80_FR_81575 80 FR 81326 - Oracle Corporation; Analysis of Proposed Consent Order To Aid Public Comment

80 FR 81326 - Oracle Corporation; Analysis of Proposed Consent Order To Aid Public Comment

FEDERAL TRADE COMMISSION

Federal Register Volume 80, Issue 249 (December 29, 2015)

Page Range81326-81328
FR Document2015-32634

The consent agreement in this matter settles alleged violations of federal law prohibiting unfair or deceptive acts or practices. The attached Analysis to Aid Public Comment describes both the allegations in the draft complaint and the terms of the consent order--embodied in the consent agreement--that would settle these allegations.

Federal Register, Volume 80 Issue 249 (Tuesday, December 29, 2015)
[Federal Register Volume 80, Number 249 (Tuesday, December 29, 2015)]
[Notices]
[Pages 81326-81328]
From the Federal Register Online  [www.thefederalregister.org]
[FR Doc No: 2015-32634]


=======================================================================
-----------------------------------------------------------------------

FEDERAL TRADE COMMISSION

[File No. 132 3115]


Oracle Corporation; Analysis of Proposed Consent Order To Aid 
Public Comment

AGENCY: Federal Trade Commission.

ACTION: Proposed consent agreement.

-----------------------------------------------------------------------

SUMMARY: The consent agreement in this matter settles alleged 
violations of federal law prohibiting unfair or deceptive acts or 
practices. The attached Analysis to Aid Public Comment describes both 
the allegations in the draft complaint and the terms of the consent 
order--embodied in the consent agreement--that would settle these 
allegations.

DATES: Comments must be received on or before January 20, 2016.

ADDRESSES: Interested parties may file a comment at https://ftcpublic.commentworks.com/ftc/oracleconsent online or on paper, by 
following the instructions in the Request for Comment part of the 
SUPPLEMENTARY INFORMATION section below. Write ``In the Matter of 
Oracle Corporation,--Consent Agreement; File No. 132 3115'' on your 
comment and file your comment online at https://ftcpublic.commentworks.com/ftc/oracleconsent by following the 
instructions on the web-based form. If you prefer to file your comment 
on paper, write ``In the Matter of Oracle Corporation,--Consent 
Agreement; File No. 132 3115'' on your comment and on the envelope, and 
mail your comment to the following address: Federal Trade Commission, 
Office of the Secretary, 600 Pennsylvania Avenue NW., Suite CC-5610 
(Annex D), Washington, DC 20580, or deliver your comment to the 
following address: Federal Trade Commission, Office of the Secretary, 
Constitution Center, 400 7th Street SW., 5th Floor, Suite 5610 (Annex 
D), Washington, DC 20024.

FOR FURTHER INFORMATION CONTACT: Andrea Arias (202) 326-2715 or 
Jacqueline Conner (202) 326-2844, Bureau of Consumer Protection, 600 
Pennsylvania Avenue NW., Washington, DC 20580.

SUPPLEMENTARY INFORMATION: Pursuant to Section 6(f) of the Federal 
Trade Commission Act, 15 U.S.C. 46(f), and FTC Rule 2.34, 16 CFR 2.34, 
notice is hereby given that the above-captioned consent agreement 
containing consent order to cease and desist, having been filed with 
and accepted, subject to final approval, by the Commission, has been 
placed on the public record for a period of thirty (30) days. The 
following Analysis to Aid Public Comment describes the terms of the 
consent agreement, and the allegations in the complaint. An electronic 
copy of the full text of the consent agreement package can be obtained 
from the FTC Home Page (for December 21, 2015), on the World Wide Web 
at: http://www.ftc.gov/os/actions.shtm.
    You can file a comment online or on paper. For the Commission to 
consider your comment, we must receive it on or before January 20, 
2016. Write ``In the Matter of Oracle Corporation,--Consent Agreement; 
File No. 132 3115'' on your comment. Your comment--including your name 
and your state--will be placed on the public record of this proceeding, 
including, to the extent practicable, on the public Commission Web 
site, at http://www.ftc.gov/os/publiccomments.shtm. As a matter of 
discretion, the Commission tries to remove individuals' home contact 
information from comments before placing them on the Commission Web 
site.
    Because your comment will be made public, you are solely 
responsible for making sure that your comment does not include any 
sensitive personal information, like anyone's Social Security number, 
date of birth, driver's license number or other state identification 
number or foreign country equivalent, passport number, financial 
account number, or credit or debit card number. You are also solely 
responsible for making sure that your comment does not include any 
sensitive health information, like medical records or other 
individually identifiable health information. In addition, do not 
include any ``[t]rade secret or any commercial or financial information 
which . . . is privileged or confidential,'' as discussed in Section 
6(f) of the FTC Act, 15 U.S.C. 46(f), and FTC Rule 4.10(a)(2), 16 CFR 
4.10(a)(2). In particular, do not include competitively sensitive 
information such as costs, sales statistics, inventories, formulas, 
patterns, devices, manufacturing processes, or customer names.
    If you want the Commission to give your comment confidential 
treatment, you must file it in paper form, with a request for 
confidential treatment, and you have to follow the procedure explained 
in FTC Rule 4.9(c), 16 CFR 4.9(c).\1\ Your comment will be kept 
confidential only if the FTC General Counsel, in his or her sole 
discretion, grants your request in accordance with the law and the 
public interest.
---------------------------------------------------------------------------

    \1\ In particular, the written request for confidential 
treatment that accompanies the comment must include the factual and 
legal basis for the request, and must identify the specific portions 
of the comment to be withheld from the public record. See FTC Rule 
4.9(c), 16 CFR 4.9(c).
---------------------------------------------------------------------------

    Postal mail addressed to the Commission is subject to delay due to 
heightened security screening. As a result, we encourage you to submit 
your comments online. To make sure that the Commission considers your 
online comment, you must file it at https://ftcpublic.commentworks.com/ftc/oracleconsent by following the instructions on the web-based form. 
If this Notice appears at http://www.regulations.gov/#!home, you also 
may file a comment through that Web site.
    If you file your comment on paper, write ``In the Matter of Oracle

[[Page 81327]]

Corporation,--Consent Agreement; File No. 132 3115'' on your comment 
and on the envelope, and mail your comment to the following address: 
Federal Trade Commission, Office of the Secretary, 600 Pennsylvania 
Avenue NW., Suite CC-5610 (Annex D), Washington, DC 20580, or deliver 
your comment to the following address: Federal Trade Commission, Office 
of the Secretary, Constitution Center, 400 7th Street SW., 5th Floor, 
Suite 5610 (Annex D), Washington, DC 20024. If possible, submit your 
paper comment to the Commission by courier or overnight service.
    Visit the Commission Web site at http://www.ftc.gov to read this 
Notice and the news release describing it. The FTC Act and other laws 
that the Commission administers permit the collection of public 
comments to consider and use in this proceeding as appropriate. The 
Commission will consider all timely and responsive public comments that 
it receives on or before January 20, 2016. You can find more 
information, including routine uses permitted by the Privacy Act, in 
the Commission's privacy policy, at http://www.ftc.gov/ftc/privacy.htm.

Analysis of Proposed Consent Order To Aid Public Comment

    The Federal Trade Commission has accepted, subject to final 
approval, an agreement containing a consent order applicable to Oracle 
Corporation (``Oracle'').
    The proposed consent order has been placed on the public record for 
thirty (30) days for receipt of comments by interested persons. 
Comments received during this period will become part of the public 
record. After thirty (30) days, the Commission will again review the 
agreement and the comments received, and will decide whether it should 
withdraw from the agreement and take appropriate action or make final 
the agreement's proposed order.
    Oracle is a Delaware corporation that, among other things, develops 
the Java computing platform, which is used to power applications that, 
for example, allow consumers to play online games, chat with people 
online, calculate mortgage interest, and view images in 3D. Consumers 
primarily use the Java Platform, Standard Edition (``Java SE''). When 
an update to Java SE was available, a consumer would typically receive 
a prompt to update the software. When the consumer proceeded to install 
the update, the consumer would encounter a series of installation 
screens, which stated that ``Java provides safe and secure access to 
the world of amazing Java content,'' and that Java SE updates and a 
consumer's ``system'' would have ``the latest . . . security 
improvements.'' During the Java SE update process, however, Oracle did 
not inform consumers that Java SE updates automatically removed only 
the most recent prior iteration of Java SE installed on the consumer's 
computer, even if the consumer had multiple iterations of Java SE 
installed, and that the update would not remove any iteration released 
prior to Java SE iteration 6 update 10. As such, after the update 
process, consumers could still have additional older, insecure 
iterations of Java SE installed on their computers, which attackers 
targeted to obtain consumers' personal information through malware 
designed to exploit vulnerabilities (``exploit kits'').
    The Commission's complaint alleges that Oracle violated Section 
5(a) of the FTC Act by failing to disclose that, in numerous instances, 
updating Java SE would not delete or replace all older iterations of 
Java SE on a consumer's computer, and as a result, a consumer's 
computer could still have iterations of Java SE installed that are 
vulnerable to security risks. This fact would be material to consumers' 
decisions whether to take further action after ``updating'' Java SE to 
protect their computers, in light of Oracle's representations to 
consumers that by updating Java SE, users would ensure that Java SE on 
their computers had the latest security improvements.
    The complaint further alleges that, by failing to inform consumers 
that the Java SE update process did not remove all prior iterations of 
the software, Oracle left some consumers vulnerable to a serious, well-
known, and reasonably foreseeable security risk that attackers would 
target these computers through exploit kits, resulting in the theft of 
personal information. Consumers with insecure iterations of Java SE on 
their computers were vulnerable to exploit kits targeting Java SE 
vulnerabilities while browsing infected Web sites or clicking on 
nefarious links. Attackers used exploit kits targeting Java SE 
vulnerabilities to install key loggers that captured consumers' 
usernames and passwords, which could be used to log into a consumer's 
PayPal, bank, and credit card accounts. Other Java SE exploit kits may 
have resulted in the unauthorized acquisition and transmission of 
sensitive personal information for the purpose of targeted spear-
phishing campaigns.
    The proposed order contains provisions designed to prevent Oracle 
from engaging in the future in practices similar to those alleged in 
the complaint.
    Part I of the proposed order prohibits Oracle from misrepresenting 
(1) the privacy or security of the covered software on a consumer's 
computer, including but not limited to the effect on privacy or 
security of any installation or update of the covered software; and (2) 
how to uninstall older iterations of the covered software.
    Part II of the proposed order requires Oracle to ensure that during 
any installation or update of any iteration of Java SE released after 
the date of service of the order, Oracle:
    (1) clearly and conspicuously discloses to the consumer all 
iterations of Java SE 1.4.2 or later, other than any iteration(s) 
released within the last quarter, currently installed on the consumer's 
computer;
    (2) clearly and conspicuously explains that there may be risks to 
the security of the consumer's computer if the consumer chooses not to 
remove any iterations of Java SE older than the iteration(s) released 
within the last quarter currently installed on the consumer's computer; 
and
    (3) clearly and conspicuously discloses which iterations of Java SE 
1.4.2 or later, other than any iteration(s) released within the last 
quarter, that remain installed following installation or update of Java 
SE, and clearly and conspicuously provides instructions describing how 
consumers can effectively uninstall these iterations.
    Part III of the proposed order requires Oracle to notify consumers 
who downloaded, installed, or updated Java SE that, in some instances, 
they may have older, insecure iterations of Java SE on their computers; 
and provide instructions to such consumers on how to remove these older 
iterations. In addition, for three (3) years, Oracle must provide an 
uninstall tool that allows consumers to uninstall iterations of Java SE 
1.4.2 or later; a page on their primary Web site that explains how to 
uninstall older, insecure iterations of Java SE; and free support 
through an electronic form to help consumers with their update and/or 
uninstall issues.
    Parts IV through VIII of the proposed order are standard reporting 
and compliance provisions. Part IV requires Oracle to retain documents 
relating to its compliance with the order for a five-year period. Part 
V requires dissemination of the order now and in the future to all 
current and future principals, officers, directors, and managers, and 
to persons with managerial or supervisory responsibilities relating to 
Parts I-III of the order. Part VI ensures notification to the FTC of 
changes in corporate status. Part VII mandates that Oracle submit a

[[Page 81328]]

compliance report to the FTC within 90 days, and periodically 
thereafter as requested. Part VIII is a provision ``sunsetting'' the 
order after twenty (20) years, with certain exceptions.
    The purpose of this analysis is to facilitate public comment on the 
proposed order. It is not intended to constitute an official 
interpretation of the proposed complaint or order or to modify the 
order's terms in any way.

    By direction of the Commission.
Donald S. Clark,
Secretary.
[FR Doc. 2015-32634 Filed 12-28-15; 8:45 am]
 BILLING CODE 6750-01-P



                                                    81326                      Federal Register / Vol. 80, No. 249 / Tuesday, December 29, 2015 / Notices

                                                    Federal Reserve, and provides for the                   agreement—that would settle these                     proceeding, including, to the extent
                                                    disclosures outlined above. (12 CFR part                allegations.                                          practicable, on the public Commission
                                                    208, subpart H) The obligation of SMBs                  DATES: Comments must be received on                   Web site, at http://www.ftc.gov/os/
                                                    to make these disclosures is mandatory.                 or before January 20, 2016.                           publiccomments.shtm. As a matter of
                                                    Since the Federal Reserve does not                                                                            discretion, the Commission tries to
                                                                                                            ADDRESSES: Interested parties may file a
                                                    collect any information, no issue of                                                                          remove individuals’ home contact
                                                                                                            comment at https://
                                                    confidentiality normally arises.                                                                              information from comments before
                                                                                                            ftcpublic.commentworks.com/ftc/
                                                      Abstract: Subpart H of Regulation H                                                                         placing them on the Commission Web
                                                                                                            oracleconsent online or on paper, by
                                                    was adopted pursuant to section 305 of                                                                        site.
                                                                                                            following the instructions in the
                                                    the Gramm-Leach-Bliley Act of 1999,                                                                              Because your comment will be made
                                                                                                            Request for Comment part of the
                                                    which required the federal banking                                                                            public, you are solely responsible for
                                                                                                            SUPPLEMENTARY INFORMATION section
                                                    agencies to issue joint regulations                                                                           making sure that your comment does
                                                                                                            below. Write ‘‘In the Matter of Oracle
                                                    governing retail sales practices,                                                                             not include any sensitive personal
                                                                                                            Corporation,—Consent Agreement; File
                                                    solicitations, advertising, and offers of                                                                     information, like anyone’s Social
                                                                                                            No. 132 3115’’ on your comment and
                                                    insurance by, on behalf of, or at the                                                                         Security number, date of birth, driver’s
                                                                                                            file your comment online at https://
                                                    offices of insured depository                                                                                 license number or other state
                                                                                                            ftcpublic.commentworks.com/ftc/
                                                    institutions. The insurance consumer                                                                          identification number or foreign country
                                                                                                            oracleconsent by following the
                                                    protection rules in Regulation H require                                                                      equivalent, passport number, financial
                                                                                                            instructions on the web-based form. If
                                                    depository institutions to prepare and                                                                        account number, or credit or debit card
                                                                                                            you prefer to file your comment on
                                                    provide certain disclosures to                                                                                number. You are also solely responsible
                                                                                                            paper, write ‘‘In the Matter of Oracle
                                                    consumers. Covered persons are                                                                                for making sure that your comment does
                                                                                                            Corporation,—Consent Agreement; File
                                                    required to make certain disclosures                                                                          not include any sensitive health
                                                                                                            No. 132 3115’’ on your comment and on
                                                    before the completion of the initial sale                                                                     information, like medical records or
                                                                                                            the envelope, and mail your comment to
                                                    of an insurance product or annuity to a                                                                       other individually identifiable health
                                                                                                            the following address: Federal Trade
                                                    consumer and at the time a consumer                                                                           information. In addition, do not include
                                                                                                            Commission, Office of the Secretary,
                                                    applies for an extension of credit in                                                                         any ‘‘[t]rade secret or any commercial or
                                                                                                            600 Pennsylvania Avenue NW., Suite
                                                    connection with which and insurance                                                                           financial information which . . . is
                                                                                                            CC–5610 (Annex D), Washington, DC
                                                    product or annuity is solicited, offered,                                                                     privileged or confidential,’’ as discussed
                                                                                                            20580, or deliver your comment to the
                                                    or sold.                                                                                                      in Section 6(f) of the FTC Act, 15 U.S.C.
                                                                                                            following address: Federal Trade
                                                      Current Actions: On October 22, 2015,                                                                       46(f), and FTC Rule 4.10(a)(2), 16 CFR
                                                                                                            Commission, Office of the Secretary,
                                                    the Federal Reserve published a notice                                                                        4.10(a)(2). In particular, do not include
                                                                                                            Constitution Center, 400 7th Street SW.,
                                                    in the Federal Register (80 FR 64000)                                                                         competitively sensitive information
                                                                                                            5th Floor, Suite 5610 (Annex D),
                                                    requesting public comment for 60 days                                                                         such as costs, sales statistics,
                                                                                                            Washington, DC 20024.
                                                    on the extension, without revision, of                                                                        inventories, formulas, patterns, devices,
                                                                                                            FOR FURTHER INFORMATION CONTACT:                      manufacturing processes, or customer
                                                    the Disclosure Requirements in                          Andrea Arias (202) 326–2715 or
                                                    Connection With Subpart H of                                                                                  names.
                                                                                                            Jacqueline Conner (202) 326–2844,                        If you want the Commission to give
                                                    Regulation H. The comment period for                    Bureau of Consumer Protection, 600
                                                    this notice expired on December 21,                                                                           your comment confidential treatment,
                                                                                                            Pennsylvania Avenue NW., Washington,                  you must file it in paper form, with a
                                                    2015. The Federal Reserve did not                       DC 20580.
                                                    receive any comments. The information                                                                         request for confidential treatment, and
                                                                                                            SUPPLEMENTARY INFORMATION: Pursuant                   you have to follow the procedure
                                                    collection will be extended for three                   to Section 6(f) of the Federal Trade
                                                    years, without revision, as proposed.                                                                         explained in FTC Rule 4.9(c), 16 CFR
                                                                                                            Commission Act, 15 U.S.C. 46(f), and                  4.9(c).1 Your comment will be kept
                                                      Board of Governors of the Federal Reserve             FTC Rule 2.34, 16 CFR 2.34, notice is                 confidential only if the FTC General
                                                    System, December 23, 2015.                              hereby given that the above-captioned                 Counsel, in his or her sole discretion,
                                                    Robert deV. Frierson,                                   consent agreement containing consent                  grants your request in accordance with
                                                    Secretary of the Board.                                 order to cease and desist, having been                the law and the public interest.
                                                    [FR Doc. 2015–32700 Filed 12–28–15; 8:45 am]            filed with and accepted, subject to final                Postal mail addressed to the
                                                    BILLING CODE 6210–01–P                                  approval, by the Commission, has been                 Commission is subject to delay due to
                                                                                                            placed on the public record for a period              heightened security screening. As a
                                                                                                            of thirty (30) days. The following                    result, we encourage you to submit your
                                                    FEDERAL TRADE COMMISSION                                Analysis to Aid Public Comment                        comments online. To make sure that the
                                                                                                            describes the terms of the consent                    Commission considers your online
                                                    [File No. 132 3115]                                     agreement, and the allegations in the                 comment, you must file it at https://
                                                                                                            complaint. An electronic copy of the                  ftcpublic.commentworks.com/ftc/
                                                    Oracle Corporation; Analysis of
                                                                                                            full text of the consent agreement                    oracleconsent by following the
                                                    Proposed Consent Order To Aid Public
                                                                                                            package can be obtained from the FTC                  instructions on the web-based form. If
                                                    Comment
                                                                                                            Home Page (for December 21, 2015), on                 this Notice appears at http://
                                                    AGENCY:    Federal Trade Commission.                    the World Wide Web at: http://                        www.regulations.gov/#!home, you also
                                                    ACTION:   Proposed consent agreement.                   www.ftc.gov/os/actions.shtm.                          may file a comment through that Web
                                                                                                               You can file a comment online or on
asabaliauskas on DSK5VPTVN1PROD with NOTICES




                                                                                                                                                                  site.
                                                    SUMMARY:   The consent agreement in this                paper. For the Commission to consider                    If you file your comment on paper,
                                                    matter settles alleged violations of                    your comment, we must receive it on or                write ‘‘In the Matter of Oracle
                                                    federal law prohibiting unfair or                       before January 20, 2016. Write ‘‘In the
                                                    deceptive acts or practices. The attached               Matter of Oracle Corporation,—Consent                    1 In particular, the written request for confidential

                                                    Analysis to Aid Public Comment                          Agreement; File No. 132 3115’’ on your                treatment that accompanies the comment must
                                                                                                                                                                  include the factual and legal basis for the request,
                                                    describes both the allegations in the                   comment. Your comment—including                       and must identify the specific portions of the
                                                    draft complaint and the terms of the                    your name and your state—will be                      comment to be withheld from the public record. See
                                                    consent order—embodied in the consent                   placed on the public record of this                   FTC Rule 4.9(c), 16 CFR 4.9(c).



                                               VerDate Sep<11>2014   19:17 Dec 28, 2015   Jkt 238001   PO 00000   Frm 00055   Fmt 4703   Sfmt 4703   E:\FR\FM\29DEN1.SGM   29DEN1


                                                                               Federal Register / Vol. 80, No. 249 / Tuesday, December 29, 2015 / Notices                                            81327

                                                    Corporation,—Consent Agreement; File                    that Java SE updates and a consumer’s                    Part I of the proposed order prohibits
                                                    No. 132 3115’’ on your comment and on                   ‘‘system’’ would have ‘‘the latest . . .              Oracle from misrepresenting (1) the
                                                    the envelope, and mail your comment to                  security improvements.’’ During the                   privacy or security of the covered
                                                    the following address: Federal Trade                    Java SE update process, however, Oracle               software on a consumer’s computer,
                                                    Commission, Office of the Secretary,                    did not inform consumers that Java SE                 including but not limited to the effect
                                                    600 Pennsylvania Avenue NW., Suite                      updates automatically removed only the                on privacy or security of any installation
                                                    CC–5610 (Annex D), Washington, DC                       most recent prior iteration of Java SE                or update of the covered software; and
                                                    20580, or deliver your comment to the                   installed on the consumer’s computer,                 (2) how to uninstall older iterations of
                                                    following address: Federal Trade                        even if the consumer had multiple                     the covered software.
                                                    Commission, Office of the Secretary,                    iterations of Java SE installed, and that                Part II of the proposed order requires
                                                    Constitution Center, 400 7th Street SW.,                the update would not remove any                       Oracle to ensure that during any
                                                    5th Floor, Suite 5610 (Annex D),                        iteration released prior to Java SE                   installation or update of any iteration of
                                                    Washington, DC 20024. If possible,                      iteration 6 update 10. As such, after the             Java SE released after the date of service
                                                    submit your paper comment to the                        update process, consumers could still                 of the order, Oracle:
                                                    Commission by courier or overnight                      have additional older, insecure                          (1) clearly and conspicuously
                                                    service.                                                iterations of Java SE installed on their              discloses to the consumer all iterations
                                                      Visit the Commission Web site at                      computers, which attackers targeted to                of Java SE 1.4.2 or later, other than any
                                                    http://www.ftc.gov to read this Notice                  obtain consumers’ personal information                iteration(s) released within the last
                                                    and the news release describing it. The                 through malware designed to exploit                   quarter, currently installed on the
                                                    FTC Act and other laws that the                         vulnerabilities (‘‘exploit kits’’).                   consumer’s computer;
                                                    Commission administers permit the                          The Commission’s complaint alleges                    (2) clearly and conspicuously
                                                    collection of public comments to                        that Oracle violated Section 5(a) of the              explains that there may be risks to the
                                                    consider and use in this proceeding as                  FTC Act by failing to disclose that, in               security of the consumer’s computer if
                                                    appropriate. The Commission will                        numerous instances, updating Java SE                  the consumer chooses not to remove any
                                                    consider all timely and responsive                      would not delete or replace all older                 iterations of Java SE older than the
                                                    public comments that it receives on or                  iterations of Java SE on a consumer’s                 iteration(s) released within the last
                                                    before January 20, 2016. You can find                   computer, and as a result, a consumer’s               quarter currently installed on the
                                                    more information, including routine                     computer could still have iterations of               consumer’s computer; and
                                                    uses permitted by the Privacy Act, in                   Java SE installed that are vulnerable to                 (3) clearly and conspicuously
                                                    the Commission’s privacy policy, at                     security risks. This fact would be                    discloses which iterations of Java SE
                                                    http://www.ftc.gov/ftc/privacy.htm.                     material to consumers’ decisions                      1.4.2 or later, other than any iteration(s)
                                                                                                            whether to take further action after                  released within the last quarter, that
                                                    Analysis of Proposed Consent Order To                                                                         remain installed following installation
                                                                                                            ‘‘updating’’ Java SE to protect their
                                                    Aid Public Comment                                                                                            or update of Java SE, and clearly and
                                                                                                            computers, in light of Oracle’s
                                                       The Federal Trade Commission has                     representations to consumers that by                  conspicuously provides instructions
                                                    accepted, subject to final approval, an                 updating Java SE, users would ensure                  describing how consumers can
                                                    agreement containing a consent order                    that Java SE on their computers had the               effectively uninstall these iterations.
                                                    applicable to Oracle Corporation                        latest security improvements.                            Part III of the proposed order requires
                                                    (‘‘Oracle’’).                                              The complaint further alleges that, by             Oracle to notify consumers who
                                                       The proposed consent order has been                  failing to inform consumers that the Java             downloaded, installed, or updated Java
                                                    placed on the public record for thirty                  SE update process did not remove all                  SE that, in some instances, they may
                                                    (30) days for receipt of comments by                    prior iterations of the software, Oracle              have older, insecure iterations of Java
                                                    interested persons. Comments received                   left some consumers vulnerable to a                   SE on their computers; and provide
                                                    during this period will become part of                  serious, well-known, and reasonably                   instructions to such consumers on how
                                                    the public record. After thirty (30) days,              foreseeable security risk that attackers              to remove these older iterations. In
                                                    the Commission will again review the                    would target these computers through                  addition, for three (3) years, Oracle must
                                                    agreement and the comments received,                    exploit kits, resulting in the theft of               provide an uninstall tool that allows
                                                    and will decide whether it should                       personal information. Consumers with                  consumers to uninstall iterations of Java
                                                    withdraw from the agreement and take                    insecure iterations of Java SE on their               SE 1.4.2 or later; a page on their primary
                                                    appropriate action or make final the                    computers were vulnerable to exploit                  Web site that explains how to uninstall
                                                    agreement’s proposed order.                             kits targeting Java SE vulnerabilities                older, insecure iterations of Java SE; and
                                                       Oracle is a Delaware corporation that,               while browsing infected Web sites or                  free support through an electronic form
                                                    among other things, develops the Java                   clicking on nefarious links. Attackers                to help consumers with their update
                                                    computing platform, which is used to                    used exploit kits targeting Java SE                   and/or uninstall issues.
                                                    power applications that, for example,                   vulnerabilities to install key loggers that              Parts IV through VIII of the proposed
                                                    allow consumers to play online games,                   captured consumers’ usernames and                     order are standard reporting and
                                                    chat with people online, calculate                      passwords, which could be used to log                 compliance provisions. Part IV requires
                                                    mortgage interest, and view images in                   into a consumer’s PayPal, bank, and                   Oracle to retain documents relating to
                                                    3D. Consumers primarily use the Java                    credit card accounts. Other Java SE                   its compliance with the order for a five-
                                                    Platform, Standard Edition (‘‘Java SE’’).               exploit kits may have resulted in the                 year period. Part V requires
                                                    When an update to Java SE was                           unauthorized acquisition and                          dissemination of the order now and in
asabaliauskas on DSK5VPTVN1PROD with NOTICES




                                                    available, a consumer would typically                   transmission of sensitive personal                    the future to all current and future
                                                    receive a prompt to update the software.                information for the purpose of targeted               principals, officers, directors, and
                                                    When the consumer proceeded to install                  spear-phishing campaigns.                             managers, and to persons with
                                                    the update, the consumer would                             The proposed order contains                        managerial or supervisory
                                                    encounter a series of installation                      provisions designed to prevent Oracle                 responsibilities relating to Parts I–III of
                                                    screens, which stated that ‘‘Java                       from engaging in the future in practices              the order. Part VI ensures notification to
                                                    provides safe and secure access to the                  similar to those alleged in the                       the FTC of changes in corporate status.
                                                    world of amazing Java content,’’ and                    complaint.                                            Part VII mandates that Oracle submit a


                                               VerDate Sep<11>2014   19:17 Dec 28, 2015   Jkt 238001   PO 00000   Frm 00056   Fmt 4703   Sfmt 4703   E:\FR\FM\29DEN1.SGM   29DEN1


                                                    81328                      Federal Register / Vol. 80, No. 249 / Tuesday, December 29, 2015 / Notices

                                                    compliance report to the FTC within 90                  motorcycles, and $0.19 for moving                     DEPARTMENT OF DEFENSE
                                                    days, and periodically thereafter as                    purposes), pursuant to the process
                                                    requested. Part VIII is a provision                     discussed above. This notice of subject               GENERAL SERVICES
                                                    ‘‘sunsetting’’ the order after twenty (20)              bulletin is the only notification to                  ADMINISTRATION
                                                    years, with certain exceptions.                         agencies of revisions to the POV mileage
                                                       The purpose of this analysis is to                   rates for official travel and relocation              NATIONAL AERONAUTICS AND
                                                    facilitate public comment on the                        other than the changes posted on GSA’s                SPACE ADMINISTRATION
                                                    proposed order. It is not intended to                   Web site.                                             [Docket 2015–0055; Sequence 51]
                                                    constitute an official interpretation of
                                                    the proposed complaint or order or to                   DATES:  Effective: December 29, 2015.
                                                                                                                                                                  Submission for OMB Review; High
                                                    modify the order’s terms in any way.                       Applicability: This notice applies to              Global Warming Potential
                                                      By direction of the Commission.                       travel and relocation performed on or                 Hydrofluorocarbons
                                                    Donald S. Clark,                                        after January 1, 2016 through December
                                                                                                            31, 2016.                                             AGENCY: Department of Defense (DoD),
                                                    Secretary.
                                                                                                                                                                  General Services Administration (GSA),
                                                    [FR Doc. 2015–32634 Filed 12–28–15; 8:45 am]            FOR FURTHER INFORMATION CONTACT:      For             and National Aeronautics and Space
                                                    BILLING CODE 6750–01–P                                  clarification of content, please contact              Administration (NASA).
                                                                                                            Mr. Cy Greenidge, Office of                           ACTION: Notice of request for public
                                                                                                            Government-wide Policy, Office of                     comments regarding a new OMB
                                                    GENERAL SERVICES                                        Asset and Transportation Management,                  clearance.
                                                    ADMINISTRATION                                          at 202–219–2349, or by email at
                                                    [Notice–FTR–2015–01; Docket 2015–0002;                  travelpolicy@gsa.gov. Please cite Notice              SUMMARY:    Under the provisions of the
                                                    Sequence 1]                                             of FTR Bulletin 16–02.                                Paperwork Reduction Act, the
                                                                                                                                                                  Regulatory Secretariat Division will be
                                                    2016 Privately Owned Vehicle (POV)                      SUPPLEMENTARY INFORMATION:                            submitting to the Office of Management
                                                    Mileage Reimbursement Rates; 2016                       Change in Standard Procedure                          and Budget (OMB) a request to review
                                                    Standard Mileage Rate for Moving                                                                              and approve a new information
                                                    Purposes                                                  GSA posts the POV mileage                           collection requirement concerning High
                                                                                                            reimbursement rates, formerly                         Global Warming Potential
                                                    AGENCY:  Office of Government-Wide                                                                            Hydrofluorocarbons. A notice was
                                                    Policy (OGP), General Services                          published in 41 CFR Chapter 301, solely
                                                                                                            on the internet at www.gsa.gov/mileage.               published in the Federal Register at 80
                                                    Administration (GSA).                                                                                         FR 26883, on May 11, 2015. Sixteen
                                                                                                            Also, posted on this site is the standard
                                                    ACTION: Notice of FTR Bulletin 16–02,                                                                         comments were received.
                                                                                                            mileage rate for moving purposes. This
                                                    Calendar Year (CY) 2016 Privately
                                                                                                            process, implemented in FTR                           DATES: Submit comments on or before
                                                    Owned Vehicle (POV) Mileage
                                                                                                            Amendment 2010–07, 75 FR 72965                        January 28, 2016.
                                                    Reimbursement Rates and Standard
                                                    Mileage Rate for Moving Purposes                        (November 29, 2010), FTR Amendment                    ADDRESSES: Submit comments regarding
                                                    (Relocation Allowances).                                2007–03, 72 FR 35187 (June 27, 2007),                 this burden estimate or any other aspect
                                                                                                            and FTR Amendment 2007–06, 72 FR                      of this collection of information,
                                                    SUMMARY:    The General Services                        70234 (December 11, 2007), ensures                    including suggestions for reducing this
                                                    Administration (GSA) uses the single                    more timely updates regarding mileage                 burden to: Office of Information and
                                                    standard mileage rate established by the                reimbursement rates by GSA for Federal                Regulatory Affairs of OMB, Attention:
                                                    Internal Revenue Service (IRS) as the                   employees who are on official travel or               Desk Officer for GSA, Room 10236,
                                                    mileage rate for privately owned                        relocating. Notices published                         NEOB, Washington, DC 20503.
                                                    automobiles (POA). In addition, the IRS’                periodically in the Federal Register,                 Additionally submit a copy to GSA by
                                                    mileage rate for medical or moving                      such as this one, and the changes posted              any of the following methods:
                                                    purposes is used to determine the POA                   on the GSA Web site, now constitute the                  • Regulations.gov: http://
                                                    rate when a Government-furnished                        only notification to Federal agencies of              www.regulations.gov. Submit comments
                                                    automobile is authorized. This IRS rate                                                                       via the Federal eRulemaking portal by
                                                                                                            revisions to the POV mileage
                                                    also establishes the standard mileage                                                                         searching for OMB control number
                                                                                                            reimbursement rates and the standard
                                                    rate for moving purposes as it pertains                                                                       ‘‘9000–0191; High Global Warming
                                                    to official relocation. Finally, GSA’s                  mileage reimbursement rate for moving                 Potential Hydrofluorocarbons.’’ Select
                                                    annual privately owned airplane and                     purposes.                                             the link ‘‘Submit a Comment’’ that
                                                    motorcycle mileage reimbursement rate                     Dated: December 23, 2015.                           corresponds with ‘‘9000–0191; High
                                                    reviews have resulted in new CY 2016                    Alexander J. Kurien,                                  Global Warming Potential
                                                    rates. GSA conducts independent                         Deputy Associate Administrator, Office of             Hydrofluorocarbons.’’ Follow the
                                                    airplane and motorcycle studies that                    Asset and Transportation Management,                  instructions provided at the ‘‘Submit a
                                                    evaluate various factors, such as the cost              Office of Government-wide Policy.                     Comment’’ screen. Please include your
                                                    of fuel, the depreciation of the original               [FR Doc. 2015–32745 Filed 12–28–15; 8:45 am]          name, company name (if any), and
                                                    vehicles costs, maintenance and                                                                               ‘‘9000–0191; High Global Warming
                                                                                                            BILLING CODE 6820–14–P
                                                    insurance, and/or by applying consumer                                                                        Potential Hydrofluorocarbons’’ on your
asabaliauskas on DSK5VPTVN1PROD with NOTICES




                                                    price index data. FTR Bulletin 16–02                                                                          attached document.
                                                    establishes the new CY 2016 POV                                                                                  • Mail: General Services
                                                    mileage reimbursement rates for official                                                                      Administration, Regulatory Secretariat
                                                    temporary duty and relocation travel                                                                          Division (MVCB), ATTN: Ms. Flowers,
                                                    ($0.54 for POAs, $0.19 for POAs when                                                                          1800 F Street NW., Washington, DC
                                                    a Government furnished automobile is                                                                          20405.
                                                    authorized, $1.17 for privately owned                                                                            Instructions: Please submit comments
                                                    airplanes, $0.51 for privately owned                                                                          only and cite Information Collection


                                               VerDate Sep<11>2014   19:17 Dec 28, 2015   Jkt 238001   PO 00000   Frm 00057   Fmt 4703   Sfmt 4703   E:\FR\FM\29DEN1.SGM   29DEN1



Document Created: 2015-12-29 10:15:26
Document Modified: 2015-12-29 10:15:26
CategoryRegulatory Information
CollectionFederal Register
sudoc ClassAE 2.7:
GS 4.107:
AE 2.106:
PublisherOffice of the Federal Register, National Archives and Records Administration
SectionNotices
ActionProposed consent agreement.
DatesComments must be received on or before January 20, 2016.
ContactAndrea Arias (202) 326-2715 or Jacqueline Conner (202) 326-2844, Bureau of Consumer Protection, 600 Pennsylvania Avenue NW., Washington, DC 20580.
FR Citation80 FR 81326 

2024 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR