danish firm Lyrebirds said the Broadcom chipset’s spectrum analyzer is vulnerable because it uses default credentials and lacks protection against denial of service-based “rebinding attacks.” They also said the chipset contains a firmware programming error.

Hackers could exploit the vulnerability and get users to accept malicious web pages, researchees said. Once that’s done, hackers could change default domain name system (DNS) servers; conduct remote man-in-the-middle attacks; swap code and change firmware, config files and MAC addresses; and do other evil things.

The vulnerability is widespread, they added. “The reason for this, is that the vulnerability originated in reference software, which have seemingly been copied by different cable modems manufacturers, when creating their cable modem firmware,” the researchers said on cablehaunt.com, a website they set up to publicize the issue. “This means that we have not been able to track the exact spread of the vulnerability, and that it might present itself in slightly different ways for different manufacturers.”

The group also published a white paper accessible on the site. They hope that ISPs and other tech firms release firmware updates and patch any vulnerabilities.

Broadcom said it released several firmware fixes last year. Others have released fixes, too. Meanwhile, ZDNet, which had engineers probe the vulnerability, described an attack using Cable Haunt as being “very hard to pull off.”

Human nature inevitably involves a few bad people doing lots of bad, and a few good people occasionally doing some bad. It’s no surprise then that we have now – and will likely always have – safety and security concerns when it comes to using our electronic devices.

Thank goodness, last week I received the notice below from a friend who subscribes to a well-known pay TV service, known as Dish Network. The written warning is that good, and good enough that I wanted to share it with everyone who reads this and perhaps also pass it along to a friend or family member. That would especially include a dear one who is not as sophisticated as the sender, when it comes to avoiding losses coming from evildoers and their hacking/thievery.

The notice below succinctly and professionally notifies not just Dish subscribers, but really everyone how to avoid bad pay TV actors.

As easy as it is for some hackers/thieves to get into your computer, financial account, or similar electronic service, this kind of Consumer Protection 101 cheat sheet is essential.

Pass this along! It will help everybody to use their computers – be they PCs, laptops, set-tops, smartphones, or tablets, for example – better and safer!

“Webmail –Main Link:

Periodically, Dish gets reports from Dish subscribers regarding suspicious calls in which our subscribers are asked for their account information or to make additional payments. This is an annual protection reminder intended to keep you and your personal information safe. No action is required at this time. Never assume the caller ID is correct for any call you receive. Scammers can easily spoof (i.e., incorrectly alter) their caller ID.

Scammers use a variety of tactics:

· They will give you a sense of urgency. For example, you will lose your service if you don’t act now, or what they are offering is for a limited time

· Scammers may ask you to help someone in need or a loved one

· A scammer may offer some kind of incentive or something of value in return for your personal information

· Scammers impersonate government agencies. The scam may include saying your taxes are past due, or you are violating some law

· Scammers commonly reference computer vulnerabilities. They may say things like, “your device needs new software”, or “your computer has a virus”

Scammers have two main goals. They try to persuade you to:

· Make a payment by providing a credit card number or bank account number. Typically, these payment methods are different from your normal payment method

· Give up a piece of information: password, PIN, date of birth, social security number, account number or a device number - like a number from your receiver, computer or telephone

If you receive a suspicious call:

· Do not give out any information

· Do not make any payments or give out any of your banking information

· If you were left a voice message, don’t return the call

· If you have doubts, contact the company you’re doing business with directly. Get the company’s contact information from a separate source. Don’t use any number or email given to you by the caller.

For additional information and tips for protecting your information visit my.dish.com/support/consumer-protection or click the button below.”

Thank you, Dish.

And be safe!

Jimmy Schaeffler is the chair and CSO of The Carmel Group, a broadband, broadcast, and pay TV/video consultancy. He has spent nearly five decades producing, studying, writing, researching and analyzing, working with every type of player in the space. If you are looking to expand or better understand the industry, feel free to reach out to him at jimmy@carmelgroup.com, or go online to www.carmelgroup.com.

Sen. Chuck Schumer (D-N.Y.) has asked the FBI and Federal Trade Commission to look into the face morphing FaceApp from a company headquartered in Russia, concerned the Russian government might be getting access to users' personal data. 

According to Appfigures, it is the top-ranked iOS App Store app. 

The app takes photos and makes the subjects appear older (see photos below) or younger or changes men to women, women to men, or the unhip to the hip. 

It also may be harvesting more data than users know, said Schumer. 

"In order to operate the application, users must provide the company full and irrevocable access to their personal photos and data," said Schumer. "In practice, providing this level of access to a user's data could mean that any photos taken with the application could be used publicly or privately in the future without a user's consent," he said. 

Schumer said it would be "deeply troubling if the sensitive personal information of U.S. citizens was provided to a hostile foreign power actively engaged in cyber hostilities against the United States." 

He wants the FBI to mitigate the risk of the app's aggregation data, and for the FTC to investigate whether there are "adequate" privacy safeguards for American users of the app, including government personnel and members of the military. If not, it wants the FTC to issue a warning to that effect. 

Comcast said a security hole that allowed an identity thief to steal a California Xfinity Mobile customer’s phone number is being addressed and has only impacted a “very small number” of subscribers.

“We have also implemented a solution that provides additional safeguards around our porting process, and we’re working aggressively towards a PIN-based solution,” Comcast said in a statement, which didn’t outline the safeguard procedures.

“We are reaching out to impacted customers to apologize and work with them to address the issue,” Comcast added. “We take this very seriously, and our fraud detection and prevention methods, policies and procedures are continually being reviewed, tested and refined.”

The issue surfaced last week, when a Lodi, California Xfinity Mobile customer detailed what he called “a security breach large enough to drive a truck through” to the Washington Post.

Wireless carriers typically assign a four-digit personal identification code (PIN) to customers, who use it for authentication when they want to move their phone number from one carrier to another. For convenience, Comcast had each customer assigned to “0000” PIN code.

Armed with a the Lodi customer’s credit card data, an identity thief was able to also steal his phone number using this 0000 code. With that phone number and the credit card info, the thief reportedly created a Samsung Pay account and purchased a computer at an Apple Store in Atlanta.

Comcast reps noted that in order to steal the phone number, the thief had to also have the customer’s full Xfinity Mobile account number. And to get that number, the thief would have to access Comcast’s password-protected online customer portal.

Comcast blamed the issue on bad password management by the customer. 

In the Lodi case, Comcast said the customer used the same password for multiple accounts involving numerous companies.

“We believe this has only affected customers whose passwords might have been included in previous, non-Comcast related breaches. We recommend that customers use unique, strong passwords,” the Comcast statement added.

Comcast also attempted to paint the picture of a broader industry security problem. 

“The fraudulent porting of mobile numbers is a well-known industry issue and not unique to Xfinity Mobile,” Comcast also said.

That may be true, but Comcast is once again in crises communications mode, playing defense on a bad-looking story proliferating across the viral internet. Indeed, with Xfinity Mobile now boasting 1.2 million customers, and many financial institutions now using mobile numbers as a lynchpin to two-factor authentication, stories about protecting numbers with default PIN codes don’t have the best optics. 

LAS VEGAS--Comcast is using the crowded confines of CES in Las Vegas to announce a new $5.99 service, which will use artificial intelligence technology to monitor potential hacks into home-based IoT equipment.

Xfinity xFi Advanced Security will be available to Comcast’s 15 million xFi homes. xFi already offers a range of usage features that lets users monitor their WiFi network, as well as do things like shut down certain devices and teenagers at predetermined times.

To scare up interest in its new service, Comcast quotes Symantec data suggesting that the number of attacks on Internet-of-things devices increased 600% from 2016-2017.

“As the digital world gets more complex, we wanted to make it simple and easy for our customers to protect their home networks. That’s why we developed xFi Advanced Security,” said Fraser Stirling, senior VP of digital home, devices and AI for Comcast Cable, in a statement. “We want to give customers digital peace of mind for the devices they already own and the confidence to expand and evolve their connected homes knowing that every new camera, voice-assisted speaker or smart thermostat they add will be protected.”

Rhode Island is suing Google over a data breach the state said compromised the information of 52.5 million users.

That is according to the office of Rhode Island General Treasurer Seth Magaziner—the state's pension fund is invested in Google.

The pension fund filed a motion with the court to head a class action shareholder suit after it was reported that Google execs had not disclosed the breach, which involved the Google+ attempt by the company to capture some of the social media market. The effort failed and Google announced in October it was shuttering the service, a move that came after claims it had hidden security vulnerabilities that led to the breach.

"Google had an obligation to tell its users and investors that private information wasn't being protected," said  Magaziner of the suit. "Instead, Google executives decided to hide the breaches from its users and continued to mislead investors and federal regulators. This is an unconscionable violation of public trust by Google, and we are seeking financial restitution on behalf of the Rhode Island pension fund and other investors."

The state's move came the same day that Google CEO Sundar Pichai was probed on Capitol Hill on issues including breaches and data security.

Comcast says newly integrated features for its security cameras can help subscribers thwart a growing holiday season problem—packages from online retailers like Amazon that are stolen before they can get into the door of the buyer.

The operator said the new AI-based technology offers the ability for its cameras to filter motion-triggered activity by people or vehicles, zooming in on relevant activity and bookmarking it for later viewing

To highlight the need for its security product, Comcast commissioned a study by Wakefield Research that found that one in four people have reported a e-commerce package being stolen in transit. The figure rises to one in three for millennial age consumers, who use internet shopping services more and tend to populate multihousing situations more.

“Home security cameras, when integrated with our other Xfinity services, offer great peace of mind so our customers can check-in on their home from anywhere, anytime,” said Eric Schaefer, general manager and senior VP of Xfinity Services, in a statement. “We make it easy, for instance, for a parent to check their home camera in real time to make sure their child got off the bus or check to see if a package has arrived.”

With more of its constituents expanding their home automation and security businesses, CableLabs has introduced a new network framework called Micronets designed to provide enterprise-level security in the IoT environment.

The so-called Micronets framework has the ability to restrict and quarantine a device placed on the network that’s deemed to be a risk. It also provides enhanced network protection against hacking for “high-value” devices. The technology uses artificial intelligence and machine learning to simplify the fine-tuning of security controls.

The technology is built on well-established Software Defined Networking (SDN) technologies that leverage device fingerprinting and dynamic identity techniques to automatically organize all network-connected devices into separate trust domains, or micronets, managing the connectivity between them.

CableLabs said the Micronets platform allows for easy onboarding of new devices with minimal user expertise.

CableLabs has published a white paper on the technology, that’s available here.

“CableLabs Micronets delivers a streamlined user experience with seamless onboarding and authentication of all devices, while providing enterprise-style network security and control for all connections to the network,” said Michael Glenn, VP of security technologies at CableLabs, in a statement. “Users have full control over which devices are added, and CableLabs Micronets automatically monitors and segments devices into separate, policy-driven trust domains to protect the devices, data and the user.”

An online security expert has found yet more ways for malicious individuals to obtain sensitive information on Comcast subscribers using the company’s online customer service portal.

As first reported by Buzzfeed, cyber-security engineer Ryan Stephenson--a self-described “penetration tester”—has found two more ways a hacker could exploit Comcast customer-facing websites. It’s at least the second time in the last three months that Stephenson has found a breach in a Comcast portal, before going to the press about it.

In his latest discovery, Stephenson found one flaw on Comcast’s Xfinity in-home authentication page, which lets customers pay bills without entering their username and password, given that they’re connecting with their own IP address. Stephenson determined that a hacker could obtain a customer’s IP address, then derive partial home address info for the user.

Comcast is now requiring customers to authenticate, even though they’re in their bed or living room.

Related: Comcast Confirms Deactivation of Congestion Management System

The other exposed vulnerability involves Comcast’s authorized dealer sign-up page. If a hacker could obtain a customer’s billing address, they could use this tool to also illicitly obtain the last four digits of the subscriber’s Social Security number, the security consultant found.

“We quickly investigated these issues and within hours we blocked both vulnerabilities, eliminating the ability to conduct the actions described by these researchers,” Comcast said in a statement. “We take our customers’ security very seriously, and we have no reason to believe these vulnerabilities were ever used against Comcast customers outside of the research described in this report.”

The cable company continues to reconcile customer demand to make online tools intuitive and easy to use with the efforts of at least one notable online security guru, determined to find every conceivable way possible to exploit the cable company’s portals.

In May, for example, Stephenson discovered a means to use a Comcast online portal for router configuration to illicitly obtain home address info, as well as Wi-Fi network names and passwords, then reported to ZDNet.

And in June, ZDNet reported on a tip from anonymous security expert, showing that an API used by Comcast could be “tricked” into returning customer data, including account numbers and home addresses. 

Kyrio, the for-profit unit of CableLabs, has teamed with Microchip to develop embedded device security for the Internet of Things (IoT) sector.

Kyrio said it is the first certificate authority and Microchip Security Design Partner as part of an effort aimed at driving scale into IoT device security.

RELATED: CableLabs Unit Tackles IoT Testing

“The mission of this partnership is to embed IoT devices with digital certificates in secure hardware in a way that integrates well with hardware manufacturing process flows,” Ron Ih, director of business development at Kyrio, explained in this blog post. “This strategy will make it easy for IoT device manufacturers to enable enterprise-grade security without needing to be security experts.”

He noted that providing high security for networked devices historically requires complex back-end security software, security specialists, and processes “that did not fit well with hardware manufacturing flows,” and represents a situation that’s not sustainable with an IoT world that is seeing the number of connected devices explode.

RELATED: Kyrio Takes Over CableLabs Certification Testing Program

“IoT devices – from lightbulbs to cars – need security at the core, not as an afterthought,” Ih added. “By providing a strong managed Public Key Infrastructure (PKI) that fits within the existing design flow and supply chain familiar to device manufacturers, we are moving closer to the standardization the IoT industry requires to grow securely,” Ih explained.

RELATED: CableLabs Rebrands Security Spin-Off

Microchip, he said, already works with customers in several markets, including consumer, automotive, communications and industrial control.

Though Kyrio is the first certificate authority for Microchip’s Design Partner Program, other companies involved with it include cloud providers such as Google, Afero and Amazon Web Services, CycloneCrypto (a stack provider), and Cerberus, a design house based in the U.K.

Is the notion of “black box” that can support video services from all forms of multichannel video programming distributors a discrete piece of new hardware or merely a metaphor for a more virtualized component or chip that can be embedded inside set-tops and other video devices?

That was one of many questions weighed Feb. 23 when the Federal Communications Commission-appointed Downloadable Security Technology advisory Committee (DSTAC) held their first meeting.

The group, comprised of 18 individuals from companies such as Dish Network, Amazon, Comcast, Charter Communications, TiVo and Google, is tasked with investigating the successor to the CableCard, a removable security module that failed to create a vibrant retail market for cable-ready retail video devices, and file its recommenations by September 4.

The committee is tackling the idea of a uniform solution even as other MVPDs, including Charter and Cablevision Systems, have already developed and deployed downloadable security systems. Comcast and TiVo, meanwhile, are also pursuing a non-CableCard solution.

The initial meeting focused on the scope of the report, including which types of navigation devices and types of content and services -- including linear TV and on-demand video -- should fit inside it.

The notion of an all-MVPD “black box” outfitted with downloadable security dominated the early discussions, though what form it will take remains an item that still needs to be clearly defined.

Talks gravitated toward a virtual module or even a chip that can support the baseline input and output requirements of pay-TV operators. That could end up spanning elements such as service discovery, channel tuning/content requests, emergency alert system information, closed captioning data, copy control information, subscriber authentication, and the audio and video streams themselves.

There are already factions forming on what this black box shouldn’t be.

Joe Weber, the chief technology officer for TiVo’s Service Provider Business Unit, warned that it would not be feasible for a retail CE company to support a multitude of separate devices that sits between it and the retail device from a wide range of MVPDs  

Concerns were also raised that adding yet another power-sucking device to the mix runs counter to the desire to lessen the pay TV industry’s already sizable carbon footprint.

Alan Messer, vice president of advanced technology for Samsung’s Advanced Technology Lab, expressed some uneasiness about a so-called black box taking the form of a new chip, noting that it could significantly raise the materials costs for makers of TVs, DVRs and other retail video devices. Such a chip "might not be the right mindset,” he argued. 

Also up for debate is whether over-the-top services should be considered in the committee’s upcoming report, which is being researched as the FCC shoots for new rules that will would define some online video providers as MVPDs, at least with respect to access to cable and broadcast TV programming.

Mark Hess, SVP, office of the CTO, business and industry affairs at Comcast Cable, suggested that it will be difficult to exclude OTT from the discussion in a meaningful way given the current state of the video marketplace.

“It is an error to ignore it,” agreed Kenneth Lowe, vice president and co-founder of TV maker  Vizio.

The process will also prove to be a challenge for MVPDs, such as satellite TV operators, that were not required to adhere to the original separable security rules. Dish Network, for example, is inherently a one-way, downstream-only platform. While its boxes do use broadband connections for upstream communications, they are out of Dish’s control and, therefore, not something that is fully reliable or secure.

“DBS is going to be the problem child here and bring in some unusual challenges,” Card warned.

While some on the committee are pushing for a successor that’s based on IP-based transport, others warned that MVPDs are not migrating there in lock-step.

“Not all operators move at the same timeframes,” Milo Medin, vice president of access services at Google, said. The challenge, he added, is to focus on solution that succeeds the CableARD “without a multi-year gap.”

Another concern is whether metadata will be included in the downloadable security platform.  Hess pointed out that MSOs such as Comcast strike separate deals for metadata and the rights on how they can use them. “There are a lot of subtleties to this as we go deeper,” he said.

FCC Chairman Tom Wheeler paid the DSTAC meeting a visit, thanking the group while also acknowledging that the task ahead won’t be easy.

“Congress gave us a non-trivial task that you all know so well,” he said. “We are under no allusions about the challenge that that mandate represents.”

President Obama Friday signed an executive order that encourages the sharing of cyber threat information within industry and with the government, which both of those agree is key to protecting information online.

The White House also continues to push for cyber sharing legislation as well.

"Rapid information sharing is an essential element of effective cybersecurity because it ensures that U.S. companies work together to respond to threats, rather than operating alone," the White House said. It has been pushing for legislation to do that, but as with other issues in the President's last term, he is trying to goose the process via executive actions.

But the President is also looking for legislation to boost info sharing and collaboration. "While we applaud Congress for successfully passing several pieces of important cybersecurity legislation last year, we still need Congress to pass key cybersecurity legislation," the White House said.

That bill would allow for sharing and establish a national data breach reporting regime. "The Administration’s updated proposal helps businesses and consumers by simplifying and standardizing the existing patchwork of 46 state laws (plus the District of Columbia and several territories) that contain these requirements into one federal statute," The White House said.

House Homeland Security chairman Michael McCaul (R-Tex.) has already set aside Feb. 25 for a hearing on the President's cybersecurity information sharing proposal.

“The recent cyber attack on Anthem was yet another stark reminder of the persistent threats we face," said McCaul. "Now, more than ever, Congress must take aggressive action to remove legal barriers to improve private entities’ ability to share information to combat these attacks."

It was a busy day for cybersecurity Friday (Feb. 13) as the White House convened stakeholders -- tech companies, privacy advocates, consumers advocates, law enforcement, educators and others -- to talk about collaborating and partnering on cybersecurity and financial protections, the venue for announcing the new order.

“We applaud the White House’s commitment to information sharing initiatives that will help our country ward off damaging cyberattacks,” said Tim Pawlenty, president of the Financial Services Roundtable. “We hope this will push Congress to swiftly enact cyber threat information sharing legislation that provides strong liability protections so companies can share critical threats with each other and the government as they work to protect customers from the next major cyberattack.”

The summit follows various moves by the White House to address cyberthreats, including an Executive Order on developing a framework for critical Infrastructure cybersecurity protections. Among the companies that committed to that framework Friday were Intel, Apple, Bank of America, AIG, QVC, Walgreens and Kaiser Permanente.

Intel also announced the launch of True Key, which it describes as "a new consumer application by Intel Security that eliminates the hassle of managing passwords and enables consumers to use unique and more complex passwords – without having to remember them – so they can better protect their information and identity."

“TechNet commends President Obama and the administration for shining a spotlight on the growing cybersecurity threat to the country’s critical infrastructure and computer networks," Linda Moore, president and CEO, said in a statement. “By traveling to Silicon Valley to host today’s summit and by collaborating with a range of innovation economy leaders, the president received important feedback on the nature of the cyber threat and the tools available to mitigate the risk. TechNet members, including Symantec, Apple, Visa and Fortinet, were also cited by the President as being at the forefront of building and integrating some of the security protocols and standards outlined today.”