aggregator

SEC Chair Calls On Congress To Help Rein In Crypto 'Wild West'

Slashdot - Your Rights Online - Wt, 2021-08-03 22:40
The chair of the U.S. Securities and Exchange Commission (SEC) on Tuesday called on Congress to give the agency more authority to better police cryptocurrency trading, lending and platforms, a "Wild West" he said is riddled with fraud and investor risk. Reuters reports: Gary Gensler said the crypto market involves many tokens which may be unregistered securities and leaves prices open to manipulation and millions of investors vulnerable to risks. "This asset class is rife with fraud, scams and abuse in certain applications," Gensler told a global conference. "We need additional Congressional authorities to prevent transactions, products and platforms from falling between regulatory cracks." The industry has been waiting with bated breath to see how Gensler, a Democratic appointee who took the SEC helm in April, will approach oversight of the market, which he has previously said should be brought within traditional financial regulation. On Tuesday, Gensler provided more insight on his thinking, saying he would like Congress to give the SEC the power to oversee cryptocurrency exchanges, which are not currently within the SEC's remit. He also called on lawmakers to give the SEC more power to oversee crypto lending, and platforms like peer-to-peer decentralized finance (DeFi) sites that allow lenders and borrowers to transact in cryptocurrencies without traditional banks. "If we don't address these issues, I worry a lot of people will be hurt."

Read more of this story at Slashdot.

Pegasus Spyware Found On Journalists' Phones, French Intelligence Confirms

Slashdot - Your Rights Online - Wt, 2021-08-03 04:02
French intelligence investigators have confirmed that Pegasus spyware has been found on the phones of three journalists, including a senior member of staff at the country's international television station France 24. Pegasus is the hacking software -- or spyware -- that is developed, marketed and licensed to governments around the world by NSO Group. The malware has the capability to infect billions of phones running either iOS or Android operating systems. It enables operators of the spyware to extract messages, photos and emails, record calls and secretly activate microphones. The Guardian reports: It is the first time an independent and official authority has corroborated the findings of an international investigation by the Pegasus project -- a consortium of 17 media outlets, including the Guardian. Forbidden Stories, a Paris-based nonprofit media organization, and Amnesty International initially had access to a leaked list of 50,000 numbers that, it is believed, have been identified as those of people of interest by clients of Israeli firm NSO Group since 2016, and shared access with their media partners. France's national agency for information systems security (Anssi) identified digital traces of NSO Group's hacking spyware on the television journalist's phone and relayed its findings to the Paris public prosecutor's office, which is overseeing the investigation into possible hacking. Anssi also found Pegasus on telephones belonging to Lenaig Bredoux, an investigative journalist at the French investigative website Mediapart, and the site's director, Edwy Plenel. Forbidden Stories believes at least 180 journalists worldwide may have been selected as people of interest in advance of possible surveillance by government clients of NSO. Le Monde reported that the France 24 journalist, based in Paris, had been selected for "eventually putting under surveillance." Police experts discovered the spyware had been used to target the journalist's phone three times: in May 2019, September 2020 and January 2021, the paper said. Bredoux told the Guardian that investigators had found traces of Pegasus spyware on both her and Plenel's mobile phones. She said the confirmation of long-held suspicions that they had been targeted contradicted the repeated denials of those who were believed to be behind the attempt to spy on them.

Read more of this story at Slashdot.

Australian Court Rules An AI Can Be Considered An Inventor On Patent Filings

Slashdot - Your Rights Online - Wt, 2021-08-03 01:20
An Australian Court has decided that an artificial intelligence can be recognized as an inventor in a patent submission. The Register reports: In a case brought by Stephen Thaler, who has filed and lost similar cases in other jurisdictions, Australia's Federal Court last month heard and decided that the nation's Commissioner of Patents erred when deciding that an AI can't be considered an inventor. Justice Beach reached that conclusion because nothing in Australia law says the applicant for a patent must be human. As Beach's judgement puts it: "... in my view an artificial intelligence system can be an inventor for the purposes of the Act. First, an inventor is an agent noun; an agent can be a person or thing that invents. Second, so to hold reflects the reality in terms of many otherwise patentable inventions where it cannot sensibly be said that a human is the inventor. Third, nothing in the Act dictates the contrary conclusion." The Justice also worried that the Commissioner of Patents' logic in rejecting Thaler's patent submissions was faulty. "On the Commissioner's logic, if you had a patentable invention but no human inventor, you could not apply for a patent," the judgement states. "Nothing in the Act justifies such a result." Justice Beach therefore sent Thaler's applications back to the Commissioner of Patents, with instructions to re-consider the reasons for their rejection. Thaler has filed patent applications around the world in the name of DABUS -- a Device for the Autonomous Boot-strapping of Unified Sentience. Among the items DABUS has invented are a food container and a light-emitting beacon.

Read more of this story at Slashdot.

The Push For a 'PBS For the Internet'

Slashdot - Your Rights Online - Wt, 2021-08-03 00:02
An anonymous reader quotes a report from Axios: The concept of a new media ecosystem that's non-profit, publicly funded and tech-infused is drawing interest in policy circles as a way to shift the power dynamics in today's information wars. Revamping the structure and role of public media could be part of the solution to shoring up local media, decentralizing the distribution of quality news, and constraining Big Tech platforms' amplification of harmful or false information. Congress in 1967 authorized federal operating money to broadcast stations through a new agency, the Corporation for Public Broadcasting, and what is now PBS launched down-the-middle national news programming and successful kids shows like "Mr. Rogers' Neighborhood" and "Sesame Street." NPR was born in 1971. Despite dust-ups over political interference of national programming and funding, hundreds of local community broadcast stations primarily received grants directly to choose which national programs to support. A new policy paper from the German Marshall Fund proposes a full revamp of the CPB to fund not just broadcast stations, but a wide range of digital platforms and potential content producers including independent journalists, local governments, nonprofits and educational institutions. The idea is to increase the diversity of local civic information, leaning on anchor institutions like libraries and colleges that communities trust. Beyond content, the plan calls for open protocol standards and APIs to let consumers mix and match the content they want from a wide variety of sources, rather than being at the mercy of Facebook, Twitter or YouTube algorithms. Data would be another crucial component. In order to operate, entities in the ecosystem would have to commit to basic data ethics and rules about how personal information is used.

Read more of this story at Slashdot.

Amazon Will Pay You $10 in Credit for Your Palm Print Biometrics

Slashdot - Your Rights Online - Pn, 2021-08-02 21:25
How much is your palm print worth? If you ask Amazon, it's about $10 in promotional credit if you enroll your palm prints in its checkout-free stores and link it to your Amazon account. From a report: Last year, Amazon introduced its new biometric palm print scanners, Amazon One, so customers can pay for goods in some stores by waving their palm prints over one of these scanners. By February, the company expanded its palm scanners to other Amazon grocery, book and 4-star stores across Seattle. Amazon has since expanded its biometric scanning technology to its stores across the U.S., including New York, New Jersey, Maryland, and Texas. The retail and cloud giant says its palm scanning hardware "captures the minute characteristics of your palm -- both surface-area details like lines and ridges as well as subcutaneous features such as vein patterns -- to create your palm signature," which is then stored in the cloud and used to confirm your identity when youâ(TM)re in one of its stores.

Read more of this story at Slashdot.

Banned Chinese Facial Recognition Technology Was Used in Search for US Protesters

Slashdot - Your Rights Online - Pn, 2021-08-02 13:34
Some protesters in Minnesota set a fire last year. But then the surveillance footage from that day "set off a nearly yearlong, international manhunt...involving multiple federal agencies and Mexican police. The pursuit also involved a facial recognition system made by a Chinese company that has been blacklisted by the U.S. government." The New York Times tells the story of the couple who was eventually arrested: Ms. Yousif gave birth while on the run, and was separated from her baby for four months by the authorities. To prosecutors, the pursuit of Mr. Felan, who was charged with arson, and Ms. Yousif, who was charged with helping him flee, was a routine response to a case of property destruction... But beyond the prosecutorial aftermath of the racial justice protests, the eight-month saga of a young Minnesota couple exposed an emerging global surveillance system that might one day find anyone, anywhere, the technology traveling easily over borders while civil liberties struggle to keep pace... They drove, heading south on Interstate 35, a highway that runs down the middle of the country, stretching from Duluth, Minn., on Lake Superior, to Laredo, Texas, on the Mexican border. They had made their way through Iowa and just hit the northern part of Missouri, 300 miles from Rochester, when police first caught up with them. A warrant had been issued for Mr. Felan's arrest, allowing the authorities to ping his cellphone to locate him. According to a court document, late on a Monday night, more than a week after the events in St. Paul, local police in rural western Missouri, who were asked to go where the phone was pinging, stopped a black S.U.V. registered to Mr. Felan. Ms. Yousif was driving, and said she didn't know where Mr. Felan was. The police let her go... Over the next week, police kept pinging the location of Mr. Felan's phone but kept missing him. According to a court document, he sent a message to his brother in Texas saying he was turning it off between messages, worried about being tracked; the couple eventually bought new phones... On a Friday night in mid-June 2020, a surveillance camera at a Holiday Inn outside San Antonio captured Ms. Yousif and Mr. Felan driving his mother's brown Toyota Camry into the hotel's parking lot. They got out of the car, walked outside the view of the camera and then disappeared... Later in Mexico, at a meeting with law enforcement officials in Coahuila, Federico Pérez Villoro, an investigative journalist, remembers meeting a government employee in charge of Mexico's first large-scale facial recognition system who'd said America's FBI had asked them for help finding people accused of terrorism. This is significant because they were using the Dahua surveillance system from China, that's partly state-owned and "blacklisted by the U.S. government in 2019...According to a notice in the Federal Register, Dahua's products were used in "China's campaign of repression, mass arbitrary detention and high-technology surveillance" against Uighurs and other Muslim minority groups." Ironically, in the end it wasn't the $30 million system that identified the couple, according to the U.S. Justice Department. It was somebody who'd contacted them directly to collect the $20,000 reward. "But the technology is spreading globally, in part because China is aggressively marketing it abroad, said Marc Rotenberg, president of the Center for A.I. and Digital Policy, a nonprofit in Washington.... China is marketing mass surveillance technology to its trading partners in Africa, Asia and South America, he explained, pitching it as a way to minimize crime and promote public order in major metropolitan areas." In a 2019 report on video analytics, the American Civil Liberties Union argued that millions of surveillance cameras installed in recent decades are "waking up" thanks to automation, such as facial recognition technology, which allows them to not just record, but to analyze what is happening and flag what they see...

Read more of this story at Slashdot.

To Fight Vaccine Misinformation, US Recruits an 'Influencer Army'

Slashdot - Your Rights Online - Pn, 2021-08-02 06:34
The New York Times tells the story of 17-year-old Ellie Zeiler, a TikTok creator with over 10 million followers, who received an email in June from Village Marketing, an influencer marketing agency. "It said it was reaching out on behalf of another party: the White House." Would Ms. Zeiler, a high school senior who usually posts short fashion and lifestyle videos, be willing, the agency wondered, to participate in a White House-backed campaign encouraging her audience to get vaccinated against the coronavirus...? Ms. Zeiler quickly agreed, joining a broad, personality-driven campaign to confront an increasingly urgent challenge in the fight against the pandemic: vaccinating the youthful masses, who have the lowest inoculation rates of any eligible age group in the United States... To reach these young people, the White House has enlisted an eclectic army of more than 50 Twitch streamers, YouTubers, TikTokers and the 18-year-old pop star Olivia Rodrigo, all of them with enormous online audiences. State and local governments have begun similar campaigns, in some cases paying "local micro influencers" — those with 5,000 to 100,000 followers — up to $1,000 a month to promote Covid-19 vaccines to their fans. The efforts are in part a counterattack against a rising tide of vaccine misinformation that has flooded the internet, where anti-vaccine activists can be so vociferous that some young creators say they have chosen to remain silent on vaccines to avoid a politicized backlash... State and local governments have taken the same approach, though on a smaller scale and sometimes with financial incentives. In February, Colorado awarded a contract worth up to $16.4 million to the Denver-based Idea Marketing, which includes a program to pay creators in the state $400 to $1,000 a month to promote the vaccines... Posts by creators in the campaign carry a disclosure that reads "paid partnership with Colorado Dept. of Public Health and Environment...." Other places, including New Jersey, Oklahoma City County and Guildford County, N.C., as well as cities like San Jose, Calif., have worked with the digital marketing agency XOMAD, which identifies local influencers who can help broadcast public health information about the vaccines. In another article, the Times notes that articles blaming Bill Gates for the pandemic appeared on two local news sites (one in Atlanta, and one in Phoenix) that "along with dozens of radio and television stations, and podcasts aimed at local audiences...have also become powerful conduits for anti-vaccine messaging, researchers said."

Read more of this story at Slashdot.

The Case for Another Antitrust Action Against Microsoft

Slashdot - Your Rights Online - Pn, 2021-08-02 03:34
"Since its own brush with antitrust regulation decades ago, Microsoft has slipped past significant scrutiny," argues a new article from The Atlantic. But it also asks if there's now a case for another antitrust action — or if we're convinced instead that "The company is reluctantly guilty of the sin of bigness, yes, but it is benevolent, don't you see? Reformed, even! No need to cast your pen over here!" Right now, it's not illegal to be big. It's not illegal to be really big. In fact, it's not even illegal to be a monopoly. Current antitrust law allows for the possibility that you might be the sole player in your industry because you're just that well managed and your product is just that good, or it's just cost-prohibitive for any other company to compete with you. Think power utilities, such as Duke Energy, or the TV and internet giant Comcast. Antitrust law comes into play only if you use your monopoly to suppress competition or to charge unfairly high prices. (If this feels like a legal tautology, it sort of is: Who's to know what's a fair price if there isn't any competition? Nevertheless, here we are...) Yet if bigness alone is enough to draw scrutiny, Microsoft must draw it. Courts have disagreed on what size market share a product or company must own to be considered a monopoly, but the historical benchmark is about 75 percent. Estimates vary as to what percentage of computers run Microsoft's Windows operating system, but Gartner research puts it as high as 83 percent... Biden, Khan, Senator Amy Klobuchar, and others are asking whether consumers suffer any nonfinancial harm from this lack of competition. Is switching from Windows to Apple's Mac OS unnecessarily hard? Is Windows as good a product as it would be if it faced more robust competition? When Windows has major security flaws, for example, billions of customers and companies are impacted, because of its market share. If we're wondering whether crappy airline experiences are a competition problem, should the same question apply to crappy computer security? In fact, in areas where Microsoft faces strong competition, it's reverting to some of the behaviors that got it sued in the '90s — namely, bundling. Microsoft and Amazon are essentially a duopoly when it comes to cloud services... Microsoft offers its big business customers an "integrated ecosystem" of Windows, Office, and its back-end cloud services; some analysts even point to this as a reason to keep buying Microsoft stock. That's just smart business, right? Yes, unless you're at a disadvantage by not taking the bundle. Some customers have complained that Microsoft charges extra for some Windows licenses if you're not using its cloud-computing business, Azure... Microsoft does much more that we're happy to call "evil" when other companies are involved. It defied its own workers in favor of contracts with the Department of Defense; it's been quietly doing lots of business with China for decades, including letting Beijing censor results on its Bing search engine and developing AI that critics say can be used for surveillance and repression; it reportedly tried to sell facial-recognition technology to the DEA. So why does none of it stick? Well, partly because it's possible that Microsoft isn't actually doing anything wrong, from a legal perspective. Yet it's so big and so dominant and owns so much expensive physical infrastructure that hardly any company can compete with it. Is that illegal? Should it be? It's now the world's second largest tech company by market valuation — over $2 trillion and even ahead of Google, Amazon, Facebook, and Tesla (and behind only Apple). For the three months ended in June, Microsoft's net income rose 47% over the same period a year ago, according to TechCrunch, with a revenue for just those three months of $46.2 billion. The Atlantic argues Microsoft has successfully rebranded itself as nice and a little boring, while playing up the fact that it lost a decade in consumer markets like smartphones because it was distracted by its last antitrust lawsuit. Yet meanwhile it's acquired major tech brands like LinkedIn, Minecraft, Skype, and even attempted to buy TikTok, Pinterest, and Discord (as well as "almost two dozen game-development studios to beef up its Xbox offerings"). And of course, GitHub.

Read more of this story at Slashdot.

Zoom Agrees to $85M Settlement in Possible Class Action Over Data-Sharing, Zoombombing

Slashdot - Your Rights Online - Pn, 2021-08-02 01:20
Zoom has agreed to pay $85 million — and to bolster its security practices — to settle a lawsuit that had claimed Zoom violated users' privacy rights by sharing their personal data with Facebook, Google and LinkedIn, and by failing to stop Zoombombing. Engadget reports: The preliminary settlement also requires tougher security measures, such as warning about participants with third-party apps and offering special privacy-oriented training to Zoom staff. Judge Lucy Koh said the company was largely protected against zoombombing claims thanks to the Communications Decency Act's Section 230 safeguards against liability for users' actions. The settlement could also lead to payouts if the lawsuit achieves a proposed class action status, but don't expect a windfall. Subscribers would receive a refund of either 15 percent or $25, whichever was larger, while everyone else would receive as much as $15. Lawyers intended to collect up to $21.25 million in legal costs.

Read more of this story at Slashdot.

Russia's 'Nonsensical, Impossible Quest' to Create Its Own Domestic Internet

Slashdot - Your Rights Online - N, 2021-08-01 20:49
"It was pretty strange when Russia decided to announce last week that it had successfully run tests between June 15 and July 15 to show it could disconnect itself from the internet," writes an associate professor of cybersecurity policy at Tufts Fletcher School of Law and Diplomacy. The tests seem to have gone largely unnoticed both in and outside of Russia, indicating that whatever entailed did not involve Russia actually disconnecting from the global internet... since that would be impossible to hide. Instead, the tests — and, most of all, the announcement about their success — seem to be intended as some kind of signal that Russia is no longer dependent on the rest of the world for its internet access. But it's not at all clear what that would even mean since Russia is clearly still dependent on people and companies in other countries for access to the online content and services they create and host — just as we all are... For the past two years, ever since implementing its "sovereign internet law" in 2019, Russia has been talking about establishing its own domestic internet that does not rely on any infrastructure or resources located outside the country. Presumably, the tests completed this summer are related to that goal of being able to operate a local internet within Russia that does not rely on the global Domain Name System to map websites to specific IP addresses. This is not actually a particularly ambitious goal — any country could operate its own domestic internet with its own local addressing system if it wanted to do so instead of connecting to the larger global internet... The Center for Applied Internet Data Analysis at the University of California San Diego maintains an Internet Outage Detection and Analysis tool that combines three data sets to identify internet outages around the world... The data sets for Russia from June 15 through July 15, the period of the supposed disconnection tests, shows few indications of any actual disconnection other than a period around July 5 when unsolicited traffic from Russia appears to have dropped off. Whatever Russia did this summer, it did not physically disconnect from the global internet. It doesn't even appear to have virtually disconnected from the global internet in any meaningful sense. Perhaps it shifted some of its critical infrastructure systems to rely more on domestic service providers and resources. Perhaps it created more local copies of the addressing system used to navigate the internet and tested its ability to rely on those. Perhaps it tested its ability to route online traffic within the country through certain chokepoints for purposes of better surveillance and monitoring. None of those are activities that would be immediately visible from outside the country and all of them would be in line with Russia's stated goals of relying less on internet infrastructure outside its borders and strengthening its ability to monitor online activity. But the goal of being completely independent of the rest of the world's internet infrastructure while still being able to access the global internet is a nonsensical and impossible one. Russia cannot both disconnect from the internet and still be able to use all of the online services and access all of the websites hosted and maintained by people in other parts of the world, as appears to have been the case during the monthlong period of testing... Being able to disconnect your country from the internet is not all that difficult — and certainly nothing to brag about. But announcing that you've successfully disconnected from the internet when it's patently clear that you haven't suggests both profound technical incompetence and a deep-seated uncertainty about what a domestic Russian internet would actually mean.

Read more of this story at Slashdot.

UK Pharmaceutical Firm Fined For Hiking Drug Price 6,000%

Slashdot - Your Rights Online - N, 2021-08-01 13:34
Slashdot reader Bruce66423 shares a report from the Guardian: The UK's competition watchdog has imposed fines of more than £100m on the pharmaceutical company Advanz and its former private equity owners after it was found to have inflated the price of its thyroid tablets by up to 6,000%. An investigation by the Competition and Markets Authority (CMA) found that the private-equity backed pharmaceutical company charged "excessive and unfair prices" for liothyronine tablets, which are used to treat thyroid hormone deficiency. Advanz took advantage of limited competition in the market from 2007 to bring in sustained price hikes for the drug, often used by patients with depression and fatigue, of more than 6,000% in the space of 10 years, according to the investigation. The CMA said that between 2007 and 2017, the price paid by the National Health Service for liothyronine tablets rose from £4.46 to £258.19, a rise of almost 6,000%, while production costs remained broadly stable... Dr Andrea Coscelli, the CMA's chief executive, said: "Advanz's decision to ratchet up the price of liothyronine tablets and impose excessive and unfair prices for over eight years came at a huge cost to the NHS, and ultimately to UK taxpayers. "But that wasn't all. It also meant that people dealing with depression and extreme fatigue, as a result of their thyroid conditions, were told they could not continue to receive the most effective treatment for them due its increased price."

Read more of this story at Slashdot.

US Justice Department Says Russians Hacked Its Federal Prosecutors

Slashdot - Your Rights Online - So, 2021-07-31 23:34
In January America's federal Justice Department said there was no evidence that Russian hackers behind the massive SolarWinds breach had accessed classified systems, remembers the Associated Press. But today? The department said 80% of Microsoft email accounts used by employees in the four U.S. attorney offices in New York were breached. All told, the Justice Department said 27 U.S. Attorney offices had at least one employee's email account compromised during the hacking campaign. The Justice Department said in a statement that it believes the accounts were compromised from May 7 to Dec. 27, 2020. Such a timeframe is notable because the SolarWinds campaign, which infiltrated dozens of private-sector companies and think tanks as well as at least nine U.S. government agencies, was first discovered and publicized in mid-December... Jennifer Rodgers, a lecturer at Columbia Law School, said office emails frequently contained all sorts of sensitive information, including case strategy discussions and names of confidential informants, when she was a federal prosecutor in New York. "I don't remember ever having someone bring me a document instead of emailing it to me because of security concerns," she said, noting exceptions for classified materials... The Associated Press previously reported that SolarWinds hackers had gained access to email accounts belonging to the then-acting Homeland Security Secretary Chad Wolf and members of the department's cybersecurity staff...

Read more of this story at Slashdot.

After YouTube-dl Incident, GitHub's DMCA Process Now Includes Free Legal Help

Slashdot - Your Rights Online - So, 2021-07-31 16:34
"GitHub has announced a partnership with the Stanford Law School to support developers facing takedown requests related to the Digital Millennium Copyright Act (DMCA)," reports VentureBeat: While the DMCA may be better known as a law for protecting copyrighted works such as movies and music, it also has provisions (17 U.S.C. 1201) that criminalize attempts to circumvent copyright-protection controls — this includes any software that might help anyone infringe DMCA regulations. However, as with the countless spurious takedown notices delivered to online content creators, open source coders too have often found themselves in the DMCA firing line with little option but to comply with the request even if they have done nothing wrong. The problem, ultimately, is that freelance coders or small developer teams often don't have the resources to fight DMCA requests, which puts the balance of power in the hands of deep-pocketed corporations that may wish to use DMCA to stifle innovation or competition. Thus, GitHub's new Developer Rights Fellowship — in conjunction with Stanford Law School's Juelsgaard Intellectual Property and Innovation Clinic — seeks to help developers put in such a position by offering them free legal support. The initiative follows some eight months after GitHub announced it was overhauling its Section 1201 claim review process in the wake of a takedown request made by the Recording Industry Association of America (RIAA), which had been widely criticized as an abuse of DMCA... [M]oving forward, whenever GitHub notifies a developer of a "valid takedown claim," it will present them with an option to request free independent legal counsel. The fellowship will also be charged with "researching, educating, and advocating on DMCA and other legal issues important for software innovation," GitHub's head of developer policy Mike Linksvayer said in a blog post, along with other related programs. Explaining their rationale, GitHub's blog post argues that currently "When developers looking to learn, tinker, or make beneficial tools face a takedown claim under Section 1201, it is often simpler and safer to just fold, removing code from public view and out of the common good. "At GitHub, we want to fix this."

Read more of this story at Slashdot.

Google Play Gets Mandatory App Privacy Labels In April 2022

Slashdot - Your Rights Online - So, 2021-07-31 15:00
An anonymous reader quotes a report from Ars Technica: In iOS 14, Apple added a "privacy" section to the app store, requiring app developers to list the data they collect and how they use it. Google -- which was one of the biggest targets of Apple's privacy nutrition labels and delayed app updates for months to avoid complying with the policy -- is now aping the feature for Google Play. Google posted a demo of what the Google Play "Data privacy & security" section will look like, and it contains everything you'd expect if you've looked at the App Store lately. There's information on what data apps collect, whether or not the apps share the data with third parties, and how the data is stored. Developers can also explain what the data is used for and if data collection is required to use the app. The section also lists whether or not the collected data is encrypted, if the user can delete the data, and if the app follows Google's "Families" policy (meaning all the usual COPPA stuff). Google Play's privacy section will be mandatory for all developers in April 2022, and starting in October, Google says developers can start populating information in the Google Play Console "for review." Google also says that in April, all apps will need to supply a privacy policy, even if they don't collect any data. Apps that don't have an "approved" privacy section by April may have their app updates rejected or their app removed. Google says, "Developers are responsible for providing accurate and complete information in their safety section." All of this information is basically just running on the honor system, and on iOS, developers have already been caught faking their privacy labels.

Read more of this story at Slashdot.

Government Denies Blue Origin's Challenge To NASA's Lunar Lander Program

Slashdot - Your Rights Online - So, 2021-07-31 09:00
The U.S. Government Accountability Office on Friday denied protests from companies affiliated with Jeff Bezos that NASA wrongly awarded a lucrative astronaut lunar lander contract solely to Elon Musk's SpaceX. CNBC reports: "NASA did not violate procurement law or regulation when it decided to make only one award ... the evaluation of all three proposals was reasonable, and consistent with applicable procurement law, regulation, and the announcement's terms," GAO managing associate general counsel Kenneth Patton wrote in a statement. The GAO ruling backs the space agency's surprise announcement in April that NASA awarded SpaceX with a contract worth about $2.9 billion. SpaceX was competing with Blue Origin and Dynetics for what was expected to be two contracts, before NASA only awarded a single contract due to a lower-than-expected allocation for the program from Congress. NASA, in a statement, said that the GAO decision will allow the agency "to establish a timeline for the first crewed landing on the Moon in more than 50 years." "As soon as possible, NASA will provide an update on the way ahead for Artemis, the human landing system, and humanity's return to the Moon. We will continue to work with the Biden Administration and Congress to ensure funding for a robust and sustainable approach for the nation's return to the Moon in a collaborative effort with U.S. commercial partners," the U.S. space agency said. A Blue Origin spokesperson told CNBC that the company still believes "there were fundamental issues with NASA's decision, but the GAO wasn't able to address them due to their limited jurisdiction." "We'll continue to advocate for two immediate providers as we believe it is the right solution," Blue Origin said. "The Human Landing System program needs to have competition now instead of later -- that's the best solution for NASA and the best solution for our country."

Read more of this story at Slashdot.

New Android Malware Uses VNC To Spy and Steal Passwords From Victims

Slashdot - Your Rights Online - So, 2021-07-31 04:10
A previously undocumented Android-based remote access trojan (RAT) has been found to use screen recording features to steal sensitive information on the device, including banking credentials, and open the door for on-device fraud. The Hacker News reports: Dubbed "Vultur" due to its use of Virtual Network Computing (VNC)'s remote screen-sharing technology to gain full visibility on targeted users, the mobile malware was distributed via the official Google Play Store and masqueraded as an app named "Protection Guard," attracting over 5,000 installations. Banking and crypto-wallet apps from entities located in Italy, Australia, and Spain were the primary targets. "For the first time we are seeing an Android banking trojan that has screen recording and keylogging as the main strategy to harvest login credentials in an automated and scalable way," researchers from ThreatFabric said in a write-up shared with The Hacker News. "The actors chose to steer away from the common HTML overlay development we usually see in other Android banking Trojans: this approach usually requires a larger time and effort investment from the actors to create multiple overlays capable of tricking the user. Instead, they chose to simply record what is shown on the screen, effectively obtaining the same end result." Vultur [...] takes advantage of accessibility permissions to capture keystrokes and leverages VNC's screen recording feature to stealthily log all activities on the phone, thus obviating the need to register a new device and making it difficult for banks to detect fraud. What's more, the malware employs ngrok, a cross-platform utility used to expose local servers behind NATs and firewalls to the public internet over secure tunnels, to provide remote access to the VNC server running locally on the phone. Additionally, it also establishes connections with a command-and-control (C2) server to receive commands over Firebase Cloud Messaging (FCM), the results of which, including extracted data and screen captures, are then transmitted back to the server. ThreatFabric's investigation also connected Vultur with another well-known piece of malicious software named Brunhilda, a dropper that utilizes the Play Store to distribute different kinds of malware in what's called a "dropper-as-a-service" (DaaS) operation, citing overlaps in the source code and C2 infrastructure used to facilitate attacks. These ties, the Amsterdam-based cybersecurity services company said, indicate Brunhilda to be a privately operating threat actor that has its own dropper and proprietary RAT Vultur.

Read more of this story at Slashdot.

Estonia Says a Hacker Downloaded 286,000 ID Photos From Government Database

Slashdot - Your Rights Online - Pt, 2021-07-30 03:40
Estonian officials said they arrested last week a local suspect who used a vulnerability to gain access to a government database and downloaded government ID photos for 286,438 Estonians. From a report: The attack took place earlier this month, and the suspect was arrested last week on July 23, Estonian police said in a press conference yesterday, July 28. The identity of the attacker was not disclosed, and he was only identified as a Tallinn-based male. Officials said the suspect discovered a vulnerability in a database managed by the Information System Authority (RIA), the Estonian government agency which manages the country's IT systems.

Read more of this story at Slashdot.

Mexico Says Officials Spent $61 Million On Pegasus Spyware

Slashdot - Your Rights Online - Pt, 2021-07-30 03:00
Mexico's top security official said Wednesday that two previous administrations spent $61 million to buy Pegasus spyware that has been implicated in government surveillance of opponents and journalists around the world. PBS reports: Public Safety Secretary Rosa Icela Rodriguez said records had been found of 31 contracts signed during the administrations of President Felipe Calderon in 2006-2012 and President Enrique Pena Nieto in 2012-18. Some contracts may have been disguised as purchases of other equipment. The government said many of the contracts with the Israeli spyware firm NSO Group were signed with front companies, which are often used in Mexico to facilitate kickbacks or avoid taxes. Last week, the government's top anti-money laundering investigator said officials from the two previous administrations had spent about $300 million in government money to purchase spyware. But that figure may reflect all spyware and surveillance purchases, or may include yet-unidentified contracts. Santiago Nieto, the head of Mexico's Financial Intelligence Unit, said the bills for programs like the Pegasus spyware appear to have included excess payments that may have been channeled back to government officials as kickbacks. Nieto said the amounts paid, and the way they were paid, suggested government corruption in an already questionable telephone tapping program that targeted journalists, activists and opposition figures, who at the time included now President Andres Manuel Lopez Obrador and his inner circle. The report notes that Mexico "had the largest list -- about 700 phone numbers -- among the thousands reportedly selected by NSO clients for potential surveillance."

Read more of this story at Slashdot.

48 Advocacy Groups Call On the FTC To Ban Amazon Surveillance

Slashdot - Your Rights Online - Cz, 2021-07-29 23:00
An anonymous reader quotes a report from Motherboard: On Thursday, a coalition of 48 civil rights and advocacy groups organized by Athena asked the Federal Trade Commission to exercise its rulemaking authority by banning corporate facial surveillance technology, banning continuous corporate surveillance of public spaces, and protecting the public from data abuse. "The harms caused by this widespread, unregulated corporate surveillance pose a direct threat to the public at large, especially for Black and brown people most often criminalized using surveillance," the coalition wrote in an open letter. "Given these dangers, we're calling on the Federal Trade Commission (FTC) to use its rulemaking authority to ban corporate use of facial surveillance technology, ban continuous surveillance in places of public accommodation, and stop industry-wide data abuse." While a number of firms offer networked surveillance devices to try and make homes "smart," the coalition uses Amazon as a case study into how dangerous corporate surveillance can become (and the sorts of abuses that can emerge) when in the hands of a dominant and anti-competitive firm. From Amazon's Ring -- which has rolled out networked surveillance doorbells and car cameras that continuously surveil public and private spaces -- to Alexa, Echo, or Sidewalk, the company has launched numerous products and services to try and convince consumers to generate as much data as possible for the company to eventually capitalize on. "Pervasive surveillance entrenches Amazon's monopoly. The corporation's unprecedented data collection feeds development of new and existing artificial intelligence products, further entrenching and enhancing its monopoly power," the coalition letter argues. From this nexus of monopolistic power and unchallenged power, the coalition draws a long list of abuses committed by Amazon that have harmed consumers, communities, and total bystanders. Ring's surveillance devices have been hacked multiple times, have leaked owners' Wi-Fi passwords, and shared locations over the Neighbors App. Vulnerabilities in Alexa risked revealing personally identifiable information, and all this takes place within the context of a lack of transparency around security protocols that force consumers to opt out of surveillance conducted without their consent. On Ring's Neighbors App, racial profiling has been gamified to encourage and escalate surveillance of "suspicious" people. The company collects personal information on children -- a potential violation of the Children's Online Privacy Protection Act -- but has also seen the adoption of its various surveillance devices increase in schools, libraries, and communities across the country. Paired with Amazon's development of deeply biased facial surveillance technology and its partnerships with the police and fire departments of over 2,000 cities, the group argues the potential for abuse outstrips a threshold anyone should be comfortable with. "This type of surveillance is illegal under the FTC Act in Section 5 and in particular the section that talks about unfair and deceptive practices," said Jane Chung, the Big Tech Accountability Advocate at Public CItizen, in an interview. "There's a list of three things that have to be true in order for a practice to be unfair and deceptive according to the FTC. Number 1: it has to cause substantial injury. Number 2: the injury can't be avoidable. And number 3: the injury isn't outweighed by benefits." "Rulemaking is needed to stop widespread systematic surveillance, discrimination, lax security, tracking of individuals, and the sharing of data. While Amazon's smart home ecosystem, facial surveillance technology, and e-learning devices provide a good case study, these rules must extend beyond this one technology corporation to include any entity collecting, using, selling, and/or sharing personal data."

Read more of this story at Slashdot.

Scarlett Johansson Sues Disney Over 'Black Widow' Streaming Release

Slashdot - Your Rights Online - Cz, 2021-07-29 20:05
Black Widow has a new enemy: the Walt Disney. From a report: Scarlett Johansson, star of the latest Marvel movie "Black Widow," filed a lawsuit Thursday in Los Angeles Superior Court against Disney, alleging her contract was breached when the media giant released the film on its Disney+ streaming service at the same time as its theatrical debut. Ms. Johansson said in the suit that her agreement with Disney's Marvel Entertainment guaranteed an exclusive theatrical release, and her salary was based in large part on the box-office performance of the film. "Disney intentionally induced Marvel's breach of the agreement, without justification, in order to prevent Ms. Johansson from realizing the full benefit of her bargain with Marvel," the suit said. The suit could be a bellwether for the entertainment industry. Major media companies are prioritizing their streaming services in pursuit of growth, and are increasingly putting their high-value content on those platforms. Those changes have significant financial implications for actors and producers, who want to ensure that growth in streaming doesn't come at their expense.

Read more of this story at Slashdot.