aggregator

iPhone Emulation Company Sued by Apple Says It's Making iPhones Safer

Slashdot - Your Rights Online - Wt, 2019-10-29 18:50
A startup that makes replicas of the iPhone that help hackers find vulnerabilities is accusing Apple of suing it in an attempt to shut it down. Corellium also fired back at Apple and claimed the company owes it $300,000. From a report: On Monday, Corellium, the startup that was sued by Apple for alleged copyright infringement in August, filed its response to the lawsuit. Apple alleged that Corellium's product is illegal, and helps researchers sell hacking tools based on software bugs found in iOS to government agencies that then use them to hack targets. The cybersecurity world was shocked by Apple's lawsuit, which was seen as an attempt to use copyright as an excuse to control the thriving, and largely legal, market for software vulnerabilities. The lawsuit was filed just a few days after Apple announced it would give researchers special "pre-hacked" devices to allow them to find and report more bugs to the company. "Through its invitation-only research device program and this lawsuit, Apple is trying to control who is permitted to identify vulnerabilities, if and how Apple will address identified vulnerabilities, and if Apple will disclose identified vulnerabilities to the public at all," Corellium argues in its response, echoing arguments made by the security research community. In its response, Corellium essentially argues that using Apple's code in Corellium is fair use and its product makes the world a better place by helping security researchers inspect the iPhone's operating system, find flaws in it, and help Apple fix them. With Corellium, researchers can more easily find bugs by creating virtual instances of iOS and test them more quickly, as opposed to having to use actual physical devices. Corellium attempts to illustrate this by including "before" and "after" images in its response that demonstrate what it was like to try to hack the iPhone before it released its software.

Read more of this story at Slashdot.

'Nearly All' Counter-Strike Microtransactions Are Being Used for Money Laundering

Slashdot - Your Rights Online - Wt, 2019-10-29 16:40
Counter-Strike: Global Offensive players will no longer be able to trade container keys between accounts because the trade was part of a massive worldwide fraud network. From a report: Players earned cases in Counter-Strike containing weapons and cosmetic upgrades, but had to purchase the keys to open the boxes. Developer Valve runs an internal marketplace on Steam where it allowed players to trade the boxes and the keys. Valve patched the game on October 28 and explained the problem in its patch notes. "In the past, most key trades we observed were between legitimate customers," the statement said. "However, worldwide fraud networks have recently shifted to using CS:GO keys to liquidate their gains. At this point, nearly all key purchases that end up being traded or sold on the marketplace are believed to be fraud-sourced."

Read more of this story at Slashdot.

Top Linux Developer On Intel Chip Security Problems: 'They're Not Going Away.'

Slashdot - Your Rights Online - Wt, 2019-10-29 03:30
During his Open Source Summit Europe keynote speech, Greg Kroah-Hartman, the stable Linux kernel maintainer, said Intel CPU's security problems "are going to be with us for a very long time" and are "not going away." He added: "They're all CPU bugs, in some ways they're all the same problem," but each has to be solved in its own way. "MDS, RDDL, Fallout, Zombieland: They're all variants of the same basic problem." ZDNet reports: And they're all potentially deadly for your security: "RIDL and Zombieload, for example, can steal data across applications, virtual machines, even secure enclaves. The last is really funny, because [Intel Software Guard Extensions (SGX)] is what supposed to be secure inside Intel ships" [but, it turns out it's] really porous. You can see right through this thing." To fix each problem as it pops up, you must patch both your Linux kernel and your CPU's BIOS and microcode. This is not a Linux problem; any operating system faces the same problem. OpenBSD, a BSD Unix devoted to security first and foremost, Kroah-Hartman freely admits was the first to come up with what's currently the best answer for this class of security holes: Turn Intel's simultaneous multithreading (SMT) off and deal with the performance hit. Linux has adopted this method. But it's not enough. You must secure the operating system as each new way to exploit hyper-threading appears. For Linux, that means flushing the CPU buffers every time there's a context switch (e.g. when the CPU stops running one VM and starts another). You can probably guess what the trouble is. Each buffer flush takes a lot of time, and the more VMs, containers, whatever, you're running, the more time you lose. "The bad part of this is that you now must choose: Performance or security. And that is not a good option," Kroah-Hartman said. He added: "If you are not using a supported Linux distribution kernel or a stable/long term kernel, you have an insecure system."

Read more of this story at Slashdot.

FCC Moves To Cut Off Huawei, ZTE From Subsidies

Slashdot - Your Rights Online - Wt, 2019-10-29 00:30
An anonymous reader quotes a report from The Wall Street Journal: The Federal Communications Commission is moving to place another restraint on the U.S. business of Huawei and ZTE by banning U.S. companies receiving federal subsidies from purchasing the Chinese firms' equipment (Warning: source may be paywalled; alternative source). FCC Chairman Ajit Pai set the proposal for vote at the agency's meeting on Nov. 19. It would designate Huawei and ZTE as national security threat and tell U.S. firms not to buy their equipment using money from an $8.5 billion federal fund designed to fund telecommunications service in rural areas. The FCC would also propose further study, and potentially federal funding, for removing and replacing equipment from the companies that has already been installed. Mr. Pai in a Wall Street Journal op-ed Monday called this existing equipment an "unacceptable risk."

Read more of this story at Slashdot.

A Google Staffer Helped Sell Trump's Family Separation Policy, Despite The Company's Denials

Slashdot - Your Rights Online - Pn, 2019-10-28 22:30
Google executives misled their own employees last week when they said a former top Department of Homeland Security official who had recently joined the company was "not involved in the family separation policy," government emails obtained under the Freedom of Information Act reveal. From a report: In fact, Miles Taylor, who served as deputy chief of staff and then chief of staff to former Homeland Security secretary Kirstjen Nielsen, was involved in high-level discussions about immigration enforcement, helping to shape the department's narratives and talking points as one of Nielsen's trusted lieutenants. As Nielsen's deputy chief of staff, Taylor was included on some of the DHS secretary's emails and privy to her events schedule, often prepping his boss with reports and talking points ahead of public appearances between April and June 2018, when the family separation policy was in effect. In one email obtained by BuzzFeed News, Taylor assisted Nielsen in preparing what he described as the "Protecting Children Narrative" -- the department's spin on a policy that horrified Americans when images of abandoned, caged migrant children in squalid camps emerged. Other emails from Nielsen's events planner show that he had been scheduled to participate in at least two weekly calls to "discuss Border Security and Immigration Enforcement" in June 2018. Two former DHS officials dismissed Google's claim that Taylor -- who last month joined the company as a government affairs and public policy manager advising on national security issues -- could have kept his hands clean from the policy.

Read more of this story at Slashdot.

Australia Wants To Use Face Recognition For Porn Age Verification

Slashdot - Your Rights Online - Pn, 2019-10-28 21:50
An anonymous reader quotes a report from Ars Technica: Lawmakers in Australia (like their counterparts in the United Kingdom) are looking for an effective way to limit kids' access to online pornography. Australia's Department of Home Affairs has a possible solution: face-recognition technology. "Home Affairs is developing a Face Verification Service which matches a person's photo against images used on one of their evidence of identity documents to help verify their identity," the government agency wrote in a recent regulatory filing. "This could assist in age verification, for example by preventing a minor from using their parent's driver license to circumvent age verification controls." Australia's government face-matching system has been years in the making. In 2016, the government announced that (in the words of CNET) "the first phase of its new biometric Face Verification Service (FVS) is up and running, giving a number of government departments and the Australian Federal Police the ability to share and match digital photos of faces." Initially, the system was fairly limited. It only included photos of people who had applied to become Australian citizens. And use of the database was supposed to be limited to a handful of government agencies with a compelling need for it. But since then, the government has steadily expanded the system. Photos from other sources were added to the database. And Australia has been trying to develop a more sophisticated Face Identification Service that can identify unknown persons. "The Face Verification Service is not yet fully operational," the government acknowledges. "Whilst it is intended to be made available to private sector organizations in future, this will be subject to the passage of the Identity-matching Services Bill 2019 which is currently before Parliament."

Read more of this story at Slashdot.

Comcast Argues 'We've Never Sold Customers' Data'

Slashdot - Your Rights Online - Pn, 2019-10-28 05:34
An anonymous reader quotes MediaPost: Faced with a new controversy related to online privacy, Comcast said this week that it doesn't draw on information about the sites broadband users visit for advertising or targeting. The company said Thursday that it deletes information every 24 hours about the domain names people navigate to online. "Millions of Comcast customers look up billions of addresses online every day," Chief Privacy Officer Christin McMeley wrote on the company's blog. "We've never used that data for any sort of marketing or advertising -- and we have never sold it to anyone." The company's statement came one day after the publication Motherboard reported on Comcast's efforts to rally opposition on Capitol Hill to Google's plan to encrypt domain names... "While cloaked as enhancing user privacy, Google's DNS encryption will in fact vastly expand Google's control over and use of customer data, and will result in the complete commercialization of DNS data for Google's own ends," [Comcast's] presentation states. Google has said its plans were mischaracterized by broadband organizations, and that it has no intention of centralizing the web, or changing people's existing DNS providers to Google by default. "Any claim that we are trying to become the centralized encrypted DNS provider is inaccurate," a company spokesperson said last month... One day after Motherboard posted the material reportedly prepared by Comcast, the cable provider touted its privacy policies in a blog post. "Where you go on the Internet is your business, not ours," McMeley wrote. "As your Internet Service Provider, we do not track the websites you visit or apps you use through your broadband connection. Because we don't track that information, we don't use it to build a profile about you and we have never sold that information to anyone." Several years ago, Comcast opposed Federal Communications Commission privacy regulations that would have required broadband providers to obtain consumers' opt-in consent before drawing on their web-browsing activity for advertising. The FCC passed those rules in 2016, but the regulations were revoked by Congress the following year.

Read more of this story at Slashdot.

How the 2018 Olympic Cyberattack Was Traced To Russian Hackers

Slashdot - Your Rights Online - N, 2019-10-27 13:34
Sparrowvsrevolution writes: In a lengthy article, Wired tells a newly detailed narrative of the cyberattack on the 2018 Winter Olympic games, which hit the Olympics network during the opening ceremony. The piece details how the malware used in that attack was designed to incorporate multiple sophisticated false flags, and how forensic analysts overcame those red herrings to eventually trace the attack to a specific unit of Russia's GRU military intelligence agency. It's a good read. Wired calls it "perhaps the most deceptive hacking operation in history," but they finally get an answer from a 28-year-old former anarchist punk turned security researcher at the Reston, Virginia, office of the security and private intelligence firm FireEye. The tell-tale clue: the malware used "a certain common set of hacking tools called PowerShell Empire." He soon deduced that the source of that signal in the noise was a common tool used to create each one of the booby-trapped documents. It was an open source program, easily found online, called Malicious Macro Generator. Michael Matonis speculated that the hackers had chosen the program in order to blend in with a crowd of other malware authors, but it had ultimately had the opposite effect, setting them apart as a distinct set... When he looked at the command and control servers that the malware connected back to -- the strings that would control the puppetry of any successful infections -- all but a few of the IP addresses of those machines overlapped too... Matonis began painstakingly checking every IP address his hackers had used as a command and control server in their campaign of malicious Word document phishing; he wanted to see what domains those IP addresses had hosted... At the end of his long chain of internet-address connections, Matonis had found a fingerprint that linked the Olympics attackers back to a hacking operation that directly targeted the 2016 US election. Not only had he solved the whodunit of Olympic Destroyer's origin, he'd gone further, showing that the culprit had been implicated in the most notorious hacking campaign ever to hit the American political system.

Read more of this story at Slashdot.

America's Trade Commission Accused of 'Rewarding Bad Actors' Posting Fake Online Reviews

Slashdot - Your Rights Online - So, 2019-10-26 23:34
Ars Technica quotes the CEO of a fraudulent-review tracking company who says that fake reviews online have now reached 'epidemic proportions". But two U.S. regulators say that's just the beginning: Commissioners Rohit Chopra and Rebecca Slaughter of the Federal Trade Commission say it's about to get a lot worse, and they know who to blame: their own agency. The FTC this week brought its first case against a company for enlisting its employees in a coordinated fake-review campaign to boost sales. Chopra and Slaughter say the decision reached by their fellow commissioners could usher in even more review fraud. The settlement did not require the company to admit fault, notify customers of the fraud, or turn over any ill-gotten gains. "Dishonest firms may come to conclude that posting fake reviews is a viable strategy, given the proposed outcome here," Chopra said in a statement dissenting from the FTC's decision, joined by Slaughter. "Honest firms, who are the biggest victims of this fraud, may be wondering if they are losing out by following the law. Consumers may come to lack confidence that reviews are truthful...." [T]he FTC voted 3â"2 to allow Sunday Riley to settle the charges by agreeing not to post future fake reviews, without admitting fault. Chopra and Slaughter say the settlement will ultimately do more harm than good and that it tells companies there's little risk in engaging in online review fraud; even if regulators find the fake reviews, the company won't face a meaningful punishment, the dissenters say. FTC staffers told Ars Technica that it's extraordinarily rare for the FTC to get a fake-review case "as straightforward, prosecutable, and evidence-rich" as this one. The FTC's investigation began when an inside whistle-blower shared a company email on Reddit in which employees "were given step-by-step directions on how to post fake reviews" -- and on how to avoid detection.

Read more of this story at Slashdot.

Russian Cyberattackers Stole Iranian Tools, Then Attacked 35 Countries

Slashdot - Your Rights Online - So, 2019-10-26 22:34
An anonymous reader quotes Bloomberg News: A Russia-linked group is believed to have utilized Iranian tools to conduct cyber attacks against dozens of countries, in an apparent effort to mask their identities, according to joint advisories by the U.S. and the U.K. The group, known as Turla, used tools from suspected Iran-based hacking groups and deployed them against old and new targets. In order to acquire the tools, Turla "comprised the suspected Iran-based hacking groups themselves," according to the U.S. National Security Agency and the U.K.'s National Cyber Security Centre, which released the advisories on Monday. The original owners of the tools "were almost certainly not aware of, or complicit with, Turla's use of their implants," the agencies said. The attacks, against more than 35 countries, would appear to the victims as coming from Iran.

Read more of this story at Slashdot.

Calculation Errors and Inadequate Peer Review Led To Miami Bridge's Collapse

Slashdot - Your Rights Online - So, 2019-10-26 17:34
America's National Transportation Safety Board has now officially determined the probable causes of a Florida pedestrian bridge's collapse in March of 2018: load and capacity calculation errors made by FIGG Bridge Engineers. Slashdot reader McGruber shares their report: Contributing to the collapse was Louis Berger's inadequate peer review, which failed to detect FIGG's calculation errors in its design of the main span truss member 11/12 nodal region and connection to the bridge deck. The FIGG engineer of record's failure to identify the significance of structural cracking observed in this node before the collapse, and failure to obtain an independent peer review of the remedial plan to address the cracking, further contributed to the collapse... Six of the eight lanes of the roadway traveling under the bridge were open at the time of the collapse. The failure of FIGG, MCM, Bolton Perez and Associates Consulting Engineers, FIU and the Florida Department of Transportation to cease bridge work and close SW 8th Street to protect public safety contributed to the severity of the collapse outcome, said the NTSB during the meeting. "Errors in bridge design, inadequate peer review and poor engineering judgment led to the collapse of this bridge," said NTSB Chairman Robert Sumwalt. "The failure of all concerned parties, to recognize and take action on the threat to public safety presented by the significant observed bridge structure distress prior to the collapse, led to the tragic loss of life in this preventable accident." The report also concludes that Louis Berger "was not qualified by the Florida Department of Transportation to conduct an independent peer review" -- and that Florida's Department of Transportation "should have verified Louis Berger's qualifications as an independent peer review firm as part of FDOT's oversight of local agency program projects."

Read more of this story at Slashdot.

Microsoft Beats Amazon To Win the Pentagon's $10 Billion JEDI Cloud Contract

Slashdot - Your Rights Online - So, 2019-10-26 04:20
An anonymous reader quotes a report from The Verge: The U.S. government has awarded a giant $10 billion cloud contract to Microsoft, the Department of Defense has confirmed. Known as Joint Enterprise Defense Infrastructure (JEDI), the contract will provide the Pentagon with cloud services for basic storage and power all the way up to artificial intelligence processing, machine learning, and the ability to process mission-critical workloads. It's a key contract for Microsoft as the company battles Amazon for cloud dominance, and for a while it was up in the air as to whether Microsoft or Amazon would win this particular one. IBM and Oracle were both eliminated for the bidding back in April, leaving just Microsoft and Amazon as the only companies that could meet the requirements. The contract has been controversial throughout the bidding process, and Oracle lost a legal challenge after it claimed the contract has conflicts of interest. The contract will last for 10 years and is likely to be resisted by employees, who have in the past have called on the company to drop its HoloLens U.S. Army contract and stop its work with ICE.

Read more of this story at Slashdot.

Man Sues AT&T, Saying He Lost $1.8 Million In Cryptocurrency With SIM Card Hack

Slashdot - Your Rights Online - So, 2019-10-26 02:02
A California man is suing AT&T after he says one of its employees allowed a hacker to access his cell phone number that resulted in his data being compromised and more than $1.8 million in cryptocurrency stolen from his accounts. ABC News reports: Seth Shapiro says that an AT&T employee allowed a hacker to swap his phone number from his phone to a separate device, which resulted in "the compromise of highly sensitive personal and financial information and the theft of more than $1.8 million," according to court documents. The process of so-called "SIM swapping" allows hackers a way to gain access to all the information tied to a phone number potentially giving them access to every email, photo, app and more on the phone. The complaint filed on Oct. 17 claims that while third parties had control over his AT&T wireless number, "they used that control to access and reset the passwords for Mr. Shapiro's accounts on cryptocurrency exchange platforms, including KuCoin, Bittrex, Wax, Coinbase, Huobi, Crytopia, LiveCoin, HitBTC, Coss.io, Liqui, and Bitfinex." The digital currency "was accessed by the hackers utilizing their control over Mr. Shapiro's AT&T wireless number," the court documents added. The lawsuit alleges that hackers were able to access "accounts on various cryptocurrency exchange platforms, including the accounts he controlled on behalf of his business venture. The hackers then transferred Mr. Shapiro's currency from Mr. Shapiro's accounts into accounts that they controlled." "In all, they stole more than $1.8 million from Mr. Shapiro in the two consecutive SIM swap attacks on May 16, 2018," the complaint added. AT&T told ABC News in a statement that they dispute the Shapiro's allegations and shared information on how customers can help keep themselves safe from SIM swaps. "We dispute these allegations and look forward to presenting our case in court," the statement said. "Customers can learn how to help protect themselves from this scam by going here -- https://about.att.com/sites/cyberaware/ni/blog/sim_swap."

Read more of this story at Slashdot.

Netflix and Spotify Might Be Required To Issue Emergency Alerts From the Government Just Like TV and Radio

Slashdot - Your Rights Online - Pt, 2019-10-25 19:40
Streaming services like Netflix, Disney+, and Spotify might be required to issue emergency alerts from the government if U.S. lawmakers have their way. From a report: TV and radio stations operating in the U.S. are required by law to issue emergency warnings, like the infamous fake missile alert for Hawaii issued in early 2018, but lawmakers want to bring those alerts to more platforms, as viewers use more and more internet-based services. The legislation, dubbed the Reliable Emergency Alert Distribution Improvement (READI) Act, has bipartisan support and is being introduced in the Senate by Democrat Brian Schatz of Hawaii and Republican John Thune of South Dakota. A bipartisan group of Representatives in the House have a similar bill that has already been introduced. The legislation would also make it illegal for consumers to opt out of federal emergency alerts on their phones and would require alerts by the U.S. president and FEMA to be repeated. TV and radio stations are currently only required to issue an alert once. "When a missile alert went out across Hawai'i last year, some people never got the message on their phones, while others missed it on their TVs and radios. Even though it was a false alarm, the missile alert exposed real flaws in the way people receive emergency alerts," Senator Schatz said in a statement posted to his website.

Read more of this story at Slashdot.

Mozilla: Cloudflare Doesn't Pay Us For Any DoH Traffic

Slashdot - Your Rights Online - Pt, 2019-10-25 15:00
An anonymous reader writes: Mozilla said today that "no money is being exchanged to route DNS requests to Cloudflare" as part of the DNS-over-HTTPS (DoH) feature that is currently being gradually enabled for Firefox users in the US. The browser maker has been coming under heavy criticism lately for its partnership with Cloudflare. Many detractors say that by using Cloudflare as the default DoH resolver for Firefox, Mozilla will help centralize a large chunk of DNS traffic on Cloudflare's service. Critics of this decision include regular users, but also ISP-backed lobby groups, according to a recent report citing leaked documents. But according to Mozilla, they're not getting paid for this, and are only doing it for Firefox user privacy.

Read more of this story at Slashdot.

BBC News Launches 'Dark Web' Tor Mirror

Slashdot - Your Rights Online - Pt, 2019-10-25 01:20
sandbagger writes: The BBC has made its international news website available via the Tor network, in a bid to thwart censorship attempts. The browser can obscure who is using it and what data is being accessed, which can help people avoid government surveillance and censorship. Countries including China, Iran and Vietnam are among those who have tried to block access to the BBC News website or programs. Instead of visiting bbc.co.uk/news or bbc.com/news, users of the Tor browser can visit the new bbcnewsv2vjtpsuy.onion web address. Clicking this web address will not work in a regular web browser.

Read more of this story at Slashdot.

TikTok Raises National Security Concerns in Congress as Schumer, Cotton Ask for Federal Review

Slashdot - Your Rights Online - Cz, 2019-10-24 20:00
Two senior members of Congress, Senate Minority Leader Charles E. Schumer (D-N.Y.) and Sen. Tom Cotton (R-Ark.), asked U.S. intelligence officials late Wednesday to determine whether the Chinese-owned social-networking app TikTok poses "national security risks." From a report: In a letter to Joseph Maguire, the director of national intelligence, the lawmakers questioned TikTok's data-collection practices and whether the app adheres to censorship rules directed by the Chinese government that could limit what U.S. users see. TikTok, which provides users a feed of short videos, has become wildly popular among teenagers worldwide. "With over 110 million downloads in the U.S. alone, TikTok is a potential counterintelligence threat we cannot ignore," wrote Schumer and Cotton, who sits on the Senate Intelligence Committee. "Given these concerns, we ask that the Intelligence Community conduct an assessment of the national security risks posed by TikTok and other China-based content platforms operating in the U.S. and brief Congress on these findings."

Read more of this story at Slashdot.

40 Major Music Festivals Have Pledged Not To Use Facial Recognition Technology

Slashdot - Your Rights Online - Cz, 2019-10-24 17:20
Forty of the world's largest music festivals -- including SXSW, Coachella, Pitchfork, and Bonnaroo -- have gone on the record to promise that they will not use facial recognition technology at their events, following a campaign launched by musicians and activists to ban the technology. From a report: Today, organizers of the campaign are declaring victory. "It's so important that people don't just learn about how scary and dangerous surveillance technology like facial recognition is but also learn about successful efforts to stop it," Evan Greer, the deputy director of Fight For the Future, a digital rights rights advocacy group that spearheaded the campaign, told Motherboard. This victory for digital rights activists and musicians is the first major setback to commercial facial recognition companies in the United States, and could have ripples beyond the industry. In recent years, many music events have become increasingly Orwellian experiences. Biometric surveillance companies and venture capitalists have identified music festivals as a huge potential market for facial recognition technologies, which can be marketed as a way for concertgoers to bypass long lines. But musicians and activists have concerns.

Read more of this story at Slashdot.

Open Database Leaked 179GB In Customer, US Government, and Military Records

Slashdot - Your Rights Online - Cz, 2019-10-24 02:50
An open database exposing records containing the sensitive data of hotel customers as well as US military personnel and officials has been disclosed by researchers. ZDNet reports: On Monday, vpnMentor's cybersecurity team, led by Noam Rotem and Ran Locar, said the database belonged to Autoclerk, a service owned by Best Western Hotels and Resorts group. Autoclerk is a reservations management system used by resorts to manage web bookings, revenue, loyalty programs, guest profiles, and payment processing. In a report shared with ZDNet, the researchers said the open Elasticsearch database was discovered through vpnMentor's web mapping project. It was possible to access the database, given it had no encryption or security barriers whatsoever, and perform searches to examine the records contained within. The team says that "thousands" of individuals were impacted, although due to ethical reasons it was not possible to examine every record in the leaking database to come up with a specific number. Hundreds of thousands of booking reservations for guests were available to view and data including full names, dates of birth, home addresses, phone numbers, dates and travel costs, some check-in times and room numbers, and masked credit card details were also exposed. Some of the records were logs for U.S. Army generals visiting Russia and Israel, the report says. In total, the AWS-hosted database contained over 179GB of data.

Read more of this story at Slashdot.

EU Data Watchdog Raises Concerns Over Microsoft Contracts

Slashdot - Your Rights Online - Cz, 2019-10-24 00:10
An anonymous reader quotes a report from Reuters: Microsoft's contracts with European Union institutions do not fully protect data in line with EU law, the European Data Protection Supervisor (EDPS) said in initial findings published on Monday. The EDPS, the EU's data watchdog, opened an investigation in April to assess whether contracts between Microsoft and EU institutions such as the European Commission fully complied with the bloc's data protection rules. "Though the investigation is still ongoing, preliminary results reveal serious concerns over compliance of the relevant contractual terms with data protection rules and the role of Microsoft as a processor for EU institutions using its products and services," the EDPS says in a statement. "We are committed to helping our customers comply with GDPR, Regulation 2018/1725 and other applicable laws," a Microsoft spokesman said. "We are in discussions with our customers in the EU institutions and will soon announce contractual changes that will address concerns such as those raised by the EDPS."

Read more of this story at Slashdot.