Google signed a definitive agreement to buy cybersecurity platform Mandiant for $5.4 billion in an all-cash deal, said the buyer Tuesday. Mandiant will join Google Cloud when the transaction closes later this year, it said. “Organizations are facing cybersecurity challenges that have accelerated in frequency, severity and diversity, creating a global security imperative,” said Google. “The cloud represents a new way to change the security paradigm by helping organizations address and protect themselves against entire classes of cyber threats.”

It’s “no secret” that corporate awareness of cybersecurity is “high,” Palo Alto Networks CEO Nikesh Arora told a Morgan Stanley investment conference Monday. “I can’t imagine five years ago, you’d be asking the CEO, how secure is your infrastructure? And are you worried about the risk of cyberattacks?” Arora thinks there's "more of a focus on getting security right than there ever was,” he said. “We’re woefully ill-prepared for what could happen to the technology infrastructure in this country and around the world.” The cybersecurity “debate” has evolved from “whether I could be hacked,” to “if I did get hacked, how am I going to get back up again?” he said.

Authorities arrested a man who committed cryptocurrency securities fraud by misrepresenting the size and profitability of Ormeus Coin, DOJ announced Tuesday. John Albert Loar Barksdale, 40, falsely claimed that Ormeus “was secured by a $250 million cryptocurrency mining operation, which would have been one of the largest such operations in the world, and that its mining revenues exceeded $5 million on a monthly basis,” the department said. According to DOJ, he raised $70 million from more than 8,000 investors “through a web of lies, which he spread through in-person roadshows, social media, and even a jumbotron in Times Square.” He faces up to five years in prison for securities fraud and up to 20 years for additional charges of conspiracy and wire fraud. The company didn't comment.

Facebook isn’t responsible for a dating app’s decision to use a woman's Facebook image for marketing purposes without consent, platform parent Meta argued Friday in docket 2:19-cv-04034. Philadelphia news anchor Karen Hepp sued Facebook in 2018 for running an ad from the dating app FirstMet, which used her image without consent. The platform violated her right to publicity, Hepp claimed. Facebook was a “passive distributor” of the ad, and Hepp didn’t show the platform benefited from the use of her likeness, Meta argued in a filing with the U.S. District Court in Philadelphia. The platform is immune from liability under the Pennsylvania Act as a "communications medium" without "actual knowledge," the platform said.

The Supreme Court should review the “proper scope” of Communications Decency Act Section 230 immunity, Justice Clarence Thomas said Monday as the high court declined to review a Facebook-related sex-trafficking case. “Assuming Congress does not step in to clarify §230’s scope, we should do so in an appropriate case,” he wrote in a statement accompanying the denial of certiorari in Jane Doe v. Facebook. The case stems from a lawsuit a Facebook user filed against the platform. The plaintiff, listed as Jane Doe, was a minor when she received a friend request from an adult user, and was then lured into meeting up in person, raped, beaten and forced into sex trafficking in 2012, according to filings. The Supreme Court shouldn’t review Section 230 in this case because there are outstanding legal questions for the Texas Supreme Court, Thomas said.

ICANN made $1 million available to help maintain internet access for Ukrainians, it said Monday. The organization earlier refused the Ukraine government's request that it revoke country-code top-level domains (ccTLDs) .ru and .su to limit Russian internet access. ICANN "has a longstanding practice of coming to the technical support and aid of technical providers, such as ccTLD managers, to enable them to stay connected to the Internet's DNS [domain name system] and continue servicing their customers and region during times of crisis," a March 6 board resolution said. This time, board members also directed ICANN to provide funding to Ukraine "to support maintaining access to Internet infrastructure through these challenges." The funding runs until year's end. ICANN must work with other organizations on this, President Goran Marby told us at a virtual executive team Q&A at this week's ICANN meeting from San Juan, Puerto Rico: Help could involve satellite terminals, but it's too early to say and so far there has been no request from the Ukraine government. Also Monday, ICANN responded to concerns about domain name registrants in Ukraine being unable to renew their domains in a timely manner. It's considering the events in the region an extenuating circumstance under the 2013 registrar accreditation agreement, meaning registrars can extend renewal periods for people in affected areas. Earlier this month, the Ukrainian government asked ICANN to temporarily or permanently revoke the Russian ccTLDs and shutter DNS servers there (see 2203020002). But in a March 2 reply, Marby said ICANN's primary role with ccTLDs involves validating requests that come from authorized parties within the respective country or territory, and ICANN can't take unilateral actions to disconnect domains: Such a change in ICANN's process "would have devastating and permanent effects on the trust and utility of this global system." In addition, he said, the root server system is made up of many geographically distributed nodes maintained by independent operators. Nor can ICANN control internet access or content, he wrote; it must remain neutral and act in support of the global internet.

The owners of a weight loss app marketed to kids as young as 8 illegally collected their data without parental consent, DOJ and the FTC announced Friday in a $1.5 million settlement. WW, formerly Weight Watchers, and its subsidiary Kurbo violated the Children’s Online Privacy Protection Act, the agencies said. They “marketed weight management services for use by children as young as eight, and then illegally harvested their personal and sensitive health information,” FTC Chair Lina Khan said. “Our order against these companies requires them to delete their ill-gotten data, destroy any algorithms derived from it, and pay a penalty for their lawbreaking.” DOJ filed the complaint on behalf of the FTC in U.S. District Court in San Francisco. The defendants “possessed actual knowledge” that its application collected personal information like names, numbers and emails, plus information like height, weight, food intake and physical activity, DOJ said: They didn’t notify parents about the collection, as required by COPPA. The settlement isn’t an admission of wrongdoing, said Kurbo General Counsel Michael Colosi in a statement: “Kurbo takes child privacy very seriously ... Data collected in Kurbo’s paid counseling program is used in strict compliance with parental consent solely to help children learn better eating habits.” Limited data received in the free app was “designed to be collected in an anonymous environment and used solely for the purpose of helping the users develop better eating habits,” he said. Kurbo didn’t target children with ads, sell data to third parties or monetize its users in any way, he added: “No parents or children ever complained that Kurbo used their personal data in an inappropriate manner.”

The global volume of chatbot virtual assistant messaging traffic is forecast to increase to 9.5 billion transactions by 2026 from 3.5 billion in 2022, reported Juniper Research Thursday. The increasing adoption of omnichannel retail strategies by e-commerce merchants and the rising integration of chatbots within messaging platforms will drive that 169% growth over the next five years, it said. It predicts the rapid development of messaging app functionalities “will attract high-value online retailers to chatbot messaging apps over competing channels,” it said. Total retail spend for chatbot messaging apps in China will surpass $21 billion by 2026, with platforms such as WeChat “providing a definitive framework for chatbots that is branded for each retailer,” it said.

Oral argument in the tech industry’s lawsuit against a Texas social media law will help the 5th U.S. Circuit Court of Appeals understand how online platforms interact with the First Amendment and whether private companies have the right to “discriminate against speakers,” Texas Attorney General Ken Paxton (R) filed Wednesday in docket 21-51178. Platforms are incorrect that the First Amendment “gives them a right to discriminate freely against viewpoints, without any sunlight,” Paxton argued. It would “strain credulity to say Section 230 protects Platforms when they censor speakers based on race,” he wrote. “Likewise here, Section 230 does not protect them for censoring based on speaker viewpoint.” He also disagreed with claims the new law violates the First Amendment: Laws requiring entities to neutrally host speakers don’t implicate the First Amendment because such laws regulate platform conduct, not speech, he said.

The FTC is seeking comment on a petition asking for more stringent requirements for FTC commissioner recusals and material conflicts of interest, says a notice for Thursday’s Federal Register. It could result in a higher likelihood of recusal for commissioners based on their backgrounds and prior work history. Industry groups sought the recusal of Chair Lina Khan in high-profile tech matters (see 2201110071). The FTC’s rule for commissioner disqualification should be amended to apply to enforcement proceedings and include specific procedures on time to respond to petitions, NetChoice, Americans for Prosperity, R Street Institute and several groups wrote the agency. The Hispanic Leadership Fund, the Innovation Economy Institute, the Institute for Policy Innovation, the James Madison Institute, the National Taxpayers Union and Young Voices signed. The rule should include review by the FTC ethics official and commissioners as well as “standards for determining recusal,” the petition says. Comments are due April 4.