A White House report on artificial intelligence "rightly" extols the technology's potential, but also gives "undue credence" to speculation that AI will "exacerbate inequality" and eliminate jobs before acknowledging creation of new ones, said Center for Data Innovation (CDI) Director Daniel Castro in a statement. Tuesday's report (see 1612200056) said the technology could hurt less-educated, lower-skilled workers and recommended several policy changes including more R&D, worker training and education, and a modernized social safety net. "The White House is wrong to suggest that AI will power a productivity explosion so great that it destroys jobs faster than the economy can keep up," said Castro. "That idea vastly overestimates the ways in which AI will be able to replace people -- and it underestimates the extent to which productivity gains create new job opportunities by putting more money into the economy." He said policymakers including the incoming Trump administration should keep the claims in perspective. But Castro said he supports the strategies the White House put forth and said the report correctly says the bulk of new jobs created won't be high-skilled technical jobs like computer scientists but in other sectors where companies benefit from AI. In October, CDI released an AI report and held a discussion on how government regulators and policymakers could help foster the technology (see 1610190027).

The frequency of distributed denial-of-service (DDoS) attack mitigations increased 40 percent so far in 2016, vs. the same period in 2015, Neustar reported Monday. IoT botnets emerged this year as a DDoS tool, as evidenced by the Mirai botnet that caused the October Dyn attacks (see 1610210056 and 1610250035), Neustar said. “The DDoS attack landscape has become increasingly complex in 2016 because there is no singular goal behind these attacks; some seek to disrupt services, while others serve as smokescreens to breach data,” said Senior Vice President Rodney Joffe in a news release. “Mirai signals a watershed moment for DDoS attacks, where the bad guys finally turned the Internet back on its users. It is imperative to invest in effective DDoS protection now because the threat landscape has fundamentally changed.” Multi-vector attacks are 322 percent higher this year than 2015, and were 52 percent of all DDoS attacks that Neustar mitigated this year, the company said. Domain name system-based attacks increased 648 percent this year as attackers increased their leveraging of DNS security extension amplification to generate “massive volumetric pressure,” Neustar said.

Audiology device supplier Oticon will use CES to showcase what it calls the world’s first hearing aid capable of connecting to the internet via the IFTTT network that supports Amazon's Alexa and other devices, the company announced Monday. Called the Opn, the small, discreet hearing aid can be programmed to talk directly with doorbells, smoke detectors and other smart devices via an Oticon app, it said. “In its core function as a listening device, Opn overcomes a challenge the most advanced hearing solutions can’t solve: the ability to handle noisy environments with multiple speakers.”

The U.S. private cyber insurance market is continuing to grow and is capable of managing most risks, the R Street Institute reported Thursday. The free-market think tank said that sector is growing at a rate of between 25 and 50 percent annually, netting $2.75 billion in premiums in 2015. U.S. cyber insurance premiums are expected to rise to $7.5 billion by 2020, R Street said. Policies with a $50 million limit “would be able to cover roughly 92 percent of cyber-event claims,” R Street said. The likelihood of a major cyber incident that causes $250 billion-$1 trillion in damage during the next decade is between 10 and 20 percent, the group said. The potential for that sort of “black swan” event requires a government “backstop” or reinsurance entity to manage U.S. cyber exposure, R Street said. “The cyber insurance market is growing rapidly and ... already has sufficient capacity to cover the overwhelming bulk of events the market already has faced,” R Street said. “Businesses report they are satisfied with their existing cyber coverages."

The growth of connected "smart" toys raises major privacy and security risks to data, including personally identifiable information, collected from children and parents, said Senate Commerce Committee ranking member Bill Nelson, D-Fla., in a minority staff report Wednesday. Nelson sent letters to toymakers, including Fisher-Price, KGPS and VTech, following security incidents (see 1512010041). He also sent letters to Fuhu, KD Group and LeapFrog regarding their data collection, use, sharing and security practices, and the responses from the six companies formed the basis of the report, it said. The report found that "some toymakers failed to secure collected consumer data" and these incidents raise "troubling questions" about security as a priority. “It’s frightening to think that our children’s toys can be used against them in this way,” said Nelson in a news release. The report noted that toymakers need to build security into their toys from the start, parents should understand the data privacy and security risks with smart toys and the FTC needs to carefully monitor this evolving space. The Future of Privacy Forum and Family Online Safety Institute recently released a paper on smart toys and privacy practices, while consumer and privacy groups filed an FTC complaint against one toymaker and partner (see 1612060021 and 1612070029).

The number of connected IoT devices, sensors and actuators will top 46 billion in 2021, Juniper reported Tuesday, but hurdles remain. The 200 percent jump from 2016 will be driven by lower hardware costs, said Juniper. Challenges remain, including complexity in developing large-scale IoT deployments and cybersecurity issues that have reached a “boiling point,” it said.

The FCC released the FCC Disability Advisory Committee's resolution on making the IoT accessible (see 1612060060). The resolution urges the next FCC to work with stakeholders to address possible accessibility issues in connected devices that may have limited user interfaces. The committee also asked the agency to consider seeking stakeholder recommendations on IoT accessibility issues falling within the regulator's purview.

IoT platform revenue will increase 116 percent to $2 billion in 2017, MachNation predicted in a report rating 35 IoT vendors. IoT companies have been acquired for 20 times their annual revenue, a Thursday news release said. "The IoT application enablement space is the most rapidly developing piece of the IoT technology stack," MachNation Chief Technology Officer Dima Tokar said.

NCTA Senior Director-Digital Strategy John Solit said the DVRs that were among connected devices used as vehicles for the October distributed denial-of-service attacks against DynDNS “were particularly insecure. The DVR that your TV provider gives you is vastly more safe and protected.” The Dyn DDoS attacks caused outages and latency for multiple major U.S. websites, including Netflix and Twitter (see 1610210056). The attacks led to increased congressional scrutiny of IoT cybersecurity, including a November joint House Commerce Communications/Trade Subcommittee hearing (see 1610260067 and 1611150059). “There’s no way to 100 percent guarantee any device connected to the internet is secure or that it can’t be used in a DDoS attack,” Solit said in a Thursday blog post. “There’s more work to be done to make sure DVRs and all web-connected devices, including those provided by TV and internet companies, are as secure as possible.” Solit noted a recent Broadband Internet Technical Advisory Group report that included guidelines and recommendations aimed at helping consumer IoT manufacturers and other providers improve device privacy and security (see 1611220030). “While standards are getting sorted out and agreed upon, there are basic precautions everyone can take to better protect their homes and devices,” Solit said. “At a minimum, change the default password on all of your internet connected devices and make sure your home network firewalls are up and running.”

Internet-connected toys may spy on children, said consumer and privacy groups in an FTC complaint Monday against Genesis Toys and its voice-recognition vendor partner Nuance Communications. Dolls known as My Friend Cayla and i-Que Intelligent Robot collect and use personal information from children in violation of the Children’s Online Privacy Protection Act and FTC rules prohibiting unfair and deceptive practices, alleged the complaint by the Electronic Privacy Information Center, Consumers Union, Center for Digital Democracy and Campaign for a Commercial-Free Childhood. The companies "unfairly and deceptively collect, use, and disclose audio files of children’s voices without providing adequate notice or obtaining verified parental consent,” the complaint said. Genesis failed to take reasonable security measures to prevent unauthorized Bluetooth connections with the toys, opening the door for strangers to eavesdrop on kids, it said. The toy company didn’t adequately disclose privacy dangers on packaging or in terms of service, the complaint said. The groups filed the complaint as part of a coordinated, trans-Atlantic legal action with groups in Europe, said Campaign for a Commercial-Free Childhood in a Tuesday news release. Nuance hasn't received an inquiry from the FTC or other privacy authority, but when it does, it will respond appropriately, the company said in a blog post Tuesday. "Nuance takes data privacy seriously," it said. "Our policy is that we don’t use or sell voice data for marketing or advertising purposes." After learning about the concerns through media, the company said it "validated that we have adhered to our policy with respect to the voice data collected through the toys referred to in the complaint ... Nuance does not share voice data collected from or on behalf of any of our customers with any of our other customers." Genesis didn’t comment.