aggregator

Google Shut Out Privacy, Security Teams From Secret China Project

Slashdot - Your Rights Online - Pt, 2018-11-30 05:30
An anonymous reader quotes a report from The Intercept about Google's secretive plans to build a censor version of its search engine for China: The objective, code-named Dragonfly, was to build a search engine for China that would censor broad categories of information about human rights, democracy, and peaceful protest. Yonatan Zunger, then a 14-year veteran of Google and one of the leading engineers at the company, was among a small group who had been asked to work on Dragonfly. He was present at some of the early meetings and said he pointed out to executives managing the project that Chinese people could be at risk of interrogation or detention if they were found to have used Google to seek out information banned by the government. Scott Beaumont, Google's head of operations in China and one of the key architects of Dragonfly, did not view Zunger's concerns as significant enough to merit a change of course, according to four people who worked on the project. Beaumont and other executives then shut out members of the company's security and privacy team from key meetings about the search engine, the four people said, and tried to sideline a privacy review of the plan that sought to address potential human rights abuses. Google's leadership considered Dragonfly so sensitive that they would often communicate only verbally about it and would not take written notes during high-level meetings to reduce the paper trail, two sources said. Only a few hundred of Google's 88,000 workforce were briefed about the censorship plan. Some engineers and other staff who were informed about the project were told that they risked losing their jobs if they dared to discuss it with colleagues who were themselves not working on Dragonfly.

Read more of this story at Slashdot.

Democrats Demand Info On Law Enforcement's Use of Amazon Facial Recognition Tool

Slashdot - Your Rights Online - Pt, 2018-11-30 02:10
An anonymous reader quotes a report from The Hill: A group of Democratic lawmakers sent a letter to Amazon CEO Jeff Bezos on Thursday saying that the company's previous explanations to Congress about its Rekognition software were inadequate. Democratic lawmakers expressed concern about the potential threat the technology poses to civil liberties in the hands of police. "Facial recognition technology may one day serve as a useful tool for law enforcement officials working to protect the American public and keep us safe," the letter reads. "However, at this time, we have serious concerns that this type of product has significant accuracy issues, places disproportionate burdens on communities of color, and could stifle Americans' willingness to exercise their First Amendment rights in public." In the letter on Thursday, the Democratic members requested that Amazon provide them with results from accuracy tests of the Rekognition software. They also asked again for information on their government clients and if they audited law enforcement's use of facial recognition to ensure that its not being employed in violation of civil rights law. "Customer trust, privacy, and security are our top priorities at AWS," Michael Punke, Amazon's vice president for global public policy, wrote in response. "We have long been committed to working with federal and state legislatures to modernize outdated laws to enhance the privacy and security of our customers by preventing law enforcement from accessing data without a warrant."

Read more of this story at Slashdot.

Starbucks Says It Will Start Blocking Porn On Its Stores' Wi-Fi In 2019

Slashdot - Your Rights Online - Pt, 2018-11-30 00:50
Starbucks announced that it will start blocking pornography viewing on its stores' Wi-Fi starting in 2019. "A Starbucks representative told NBC News that the viewing of 'egregious content' over its stores' Wi-Fi has always violated its policy, but the company now has a way to stop it," reports NBC News. From the report: "We have identified a solution to prevent this content from being viewed within our stores and we will begin introducing it to our U.S. locations in 2019," the company representative said. The announcement was first reported by Business Insider and comes after a petition from internet-safety advocacy group Enough is Enough garnered more than 26,000 signatures. The nonprofit launched a porn-free campaign aimed at McDonald's and Starbucks in 2014, and it says that while McDonald's "responded rapidly and positively," Starbucks did not. In a letter that [Enough is Enough CEO Donna Rice Hughes] said she received from Starbucks over the summer, the company vowed to address the issue "once we determine that our customers can access our free Wi-Fi in a way that also doesn't involuntarily block unintended content." Starbucks has not released details about how it plans to restrict the viewing of pornographic sites or illegal content over its Wi-Fi. In response, the vice president of YouPorn responded by sending a memo to staff banning Starbucks products from company offices starting Jan. 1, 2019.

Read more of this story at Slashdot.

DOJ Made Secret Arguments To Break Crypto, Now ACLU Wants To Make Them Public

Slashdot - Your Rights Online - Cz, 2018-11-29 15:00
An anonymous reader quotes a report from Ars Technica: Earlier this year, a federal judge in Fresno, California, denied prosecutors' efforts to compel Facebook to help it wiretap Messenger voice calls. But the precise legal arguments that the government made, and that the judge ultimately rejected, are still sealed. On Wednesday, the American Civil Liberties Union formally asked the judge to unseal court dockets and related rulings associated with this ongoing case involving alleged MS-13 gang members. ACLU lawyers argue that such a little-charted area of the law must be made public so that tech companies and the public can fully know what's going on. In their new filing, ACLU lawyers pointed out that "neither the government's legal arguments nor the judge's legal basis for rejecting the government motion has ever been made public." The attorneys continued, citing a "strong public interest in knowing which law has been interpreted" and referencing an op-ed published on Ars on October 2 as an example. The ACLU argued that the case is reminiscent of the so-called "FBI v. Apple" legal showdown -- whose docket and related filings were public -- where the government made novel arguments in an attempt to crack the encryption on a seized iPhone. Those legal questions were never resolved, as the government said the day before a scheduled hearing that it had found a company to assist in its efforts. "Moreover, the sealing of the docket sheet in this case impermissibly prevents the public from knowing anything about the actions of both the judiciary and the executive in navigating a novel legal issue, which has the potential to reoccur in the future," the ACLU's attorneys continued. "The case involves the executive branch's attempt to force a private corporation to break the encryption and other security mechanisms on a product relied upon by the public to have private conversations. The government is not just seeking information held by a third party; rather, it appears to be attempting to get this Court to force a communications platform to redesign its product to thwart efforts to secure communications between users."

Read more of this story at Slashdot.

Justice Department Indicts Two Iranians Over SamSam Ransomware Attacks

Slashdot - Your Rights Online - Cz, 2018-11-29 03:25
Two Iranian officials have been indicted by U.S. federal prosecutors for creating and deploying the notorious SamSam ransomware, which exploits a deserialization vulnerability in Java-based servers. TechCrunch reports: Faramarz Shahi Savandi, 34, and Mohammad Mehdi Shah Mansouri, 27, were indicted by a federal grand jury in New Jersey on Monday on several counts of computer hacking and fraud charges. The case was unsealed Wednesday, shortly before a press conference announcing the charges by U.S. deputy attorney general Rod Rosenstein. In total, SamSam has generated some $6 million in proceeds to date -- or 1,430 bitcoin at today's value. In a separate announcement, the Treasury said it had imposed sanctions against two bitcoin addresses associated with the ransomware. The department said the two addresses processed more than 7,000 transactions used to collect ransom demands from victims. "The Iranian defendants allegedly used hacking and malware to cause more than $30 million in losses to more than 200 victims," said Rosenstein. "According to the indictment, the hackers infiltrated computer systems in ten states and Canada and then demanded payment. The criminal activity harmed state agencies, city governments, hospitals, and countless innocent victims." One of the victims was the City of Atlanta, which was knocked offline earlier this year and spent a projected $2.6 million in recovery. "It was later discovered that the city's computers had long been vulnerable to leaked exploits developed by the National Security Agency -- later stolen and leaked online for anyone to use," reports TechCrunch.

Read more of this story at Slashdot.

Dell Says It Detected A Security Breach Earlier This Month, But Financial Data Was Not Exposed

Slashdot - Your Rights Online - Cz, 2018-11-29 02:03
An anonymous reader quotes writes: "Hardware giant Dell announced today a security breach that took place earlier this month, on November 9," reports ZDNet. "Dell says it detected an unauthorized intruder (or intruders) 'attempting to extract Dell.com customer information' from its systems, such as customer names, email addresses, and hashed passwords." These are accounts used for shopping on the official website and the official support forums. "Though it is possible some of this information was removed from Dell's network, our investigations found no conclusive evidence that any was extracted," the company said in a press release, also adding that hackers didn't target payment card or any other sensitive customer information. After it detected the breach, Dell initiated a password reset for all Dell.com customer accounts. The company also said it notified law enforcement and hired a digital forensics firm to perform an independent investigation.

Read more of this story at Slashdot.

Real Life Ads Are Taking Scary Inspiration From Social Media

Slashdot - Your Rights Online - Śr, 2018-11-28 18:50
Advertisements in the real world are becoming more technologically sophisticated, integrating facial recognition, location data, artificial intelligence, and other powerful tools that are more commonly associated with your mobile phone. Welcome to the new age of digital marketing. From a report: During this year's Fashion Week in New York, a digital billboard ad for New Balance used A.I. technology to detect and highlight pedestrians wearing "exceptional" outfits. A billboard advertisement for the Chevy Malibu recently targeted drivers on Interstate 88 in Chicago by identifying the brand of vehicle they were driving, then serving ads touting its own features in comparison. And Bidooh, a Manchester-based startup that admits it was inspired by Minority Report, is using facial recognition to serve ads through its billboards in the U.K. and other parts of Europe as well as South Korea. According to its website, Bidooh allows advertisers to target people based on criteria like age, gender, ethnicity, hair color, clothing color, height, body shape, perceived emotion, and the presence of glasses, sunglasses, beards, or mustaches. We've been on the path here since at least a decade ago when the New York Times reported that some digital billboards were equipped with small cameras that could analyze a pedestrian's facial features to serve targeted ads based on gender and approximate age. Things have progressed as you'd expect: In 2016, another Times report described how Clear Channel Outdoor Americas had partnered with companies including AT&T to track people via their mobile phones. The ads could determine the gender and average age of people passing different billboards and determine whether they visited a store after seeing an ad.

Read more of this story at Slashdot.

Music Industry Asks US Government To Reconsider Website Blocking

Slashdot - Your Rights Online - Śr, 2018-11-28 15:00
An anonymous reader quotes a report from TorrentFreak: At the start of this decade, U.S. lawmakers drafted several controversial bills to make it easier for copyright holders to enforce their rights online. These proposals, including SOPA and PIPA, were met with fierce resistance from the public as well as major technology companies. They feared that the plans, which included pirate site-blocking measures, went too far. In the many years that followed, the "site blocking" issue was avoided like the plague. The aversion was mostly limited to the U.S., as website blocking became more and more common abroad, where it's one of the entertainment industries' preferred anti-piracy tools. Emboldened by these foreign successes, it appears that rightsholders in the U.S. are now confident enough to bring the subject up again, albeit very gently. Most recently the site-blocking option was mentioned in a joint letter (PDF) from the RIAA and the National Music Publishers' Association (NMPA), which contained recommendations to the Intellectual Property Enforcement Coordinator (IPEC) Vishal Amin. The IPEC requested input from the public on the new version of its Joint Strategic Plan for Intellectual Property Enforcement. According to the music industry groups, website blocking should be reconsidered an anti-piracy tool. "There are several changes that should be made legislatively to help legal authorities and third parties better protect intellectual property rights," the music groups write. "These include fixing the DMCA, making it a felony to knowingly engage in unauthorized streaming of copyrighted works, and investigating the positive impact that website blocking of foreign sites has in other jurisdictions and whether U.S. law should be revised accordingly." "As website blocking has had a positive impact in other countries without significant unintended consequences, the U.S. should reconsider adding this to its anti-piracy tool box," the RIAA and NMPA write.

Read more of this story at Slashdot.

Customer Service Agents Might Be Able To See What You're Typing In Real Time

Slashdot - Your Rights Online - Śr, 2018-11-28 03:00
Gizmodo is warning that some customer service agents might be able to see what you're typing in real time. A reader sent them a transcript from a conversation they had with a mattress company after the agent responded to a message he hadn't sent yet. From the report: Something similar recently happened to HmmDaily's Tom Scocca. He got a detailed answer from an agent one second after he hit send. Googling led Scocca to a live chat service that offers a feature it calls "real-time typing view" to allow agents to have their "answers prepared before the customer submits his questions." Another live chat service, which lists McDonalds, Ikea, and Paypal as its customers, calls the same feature "message sneak peek," saying it will allow you to "see what the visitor is typing in before they send it over." Salesforce Live Agent also offers "sneak peak." This particular magic trick happens thanks to JavaScript operating in your browser and detecting what's happening on a particular site in real time. It's also how companies capture information you've entered into web forms before you've hit submit. Companies could lessen the creepiness by telling people their typing is seen in real time or could eliminate the send button altogether. So if you don't want to be monitored or send secret messages to agents, put your phone on mute while on hold and copy/paste messages from another document to your customer service chatbox. And in general, be nice to customer service agents. It's not their fault.

Read more of this story at Slashdot.

Urban Massage Data Breach Exposed Sensitive Comments On Its Creepy Clients

Slashdot - Your Rights Online - Śr, 2018-11-28 02:20
An anonymous reader shares a report from TechCrunch: Urban Massage, a popular massage startup that bills itself as providing "wellness that comes to you," has leaked its entire customer database. The London, U.K.-based startup -- now known as just Urban -- left its Google-hosted ElasticSearch database online without a password, allowing anyone to read hundreds of thousands of customer and staff records. Anyone who knew where to look could access, edit or delete the database. It's not known how long the database was exposed or if anyone else had accessed or obtained the database before it was pulled. It's believed that the database was exposed for at least a few weeks. Urban pulled the database offline after TechCrunch reached out. Among the records included thousands of complaints from workers about their clients. The records included specific complaints -- from account blocks for fraudulent behavior, abuse of the referral system and persistent cancelers. But, many records also included allegations of sexual misconduct by clients -- such as asking for "massage in genital area" and requesting "sexual services from therapist." Others were marked as "dangerous," while others were blocked due to "police enquiries." Each complaint included a customer's personally identifiable information -- including their name, address and postcode and phone number.

Read more of this story at Slashdot.

Google Workers Sign Letter Seeking End To China Search Project

Slashdot - Your Rights Online - Wt, 2018-11-27 16:40
A group of Google employees have put their name to a public letter calling on the company to abandon its plans for a Chinese search product that censors results. From a report: Project Dragonfly, as the initiative is known, would enable state surveillance at a time when the Chinese government is expanding controls over the population, according to the letter signed by at least 10 workers, predominately software engineers and researchers. The document also called on management to commit to transparency, be accountable and provide clear communication. Ever since plans for Dragonfly emerged in August, Google parent Alphabet has been riven by internal dissent at the prospect of a search engine bending to Beijing's censorship. It was that sort of government control that prompted co-founders Larry Page and Sergey Brin to effectively pull out of China in 2010 when it decided to stop removing controversial links from web queries. "We refuse to build technologies that aid the powerful in oppressing the vulnerable, wherever they may be," the Google workers wrote in the letter. "Dragonfly in China would establish a dangerous precedent, one that would make it harder for Google to deny other countries similar concessions."

Read more of this story at Slashdot.

Trump Suggests US Could Slap 10 Percent Tax On iPhones, Laptops From China

Slashdot - Your Rights Online - Wt, 2018-11-27 05:30
An anonymous reader quotes a report from CNBC: President Donald Trump suggested he could place a 10 percent tariff on iPhones and laptops imported from China, in an interview with the Wall Street Journal published Monday. He also said it's "highly unlikely" that he would delay an increase in tariffs from 10 percent to 25 percent on Jan. 1, just four days before a summit with Chinese President Xi Jinping. "Maybe. Maybe. Depends on what the rate is," the president said to The Wall Street Journal about the possible iPhone and laptop tariffs. "I mean, I can make it 10 percent, and people could stand that very easily."

Read more of this story at Slashdot.

IBM CEO Joins Apple In Blasting Data use By Silicon Valley Firms

Slashdot - Your Rights Online - Wt, 2018-11-27 03:50
IBM CEO Ginni Rometty joined a growing chorus of tech executives lambasting web platforms, like Google and Facebook, over their collection of user data and urged governments to target regulation at those companies. Bloomberg reports: Without naming company names, Rometty pointed to the "irresponsible handling of personal data by a few dominant consumer-facing platform companies" as the cause of a "trust crisis" between users and tech companies, according to an advanced copy of her remarks. Rometty's comments, given at a Brussels event with top EU officials Monday, echoed recent statements by Apple CEO Tim Cook, who in October slammed Silicon Valley rivals over their use of data, equating their services to "surveillance." IBM meanwhile has seen revenue decline since Rometty took the CEO role in 2012, largely due to falling sales in existing hardware, software and services offerings. She has since been trying to steer IBM toward more modern businesses, such as the cloud, artificial intelligence, and security software. Seeking to separate IBM -- which operates primarily at a business-to-business level -- from the troubled tech companies, Rometty said governments should target regulation at consumer-facing web platforms, like social media firms and search engines. In particular, Rometty pushed for more measures around the transparency of artificial intelligence as well as controversial rules around platform liability.

Read more of this story at Slashdot.

The FBI Created a Fake FedEx Website To Unmask a Cybercriminal

Slashdot - Your Rights Online - Wt, 2018-11-27 02:30
In an attempt to catch two cybercriminals, the FBI set up a fake FedEx website and created rigged Word documents, "both of which were designed to reveal the IP address of the fraudsters," reports Motherboard. From the report: The first case centers around Gorbel, a cranes and ergonomic lifting manufacturing company headquartered in Fishers, New York, according to court records. Here, the cybercriminals used a long, potentially confusing and official looking email address to pose as the company's CEO Brian Reh, and emailed the accounts team asking for payment for a new vendor. The fraudsters provided a W9 form of a particular company, and the finance department mailed a check for over $82,000. Gorbel noticed the fraudulent transaction, and brought in the FBI in July. Shortly after, Gorbel received other emails pretending to be Reh, asking for another transfer. This time, the finance department and FBI were ready. The FBI created a fake FedEx website and sent that to the target, in the hope it would capture the hacker's IP address, according to court records. The FBI even concocted a fake "Access Denied, This website does not allow proxy connections" page in order to entice the cybercriminal to connect from an identifiable address. That FedEx unmasking attempt was not successful, it seems -- the cybercriminal checked the link from six different IP addresses, some including proxies -- and the FBI moved on to use a network investigative technique, or NIT, instead. NIT is an umbrella term the FBI uses for a variety of hacking approaches. The FBI attempted to locate the cybercriminals with a Word document containing an image that would connect to the FBI server and reveal the target's IP address, according to court records. The image was a screenshot of a FedEx tracking portal for a sent payment, the court records add. Motherboard also details the second case that occurred in August 2017, where a business in the Western District of New York received an email claiming to be from Invermar, a Chilean seafood vendor and one of the company's suppliers, according to court records: This email, posing as a known employee of Invermar, asked the victim to send funds to a new bank account. Whereas the legitimate Invermar domain ends with a .cl suffix, the hackers used one ending in .us. The business the hackers targeted apparently didn't notice the different suffix, and over the course of September and October wire transferred around $1.2 million to the cybercriminals, with the victim eventually able to recover $300,000 (the court documents don't specify how exactly, although a charge back seems likely). To determine where this criminal was located, the FBI also decided to deploy a NIT. "The FBI will provide an email attachment to the victim which will be used to pose as a form to be filled out by the TARGET USER for future payment from the VICTIM," one court record reads. The NIT required the target to exit "protected mode," a setting in Microsoft Word that stops documents from connecting to the internet. The warrant application says the government does not believe it needs a warrant to send a target an embedded image, but out of an abundance of caution, added to the fact that the target will need to deliberately exit protected mode, the FBI applied for one anyway. Both NITs were designed to only obtain a target's IP address and User Agent String, according to the warrant applications. A User Agent String can reveal what operating system a target is using. Although signed by two different FBI Special Agents, both of the NIT warrant applications come out of the Cyber Squad, Buffalo Division, in Rochester, New York.

Read more of this story at Slashdot.

Lawmakers Introduce Bill To Stop Bots From Ruining Holiday Shopping

Slashdot - Your Rights Online - Wt, 2018-11-27 00:30
Democrats have proposed the "Stopping Grinch Bots Act" to make it illegal to use bots to shop online and also outlaw reselling items purchased by bots. "Lawmakers label them 'Grinch' bots because, during the holiday season, resellers use them to buy inventory of highly coveted toys that can be resold at highly inflated prices," reports CNET. "Often times, these bots are so quick that they can purchase entire stocks of items before people can even add them to their carts." From the report: Sens. Tom Udall, Richard Blumenthal and Chuck Schumer along with Rep. Paul Tonko made the announcement on Black Friday. While the proposed legislation is focused around the holiday season and toys, the Grinch Bots act would apply to all retailers online. Toys aren't the only items that resellers online send swarms of bots to. Security researchers noted that bots designed to buy rare sneakers are a persistent issue, as developers will create AI to buy shoes from companies like Nike and Adidas as quickly as possible. The proposed bill leaves it open for security researchers to use bots on retailer websites to find vulnerabilities. "Middle class folks save up -- a little here, a little there -- working to afford the hottest gifts of the season for their kids but ever-changing technology and its challenges are making that very difficult. It's time we help restore an even playing field by blocking the bots," said Schumer, a Democrat from New York, in a statement.

Read more of this story at Slashdot.

US Top Court Leans Toward Allowing Apple App Store Antitrust Suit

Slashdot - Your Rights Online - Pn, 2018-11-26 19:58
U.S. Supreme Court justices on Monday appeared open to letting a lawsuit proceed against Apple that accused it of breaking federal antitrust laws by monopolizing the market for iPhone software applications and causing consumers to overpay. From a report: The nine justices heard an hour of arguments in an appeal by the Cupertino, California-based technology company of a lower court's decision to revive the proposed class-action lawsuit filed in federal court in California in 2011 by a group of iPhone users seeking monetary damages. The lawsuit said Apple violated federal antitrust laws by requiring apps to be sold through the company's App Store and then taking a 30 percent commission from the purchases. The case may hinge on how the justices will apply one of its past decisions to the claims against Apple. That 1977 ruling limited damages for anti-competitive conduct to those directly overcharged rather than indirect victims who paid an overcharge passed on by others.

Read more of this story at Slashdot.

Richard Stallman Criticizes Bitcoin, Touts a GNU Project Alternative

Slashdot - Your Rights Online - Pn, 2018-11-26 10:34
Richard Stallman doesn't like bitcoin, and has never used it, reports CoinDesk: To Stallman, bitcoin isn't suitable as a digital payment system. His biggest complaint: bitcoin's poor privacy protections. He told CoinDesk, "What I'd really like is a way to make purchases anonymously from various kinds of stores, and unfortunately it wouldn't be feasible for me with bitcoin." Using a crypto exchange would allow that company and ultimately the government to identify him, he said.... Asked what he thought about so-called privacy coins, Stallman said he'd gotten an expert to assess their potential, and "for each one he would point out some serious problems, perhaps in its security or its scalability." And speaking broadly, Stallman continued: "If bitcoin protected privacy, I'd probably have found a way to use it by now." Fortunately, Stallman's GNU Project has a better answer: The GNU Project, which Stallman founded, is working on an alternative digital payments system called Taler, which is based on cryptography but is not -- forgive the hair-splitting -- a cryptocurrency. The Taler project's maintainer Christian Grothoff told CoinDesk that the system is, rather, designed for a "post-blockchain" world.... It's based on blind signatures, a cryptographic technique invented by David Chaum, whose DigiCash was among the first attempts at creating secure electronic money. Plus, Taler's attempt to create a digital money that resists surveillance by governments and payments companies aligns it with many cryptocurrency projects. Yet, Taler does not attempt to bypass centralized authority. Payments are processed by openly centralized "exchanges" rather than peer-to-peer networks of miners because, Grothoff said, such a system "would again enable dangerous, money laundering kind of practice." Indeed, in a break with the anti-government ethos that has tended to characterize bitcoin and some of its peers, Taler's design explicitly tries to block opportunities for tax evasion.... Privacy in the Taler system, then, is limited to users spending their digital cash. They are shielded from surveillance because, Grothoff said, "the exchange, when coins are being redeemed, cannot tell if it was customer A or customer B or customer C who received the coin, because they all look identical from the exchange. Nobody," he added, "exactly knows who has how many tokens." Merchants (or anyone) receiving payments, on the other hand, do so visibly and in the open, making it possible for governments to assess taxes on their income -- not to mention harder for the recipients to participate in money laundering.... Currently, Taler is in talks with European banks to allow withdrawal into the Taler wallet and also re-deposit from the Taler system back into the traditional banking system. "I wouldn't want perfect privacy," Stallman says in the interview, "because that would mean it would be impossible to investigate crimes at all. And that's one of the jobs we need the state to do."

Read more of this story at Slashdot.

Washington DC Made GitHub Its Official Digital Source For Laws

Slashdot - Your Rights Online - Pn, 2018-11-26 04:36
"Recently, I found a typo in the District of Columbia's legal code and corrected it using GitHub," writes D.C. based "civic hacker" Joshua Tauberer, adding "My feat highlights the groundbreaking way the District manages its legal code." The District does something with its legal code that no other jurisdiction in the world does (to my knowledge): it publishes the law on GitHub.... This isn't a copy of the DC law. It is an authoritative source. It is where the DC Council stores the digital versions of enacted laws, and this source feeds directly into the Council's DC Code website.... This is a milestone in the advancement of open government and open legal publishing. No one should expect that editing the law on GitHub is going to become the new normal, however. My edit wasn't substantive. This sort of "technical correction," as lawyers would call it, didn't need to be passed by the Council and signed by the Mayor. I also happen to have expertise in this particular law, GitHub, XML, and the Council's new publishing process created by the Open Law Library.... GitHub's pull-request feature isn't going to replace public hearings, expert testimony, negotiations between stakeholders, votes by elected representatives, etc. -- and it shouldn't. Yet Open Law Library's new legal publishing process is groundbreaking. The Open Law Library is changing how we change the law... Open Law Library's mission as a nonprofit is to make all laws as open and accessible as possible. The library's strategy is to achieve openness by making openness pay off for governments: it uses open, machine-readable laws to build software tools that make codification faster and more accurate. The cool thing about this is that governments can benefit from using Open Law Library's software even if open data isn't their highest priority, but in the background they'll still be publishing their laws in an open and accessible format -- everybody wins. Today, instead of authoring the DC Code in Word documents stored on a hard drive in a locked room in a basement, the Code is now stored in XML format in a place everyone can see -- on the Web." The article notes that 18 more states have now enacted "Uniform Electronic Legal Material Acts" -- and that several other jurisdictions are already publishing their legal codes with official bulk XML downloads. "The US federal government began publishing XML downloads for the Code of Federal Regulations in 2009 and the United States Code in 2013." But the District of Columbia "appears to be the first jurisdiction to combine the two by putting its legal code on GitHub and accepting a change from a member of the public."

Read more of this story at Slashdot.

UK Parliament Seizes Cache of Facebook Internal Papers

Slashdot - Your Rights Online - Pn, 2018-11-26 01:44
Long-time Slashdot reader infolation writes: The UK Parliament has used its legal powers to seize internal Facebook documents in an extraordinary attempt to hold the US social media giant to account after chief executive Mark Zuckerberg repeatedly refused to answer MPs' questions. The documents are alleged to contain revelations on data and privacy controls that led to Cambridge Analytica scandal. Damian Collins, the chair of the culture, media and sport select committee, invoked a rare parliamentary mechanism to compel the founder of a US software company, Six4Three, to hand over the documents during a business trip to London. Sunday Facebook's head of public policy told Parliament their actions were "entirely without merit," adding that they believed the move was "more about attacking our company than it is about a credible legal claim."

Read more of this story at Slashdot.

Alphabet's Cybersecurity Group Touts Its New Open Source Private VPN

Slashdot - Your Rights Online - N, 2018-11-25 19:34
An anonymous reader writes: Alphabet's cybersecurity division Jigsaw has designed a new open source private VPN aimed at journalists and the people sending them data. "Their work makes them more vulnerable to attack," said Santiago Andrigo, Jigsaw's product manager. "It can get really scary when they're outed and you're passing over information." Unscrupulous VPN providers can steal your identity, peek in on your data, inject their own ads on non-secure pages, or analyze your browsing habits and sell that information to advertisers, says one Jigsaw official. And you can't know for sure whether you can trust them, no matter what they say in the app store. "Journalists should be aware that their online activities might be subject to surveillance either by government agencies, their internet service providers or a hacker with malicious intent," said Laura Tich, technical evangelist for Code for Africa, a resource for African journalists. "As surveillance becomes ubiquitous in today's world, journalists face an increasing challenge in establishing secure communication in the digital space." The new private VPN, dubbed "Outline", is specifically designed to be resistant to censorship — because it's harder to detect as a VPN (and therefore is less likely to be blocked). Outline uses an encrypted socks5 proxy that looks like normal internet traffic. Once the user chooses a server location, Outline spins up a DigitalOcean server on Ubuntu, installs Docker, and imports an image of the actual server. It's been named Outline because in places where internet use may be restricted — it gives you a line out.

Read more of this story at Slashdot.