aggregator

Walmart Dodged US Tax on $2 Billion by Routing Cash Through Multiple Countries, Whistleblower Says

Slashdot - Your Rights Online - So, 2019-11-30 01:01
Walmart, the world's biggest retail company, underpaid US taxes on nearly $2 billion worth of offshore cash, according to whistleblower documents filed by a former Walmart executive to the Internal Revenue Service (IRS) in 2011, and recently obtained by Quartz. From the report: The firm avoided nearly $200 million in taxes on that money and "dramatically" overstated its foreign tax credits in 2009 and 2010 by routing payments from Luxembourg to the United States via the United Kingdom and not declaring they came from a tax haven, the whistleblower wrote. If Walmart claimed all the tax credits, it could have improperly avoided paying close to $600 million in total via the maneuvers, according to the files. The whistleblower argued in the documents that the company should owe all that money to the IRS. A second former executive, who shared the files with Quartz, confirmed the whistleblower's allegations. Walmart denied any wrongdoing. "The transactions brought to our attention were appropriately reported to and audited by the IRS," a spokesman said in an emailed statement. "The tax years covering this matter were closed by the IRS more than seven years ago." The spokesman declined to say whether the company explicitly told the IRS that the money originated in Luxembourg, rather than the United Kingdom.

Read more of this story at Slashdot.

Only a Few 2020 US Presidential Candidates Are Using a Basic Email Security Feature

Slashdot - Your Rights Online - Cz, 2019-11-28 18:10
Just one-third of the 2020 U.S. presidential candidates are using an email security feature that could prevent a similar attack that hobbled the Democrats during the 2016 election. From a report: Out of the 21 presidential candidates in the race, according to Reuters, only seven Democrats are using and enforcing DMARC, an email security protocol that verifies the authenticity of a sender's email and rejects spoofed emails, which hackers often use to try to trick victims into opening malicious links from seemingly known individuals. It's a marked increase from April, where only Elizabeth Warren's campaign had employed the technology. Now, the Democratic campaigns of Joe Biden, Kamala Harris, Michael Bloomberg, Amy Klobuchar, Cory Booker, Tulsi Gabbard and Steve Bullock have all improved their email security. The remaining candidates, including presidential incumbent Donald Trump, are not rejecting spoofed emails. Another seven candidates are not using DMARC at all.

Read more of this story at Slashdot.

Oracle Responds To Wage Discrimination Claims By Suing US Department of Labor

Slashdot - Your Rights Online - Cz, 2019-11-28 12:00
According to The Register, Oracle is suing the Department of Labor for repeatedly accusing the company of discriminating against and underpaying women and minorities. From the report: In a lawsuit [PDF] filed Wednesday in a Washington DC district court, Big Red accuses the U.S. Department of Labor of "unprecedented overreach by an executive agency," and claims the agency doesn't have the authority to cut Oracle out of government contracts for its discriminatory practices or sue it for underpaying certain staff. With one hand holding the constitution and the other bashing its chest, the database giant warned perilously that "the rise of the modern administrative state has altered our government structure" but that it had "not undone our constitutional structure." The folks at the Office of Federal Contract Compliance Programs (OFCCP) have "created a coercive administrative enforcement and adjudicative regime" the lawsuit bellows. "Without authority from any Act of Congress - indeed, in contravention of congressional legislation - a group of unelected, unaccountable, and unconfirmed administrative officials have cut from whole cloth this adjudicative agency enforcement scheme." The lawsuit is just the latest in a brutal battle between Oracle and the Labor Department that started in 2017 when the government sued the database biz for pay and employment discrimination. According to federal investigators, Oracle pays its white male employees more than women and minorities even when they are in the same job with the same title. It studied Oracle's hiring practices since 2013 and concluded that there were "gross disparities in pay even after controlling for job title, full-time status, exempt status, global career level, job speciality, estimated prior work experience, and company tenure."

Read more of this story at Slashdot.

Greenhouse Gas Emissions Are Still Rising, UN Report Says

Slashdot - Your Rights Online - Cz, 2019-11-28 05:30
An anonymous reader quotes a report from NPR: Greenhouse gas emissions have risen steadily for the past decade despite the current and future threat posed by climate change, according to a new United Nations report. The annual report compares how clean the world's economies are to how clean they need to be to avoid the most catastrophic effects of climate change -- a disparity known as the "emissions gap." However, this year's report describes more of a chasm than a gap. Global emissions of carbon dioxide, methane and other greenhouse gases have continued to steadily increase over the past decade. In 2018, the report notes that global fossil fuel CO2 emissions from electricity generation and industry grew by 2%. "There is no sign of [greenhouse gas] emissions peaking in the next few years," the authors write. Every year that emissions continue to increase "means that deeper and faster cuts will be required" to keep Earth from warming more than 1.5 to 2 degrees Celsius above preindustrial levels. [...] The United States is currently not on track to meet its greenhouse gas reduction commitments under the Paris Agreement, which the United States ratified and is technically still part of until its withdrawal takes effect in November 2020. According to the new report, six other major economies are also lagging behind their commitments, including Canada, Japan, Australia, Brazil, the Republic of Korea and South Africa. What's interesting is that China's per capita emissions are now "in the same range" as the European Union, thanks to the country's large investments in renewable energy such as solar and wind. Some of the recommendations for how the world's top economies could cut emissions include: banning new coal-fired power plants, requiring all new vehicles to be CO2-free by 2030, expanding mass transit and/or requiring all new buildings to be entirely electric.

Read more of this story at Slashdot.

AT&T and Verizon Agree To Change Their eSIM Practices

Slashdot - Your Rights Online - Cz, 2019-11-28 04:25
In early 2018, the Department of Justice launched an investigation into whether AT&T, Verizon and the GSM Association (GSMA) worked together to limit eSIM technology. Today, The New York Times reports that the DOJ is closing the investigation and has found no evidence of wrongdoing. From a report: The DOJ was initially concerned that AT&T and Verizon attempted to lock devices on their networks even if the device had an eSIM. But the parties have agreed to change how they determine standards for eSIM, which will allow consumers to use eSIM to switch carriers, rather than having to insert a new SIM card. And as a result, the DOJ is dropping the investigation.

Read more of this story at Slashdot.

Democrats Propose Sweeping Online Privacy Laws

Slashdot - Your Rights Online - Cz, 2019-11-28 00:40
mspohr quotes a report from The Guardian: Top Democrats on Tuesday proposed tough new privacy laws to rein in the U.S.'s tech companies after a series of scandals that have shaken confidence in the companies and exposed the personal data of millions of consumers. The effort, led by Senator Maria Cantwell, the top Democrat on the Senate commerce, science and transportation committee, aims to "provide consumers with foundational data privacy rights, create strong oversight mechanisms, and establish meaningful enforcement." The Consumer Online Privacy Rights Act (Copra) comes after a series of failed attempts to rein in the tech giants in the U.S. The act resembles Europe's sweeping General Data Protection Regulation (GDPR) legislation, passed in 2016. It would force tech companies to disclose the personal information they have collected, delete or correct inaccurate or incomplete information and allow consumers to block the sale of their information. The bill's sponsors are all Democrats and include presidential candidate Senator Amy Klobuchar. "Companies continue to profit off of the personal data they collect from Americans, but they leave consumers completely in the dark about how their personal information is being used," she said. "It's time for Congress to pass comprehensive privacy legislation."

Read more of this story at Slashdot.

It's Way Too Easy To Get a<nobr> <wbr></nobr>.gov Domain Name

Slashdot - Your Rights Online - Śr, 2019-11-27 16:01
Brian Krebs: Many readers probably believe they can trust links and emails coming from U.S. federal government domain names, or else assume there are at least more stringent verification requirements involved in obtaining a .gov domain versus a commercial one ending in .com or .org. But a recent experience suggests this trust may be severely misplaced, and that it is relatively straightforward for anyone to obtain their very own .gov domain. Earlier this month, KrebsOnSecurity received an email from a researcher who said he got a .gov domain simply by filling out and emailing an online form, grabbing some letterhead off the homepage of a small U.S. town that only has a ".us" domain name, and impersonating the town's mayor in the application. "I used a fake Google Voice number and fake Gmail address," said the source, who asked to remain anonymous for this story but who said he did it mainly as a thought experiment. "The only thing that was real was the mayor's name." The email from this source was sent from exeterri[.]gov, a domain registered on Nov. 14 that at the time displayed the same content as the .us domain it was impersonating -- town.exeter.ri.us -- which belongs to the town of Exeter, Rhode Island (the impostor domain is no longer resolving). "I had to [fill out] 'an official authorization form,' which basically just lists your admin, tech guy, and billing guy," the source continued. "Also, it needs to be printed on 'official letterhead,' which of course can be easily forged just by Googling a document from said municipality. Then you either mail or fax it in. After that, they send account creation links to all the contacts."

Read more of this story at Slashdot.

NSO Employees Take Legal Action Against Facebook For Banning Their Accounts

Slashdot - Your Rights Online - Śr, 2019-11-27 04:30
On Tuesday, lawyers representing current and former employees of Israeli surveillance contractor NSO Group took legal action against Facebook to try and get their accounts reinstated after being banned by the social media giant. Motherboard reports: Last month, Facebook itself sued NSO in California for leveraging a vulnerability in the WhatsApp chat program that NSO Group clients used to hack targets. As part of that, Facebook also banned the personal Facebook and Instagram accounts of multiple current and former NSO employees. The new lawsuit argues that Facebook violated its own terms of service by blocking the NSO employees, and it used personal information they shared with Facebook in order to identify them, in violation of an Israeli privacy law. As relief, the lawyers ask the court to make Facebook lift the ban on the accounts. The lawsuit was first reported in Israeli media. "It appears that Facebook used the [NSO employees'] personal data...in order to identify them as NSO employees (or former employees), in service of imposing 'collective punishment' on them, in the form of blocking their personal accounts," the lawsuit reads in Hebrew. The lawsuit argues that the personal data used to identify them as NSO employees belonged to the individuals, and not Facebook. The legal action says that the NSO employees were banned without warning even though they are "private people, who make private use of the social networks, whose only 'sin' was any association with NSO, as employees or former employees." The lawsuit includes a screenshot of an email Facebook allegedly sent to someone who had their account suspended. Facebook told Motherboard in a statement on Tuesday, "In October we filed a legal complaint which attributed a sophisticated cyber attack to the NSO Group and its employees that was directed at WhatsApp and its users in violation of our terms of service and U.S. law. Such actions warranted disabling relevant accounts and continue to be necessary for security reasons, including preventing additional attacks."

Read more of this story at Slashdot.

Amazon's Ring Planned Neighborhood 'Watch Lists' Built On Facial Recognition

Slashdot - Your Rights Online - Śr, 2019-11-27 02:50
An anonymous reader quotes a report from The Intercept: Ring, Amazon's crimefighting surveillance camera division, has crafted plans to use facial recognition software and its ever-expanding network of home security cameras to create AI-enabled neighborhood "watch lists," according to internal documents reviewed by The Intercept. The planning materials envision a seamless system whereby a Ring owner would be automatically alerted when an individual deemed "suspicious" was captured in their camera's frame, something described as a "suspicious activity prompt." It's unclear who would have access to these neighborhood watch lists, if implemented, or how exactly they would be compiled, but the documents refer repeatedly to law enforcement, and Ring has forged partnerships with police departments throughout the U.S., raising the possibility that the lists could be used to aid local authorities. The documents indicate that the lists would be available in Ring's Neighbors app, through which Ring camera owners discuss potential porch and garage security threats with others nearby. [...] Mohammad Tajsar, an attorney with the American Civil Liberties Union of Southern California, expressed concern over Ring's willingness to plan the use of facial recognition watch lists, fearing that "giving police departments and consumers access to 'watch listing' capabilities on Ring devices encourages the creation of a digital redline in local neighborhoods, where cops in tandem with skeptical homeowners let machines create lists of undesirables unworthy of entrance into well-to-do areas." When reached for comment, Ring spokesperson Yassi Shahmiri said that "the features described are not in development or in use and Ring does not use facial recognition technology." Amazon also told Massachusetts Sen. Edward Markey earlier this month that facial recognition has been a "contemplated but unreleased feature" for Ring, but would only be added with "thoughtful design including privacy, security and user control."

Read more of this story at Slashdot.

Psilocybin For Major Depression Granted Breakthrough Therapy By FDA

Slashdot - Your Rights Online - Śr, 2019-11-27 00:50
An anonymous reader quotes a report from New Atlas: The US Food and Drug Administration (FDA) has granted psilocybin therapy a Breakthrough Therapy designation for the second time in a year, this time with a view on accelerating trials testing its efficacy treating major depressive disorder (MDD). This new FDA Breakthrough Therapy approval focuses on a seven-site, Phase 2 trial currently underway in the United States. Coordinated by a non-profit research organization called the Usona Institute, the trial is exploring the antidepressant properties of a single psilocybin dose in treating patients with major depressive disorder. Last year's Breakthrough Therapy designation was targeted at the drug's efficacy for treatment-resistant depression (TRD). That particular clinical classification categorizes patients suffering from MDD who have not responded effectively to at least two different pharmacological antidepressant treatments during a current depressive episode. It is estimated between 10 and 30 percent of MDD patients fall into the category of TRD. The new FDA approval focuses on Usona's research into the broader condition of MDD, characterized by episodes of severe depression that last more than two weeks. Hundreds of millions of people around the world suffer from these kinds of acute major depressive episodes every year. "The Usona Phase 2 trial plans to enrol 80 subjects, randomized to receive either a single active dose of psilocybin or an active placebo containing niacin," the report adds. "The methodology being trialed is similar to other psilocybin therapy studies, with a number of preparatory psychotherapy sessions preceding the active psychedelic dose, and a number of integrative psychotherapy sessions afterwards." It's estimated that the current Phase 2 trial will be completed by early 2021, where it should be able to move into larger Phase 3 trials if the results are positive. The FDA also gave psilocybin therapy a Breakthrough Therapy status late last year. These trials should be completed sometime in 2020, "suggesting the next 12 to 24 months will offer some compelling and solid data into how effective this new psychedelic therapy actually is in treating several different forms of depression," reports New Atlas.

Read more of this story at Slashdot.

Facebook and Twitter Users' Data Exposed Due To Third-Party SDK Bug

Slashdot - Your Rights Online - Wt, 2019-11-26 12:00
Facebook and Twitter announced on Monday that the companies were notified about malicious software development kits (SDKs) that allowed certain apps to collect users' data from the apps without their permission. Paul Thurrott reports: The main culprits here are One Audience and Mobiburn, developers of the malicious SDKs that apparently paid developers to use the SDKs and secretly collect users data. Twitter noted that the issue isn't due to a vulnerability in its software. The breach was caused by "the lack of isolation between SDKs within an application," according to the company. The company also said that the malicious SDKs could allow apps to access personal information like your email, username, and your last tweet without your permission. "We have evidence that this SDK was used to access people's personal data for at least some Twitter account holders using Android, however, we have no evidence that the iOS version of this malicious SDK targeted people who use Twitter for iOS," the company said. The two social networks said that they will notify the affected users about the breach.

Read more of this story at Slashdot.

Vegan Sues Burger King For False Advertising, Alleging 'Impossible Whopper' Cooked With Beef Fat

Slashdot - Your Rights Online - Wt, 2019-11-26 04:10
A lawsuit filed in federal court claims that Burger King is falsely advertising that its "Impossible Whopper" is "100% Whopper, 0% beef." "[Phillip Williams, the plaintiff in the Florida lawsuit] says he is a vegan who purchased an Impossible Whopper because of that zero percent promise, only to learn later that the patty was cooked on the same broiler as regular meat burgers, and thus was actually 'coated in meat by-products.'" Stephen L. Carter writes in a Bloomberg column that courts used to be skeptical of cases like this, "but times may be changing." From the report: Now, I'm as quick as anybody to condemn frivolous litigation, but if the allegations are true, Williams might well have a case. Vibrant free markets rely on truthful advertising, at least when the advertising influences the purchase decision. If a consumer happens to be vegetarian or vegan (or even, like me, pesce-pollotarian), the claim that the Impossible Whopper contains no meat will be crucial to the choice whether to give the sandwich a try. Not long ago, courts turned skeptical eyes to arguments by vegans that they'd been snookered. Back in 2003, for instance, a California judge dismissed a lawsuit by a "strict ethical vegan" against the maker of a tuberculosis test that, according to the plaintiff, was said to be vegan-friendly but actually contained animal products. The plaintiff lost not because the claim was ridiculous, but because, according to the court, the class of "strict ethical vegans" was too small. A reasonably prudent seller, wrote the court, possessed "no duty to warn of the possibility of rare, idiosyncratic, hypersensitive, or unusual reactions to an otherwise safe and useful product." The court's reasoning is dated, the product of an era when veganism seemed quirky. No longer. According to a 2018 Gallup survey, some 3 percent of U.S. adults say they are vegan. Using current census data, this works out to around 7.6 million vegans. One doubts therefore that a present-day court would so blithely conclude that the class of those likely to be influenced by a claim of vegan content is small, or that its preferences are idiosyncratic. And, indeed, recent results have trended the other way. Puffery -- "a mere puff," as the courts used to say -- is an extravagant advertising claim made in a context where no reasonable consumer would take it to be a factual assertion. Exaggeration, hyperbole, and absurdity are often puffery's ingredients. (Think "service second to none" or "best-built car on the planet.") Had Burger King advertised its Impossible Whopper as containing "so little meat a vegan won't care," a court would certainly have deemed the claim puffery. But the statement that the sandwich contains "0% beef" isn't puffery; it's a clear and precise assertion about the existence of a fact. If it was foreseeable that the claim would encourage those who eat no meat to try the product, and if the claim turns out to be false, it should be actionable. Don't get me wrong. I'm not suggesting that the claim is actually false. As Impossible Foods has pointed out, the customer can ask Burger King to microwave the burger, thus avoiding any contamination with meat products. This proposition, if it turns out to have been properly advertised, might well allow the restaurant to avoid liability altogether. And let's not forget that the burden of proof rests on the plaintiff. Nevertheless, the lawsuit is potentially important.

Read more of this story at Slashdot.

US Police Already Using 'Spot' Robot From Boston Dynamics In the Real World

Slashdot - Your Rights Online - Wt, 2019-11-26 03:50
Massachusetts State Police (MSP) has been quietly testing ways to use the four-legged Boston Dynamics robot known as Spot, according to new documents obtained by the American Civil Liberties Union of Massachusetts. And while Spot isn't equipped with a weapon just yet, the documents provide a terrifying peek at our RoboCop future. Gizmodo reports: The Spot robot, which was officially made available for lease to businesses last month, has been in use by MSP since at least April 2019 and has engaged in at least two police "incidents," though it's not clear what those incidents may have been. It's also not clear whether the robots were being operated by a human controller or how much autonomous action the robots are allowed. MSP did not respond to Gizmodo's emails on Monday morning. The newly obtained documents, first reported by Ally Jarmanning at WBUR in Boston, include emails and contracts that shed some light on how police departments of the future may use robots to engage suspects without putting human police in harm's way. In one document written by Lt. Robert G. Schumaker robots are described as an "invaluable component of tactical operations" that are vital to support the state's "Homeland Security Strategy." [...] The question that remains is whether the American public will simply accept robocops as our reality now. Unfortunately, it seems like we may not have any choice in the matter -- especially when the only way that we can learn about this new robot-police partnership is through records requests by the ACLU. And even then, we're still largely in the dark about how these things will be used.

Read more of this story at Slashdot.

The California DMV Is Making $50 Million a Year Selling Drivers' Personal Info

Slashdot - Your Rights Online - Wt, 2019-11-26 00:50
An anonymous reader quotes a report from Motherboard: The California Department of Motor Vehicles is generating revenue of $50,000,000 a year through selling drivers' personal information, according to a DMV document obtained by Motherboard. DMVs across the country are selling data that drivers are required to provide to the organization in order to obtain a license. This information includes names, physical addresses, and car registration information. California's sales come from a state which generally scrutinizes privacy to a higher degree than the rest of the country. In a public record acts request, Motherboard asked the California DMV for the total dollar amounts paid by commercial requesters of data for the past six years. The responsive document shows the total revenue in financial year 2013/14 as $41,562,735, before steadily climbing to $52,048,236 in the financial year 2017/18. The document doesn't name the commercial requesters, but some specific companies appeared frequently in Motherboard's earlier investigation that looked at DMVs across the country. They included data broker LexisNexis and consumer credit reporting agency Experian. Motherboard also found DMVs sold information to private investigators, including those who are hired to find out if a spouse is cheating. It is unclear if the California DMV has recently sold data to these sorts of entities. In an email to Motherboard, the California DMV said that requesters may also include insurance companies, vehicle manufacturers, and prospective employers. Marty Greenstein, public information officer at the California DMV, said that its sale furthers objectives related to highway and public safety, "including availability of insurance, risk assessment, vehicle safety recalls, traffic studies, emissions research, background checks, and for pre- and existing employment purposes." "The DMV takes its obligation to protect personal information very seriously. Information is only released pursuant to legislative direction, and the DMV continues to review its release practices to ensure information is only released to authorized persons/entities and only for authorized purposes. The DMV also audits requesters to ensure proper audit logs are maintained and that employees are trained in the protection of DMV information and anyone having access to this information sign a security document," Greenstein wrote.

Read more of this story at Slashdot.

Web Creator Tim Berners-Lee Launches Plan To 'Fix' the Internet

Slashdot - Your Rights Online - Pn, 2019-11-25 16:00
Tim Berners-Lee, the creator of the World Wide Web, is officially launching his plan to "fix" the internet. From a report: The World Wide Web Foundation, a non-profit campaign group set up by Berners-Lee, has secured the backing of tech giants Facebook, Google and Microsoft for the scheme, dubbed the "contract for the web." The British computer scientist first outlined his vision to overhaul organizations' approach to the internet at the Web Summit event last year. At the time, he said the web was "at a tipping point." The contract calls on companies to respect consumers' data privacy and urges governments to ensure everyone has access to the internet. "Never before has the web's power for good been more under threat," Adrian Lovett, CEO of the World Wide Web Foundation, told CNBC in an interview Friday. He added that the rise of hateful content and fake news being propagated online meant something had to change. "We're launching the contract for the web for the world's first-ever global action plan to protect the web as a force for good, bringing together companies, governments and citizens from around the world to say these are the things that need to be done to put things back on the right track." Other organizations backing the contract include DuckDuckGo, Reddit, GitHub and Reporters Without Borders. One major component of the pledge is the requirement that the web remains an accessible tool for all users. Lovett said that, "despite the progress we've seen in getting the world connected, half the world doesn't have access." He said the contract comes with nine core principles, while underneath them is a total of 76 clauses. "Not every organization has to abide by all of them," he insisted. "A good number of those 76 will be relevant." Berners-Lee will deliver a speech in Berlin, Germany, on Monday where he is due to say the contract will serve as a blueprint for governments, companies and citizens to safeguard the web as a force for good. The World Wide Web Foundation says it is working with partners to develop tools that can measure progress on the contract's various clauses.

Read more of this story at Slashdot.

Mozilla's Annual Buyer's Guide Rates Amazon and Google Security Cameras 'Very Creepy'

Slashdot - Your Rights Online - Pn, 2019-11-25 10:34
"Be Smart. Shop Safe," warns Mozilla's annual buyer's guide for secure connected products. Based on their conversations with developers and dozens of privacy experts, they've awarded smiley faces with different expressions to rate products from "Not Creepy" up to "Super Creepy". "While the variety of smart devices on offer is rapidly increasing, so are the number of products that pay no heed to even basic security measures..." notes the editor of Mozilla's Internet Health Report. "Now that more and more companies collect personal data about you, including audio and video of your family, and sensitive biometric and health information, like your heart rate and sleeping habits, it's worrying that more are not upfront about the privacy and security of their products." Or, as The Next Web writes, "god bless Mozilla for having our lazy backs." And, well, if you're a user of any Ring cameras⦠we're sorry. Basically, there are five things that every product must do: - Have automatic security updates, so they're protected against the newest threats - Use encryption, meaning bad actors can't just snoop on your data - Include a vulnerability management pathway, which makes reporting bugs easy and, well, possible - Require users to change the default password (if applicable), because that makes devices far harder to access - Privacy policies -- ones that relate to the product specifically, and aren't just generic Doesn't seem too much to ask right...? Well, of the 76 devices Mozilla selected, 60 of them passed this test... And what devices didn't meet the criteria? There were nine of them overall (including the Artie 3000 Coding Robot and the Wemo Wifi Smart Dimmer), but the real loser in this test is the Amazon-owned Ring. Three of the company's products (which is effectively all of their major devices) didn't meet Mozilla's criteria. Yes, that's right, the Ring Video Doorbell, Ring Indoor Cam, and Ring Security Cam all didn't meet minimum standards for security.... The main reasons for not meeting this criteria is due Ring's history with poor encryption policies, and vulnerability management. To be fair, Nest Cam's Indoor and Outdoor Security Cameras and Google Home also fell into the "Very Creepy" category -- and so did Amazon's Echo smart speakers. (The Amazon Echo Show even made it into Mozilla's highest "Super Creepy" category, where the only other product was Facebook Portal.) But at least the Nest Hello Video doorbell only appears in Mozilla's "Somewhat Creepy" category. "Just because something on your wishlist this year connects to the internet, doesn't mean you have to compromise on privacy and security..." warns the editor of Mozilla's Internet Health Report. And in addition, "Fitness trackers designed for kids as young as 4 years old, raise questions about what we are teaching our children about how much digital surveillance in their lives is normal." Going forward, they suggest that we push for better privacy regulations -- and that whenever we rate products on performance and price, we should also rate them on their privacy and security. But in the meantime, as Mozilla explained on Twitter, "Friends don't let friends buy creepy gifts."

Read more of this story at Slashdot.

Police Can Keep Ring Camera Video Forever, and Share With Whomever They'd Like

Slashdot - Your Rights Online - N, 2019-11-24 19:34
schwit1 shared this new from the Washington Post: Police officers who download videos captured by homeowners' Ring doorbell cameras can keep them forever and share them with whomever they'd like without providing evidence of a crime, the Amazon-owned firm told a lawmaker this month... Police in those communities can use Ring software to request up to 12 hours of video from anyone within half a square mile of a suspected crime scene, covering a 45-day time span, wrote Brian Huseman, Amazon's vice president of public policy. Police are required to include a case number for the crime they are investigating, but not any other details or evidence related to the crime or their request. Sen. Edward Markey, D-Mass., said in a statement that Ring's policies showed that the company had failed to enact basic safeguards to protect Americans' privacy. "Connected doorbells are well on their way to becoming a mainstay of American households, and the lack of privacy and civil rights protections for innocent residents is nothing short of chilling," he said. "If you're an adult walking your dog or a child playing on the sidewalk, you shouldn't have to worry that Ring's products are amassing footage of you and that law enforcement may hold that footage indefinitely or share that footage with any third parties." While Ring tells users not to film public roads are sidewalks, Ring isn't enforcing that, according to the article. Amazon argues that that's ultimately the user's responsibility. And will their cameras start using facial recognition algorithms? Amazon answers that that feature is "contemplated but unreleased," though they add that "We do frequently innovate based on customer demand," and point out that other competing security cameras are already offering facial-recognition...

Read more of this story at Slashdot.

What Caused Uber's Fatal 2018 Crash? NTSB Reveals Its Findings

Slashdot - Your Rights Online - So, 2019-11-23 21:34
This week America's National Transportation Safety Board presented its findings on the fatal 2018 crash of a Uber test robocar with a pedestrian in Arizona. Forbes reports: The NTSB's final determination of probable cause put primary blame on the safety driver's inattention. Contributory causes were Uber's lack of safety culture, poor monitoring of safety drivers, and lack of countermeasures for automation complacency. They put tertiary blame on the pedestrian's impaired crossing of the road, and the lack of good regulations at the Arizona and Federal levels... When it comes to human fault, the report noted that [pedestrian] Herzberg had a "high concentration of methamphetamine" (more than 10 times the medicinal dose) in her blood which would alter her perception. She also had some marijuana residue. She did not look to her right at the oncoming vehicle until 1 second before the crash. There was also confirmation that the safety driver had indeed pulled out a cell phone and was streaming a TV show on it, looking down at it 34% of the time during her driving session, with a full 5 second "glance" from 6 to 1 seconds prior to the impact. While Uber recorded videos of safety drivers, they never reviewed those of this driver to learn that she was violating the policy against cell phone use. She had received no reprimands, and driven this stretch of road 73 times before... Had the vehicle operator been attentive, she would likely have had sufficient time to detect and react to the crossing pedestrian to avoid the crash or mitigate the impact. The vehicle operator's prolonged visual distraction, a typical effect of automation complacency, led to her failure to detect the pedestrian in time to avoid the collision. The Uber Advanced Technologies Group did not adequately recognize the risk of automation complacency and develop effective countermeasures to control the risk of vehicle operator disengagement, which contributed to the crash... The detrimental effect of the company's ineffective oversight was exacerbated by its decision to remove the second vehicle operator during testing of the automated driving system... Most notably, they do not attribute the technology failures as causes of the crash. This is a correct cause ruling -- all tested vehicles, while generally better than Uber's, have flaws which would lead to a crash with a negligent safety driver, and to blame those flaws would be to blame the idea of testing this way at all. Forbes also notes the report criticizes Arizona's "shortcomings" in safeguarding the public because of the state's lack of a safety-focused application-approval process for automated driving system testing. The article adds that today Uber "is only doing very limited testing -- just a one mile loop around their HQ limited to 25 miles per hour."

Read more of this story at Slashdot.

EFF Challenges Ring's Spokesperson Shaq To A Discussion About Police Surveillance

Slashdot - Your Rights Online - So, 2019-11-23 19:34
Shaq O'Neal was one of the greatest players in basketball history. But as a spokesperson for Amazon's Ring security cameras, the EFF also calls him the "one man at Ring who might listen to reason," challenging him to go one-on-one with the EFF's privacy experts: In just a year and a half, Amazon's Ring has set up more than 500 partnerships with law enforcement agencies to convince communities to spy on themselves through doorbell cameras and its social app, Neighbors. The company is moving recklessly fast with little regard for the long-term risks of this mass surveillance technology. These partnerships threaten free speech and the well-being of communities, vastly expand police surveillance, undermine trust between police and residents, and enable racial profiling by exacerbating suspicion and paranoia. So far, Amazon has not committed to making any changes. But we think one person at Ring might listen: basketball legend Shaquille O'Neal. Shaq has been a spokesperson and co-owner of Ring since 2016, and has been nearly as much a public face of the company as its CEO, Jamie Siminoff. EFF would like to sit down with Shaq to discuss how Ring's partnerships with police can actually end up harming the communities that the company hopes to keep safe. If we wanted to learn how to dunk, we would go to Shaq. Before he promotes the sale of cameras that surveil neighborhoods indiscriminately, Shaq should come to the experts. Shaq, sit down with us and learn how these partnerships turn our neighborhoods into vast, unaccountable surveillance networks.

Read more of this story at Slashdot.

Defecting Chinese Spy Offers Information Trove To Australian Government

Slashdot - Your Rights Online - So, 2019-11-23 15:00
schwit1 shares a report from The Age, a daily newspaper published in Australia: A Chinese spy has risked his life to defect to Australia and is now offering a trove of unprecedented inside intelligence on how China conducts its interference operations abroad. Wang "William" Liqiang is the first Chinese operative to ever blow his cover. He has revealed the identities of China's senior military intelligence officers in Hong Kong, as well as providing details of how they fund and conduct political interference operations in Hong Kong, Taiwan and Australia. In interviews with The Age, The Sydney Morning Herald and 60 Minutes, he has revealed in granular detail how Beijing covertly controls listed companies to fund intelligence operations, including the surveillance and profiling of dissidents and the co-opting of media organizations. [...] Mr Wang said he was part of an intelligence operation hidden within a Hong Kong-listed company, China Innovation Investment Limited (CIIL), which infiltrated Hong Kong's universities and media with pro-Chinese Communist Party operatives who could be activated to counter the democracy movement. He says he had personal involvement in an October 2015 operation to kidnap and abduct to the Chinese mainland a Hong Kong bookseller, Lee Bo, and played a role in a clandestine organization that also directed bashings or cyber attacks on Hong Kong dissidents. His handlers in China issued him a fake South Korean passport to gain entry to Taiwan and help China's efforts to systematically infiltrate its political system, including directing a "cyber army" and Taiwanese operatives to meddle in the 2018 municipal elections. Plans are underway to influence the 2020 presidential election - plans that partly motivated him to defect to Australia. Mr Wang is currently at an undisclosed location in Sydney pending formal protections from the Australian government. More information is expected to be revealed on Monday.

Read more of this story at Slashdot.