aggregator

Judge Dismisses Oracle Lawsuit Over $10 Billion Pentagon JEDI Cloud Contract

Slashdot - Your Rights Online - So, 2019-07-13 02:10
Last year, Oracle filed a lawsuit against the U.S. government complaining about the procurement process around the Pentagon's $10 billion, decade-long JEDI cloud contract. "They claimed a potential conflict of interest on the part of a procurement team member (who was a former AWS employee)," reports TechCrunch. "Today, that case was dismissed in federal court." From the report: In dismissing the case, Federal Claims Court Senior Judge Eric Bruggink ruled that the company had failed to prove a conflict in the procurement process, something the DOD's own internal audits found in two separate investigations. Judge Bruggink ultimately agreed with the DoD's findings: "We conclude as well that the contracting officer's findings that an organizational conflict of interest does not exist and that individual conflicts of interest did not impact the procurement, were not arbitrary, capricious, an abuse of discretion, or otherwise not in accordance with law. Plaintiff's motion for judgment on the administrative record is therefore denied." Today's ruling opens the door for the announcement of a winner of the $10 billion contract, as early as next month. The DoD previously announced that it had chosen Microsoft and Amazon as the two finalists for the winner-take-all bid.

Read more of this story at Slashdot.

Prenda 'Copyright Troll' Lawyer Sentenced To Five Years In Prison

Slashdot - Your Rights Online - Pt, 2019-07-12 12:00
John Steele, one of the attorneys behind the 'copyright troll' law firm Prenda, has been sentenced to five years in prison. The attorney was one of the masterminds behind the fraudulent scheme that extracted settlements from alleged pirates. Because of Steele's cooperative stance, his sentence is significantly lower than that of co-conspirator Paul Hansmeier. TorrentFreak reports: During a hearing this morning, U.S. District Judge Joan N. Ericksen convicted Steele to a five-year prison sentence. In addition, the disbarred attorney must pay his victims little over $1.5 million in restitution. Today's sentencing ironically comes 11 years after Steele was first admitted to the bar. The lower sentence, compared to Hansmeier, comes as no surprise. It was specifically recommended by the prosecution, which stressed that Steele didn't shy away from the ugly truth of his crimes and was very cooperative following the indictment. According to the U.S. Department of Justice, Steele deserved a significant prison term. However, his cooperation and genuine remorse should be taken into account. Based on the sentencing guidelines Steele faced a potential prison sentence of more than 12 years, but Assistant U.S. Attorney Benjamin Langner recommended five years in prison instead. Judge Ericksen went along with this recommendation. The Judge noted that courts "are not a tool in the box for anybody's hustle," adding that the five-year sentence was "imminently fair," as the Star Tribune report. "I condemn the actions that you took in committing this crime. I congratulate you, however, on the actions you took" in responding to the charges, Judge Ericksen said.

Read more of this story at Slashdot.

Former Tesla Employee Admits Uploading Autopilot Source Code To His iCloud

Slashdot - Your Rights Online - Pt, 2019-07-12 01:30
Guangzhi Cao, a former engineer at Tesla that is accused of stealing company trade secrets and sending them to a Chinese startup, admitted in a court filing this week that he uploaded zip files containing Autopilot source code to his personal iCloud account in late 2018 while still working for the company. "Cao denied stealing sensitive information from the automaker in the same filing," reports The Verge. "His legal team argued he 'made extensive efforts to delete and/or remove any such Tesla files prior to his separation from Tesla.' Cao is now the 'head of perception' at XPeng, where he is '[d]eveloping and delivering autonomous driving technologies for production cars.'" From the report: According to a joint filing from the two parties that was also filed this week, Tesla has subpoenaed documents from Apple. While Apple is not involved in this case, a former employee who worked on the tech company's secretive autonomous car project was charged by the FBI with stealing trade secrets last July. That employee allegedly Air Dropped sensitive data to his wife's laptop and was also caught on CCTV leaving Apple's campus with a box of equipment. He had left his job at Apple to take a position at XPeng before being arrested. Cao was also a senior image scientist for Apple for two years before he joined Tesla, according to his LinkedIn profile.

Read more of this story at Slashdot.

Google Admits Partners Leaked More Than 1,000 Private Conversations With Google Assistant

Slashdot - Your Rights Online - Cz, 2019-07-11 21:30
Google admitted on Thursday that more than 1,000 sound recordings of customer conversations with the Google Assistant were leaked by some of its partners to a Belgian news site. From a report: These conversations are used by companies such as Google and Amazon -- which takes clips from the Amazon Echo -- to improve voice responses from their smart assistants. They are supposed to be kept confidential. But Belgian news site VRT said on Wednesday that a contractor provided it with samples of these sound samples, which VRT then used to identify some of the people in the clips. It also examined the sorts of conversations that Google collects when people say "OK Google," into a phone or a Google Home product. Among other things, VRT heard customer addresses. Sources who talked to the publication also described hearing recordings of a woman in distress and people talking about medical conditions. Google has now admitted the recordings were leaked. "We just learned that one of these language reviewers has violated our data security policies by leaking confidential Dutch audio data," Google product manager of search David Monsees said in a blog post. "Our Security and Privacy Response teams have been activated on this issue, are investigating, and we will take action. We are conducting a full review of our safeguards in this space to prevent misconduct like this from happening again."

Read more of this story at Slashdot.

Apple Disables Walkie Talkie App Due To Vulnerability That Could Allow iPhone Eavesdropping

Slashdot - Your Rights Online - Cz, 2019-07-11 16:10
Apple has disabled the Apple Watch Walkie Talkie app due to an unspecified vulnerability that could allow a person to listen to another customer's iPhone without consent. From a report: Apple has apologized for the bug and for the inconvenience of being unable to use the feature while a fix is made. The Walkie Talkie app on Apple Watch allows two users who have accepted an invite from each other to receive audio chats via a 'push to talk' interface reminiscent of the PTT buttons on older cell phones.

Read more of this story at Slashdot.

Google Contractors Are Secretly Listening To Your Assistant Recordings

Slashdot - Your Rights Online - Cz, 2019-07-11 02:45
A new report from Belgian broadcaster VRT News describes the process by which Google Home recordings end up being listened to by contractors -- and the scary part is that it apparently doesn't take much, if anything, to start a recording. While the recordings are not listened to live, audio clips are sent to subcontractors. The Next Web reports: VRT, with the help of a whistleblower, was able to listen to some of these clips and subsequently heard enough to discern the addresses of several Dutch and Belgian people using Google Home -- in spite of the fact some hadn't even uttered the words "Hey Google," which are supposed to be the device's listening trigger. The person who leaked the recordings was working as a subcontractor to Google, transcribing the audio files for subsequent use in improving its speech recognition. They got in touch with VRT after reading about Amazon Alexa keeping recordings indefinitely. According to the whistleblower, the recordings presented to them are meant to be carefully annotated, with notes included about the speakers presumed identity and age. From the sound of the report, these transcribers have heard just about everything. Personal information? Bedroom activities? Domestic violence? Yes, yes, and yes. While VRT only listened to recordings from Dutch and Belgian users, the platform the whistleblower showed them had recordings from all over the world -- which means there are probably thousands of other contractors listening to Assistant recordings. The VRT report states that the Google Home Terms of Service don't mention that recordings might be listened to by other humans. The report says that the recordings are identified by numbers rather than user names, but VRT "was able to pick up enough data from the recordings to find the addresses of the users in question, and even confront some of the users in the recordings -- to their great dismay," reports The Next Web. What does Google have to say about all this? That they only transcribe and use "about 0.2% of all audio clips" to improve their voice recognition technology.

Read more of this story at Slashdot.

Banned Chinese Security Cameras Are Almost Impossible To Remove

Slashdot - Your Rights Online - Cz, 2019-07-11 02:03
An anonymous reader quotes a report from Bloomberg: U.S. federal agencies have five weeks to rip out Chinese-made surveillance cameras in order to comply with a ban imposed by Congress last year in an effort to thwart the threat of spying from Beijing. But thousands of the devices are still in place and chances are most won't be removed before the Aug. 13 deadline. A complex web of supply chain logistics and licensing agreements make it almost impossible to know whether a security camera is actually made in China or contains components that would violate U.S. rules. The National Defense Authorization Act, or NDAA, which outlines the budget and spending for the Defense Department each year, included an amendment for fiscal 2019 that would ensure federal agencies do not purchase Chinese-made surveillance cameras. The amendment singles out Zhejiang Dahua Technology Co. and Hangzhou Hikvision Digital Technology Co., both of which have raised security concerns with the U.S. government and surveillance industry. Despite the looming deadline to satisfy the NDAA, at least 1,700 Hikvision and Dahua cameras are still operating in places where they've been banned, according to San Jose, California-based Forescout Technologies, which has been hired by some federal agencies to determine what systems are running on their networks. The actual number is likely much higher, said Katherine Gronberg, vice president of government affairs at Forescout, because only a small percentage of government offices actually know what cameras they're operating. The agencies that use software to track devices connected to their networks should be able to comply with the law and remove the cameras in time, Gronberg said. "The real issue is for organizations that don't have the tools in place to detect the banned devices," she added. Also, since many of Dahua and Hikvision's cameras are sent to equipment manufacturers and sold under those brands, those cameras have completely different labels and packaging. This means it would be nearly impossible to tell if the thousands of video cameras installed across the country are actually re-labelled Chinese devices.

Read more of this story at Slashdot.

FCC Kills Part of San Francisco's Broadband-Competition Law

Slashdot - Your Rights Online - Cz, 2019-07-11 00:03
An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission today voted to preempt part of a San Francisco ordinance that promotes broadband competition in apartment buildings and other multi-tenant structures. But it's not clear exactly what effect the preemption will have, because San Francisco says the FCC's Republican majority has misinterpreted what the law does. FCC Chairman Ajit Pai's plan partially overturns San Francisco's Article 52, which lets Internet service providers use the existing wiring inside multi-unit buildings even if another ISP already serves the building. The FCC said it's preempting the law "to the extent it requires the sharing of in-use wiring." But Pai's proposal admits the FCC doesn't know whether the San Francisco law actually requires sharing of in-use wiring, which makes it difficult to understand whether the FCC preemption will change anything in practice. Today's FCC decision "stop[s] efforts in California designed to encourage competition in multi-tenant environments," FCC Commissioner Jessica Rosenworcel, a Democrat, said at today's meeting. "Specifically, we say to the city of San Francisco -- where more than half of the population rents their housing, often in multi-tenant units -- that they cannot encourage broadband competition. This is crazy." An announcement from Pai's office argued that "[r]equired sharing of in-use wiring deters broadband deployment, undercuts the Commission's rules regarding control of cable wiring in residential MTEs [multi-tenant environments] and threatens the Commission's framework to protect the technical integrity of cable systems for the benefit of viewers."

Read more of this story at Slashdot.

It's Time To Ban All Government Use of Face Recognition, Says Digital Rights Group

Slashdot - Your Rights Online - Śr, 2019-07-10 03:40
Fight for the Future, the digital rights advocacy group, is calling for a nationwide ban on government use of facial recognition. Fast Company reports: The group says the technology is just too dangerous to civil liberties to allow government agencies to use it, even with regulation. It launched a website where people can contact their legislators and urge them to support a ban. "Imagine if we could go back in time and prevent governments around the world from ever building nuclear or biological weapons. That's the moment in history we're in right now with facial recognition," said Evan Greer, deputy director of Fight for the Future, in a statement. "This surveillance technology poses such a profound threat to the future of human society and basic liberty that its dangers far outweigh any potential benefits. We don't need to regulate it, we need to ban it entirely."

Read more of this story at Slashdot.

T-Mobile Says It Can't Be Sued By Users Because of Forced-Arbitration Clause

Slashdot - Your Rights Online - Śr, 2019-07-10 03:00
T-Mobile U.S. is trying to force customers into arbitration in order to avoid a class-action lawsuit that accuses the phone carrier of violating federal law by selling its customers' real-time location data to third parties. Ars Technica reports: T-Mobile yesterday filed a motion to compel arbitration in U.S. District Court in Maryland, saying that customers agreed to terms and conditions that require disputes to be handled in arbitration instead of courts. The two plaintiffs named in the lawsuit did not opt out of the arbitration agreement, T-Mobile wrote. "As T-Mobile customers, each Plaintiff accepted T-Mobile's Terms and Conditions ('T&Cs')," T-Mobile wrote in a memorandum of law. "In so doing, they agreed to arbitrate on an individual basis any dispute related to T-Mobile's services and to waive their right to participate in a class action unless they timely opted out of the arbitration procedure outlined in the T&Cs. Neither Plaintiff elected to opt out. Accordingly, Plaintiffs have brought their grievances to the wrong forum and their claims should be dismissed in favor of arbitration." T-Mobile's terms and conditions say, "Thanks for choosing T-Mobile. Please read these Terms & Conditions ('T&Cs'), which contain important information about your relationship with T-Mobile, including mandatory arbitration of disputes between us, instead of class actions or jury trials. You will become bound by these provisions once you accept these T&Cs." Customers can opt out of arbitration by calling 1-866-323-4405 or online at www.T-Mobiledisputeresolution.com, but action must be taken within 30 days of activating a new phone line. The customers who opted out of T-Mobile arbitration could file a similar lawsuit, but that would result in a much smaller pool of customers who could seek damages. The class-action complaint seeks financial damages and certification of a class consisting of every person who was a T-Mobile customer in the U.S. between May 3, 2015 and March 9, 2019. That's at least 50 million people, the class-action complaint says.

Read more of this story at Slashdot.

Mozilla Blocks UAE Bid To Become an Internet Security Guardian After Hacking Reports

Slashdot - Your Rights Online - Wt, 2019-07-09 23:00
Firefox browser maker Mozilla is blocking the United Arab Emirates' government from serving as one of its internet security gatekeepers, citing Reuters reports on a UAE cyber espionage program. From a report: Mozilla said in a statement on Tuesday it was rejecting the UAE's bid to become a globally recognized internet security watchdog, empowered to certify the safety of websites for Firefox users. Mozilla said it made the decision because cybersecurity firm DarkMatter would have administered the gatekeeper role and it had been linked by Reuters and other reports to a state-run hacking program. Reuters reported in January that Abu Dhabi-based DarkMatter provided staff for a secret hacking operation, codenamed Project Raven, on behalf of an Emirati intelligence agency. The unit was largely comprised of former U.S. intelligence officials who conducted offensive cyber operations for the UAE government. Former Raven operatives told Reuters that many DarkMatter executives were unaware of the secretive program, which operated from a converted Abu Dhabi mansion away from DarkMatter's headquarters.

Read more of this story at Slashdot.

Tesco, One of the World's Largest Supermarket Operators, Is Testing Cashierless Stores Solely Dependent On Cameras

Slashdot - Your Rights Online - Wt, 2019-07-09 02:03
An anonymous reader quotes a report from The Wall Street Journal: Tesco, one of the world's largest supermarket operators, is one of several grocers testing cashierless stores with cameras that track what shoppers pick (Warning: source paywalled; alternative source), so they pay by simply walking out the door. The retailers hope the technology -- similar to that pioneered by Amazon.com Inc. in its Amazon Go stores in the U.S. -- will allow them to cut costs and alleviate lines as they face an evolving threat from the e-commerce giant. Tesco plans to open its self-styled "pick and go" or "frictionless shopping" store to the public next year after testing with employees. Eventually it wants to use the technology, developed by Israeli startup Trigo Vision, in more of its smaller grocery stores. Tesco's 4,000-square-foot test store uses 150 ceiling-mounted cameras to generate a three-dimensional view of products as they are taken off shelves. In its recent demo, Tesco's system detected shoppers as they walked around the store. It also identified a group of products when a person holding them stood in front of a screen, tallying up their total price. Tesco is considering identifying shoppers through an app or loyalty card when they enter the store and then charging their app when they leave. Tesco told investors its method costs one-tenth of systems used by its competitors, partly because it only uses cameras. Amazon Go uses cameras and sensors to track what shoppers pick. Amazon customers scan a QR code at a gate when they enter a store, then walk out when finished. While Tesco will track the movements of their customers, the company says the system used in its trial doesn't recognize faces.

Read more of this story at Slashdot.

Brazil To Add Digital Data Protection To Fundamental Rights

Slashdot - Your Rights Online - Wt, 2019-07-09 00:03
An anonymous reader quotes a report from ZDNet: The Brazilian Senate has approved a proposal to add protection of data in digital platforms to the list of fundamental rights and individual citizen guarantees set out in the country's constitution. Brazil's general data protection law was due to go live in February 2020 but a stopgap measure signed by former president Michel Temer just before leaving office in January 2019 has extended the deadline to August next year. Earlier this year, the National Authority for Personal Data Protection has also been created , with attributions including the creation of frameworks on how to handle information and guide organizations on how to adhere to the rules. The authority will also be responsible for monitoring and applying fines to non-compliant organizations. "State and society should be entitled, as a general rule, to knowledge about each other, as long as there is a real need," said senator Simone Tebet, rapporteur of the proposal. "Other than that, data privacy should be preserved as much as possible."

Read more of this story at Slashdot.

Email App Superhuman's Superficial Privacy Fixes Do Not Prevent It From Spying on You

Slashdot - Your Rights Online - Pn, 2019-07-08 22:45
Mike Davidson: It took an article I almost didn't publish and tens of thousands of people saying they were creeped out, but Superhuman admitted they were wrong and reduced the danger that their surveillance pixels introduce. Good on Rahul Vohra and team for that. I will say, however, that I'm a little surprised how quickly some people are rolling over and giving Superhuman credit for fixing a problem that they didn't actually fix. [...] Let's take a look at how Superhuman [an email app that charges users $30 a month] explains their changes. Rahul correctly lays out four of the criticisms leveled at Superhuman's read receipts: Location data could be used in nefarious ways. Read statuses are on by default. Recipients of emails cannot opt out. Superhuman users cannot disable remote image loading. However, he also omits the core criticism: Recipients of Superhuman emails do not know their actions are being tracked or sent back to senders. Superhuman said it was keeping the read status feature, but turning it off by default. Users who want it will have to explicitly turn it on. Mike adds: This addresses the concern about teaching customers to surveil by default but also establishes that Superhuman is keeping the feature working almost exactly as-is, with the exception of not collecting or displaying actual locations. I've spoken with several people about how they interpreted Rahul's post on this particular detail. Some believed the whole log of timestamped read events was going away and were happy about that. Others read it as: you can still see exactly when and how many times someone has opened your email, complete with multiple timestamps -- you just can't see the location anymore. That, to me, is not sufficient. "A little less creepy" is still creepy. Also worth noting, "turning receipts off by default" does nothing to educate customers about the undisclosed surveillance they are enabling if they flip that switch.

Read more of this story at Slashdot.

Pirate Our Games, Don't Buy Them From Key Resellers, Say Indies

Slashdot - Your Rights Online - Pn, 2019-07-08 20:45
Small video games studios are asking the public to stop buying their titles from "unauthorised" markets, saying the sales cost them more than they earn. From a report: Several have said it would even be better if consumers pirated their games rather than purchased discounted unlock codes from the "key resellers." One label is running a petition calling on the biggest such market -- G2A -- to halt sales of indie games outright. But G2A has defended its business model. It said the indies benefited from its policy of sharing a cut of sales made by third parties. "Hundreds of developers earn money from selling their keys through marketplaces such as G2A," head of communications Maciej Kuc told BBC News. "We don't plan on taking away that possibility anytime soon, as it would be hurtful not only to our customers but also to the many developers who use our platform to their benefit." He added that G2A already took measures to tackle illegal sales. And he said developers were partly responsible for some of the scams on its site because of the "thousands of free keys" they had created for giveaways. The campaign's organiser, however, has dismissed this defence. "They are harming our industry and the value of our games," Mike Rose, from the Manchester-based publisher No More Robots, told BBC News.

Read more of this story at Slashdot.

A Look at How Movies and Shows From Netflix and Amazon Prime Video Are Pirated

Slashdot - Your Rights Online - Pn, 2019-07-08 20:05
News blog TorrentFreak spoke with a member of piracy group "The Scene" to understand how they obtain -- or rip -- movies and shows from sources such as Netflix and Amazon Prime Video. The technique these people use is different from hardware capture cards or software-based 'capping' tools. From the report: "Content for WEB releases are obtained by downloading the source content. Whenever you stream a video online, you are downloading chunks of a video file to your computer. Sceners simply save that content and attempt to decrypt it for non-DRM playback later," the source said. When accessing the content, legitimate premium accounts are used, often paid for using prepaid credit cards supported by bogus identities. It takes just a few minutes to download a video file since they're served by CDNs with gigabits of bandwidth. "Once files are downloaded from the streaming platform, however, they are encrypted in the .mp4 container. Attempting to view such video will usually result in a blank screen and nothing else -- streams from these sites are protected by DRM. The most common, and hard to crack DRM is called Widevine. The way the Scene handles WEB-releases is by using specialized tools coded by The Scene, for The Scene. These tools are extremely private, and only a handful of people in the world have access to the latest version(s)," source noted. "Without these tools, releasing Widevine content is extremely difficult, if not impossible for most. The tools work by downloading the encrypted video stream from the streaming site, and reverse engineering the encryption." Our contact says that decryption is a surprisingly quick process, taking just a few minutes. After starting with a large raw file, the finalized version ready for release is around 30% smaller, around 7GB for a 1080p file.

Read more of this story at Slashdot.

More Than 1,000 Android Apps Harvest Data Even After You Deny Permissions

Slashdot - Your Rights Online - Pn, 2019-07-08 18:45
An anonymous reader shares a report: Permissions on Android apps are intended to be gatekeepers for how much data your device gives up. If you don't want a flashlight app to be able to read through your call logs, you should be able to deny that access. But even when you say no, many apps find a way around: Researchers discovered more than 1,000 apps that skirted restrictions, allowing them to gather precise geolocation data and phone identifiers behind your back. The discovery highlights how difficult it is to stay private online, particularly if you're attached to your phones and mobile apps. Tech companies have mountains of personal data on millions of people, including where they've been, who they're friends with and what they're interested in. Lawmakers are attempting to reel that in with privacy regulation, and app permissions are supposed to control what data you give up. Apple and Google have released new features to improve people's privacy, but apps continue to find hidden ways to get around these protections. Researchers from the International Computer Science Institute found up to 1,325 Android apps that were gathering data from devices even after people explicitly denied them permission. Serge Egelman, director of usable security and privacy research at the ICSI, presented the study in late June at the Federal Trade Commission's PrivacyCon.

Read more of this story at Slashdot.

Steve Wozniak Warns People To Get Off of Facebook Due To Privacy Concerns

Slashdot - Your Rights Online - Pn, 2019-07-08 02:08
TMZ accosted 68-year-old Steve Wozniak at an airport, according to an article shared by Slashdot reader Iwastheone. TMZ asked Wozniak for his thoughts on whether our devices are listening to us -- and if we're trying to have private conversations, should we be worried? "I'm worried about everything," Wozniak replied. "I don't think we can stop it, though." But, everything about you -- I mean, they can measure your heartbeat with lasers now, they can listen to you with a lot of devices. Who knows if my cellphone's listening right now. Alexa has already been in the news alot. So, I worry, because you're having conversations that you think are private... You're saying words that really shouldn't be listened to, because you don't expect it. But there's almost no way to stop it. People think they have a level of privacy they don't. Why don't they give me a choice? Let me pay a certain amount, and you'll keep my data more secure and private then everybody else handing it to advertisers. Wozniak was also asked if we should "get rid of Facebook and Instagram..." His reply? "There are many different kinds of people, and some the benefits of Facebook are worth the loss of privacy. But to many like myself, my recommendation is -- to most people -- you should figure out a way to get off Facebook." "Steve knows what he's talking about," explains TMZ's write-up of their conversation, adding that "the dude co-founded Apple, and he's very much plugged into Silicon Valley and all aspects of tech."

Read more of this story at Slashdot.

America's FBI Is Running Facial Recognition Searches On Millions of Driver's License Photos

Slashdot - Your Rights Online - N, 2019-07-07 23:34
America's FBI and its Customs Enforcement agency "have turned state driver license databases into a facial-recognition gold mine, scanning through hundreds of millions of Americans' photos without their knowledge or consent," reports the Washington Post. They cite thousands of newly-released facial-recognition requests, internal documents, and emails from the last five years, revealed after a public-records request from researchers at Georgetown University, saying state Department of Motor Vehicles (DMV) databases have been transformed into "the bedrock of an unprecedented surveillance infrastructure." Police have long had access to fingerprints, DNA and other "biometric data" taken from criminal suspects. But the DMV records contain the photos of the majority of a state's residents, most of whom have never been charged with a crime. Neither Congress nor state legislatures have authorized the development of such a system, and growing numbers of Democratic and Republican lawmakers are criticizing the technology as a dangerous, pervasive and error-prone surveillance tool... Since 2011, the FBI has logged more than 390,000 facial-recognition searches of federal and local databases, including state DMV databases, the Government Accountability Office (GAO) said last month, and the records show that federal investigators have forged daily working relationships with DMV officials... They detailed the regular use of facial recognition to track down suspects in low-level crimes, including cashing a stolen check and petty theft. And searches are often executed with nothing more formal than an email from a federal agent to a local contact, the records show... The FBI's facial-recognition search has access to local, state and federal databases containing more than 641 million face photos, a GAO director said last month... The search capability was offered not just to help identify criminal suspects, but also to detect possible witnesses, victims, bodies, and innocent bystanders and other people not charged with crimes. The Post concludes that the newly-released documents "show that the technology already is tightly woven into the fabric of modern law enforcement." A senior counsel at the watchdog group Project on Government Oversight tells their reporter that "It's really a surveillance-first, ask-permission-later system. People think this is something coming way off in the future, but these (facial-recognition) searches are happening very frequently today."

Read more of this story at Slashdot.

When Ransomware Gets Paid By A City's Insurance Policies

Slashdot - Your Rights Online - N, 2019-07-07 22:46
Remember when the small town of Lake City, Florida paid $460,000 for a ransomware's decryption key? As they slowly recover 100 years of encrypted municipal records, the New York Times looks at the lessons learned, arguing that cyberattackers have simply found a juicy target: small governments with weak computer protections -- and strong insurance policies. The city had backup files for all its data, but they were on the same network -- and also inaccessible... The city's insurer, the Florida League of Cities, hired a consultant to handle the negotiations with the hackers via the email addresses that had been posted on the city server. The initial demands were refused outright, and city technicians raced to find a workaround. "We tried a lot of different solutions," said Joseph Helfenberger, the city manager. None of them worked. "We were at the end of the day faced with either re-creating the data from scratch, or paying the ransom," he said. The insurer's negotiator settled on a payment of 42 Bitcoins, or about $460,000, Helfenberger said, of which the city would pay a $10,000 deductible. After the payment, the hackers provided a decryption key, and recovery efforts began in earnest. As it turned out, recovery would not be simple. Even with the decryption key, each terabyte has taken about 12 hours to recover. Much of the city's data, nearly a month after the onset of the attack, has still not been unlocked... In Lake City, the information technology director, blamed for both failing to secure the network and taking too long to recover the data, wound up losing his job. Mark A. Orlando, the chief technology officer for Raytheon Intelligence Information and Services, tells the Times it's unrealistic to expect cities to never pay the ransom. "Anyone who said that has never been in charge of a municipality that has half their services down and no choice." But does that create an ever-widening problem? The FBI knows of at least 1,500 reported ransomware incidents last year, according to the article, although the Illinois computer programmer offering free decryption help at ID Ransomware says he's receiving 1,500 requests for assistance every day.

Read more of this story at Slashdot.