aggregator

21% of Large Employers Collect Health Information From Employees' Mobile Apps or Wearable Devices, Report Says

Slashdot - Your Rights Online - Wt, 2018-10-09 20:15
An anonymous reader writes: The Kaiser Family Foundation's annual review of employer-based insurance shows that 21% of large employers collect health information from employees' mobile apps or wearable devices, as part of their wellness programs -- up from 14% last year. Wellness programs are voluntary, and so is contributing your health information to them. But among companies that offer a wellness program, just 9% of employers (including 35% of large employers) offer workers an incentive to participate.

Read more of this story at Slashdot.

UK High Court Blocks Billion-Dollar Privacy Lawsuit Against Google

Slashdot - Your Rights Online - Wt, 2018-10-09 03:25
An anonymous reader quotes a report from the BBC: The High Court has blocked a bid to sue Google for allegedly unlawfully taking data from 4.4 million UK iPhone users. The legal case was mounted by a group called Google You Owe Us, led by former Which director Richard Lloyd. It sought compensation for people whose handsets were tracked by Google for several months in 2011 and 2012. Mr Lloyd said he was "disappointed" by the ruling and his group would appeal, but Google said it was "pleased" and thought the case was "without merit." Mr Justice Warby who oversaw the case explained that it was blocked because the claims that people suffered damage were not supported by the facts advanced by the campaign group. Another reason for blocking it, he said, was the impossibility of reliably calculating the number of iPhone users affected by the alleged privacy breach. The complaint made by Google You Owe Us alleged that the cookies were used by Google to track people and get around settings on Apple's Safari browser that blocked such monitoring. Ads were sold on the basis of the personal information gathered by Google's cookies. The Safari workaround was used by Google on lots of different devices but the UK case centered on iPhone users. The group hoped to win $1.3 billion in compensation for affected users.

Read more of this story at Slashdot.

FAA Moves Toward Treating Drones and Planes As Equals

Slashdot - Your Rights Online - Wt, 2018-10-09 02:45
Hackaday's Tom Nardi writes about the Federal Aviation Administration's push to repeal Section 336, which states that small remote-controlled aircraft as used for hobby and educational purposes aren't under FAA jurisdiction. "Despite assurances that the FAA will work towards implementing waivers for hobbyists, critics worry that in the worst case the repeal of Section 336 might mean that remote control pilots and their craft may be held to the same standards as their human-carrying counterparts," writes Nardi. From the report: Section 336 has already been used to shoot down the FAA's ill-conceived attempt to get RC pilots to register themselves and their craft, so it's little surprise they're eager to get rid of it. But they aren't alone. The Commercial Drone Alliance, a non-profit association dedicated to supporting enterprise use of Unmanned Aerial Systems (UAS), expressed their support for repealing Section 336 in a June press release: "Basic 'rules of the road' are needed to manage all this new air traffic. That is why the Commercial Drone Alliance is today calling on Congress to repeal Section 336 of the FAA Modernization and Reform Act of 2012, and include new language in the 2018 FAA Reauthorization Act to enable the FAA to regulate UAS and the National Airspace in a common sense way." The 2018 FAA Reauthorization Act does not simply repeal Section 336, it also details the new rules the agency would impose on unmanned aircraft and their operators. Under these proposed rules, all unmanned aircraft would be limited to an altitude of 400 feet unless they have specific authorization to exceed that ceiling. They must also be operated within line of sight at all times, effectively ending long-range First Person View (FPV) flying. There's also language in the Reauthorization Act about studying the effects of flying unmanned aircraft at night, or over groups of people. It also states that drones, just like traditional aircraft, must be registered and marked. It even authorizes the FAA to investigate methods of remote identification for drones and their operators, meaning it's not unreasonable to conclude that RC aircraft may be required to carry transponders at some point in the future. To many in the hobby this seems like an unreasonable burden, especially in the absence of clear limits on what type of small aircraft would be excluded (if any). The report also notes that the 2018 FAA Reauthorization Act will require drone operators to have to pass an "aeronautical knowledge and safety test," and to show proof of their passing to any law enforcement if questioned. Also with the repeal of Section 336, "young people might actually be excluded from flying remote-controlled aircraft," Nardi writes. "While many RC planes and quadcopters are marketed as children's toys, in the absence of Section 336, it's not clear that a child could legally operate one. The FAA requires a person to be 16 years of age to obtain a pilot's license, and if unmanned aircraft are truly expected to obey the same 'rules of the road,' it's not unreasonable to assume that age requirement will remain in effect."

Read more of this story at Slashdot.

Google Drops Out of Pentagon's $10 Billion Cloud Competition

Slashdot - Your Rights Online - Wt, 2018-10-09 02:03
Citing corporate values, Google has decided not to compete for the Pentagon's $10 billion cloud-computing contract. Bloomberg reports: The project, known as the Joint Enterprise Defense Infrastructure cloud, or JEDI, involves transitioning massive amounts of Defense Department data to a commercially operated cloud system. Companies are due to submit bids for the contract, which could last as long as 10 years, on October 12th. Google's announcement on Monday came just months after the company decided not to renew its contract with a Pentagon artificial intelligence program, after extensive protests from employees of the internet giant about working with the military. The company then released a set of principles designed to evaluate what kind of artificial intelligence projects it would pursue. "We are not bidding on the JEDI contract because first, we couldn't be assured that it would align with our AI Principles," a Google spokesman said in a statement. "And second, we determined that there were portions of the contract that were out of scope with our current government certifications." The spokesman added that Google is "working to support the U.S. government with our cloud in many ways." "Had the JEDI contract been open to multiple vendors, we would have submitted a compelling solution for portions of it," they said. "Google Cloud believes that a multi-cloud approach is in the best interest of government agencies, because it allows them to choose the right cloud for the right workload."

Read more of this story at Slashdot.

Limo Firm To Judge: Tell Us Whether Uber Drivers Are Employees

Slashdot - Your Rights Online - Wt, 2018-10-09 00:40
An anonymous reader quotes a report from Ars Technica: Lawyers representing a Southern California limousine company that sued Uber last month over state unfair competition allegations have now filed a motion for partial summary judgement. If the filing is granted by the judge, the motion would substantially streamline the case and answer the vexing question: are Uber drivers employees or not? The proposed class-action lawsuit, known as Diva Limousine v. Uber, relies on a recently decided California Supreme Court decision that makes it more difficult for companies to unilaterally declare their workers as contractors, which effectively deprives them of benefits that they would otherwise receive as employees. In the California Supreme Court case, known as Dynamex, that court came up with a three-part test, known as the ABC test, to figure out whether companies can assert contractor status or not: "(A) that the worker is free from the control and direction of the hiring entity in connection with the performance of the work, both under the contract for the performance of the work and in fact, (B) that the worker performs work that is outside the usual course of the hiring entity's business, and (C) that the worker is customarily engaged in an independently established trade, occupation, or business, the worker should be considered an employee and the hiring business an employer under the suffer or permit to work standard in wage orders." "The standard for summary judgement is that there is no triable issue of material facts. That seems to be the case here," says Professor Veena Dubal of the University of California, Hastings, which is just blocks from Uber's headquarters in San Francisco. "Under Dynamex, workers are likely employees for purposes of minimum wage and overtime if they perform work that is within the usual course of the hiring entity's business. Uber drivers provide rides, and Uber is a transportation company that facilitates the provision of those rides. I have a hard time imagining how Uber can argue that there is a triable issue of fact here, although I am confident that they will argue that they are a software company. They have lost that argument in courts across the world."

Read more of this story at Slashdot.

Body Camera Maker Will Let Cops Live-Stream Their Encounters

Slashdot - Your Rights Online - Wt, 2018-10-09 00:00
tedlistens writes: Police officers wearing new cameras by Axon, the U.S.'s largest body camera supplier, will soon be able to send live video from their cameras back to base and elsewhere, potentially expanding police surveillance. Another feature of the new device -- set to be released next year -- triggers the camera to start recording and alerts command staff once an officer has fired their weapon, a possible corrective to the problem of officers forgetting to switch them on. (The initial price of $699 doesn't include other costs, like a subscription to Axon's Evidence.com data management system.) But adding new technologies to body camera video introduces new privacy concerns, say legal experts, who have cautioned that a network of live-streaming cameras risks turning officers into roving sentinels for a giant panopticon-like surveillance system. Harlan Yu, the executive director of Upturn, a Washington nonprofit consultancy that has studied body cameras, says that live-streaming could erode community trust and help enable more controversial technologies like real-time face recognition. "The capability to live stream all BWC footage back to a department- or precinct-wide command center... will further entrench body-worn cameras as tools for police surveillance of communities, rather than tools for transparency," he said.

Read more of this story at Slashdot.

London's Radio Pirates Changed Music. Then Came the Internet.

Slashdot - Your Rights Online - Pn, 2018-10-08 22:00
Earlier this month, The New York Times ran a story which looks at the ways a network of illegal radio stations changed British music, and wonders where young people are going to make culture now, now that the internet is killing off the pirate radio. An excerpt from the story: Ofcom, the British communications regulator, estimated there are now just 50 pirate stations in London, down from about 100 a decade ago, and hundreds in the 1990s, when stations were constantly starting up and shutting down. Ofcom considers this good news, because illegal broadcasters could interfere with radio frequencies used by emergency services and air traffic control, a spokesman said. But pirate radio stations also offered public services, of a different sort: They gave immigrant communities programming in their native languages, ran charity drives and created the first radio specifically for black Britons. Pirate radio was also the site of some of Britain's most important musical innovations, introducing pop to the airwaves in the 1960s and incubating the major underground British music trends of recent decades, up to and including dubstep and grime: Dizzee Rascal, Wiley and Skepta all launched their careers on the pirates.

Read more of this story at Slashdot.

Google Exposed Private Data of Hundreds of Thousands of Google+ Users and Then Opted Not To Disclose, Report Says

Slashdot - Your Rights Online - Pn, 2018-10-08 19:10
Google exposed the private data of hundreds of thousands of users of the Google+ social network and then opted not to disclose the issue this past spring, in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage, WSJ reported Monday, citing people briefed on the incident and documents. From the report: As part of its response to the incident, the Alphabet unit plans to announce a sweeping set of data privacy measures that include permanently shutting down all consumer functionality of Google+, the people said. The move effectively puts the final nail in the coffin of a product that was launched in 2011 to challenge Facebook and is widely seen as one of Google's biggest failures. A software glitch in the social site gave outside developers potential access to private Google+ profile data between 2015 and March 2018, [Editor's note: the link may be paywalled; alternative source] when internal investigators discovered and fixed the issue, according to the documents and people briefed on the incident. A memo reviewed by the Journal prepared by Google's legal and policy staff and shared with senior executives warned that disclosing the incident would likely trigger "immediate regulatory interest" and invite comparisons to Facebook's leak of user information to data firm Cambridge Analytica. Update: In an announcement Monday, Google said it was shutting down Google+ for consumers: We are shutting down Google+ for consumers. Over the years we've received feedback that people want to better understand how to control the data they choose to share with apps on Google+. So as part of Project Strobe, one of our first priorities was to closely review all the APIs associated with Google+. This review crystallized what we've known for a while: that while our engineering teams have put a lot of effort and dedication into building Google+ over the years, it has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps. The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds. Google+ still receives north of 200 million page views every month on the web, according to SimilarWeb, a third-party web analytics firm.

Read more of this story at Slashdot.

Tech Workers Now Want to Know: What Are We Building This For?

Slashdot - Your Rights Online - Pn, 2018-10-08 16:40
Across the technology industry, rank-and-file employees are demanding greater insight into how their companies are deploying the technology that they built. An anonymous reader shares a report: At Google, Amazon, Microsoft and Salesforce, as well as at tech start-ups, engineers and technologists are increasingly asking whether the products they are working on are being used for surveillance in places like China or for military projects in the United States or elsewhere. That's a change from the past, when Silicon Valley workers typically developed products with little questioning about the social costs. It is also a sign of how some tech companies, which grew by serving consumers and businesses, are expanding more into government work. And the shift coincides with concerns in Silicon Valley about the Trump administration's policies and the larger role of technology in government. "You can think you're building technology for one purpose, and then you find out it's really twisted," said Laura Nolan, 38, a senior software engineer who resigned from Google in June over the company's involvement in Project Maven, an effort to build artificial intelligence for the Department of Defense that could be used to target drone strikes. All of this has led to growing tensions between tech employees and managers. In recent months, workers at Google, Microsoft and Amazon have signed petitions and protested to executives over how some of the technology they helped create is being used. At smaller companies, engineers have begun asking more questions about ethics.

Read more of this story at Slashdot.

Facebook Unveils Portal and Portal+ Smart Speakers With Video Calling Feature

Slashdot - Your Rights Online - Pn, 2018-10-08 16:00
Facebook on Monday unveiled a pair of smart speakers, complete with cameras and microphones, for your home. From a report: The devices, Portal and Portal+, directly challenge Amazon, Google and Apple in the fast-growing smart-speaker market with a unique approach that will emphasize video calling. It's Facebook's first hardware product outside the Oculus line of virtual-reality devices. To start a video call, users can say "Hey Portal, call ..." followed by the name of a connection on Facebook's Messenger service. These calls include entertaining augmented-reality features that can outfit users with cat hats or turn their living rooms into animated night clubs. Another feature is Smart Camera, which uses artificial intelligence and the devices' cameras to perfectly frame users on video as they move around while on a call. [...] Besides video calls, the Portal devices can stream music from Spotify, Pandora and Amazon Music and video from Facebook Watch. Not included at launch are services like Apple Music, YouTube, Netflix, Hulu or HBO Now. The devices come equipped with Amazon's Alexa voice assistant and the many skills available on that service, allowing them to ask questions like "What's the weather?" or "How are my teams doing?" [...] The company is taking preorders for the devices now and will begin shipping them early next month. The Portal, which features a 10-inch screen, is available for $199 while the Portal+, which has a long, 15.6-inch screen, is priced at $349. WashingtonPost reports that the device follows the person in their house: What's unique about Facebook's device is the tech it uses to make the video calls look good. Think of it as a personal cinematographer: A 12-megapixel camera -- equivalent to most phones -- identifies the shape of people within its 140-degree field of view and pans and zooms to make sure they're all always in the frame. You can wander around the room, do chores, Jazzercise, play with the kids or whatever. (Or, if you want, you can tap on the face of one person and the Portal camera will track just them.)

Read more of this story at Slashdot.

French Officer Caught Selling Access To State Surveillance System On the Darkweb

Slashdot - Your Rights Online - Pn, 2018-10-08 04:02
An anonymous reader writes: "A French police officer has been charged and arrested last week for selling confidential data on the dark web in exchange for Bitcoin," reports ZDNet. French authorities caught him after they took down the "Black Hand" dark web marketplace. Sifting through the marketplace data, they found French police documents sold on the site. All the documents had unique identifiers, which they used to track down the French police officer who was selling the data under the name of Haurus. Besides selling access to official docs, they also found he ran a service to track the location of mobile devices based on a supplied phone number. He advertised the system as a way to track spouses or members of competing criminal gangs. Investigators believe Haurus was using the French police resources designed with the intention to track criminals for this service. He also advertised a service that told buyers if they were tracked by French police and what information officers had on them.

Read more of this story at Slashdot.

Voice Phishing Scams Are Getting More Clever

Slashdot - Your Rights Online - Pn, 2018-10-08 01:23
Security researcher Brian Krebs highlights several clever methods scammers are using to obtain your personal information. In one example, someone used a fully-automated voice to try and scam "a cybersecurity professional with more than 30 years of experience" by greeting him with a four-note AT&T jingle, "followed by a recorded voice saying AT&T was calling to prevent his phone service from being suspended for non-payment." "It then prompted me to enter my security PIN to be connected to a billing department representative," Jon said. "My number was originally an AT&T number (it reports as Cingular Wireless) but I have been on T-Mobile for several years, so clearly a scam if I had any doubt. However, I suspect that the average Joe would fall for it." Krebs reports of another, more sophisticated scam attempted on Matt Haughey, the creator of the community Weblog MetaFilter and a writer at Slack: Haughey banks at a small Portland credit union, and last week he got a call on his mobile phone from an 800-number that matched the number his credit union uses. Actually, he got three calls from the same number in rapid succession. He ignored the first two, letting them both go to voicemail. But he picked up on the third call, thinking it must be something urgent and important. After all, his credit union had rarely ever called him. Haughey said he was greeted by a female voice who explained that the credit union had blocked two phony-looking charges in Ohio made to his debit/ATM card. She proceeded to then read him the last four digits of the card that was currently in his wallet. It checked out. Haughey told the lady that he would need a replacement card immediately because he was about to travel out of state to California. Without missing a beat, the caller said he could keep his card and that the credit union would simply block any future charges that weren't made in either Oregon or California. This struck Haughey as a bit off. Why would the bank say they were freezing his card but then say they could keep it open for his upcoming trip? [...] The caller then read his entire home address to double check it was the correct destination to send a new card at the conclusion of his trip. Then the caller said she needed to verify his mother's maiden name. The voice in his head spoke out in protest again, but then banks had asked for this in the past. He provided it. Next she asked him to verify the three digit security code printed on the back of his card. Once more, the voice of caution in his brain was silenced: He'd given this code out previously in the few times he'd used his card to pay for something over the phone. Then she asked him for his current card PIN, just so she could apply that same PIN to the new card being mailed out, she assured him. Ding, ding, ding went the alarm bells in his head. Haughey hesitated, then asked the lady to repeat the question. When she did, he gave her the PIN, and she assured him she'd make sure his existing PIN also served as the PIN for his new card. Haughey said after hanging up he felt fairly certain the entire transaction was legitimate, although the part about her requesting the PIN kept nagging at him. Long story short, two fradulent charges were made on his account totaling $3,400. "People I've talked to about this say there's no way they'd fall for that, but when someone from a trustworthy number calls, says they're from your small town bank, and sounds incredibly professional, you'd fall for it, too," Haughey said.

Read more of this story at Slashdot.

Canadian Music Group Proposes 'Copyright Tax' On Internet Use

Slashdot - Your Rights Online - N, 2018-10-07 20:18
After ongoing discussions and proposals about new taxes and fees to compensate creators for "missed revenue," the Screen Composers Guild of Canada is calling for a copyright tax on all broadband data use above 15 gigabytes per month. TorrentFreak reports: A proposal from the Screen Composers Guild of Canada (SCGC), put forward during last week's Government hearings, suggests to simply add a levy on Internet use above 15 gigabytes per month. The music composers argue that this is warranted because composers miss out on public performance royalties. One of the reasons for this is that online streaming services are not paying as much as terrestrial broadcasters. The composers SCGC represents are not the big music stars. They are the people who write music for TV-shows and other broadcasts. Increasingly these are also shown on streaming services where the compensation is, apparently, much lower. SCGC's solution to this problem is to make every Canadian pay an extra fee when they use over 15 gigabytes of data per month. This money would then be used to compensate composers and fix the so-called "value gap." As a result, all Internet users who go over the cap will have to pay more. Even those who don't watch any of the programs where the music is used. However, SCGC doesn't see the problem and believes that 15 gigabytes are enough. People who want to avoid paying can still use email and share photos, they argue. Those who go over the cap are likely streaming not properly compensated videos. SCGC writes: "[W]hen you're downloading and consuming over 15 gigabytes of data a month, you're likely streaming Spotify. You're likely streaming YouTube. You're likely streaming Netflix. So we think because the FANG companies will not give us access to the numbers that they have, we have to apply a broad-based levy. They're forcing us to."

Read more of this story at Slashdot.

UK Cyber Security Agency Backs Apple, Amazon China Hack Denials

Slashdot - Your Rights Online - N, 2018-10-07 19:17
An anonymous reader quotes a report from Reuters: Britain's national cyber security agency said on Friday it had no reason to doubt the assessments made by Apple and Amazon challenging a Bloomberg report that their systems contained malicious computer chips inserted by Chinese intelligence services. "We are aware of the media reports but at this stage have no reason to doubt the detailed assessments made by AWS and Apple," said the National Cyber Security Centre, a unit of Britain's eavesdropping agency, GCHQ. AWS refers to Amazon Web Services, the company's cloud-computing unit. "The NCSC engages confidentially with security researchers and urges anybody with credible intelligence about these reports to contact us," it said. Apple's recently retired general counsel, Bruce Sewell, told Reuters he called the FBI's then-general counsel James Baker last year after being told by Bloomberg of an open investigation into Super Micro Computer, a hardware maker whose products Bloomberg said were implanted with malicious Chinese chips. "I got on the phone with him personally and said, 'Do you know anything about this?," Sewell said of his conversation with Baker. "He said, 'I've never heard of this, but give me 24 hours to make sure.' He called me back 24 hours later and said 'Nobody here knows what this story is about.'" The U.S. Department of Homeland Security said on Saturday that it too had no reason to doubt statements from companies that have denied the Bloomberg report. "The Department of Homeland Security is aware of the media reports of a technology supply chain compromise," DHS said in a statement. "Like our partners in the UK, the National Cyber Security Center, at this time we have no reason to doubt the statements from the companies named in the story," it said.

Read more of this story at Slashdot.

Energy Department Proposes Funding For Ohio's First Offshore Wind Project

Slashdot - Your Rights Online - N, 2018-10-07 16:14
An anonymous reader quotes a report from Ars Technica: An energy development group has been working for years to put together Ohio's first offshore wind project. That might sound odd for a state so far from the sea, but the benefits of offshore wind (strong, consistent gusts and relative proximity to major population centers) translate to wind turbines that are placed in freshwater, too. Consequently, an area eight miles off Ohio's Lake Erie coastline is slated to see six new 3.45 megawatt (MW) turbines as part of a 20.7MW pilot installation. On Thursday, the Department of Energy (DOE) issued an Environmental Assessment stating that proceeding with the plan would not cause any "impact to the human environment." In an additional finding published by the DOE this week, the department added that it did not believe that the offshore wind project would cause significant damage to migratory birds, either. Finally, the DOE proposed an unspecified amount of funding for the project, which will be the first freshwater offshore wind project in the US and one of the first offshore wind projects overall. The Lake Erie Energy Department Corporation (LEEDCo) and Norwegian investor Fred Olsen Renewables (FOR) will be developing the "Icebreaker" project, as the turbine installation has been called. "Interestingly, the turbines will be secured to the lake using a 'Mono Bucket' foundation, with a suction-based design that's similar to what's been used on offshore oil-drilling platforms in the North Sea," reports Ars. "The design, LEEDCo says, uses 'the best and lowest-cost technology for sites 25 meters and less.'"

Read more of this story at Slashdot.

Facebook Is 'Teeming' With Fake Accounts Created By Undercover Cops

Slashdot - Your Rights Online - N, 2018-10-07 09:34
An anonymous reader quotes NBC News: Police officers around the country, in departments large and small, working for federal, state and local agencies, use undercover Facebook accounts to watch protesters, track gang members, lure child predators and snare thieves, according to court records, police trainers and officers themselves. Some maintain several of these accounts at a time. The tactic violates Facebook's terms of use, and the company says it disables fake accounts whenever it discovers them. But that is about all it can do: Fake accounts are not against the law, and the information gleaned by the police can be used as evidence in criminal and civil cases. Investigators know this, which is why the accounts continue to flourish. "Every high-tech crime unit has one," said an officer who uses an undercover account to monitor gang members and drug dealers in New Jersey and who spoke on the condition of anonymity to avoid having the account exposed or shut down. "It's not uncommon, but we don't like to talk about it too much." The proliferation of fake Facebook accounts and other means of social media monitoring -- including the use of software to crunch data about people's online activity -- illustrates a policing "revolution" that has allowed authorities to not only track people but also map out their networks, said Rachel Levinson-Waldman, senior counsel at New York University School of Law's Brennan Center for Justice.... Judges in New Jersey and Delaware have upheld investigators' use of fake social media profiles. U.S. Immigration and Customs Enforcement, the Cincinnati Police Department and the Chicago Police Department have publicly boasted of using undercover Facebook accounts in cases against accused child predators, gangs and gun traffickers. Following an outcry after a Drug Enforcement Administration agent created a fake Facebook account in a suspect's name to catch members of a drug ring, the Department of Justice promised in 2014 to review the agency's policies -- but the department did not respond to multiple requests to say what has changed. Several law enforcement agencies, including the New York Police Department, the Georgia Bureau of Investigation and the Indiana Intelligence Fusion Center, have policies that explicitly allow the creation of fake profiles, with some conditions -- including obtaining prior approval from a superior and limiting interactions with targets.... [P]olice agencies have been able to keep undercover accounts for years without Facebook discovering them. After one successful ACLU lawsuit this August, a Memphis activist discovered that his local police department had assembled 22,000 pages about him and his friends.

Read more of this story at Slashdot.

Apple Insiders Say Nobody Internally Knows What's Going On With Bloomberg's China Hack Story

Slashdot - Your Rights Online - So, 2018-10-06 14:00
An anonymous reader quotes a report from BuzzFeed News: Multiple senior Apple executives, speaking with BuzzFeed News on the condition of anonymity so that they could speak freely all denied and expressed confusion with a report earlier this week that the company's servers had been compromised by a Chinese intelligence operation. On Thursday morning, Bloomberg Businessweek published a bombshell investigation. The report -- the result of more than a year of reporting and over 100 interviews with intelligence and company sources -- alleged that Chinese spies compromised and infiltrated almost 30 U.S. companies including Apple and Amazon by embedding a tiny microchip inside company servers. Both Amazon and Apple issued uncharacteristically strong and detailed denials of Bloomberg's claims. Reached by BuzzFeed News multiple Apple sources -- three of them very senior executives who work on the security and legal teams -- said that they are at a loss as to how to explain the allegations. These people described a massive, granular, and siloed investigation into not just the claims made in the story, but into unrelated incidents that might have inspired them. A senior security engineer directly involved in Apple's internal investigation described it as "endoscopic," noting they had never seen a chip like the one described in the story, let alone found one. "I don't know if something like this even exists," this person said, noting that Apple was not provided with a malicious chip or motherboard to examine. "We were given nothing. No hardware. No chips. No emails." Equally puzzling to Apple execs is the assertion that it was party to an FBI investigation -- Bloomberg wrote that Apple "reported the incident to the FBI." A senior Apple legal official told BuzzFeed News the company had not contacted the FBI, nor had it been contacted by the FBI, the CIA, the NSA or any government agency in regards to the incidents described in the Bloomberg report. This person's purview and responsibilities are of such a high level that it's unlikely they would not have been aware of government outreach.

Read more of this story at Slashdot.

Former South Korean President Sentenced To 15 Years In Prison For Accepting $5.4 Million In Bribes From Samsung

Slashdot - Your Rights Online - So, 2018-10-06 04:10
South Korea's former president, Lee Myung-bak, was sentenced Friday to 15 years in prison for bribery and embezzlement. He will also have to pay $11.5 million in fines. NPR reports: Lee is the second South Korean leader convicted this year of charges of corruption and the fourth former president to be arrested for corruption since the 1990s. Prior to entering politics, Lee had been an executive at Hyundai and campaigned on a promise to help South Korea's economy grow. Lee served as president of South Korea from 2008 until 2013. A court ruled Friday that before and during his presidency Lee accepted $5.4 million in bribes from Samsung, South Korea's largest conglomerate. In exchange, Lee had granted a presidential pardon to Lee Kun-hee, Samsung's chairman, who had been convicted of embezzlement and tax evasion. The conviction had forced Lee Kun-hee to resign from Samsung in 2008; he returned to work at the company shortly after receiving the presidential pardon. The court also found that former president Lee disguised his ownership of a lucrative auto-parts maker under the names of his relatives and embezzled 24 billion Korean won from the company, according to The New York Times. Samsung later offered to pay legal fees for a court case involving the auto-parts company. Lee, who did not appear in court on Friday, denied the charges. "During the hearings, he shifted the blame to his aides, accusing them of committing the crimes for their own profit and conspiring against him," Judge Chung Kae-seon said on Friday, according to The Times.

Read more of this story at Slashdot.

Years After ProPublica Exposed Vizio For Spying On Users, Lawyers Will Make Millions From Lawsuit

Slashdot - Your Rights Online - So, 2018-10-06 02:50
After it was revealed that Vizio was tracking customers' viewing habits and sharing that data with advertisers, a class-action lawsuit was filed against the company. Now, Ars Technica is reporting that "lawyers representing Vizio TV owners have asked a federal judge in Orange County, California to sign off on [the settlement] with the company for $17 million, for an affected class of 16 million people, who must opt-in to get any money." The company "also agrees to delete all data that it collected." From the report: Notice of the lawsuit will be shown directly on the Vizio Smart TVs, three separate times, as well as through paper mailings. When it's all said and done, new court filings submitted on Thursday say each of those 16 million people will get a payout of somewhere between $13 and $31. By contrast, their lawyers will collectively earn a maximum payout of $5.6 million in fees. Eventually, the company agreed to pay $2.2 million to settle a complaint brought by the Federal Trade Commission. However, this new settlement is related to an entirely separate lawsuit, one that was consolidated in federal court in southern California. This $17 million amount is more than Vizio made by licensing the data collected, according to a source with knowledge of the deal.

Read more of this story at Slashdot.

Democrats Draft an 'Internet Bill of Rights' To Regulate Big Tech

Slashdot - Your Rights Online - So, 2018-10-06 02:10
An anonymous reader quotes a report from GeekWire: Democrats in the House of Representatives are promising to push for federal regulation of tech companies if they retake the House in November. Rep. Ro Khanna, who represents Silicon Valley, has drafted an Internet Bill of Rights and shared it with influential tech journalist Kara Swisher. It includes liberties like the right to access and transport personal data collected about you, an opt-in framework for data collection, and net neutrality protections. Rep. Nancy Pelosi charged Khanna with drafting the principles, according to an essay by Swisher published in the New York Times. The list includes the right to obtain, correct, or delete personal data "where context appropriate and with a fair process." That's not nearly as sweeping as the "right to be forgotten" included in Europe's landmark General Data Protection Regulation, which took effect earlier this year. The Bill of Rights would also require companies that collect personal data to notify users of breaches in "a timely manner" and mandate "reasonable business practices and accountability to protect your privacy." Swisher calls it "an admirable list" but is concerned that codifying the principles "will be like pushing back the ocean." Many big tech companies have business models built entirely on collecting as much user data as possible.

Read more of this story at Slashdot.