aggregator

Law Enforcement Use of Face Recognition Systems Threatens Civil Liberties, Disproportionately Affects People of Color: EFF Report

Electronic Frontier Foundation - Cz, 2018-02-15 17:45

San Francisco, California—Face recognition—fast becoming law enforcement’s surveillance tool of choice—is being implemented with little oversight or privacy protections, leading to faulty systems that will disproportionately impact people of color and may implicate innocent people for crimes they didn’t commit, says an Electronic Frontier Foundation (EFF) report released today.

Face recognition is rapidly creeping into modern life, and face recognition systems will one day be capable of capturing the faces of people, often without their knowledge, walking down the street, entering stores, standing in line at the airport, attending sporting events, driving their cars, and utilizing public spaces. Researchers at the Georgetown Law School estimated that one in every two American adults—117 million people—are already in law enforcement face recognition systems.

This kind of surveillance will have a chilling effect on Americans’ willingness to exercise their rights to speak out and be politically engaged, the report says. Law enforcement has already used face recognition at political protests, and may soon use face recognition with body-worn cameras, to identify people in the dark, and to project what someone might look like from a police sketch or even a small sample of DNA.

Face recognition employs computer algorithms to pick out details about a person’s face from a photo or video to form a template. As the report explains, police use face recognition to identify unknown suspects by comparing their photos to images stored in databases and to scan public spaces to try to find specific pre-identified targets.

But no face recognition system is 100 percent accurate, and false positives—when a person’s face is incorrectly matched to a template image—are common. Research shows that face recognition misidentifies African Americans and ethnic minorities, young people, and women at higher rates than whites, older people, and men, respectively. And because of well-documented racially biased police practices, all criminal databases—including mugshot databases—include a disproportionate number of African-Americans, Latinos, and immigrants.

For both reasons, inaccuracies in face recognition systems will disproportionately affect people of color.

“The FBI, which has access to at least 400 million images and is the central source for facial recognition identification for federal, state, and local law enforcement agencies, has failed to address the problem of false positives and inaccurate results,” said EFF Senior Staff Attorney Jennifer Lynch, author of the report. “It has conducted few tests to ensure accuracy and has done nothing to ensure its external partners—federal and state agencies—are not using face recognition in ways that allow innocent people to be identified as criminal suspects.”

Lawmakers, regulators, and policy makers should take steps now to limit face recognition collection and subject it to independent oversight, the report says. Legislation is needed to place meaningful checks on government use of face recognition, including rules limiting retention and sharing, requiring notification when face prints are collected, ensuring robust security procedures to prevent data breaches, and establishing legal processes governing when law enforcement may collect face images from the public without their knowledge, the report concludes.

“People should not have to worry that they may be falsely accused of a crime because an algorithm mistakenly matched their photo to a suspect. They shouldn’t have to worry that their data will end up in the hands of identify thieves because face recognition databases were breached. They shouldn’t have to fear that their every move will be tracked if face recognition is linked to the networks of surveillance cameras that blanket many cities,” said Lynch. “Without meaningful legal protections, this is where we may be headed.”

For the report:

Online version: https://www.eff.org/wp/law-enforcement-use-face-recognition

PDF version: https://www.eff.org/files/2018/02/15/face-off-report-1b.pdf

One pager on facial recognition: https://www.eff.org/document/facial-recognition-one-pager

Contact: Jennifer Lynch

UK Blames Russia For Cyber Attack, Says Won't Tolerate Disruption

Slashdot - Your Rights Online - Cz, 2018-02-15 17:30
Britain blamed Russia on Thursday for a cyber-attack last year, publicly pointing the finger at Moscow for spreading a virus which disrupted companies across Europe including UK-based Reckitt Benckiser. From a report: Russia denied the accusation, saying it was part of "Russophobic" campaign it said was being waged by some Western countries. The so-called NotPetya attack in June started in Ukraine where it crippled government and business computers before spreading around the world, halting operations at ports, factories and offices. Britain's foreign ministry said the attack originated from the Russian military. "The decision to publicly attribute this incident underlines the fact that the UK and its allies will not tolerate malicious cyber activity," the ministry said in a statement. "The attack masqueraded as a criminal enterprise but its purpose was principally to disrupt," it said.

Read more of this story at Slashdot.

Tickbox Must Remove Pirate Streaming Add-ons From Sold Devices

Slashdot - Your Rights Online - Cz, 2018-02-15 03:00
TickBox TV, the company behind a Kodi-powered streaming device, must release a new software updater that will remove copyright-infringing addons from previously shipped devices. A California federal court issued an updated injunction in the lawsuit that was filed by several major Hollywood studios, Amazon, and Netflix, which will stay in place while both parties fight out their legal battle. TorrentFreak reports: Last year, the Alliance for Creativity and Entertainment (ACE), an anti-piracy partnership between Hollywood studios, Netflix, Amazon, and more than two dozen other companies, filed a lawsuit against the Georgia-based company Tickbox TV, which sells Kodi-powered set-top boxes that stream a variety of popular media. ACE sees these devices as nothing more than pirate tools so the coalition asked the court for an injunction to prevent Tickbox from facilitating copyright infringement, demanding that it removes all pirate add-ons from previously sold devices. Last month, a California federal court issued an initial injunction, ordering Tickbox to keep pirate addons out of its box and halt all piracy-inducing advertisements going forward. In addition, the court directed both parties to come up with a proper solution for devices that were already sold. The new injunction prevents Tickbox from linking to any "build," "theme," "app," or "addon" that can be indirectly used to transmit copyright-infringing material. Web browsers such as Internet Explorer, Google Chrome, Safari, and Firefox are specifically excluded. In addition, Tickbox must also release a new software updater that will remove any infringing software from previously sold devices. All tiles that link to copyright-infringing software from the box's home screen also have to be stripped. Going forward, only tiles to the Google Play Store or to Kodi within the Google Play Store are allowed. In addition, the agreement also allows ACE to report newly discovered infringing apps or addons to Tickbox, which the company will then have to remove within 24-hours, weekends excluded.

Read more of this story at Slashdot.

Facebook Is Spamming Users Via Their 2FA Phone Numbers

Slashdot - Your Rights Online - Cz, 2018-02-15 02:20
According to Mashable, Facebook account holder Gabriel Lewis tweeted that Facebook texted "spam" to the phone number he submitted for the purposes of 2-factor authentication. Lewis insists that he did not have mobile notifications turned on, and when he replied "stop" and "DO NOT TEXT ME," he says those messages showed up on his Facebook wall. From the report: Lewis explained his version of the story to Mashable via Twitter direct message. "[Recently] I decided to sign up for 2FA on all of my accounts including FaceBook, shortly afterwards they started sending me notifications from the same phone number. I never signed up for it and I don't even have the FB app on my phone." Lewis further explained that he can go "for months" without signing into Facebook, which suggests the possibility that Mark Zuckerberg's creation was feeling a little neglected and trying to get him back. According to Lewis, he signed up for 2FA on Dec. 17 and the alleged spamming began on Jan. 5. Importantly, Lewis isn't the only person who claims this happened to him. One Facebook user says he accidentally told "friends and family to go [to] hell" when he "replied to the spam."

Read more of this story at Slashdot.

FBI, CIA, and NSA: Don't Use Huawei Phones

Slashdot - Your Rights Online - Śr, 2018-02-14 23:45
The heads of six top U.S. intelligence agencies told the Senate Intelligence Committee on Tuesday they would not advise Americans to use products or services from Chinese smartphone maker Huawei. "The six -- including the heads of the CIA, FBI, NSA and the director of national intelligence -- first expressed their distrust of Apple-rival Huawei and fellow Chinese telecom company ZTE in reference to public servants and state agencies," reports CNBC. From the report: "We're deeply concerned about the risks of allowing any company or entity that is beholden to foreign governments that don't share our values to gain positions of power inside our telecommunications networks," FBI Director Chris Wray testified. "That provides the capacity to exert pressure or control over our telecommunications infrastructure," Wray said. "It provides the capacity to maliciously modify or steal information. And it provides the capacity to conduct undetected espionage." In a response, Huawei said that it "poses no greater cybersecurity risk than any ICT vendor." A spokesman said in a statement: "Huawei is aware of a range of U.S. government activities seemingly aimed at inhibiting Huawei's business in the U.S. market. Huawei is trusted by governments and customers in 170 countries worldwide and poses no greater cybersecurity risk than any ICT vendor, sharing as we do common global supply chains and production capabilities."

Read more of this story at Slashdot.

MPEG-2 Patents Have Expired

Slashdot - Your Rights Online - Śr, 2018-02-14 18:44
New submitter jabuzz writes: Unless you live in the Philippines or Malaysia, then MPEG-2 has now joined the likes of MP3 and AC3 and gone patent free with the expiration of US patent 7,334,248.

Read more of this story at Slashdot.

Messenger Kids Advocates Were Facebook-Funded

Slashdot - Your Rights Online - Śr, 2018-02-14 18:05
Fast Company: Facebook unveiled this kid-friendly version of its signature messaging service in December, while the YouTube Kids scandal was in full swing. Messenger Kids, Facebook said, had been designed to serve as a "fun, safer solution" for family communications. It would be available for children as young as 6, the company said. To forestall criticism, Facebook asserted that the app had been developed alongside thousands of parents and a dozen expert advisors. But it looks like many of those outside experts were funded with Facebook dollars. According to Wired, "At least seven members of Facebook 13-person advisory board have some kind of financial tie to the company." Those advisors include the National PTA, Blue Star Families, Connect Safely, and the Yale Center for Emotional Intelligence.

Read more of this story at Slashdot.

Kaspersky Lab Sues Over Second Federal Ban

Slashdot - Your Rights Online - Śr, 2018-02-14 17:22
Cybersecurity firm Kaspersky Lab has filed a lawsuit targeting the second of two federal bans on its wares. The latest suit goes after language in a defense law explicitly blocking the purchase of Kaspersky products. An earlier suit targets a Homeland Security directive doing the same. From a report: The bigger picture: With the White House reluctant to institute additional sanctions on Russia, White House Cyber Czar Rob Joyce pointed to Kaspersky as an example of the Trump administration taking Russia seriously. While Kaspersky isn't alleged to be involved in the election hacks of 2016, it's hard not to see the actions against the firm in the context of deteriorated relations with Moscow, as part of a growing spat between the two countries.

Read more of this story at Slashdot.

AMP For Email Is a Terrible Idea

Slashdot - Your Rights Online - Śr, 2018-02-14 15:00
An anonymous reader shares an excerpt from a report via TechCrunch, written by Devin Coldewey: Google just announced a plan to "modernize" email with its Accelerated Mobile Pages platform, allowing "engaging, interactive, and actionable email experiences." Does that sound like a terrible idea to anyone else? It sure sounds like a terrible idea to me, and not only that, but an idea borne out of competitive pressure and existing leverage rather than user needs. Not good, Google. Send to trash. See, email belongs to a special class. Nobody really likes it, but it's the way nobody really likes sidewalks, or electrical outlets, or forks. It not that there's something wrong with them. It's that they're mature, useful items that do exactly what they need to do. They've transcended the world of likes and dislikes. Email too is simple. It's a known quantity in practically every company, household, and device. The implementation has changed over the decades, but the basic idea has remained the same since the very first email systems in the '60s and '70s, certainly since its widespread standardization in the '90s and shift to web platforms in the '00s. The parallels to snail mail are deliberate (it's a payload with an address on it) and simplicity has always been part of its design (interoperability and privacy came later). No company owns it. It works reliably and as intended on every platform, every operating system, every device. That's a rarity today and a hell of a valuable one. More important are two things: the moat and the motive. The moat is the one between communications and applications. Communications say things, and applications interact with things. There are crossover areas, but something like email is designed and overwhelmingly used to say things, while websites and apps are overwhelmingly designed and used to interact with things. The moat between communication and action is important because it makes it very clear what certain tools are capable of, which in turn lets them be trusted and used properly. We know that all an email can ever do is say something to you (tracking pixels and read receipts notwithstanding). It doesn't download anything on its own, it doesn't run any apps or scripts, attachments are discrete items, unless they're images in the HTML, which is itself optional. Ultimately the whole package is always just going to be a big , static chunk of text sent to you, with the occasional file riding shotgun. Open it a year or ten from now and it's the same email. And that proscription goes both ways. No matter what you try to do with email, you can only ever say something with it -- with another email. If you want to do something, you leave the email behind and do it on the other side of the moat.

Read more of this story at Slashdot.

Kaspersky Says Telegram Flaw Used For Cryptocurrency Mining

Slashdot - Your Rights Online - Śr, 2018-02-14 03:50
According to Kaspersky Lab, hackers have been exploiting a vulnerability in Telegram's desktop client to mine cryptocurrencies such as Monero and ZCash. "Kaspersky said on its website that users were tricked into downloading malicious software onto their computers that used their processing power to mine currency, or serve as a backdoor for attackers to remotely control a machine," reports Bloomberg. From the report: While analyzing the servers of malicious actors, Kaspersky researchers also found archives containing a cache of Telegram data that had been stolen from victims. The Russian security firm said it "reported the vulnerability to Telegram and, at the time of publication, the zero-day flaw has not since been observed in messenger's products."

Read more of this story at Slashdot.

Seattle To Remove Controversial City Spying Network After Public Backlash

Slashdot - Your Rights Online - Śr, 2018-02-14 03:30
schwit1 shares a report from Activist Post: Following years of resistance from citizens, the city of Seattle has decided to completely remove controversial surveillance equipment -- at a cost of $150,000. In November 2013, Seattle residents pushed back against the installation of several mesh network nodes attached to utility poles around the downtown area. The American Civil Liberties Union of Washington and privacy advocates were immediately concerned about the ability of the nodes to gather user information via the Wi-Fi connection. The Seattle Times reports on the latest developments: "Seattle's wireless mesh network, a node of controversy about police surveillance and the role of federal funding in city policing, is coming down. Megan Erb, spokeswoman for Seattle Information Technology, said the city has budgeted $150,000 for contractor Prime Electric and city employees to remove dozens of surveillance cameras and 158 'wireless access points' -- little, off-white boxes with antennae mounted on utility poles around the city." The nodes were purchased by the Seattle Police Department via a $3.6 million grant from the Department of Homeland Security. The Seattle Police Department argued the network would be helpful for protecting the port and for first-responder communication during emergencies. As the Times notes, "the mesh network, according to the ACLU, news reports and anti-surveillance activists from Seattle Privacy Coalition, had the potential to track and log every wireless device that moved through its system: people attending protests, people getting cups of coffee, people going to a hotel in the middle of the workday." However, by November 2013, SPD spokesman Sean Whitcomb announced, "The wireless mesh network will be deactivated until city council approves a draft (privacy) policy and until there's an opportunity for vigorous public debate." The privacy policy for the network was never developed and, instead, the city has now opted to remove the devices at a cost of $150,000. The Times notes that, "crews are tearing its hardware down and repurposing the usable parts for other city agencies, including Seattle Department of Transportation traffic cameras."

Read more of this story at Slashdot.

Trump Administration Wants To Fire 248 Forecasters At the National Weather Service

Slashdot - Your Rights Online - Śr, 2018-02-14 02:50
An anonymous reader quotes a report from Fortune: After a year that saw over $300 million in damages from hurricanes, wildfires, and other natural disasters, the Trump administration is proposing significant cuts to the National Weather Service (NWS) and hopes to eliminate the jobs of 248 weather forecasters. The idea, which is part of the 2019 fiscal budget proposal and caught the agency by surprise, is being derided by the NWS's labor union, which says the cuts will impact the reliability of future weather forecasts and warnings. All totaled, the Weather Service faces cuts of $75 million in the initial proposal. Some or all of those cuts could be jettisoned before the bill is voted upon. "We can't take any more cuts and still do the job that the American public needs us to do -- there simply will not be the staff available on duty to issue the forecasts and warnings upon which the country depends," said Dan Sobien, the president of the National Weather Service Employees Organization. Further reading: The Washington Post

Read more of this story at Slashdot.

Trump's Infrastructure Plan Has No Dedicated Money For Broadband

Slashdot - Your Rights Online - Śr, 2018-02-14 00:50
An anonymous reader quotes a report from Ars Technica: President Trump's new 10-year plan for "rebuilding infrastructure in America" doesn't contain any funding specifically earmarked for improving Internet access. Instead, the plan sets aside a pool of funding for numerous types of infrastructure projects, and broadband is one of the eligible categories. The plan's $50 billion Rural Infrastructure Program lists broadband as one of five broad categories of eligible projects. Eighty percent of the program's $50 billion would be "provided to the governor of each state." Governors would take the lead in deciding how the money would be spent in their states. The other 20 percent would pay for grants that could be used for any of the above project categories. Separately, broadband would be eligible for funding from a proposed $20 billion Transformative Projects Program, along with transportation, clean water, drinking water, energy, and commercial space. Trump's plan would also add rural broadband facilities to the list of eligible categories for Private Activity Bonds, which allow private projects to "benefit from the lower financing costs of tax-exempt municipal bonds." The plan would also let carriers install small cells and Wi-Fi attachments without going through the same environmental and historical preservation reviews required for large towers.

Read more of this story at Slashdot.

Many ID-Protection Services Fail Basic Security

Slashdot - Your Rights Online - Śr, 2018-02-14 00:10
Paul Wagenseil, writing for Tom's Guide: For a monthly fee, identity-protection services promise to do whatever they can to make sure your private personal information doesn't fall into the hands of criminals. Yet many of these services -- including LifeLock, IDShield and Credit Sesame -- put personal information at risk, because they don't let customers use two-factor authentication (2FA). This simple security precaution is offered by many online services. Without 2FA, anyone who has your email address and password -- which might be obtained from a data breach or a phishing email -- could log in to the account for your identity-protection service and, depending on how the service protects them, possibly steal your bank-account, credit-card and Social Security numbers.

Read more of this story at Slashdot.

Facebook is Pushing Its Data-tracking Onavo VPN Within Its Main Mobile App

Slashdot - Your Rights Online - Wt, 2018-02-13 23:30
TechCrunch reports: Onavo Protect, the VPN client from the data-security app maker acquired by Facebook back in 2013, has now popped up in the Facebook app itself, under the banner "Protect" in the navigation menu. Clicking through on "Protect" will redirect Facebook users to the "Onavo Protect -- VPN Security" app's listing on the App Store. We're currently seeing this option on iOS only, which may indicate it's more of a test than a full rollout here in the U.S. Marketing Onavo within Facebook itself could lead to a boost in users for the VPN app, which promises to warn users of malicious websites and keep information secure as you browse. But Facebook didn't buy Onavo for its security protections. Instead, Onavo's VPN allow Facebook to monitor user activity across apps, giving Facebook a big advantage in terms of spotting new trends across the larger mobile ecosystem. For example, Facebook gets an early heads up about apps that are becoming breakout hits; it can tell which are seeing slowing user growth; it sees which apps' new features appear to be resonating with their users, and much more. Further reading: Do Not, I Repeat, Do Not Download Onavo, Facebook's Vampiric VPN Service (Gizmodo).

Read more of this story at Slashdot.

LoopX Startup Pulls ICO Exit Scam and Disappears with $4.5 Million

Slashdot - Your Rights Online - Wt, 2018-02-13 21:30
Catalin Cimpanu, writing for BleepingComputer: A cryptocurrency startup named LoopX has pulled an exit scam after collecting around $4.5 million from users during an ICO (Initial Coin Offering) held in the recent weeks. The LoopX team disappeared out of the blue at the start of the week when it took down its website and deleted its Facebook, Telegram, and YouTube channels without any explanation. People who invested in the startup are now tracking funds move from account to account in a BitcoinTalk forum thread, and banding together in the hopes of filing a class action lawsuit.

Read more of this story at Slashdot.

'Troll' Loses Cloudflare Lawsuit, Has Weaponized Patent Invalidated

Slashdot - Your Rights Online - Wt, 2018-02-13 20:10
A federal judge in San Francisco has unequivocally ruled against a non-practicing entity that had sued Cloudflare for patent infringement. From a report: The judicial order effectively ends the case that Blackbird -- which Cloudflare had dubbed a "patent troll" -- had brought against the well-known security firm and content delivery network. "Abstract ideas are not patentable," US District Judge Vincent Chhabria wrote in a Monday order. The case revolved around US Patent No. 6,453,335, which describes providing a "third party data channel" online. When the case was filed in May 2017, the invention claims it can incorporate third-party data into an existing Internet connection "in a convenient and flexible way."

Read more of this story at Slashdot.

Bill Gates: Tech Companies Inviting Government Intervention

Slashdot - Your Rights Online - Wt, 2018-02-13 19:30
In an interview with Axios on Tuesday, Bill Gates warned Apple and other tech giants that they risk the kind of nightmarish government intervention that once plagued his Microsoft if they act arrogantly. Axios reports: The big picture: "The companies need to be careful that they're not ... advocating things that would prevent government from being able to, under appropriate review, perform the type of functions that we've come to count on." Asked if he sees instances of that now, Gates replied: "Oh, absolutely." Why it matters: With the Big Tech companies feeling they're suddenly drawing unfair scrutiny, this is Microsoft's co-founder saying they're bringing some of the problems on themselves, by resisting legitimate oversight.

Read more of this story at Slashdot.

US Senators Voice Concern Over Chinese Access To Intellectual Property

Slashdot - Your Rights Online - Wt, 2018-02-13 18:11
Leaders of the U.S. Senate Intelligence Committee said on Tuesday they were concerned about what they described as China's efforts to gain access to sensitive U.S. technologies and intellectual property through Chinese companies with government ties. From a report: Senator Richard Burr, the committee's Republican chairman, cited concerns about the spread of foreign technologies in the United States, which he called "counterintelligence and information security risks that come prepackaged with the goods and services of certain overseas vendors. The focus of my concern today is China, and specifically Chinese telecoms (companies) like Huawei and ZTE that are widely understood to have extraordinary ties to the Chinese government," Burr said. Senator Mark Warner, the committee's Democratic vice chairman, said he had similar concerns. "I'm worried about the close relationship between the Chinese government and Chinese technology firms, particularly in the area of commercialization of our surveillance technology and efforts to shape telecommunications equipment markets," Warner said.

Read more of this story at Slashdot.

Comcast Sues Vermont Over Conditions On New License Requiring the Company To Expand Its Network

Slashdot - Your Rights Online - Wt, 2018-02-13 15:00
An anonymous reader quotes a report from VTDigger: Cable television giant Comcast is suing the Vermont Public Utility Commission over the panel's decision to require the company to expand its network and step up support for community access TV if it wants to continue doing business in Vermont. A key issue is the services Comcast must provide to local community access systems that carry municipal government and school board meetings and other local events. The 26 community access systems have been pushing -- against resistance by Comcast -- for high-definition video, greater ability to operate from remote locations, and inclusion in the interactive program guides that Comcast customers can use to decide what to watch. The PUC -- formerly known as the Public Service Board -- in January issued a new 11-year permit for Comcast to operate in Vermont. In July the panel rejected the company's request to drop some of the conditions attached to the permit. In a lawsuit filed Monday in U.S. District Court in Burlington, Comcast argued that the PUC "exceeded its authority under federal and Vermont law" by imposing "numerous conditions on Comcast's continued cable operations in the state that are arbitrary, unprecedented and will ultimately harm local cable subscribers by resulting in millions of dollars in increased cable costs." It said the commission "did so despite overwhelming record evidence that Vermont cable subscribers do not want to incur any additional costs or fees for the kinds of conditions imposed" in the commission's January order.

Read more of this story at Slashdot.