After London Attack, PM Calls For Internet Regulation To Fight Terrorists

Slashdot - Your Rights Online - N, 2017-06-04 15:59
CNN reports that "At least seven people were killed in a short but violent assault that unfolded late Saturday night in the heart of the capital, the third such attack to hit Britain this year." An anonymous reader quotes their follow-up report: Prime Minister Theresa May has called for closer regulation of the internet following a deadly terror attack in London... May said on Sunday that a new approach to tackling extremism is required, including changes that would deny terrorists and extremist sympathizers digital tools used to communicate and plan attacks. "We cannot allow this ideology the safe space it needs to breed," May said. "Yet that is precisely what the internet and the big companies that provide internet-based services provide. We need to work with allied democratic governments to reach international agreements that regulate cyberspace to prevent the spread of extremist and terrorism planning."

Read more of this story at Slashdot.

When Sentencing Criminals, Should Judges Use Closed-Source Algorithms?

Slashdot - Your Rights Online - N, 2017-06-04 13:54
Some judges in America have recently started using a closed-source algorithm that predicts how likely convicts are to commit another crime. Mosquito Bites shared an article by law professor Frank Pasquale raising concerns about the algorithms: They may seem scientific, an injection of computational rationality into a criminal justice system riddled with discrimination and inefficiency. However, they are troubling for several reasons: many are secretly computed; they deny due process and intelligible explanations to defendants; and they promote a crabbed and inhumane vision of the role of punishment in society... When an algorithmic scoring process is kept secret, it is impossible to challenge key aspects of it. How is the algorithm weighting different data points, and why? Each of these inquiries is crucial to two core legal principles: due process, and the ability to meaningfully appeal an adverse decision... A secret risk assessment algorithm that offers a damning score is analogous to evidence offered by an anonymous expert, whom one cannot cross-examine... Humans are in charge of governments, and can demand explanations for decisions in natural language, not computer code. Failing to do so in the criminal context risks ceding inherently governmental and legal functions to an unaccountable computational elite. This issue will grow more and more important, the law professor argues, since there's now proprietary analytics software that also predicts "the chances that any given person will be mentally ill, a bad employee, a failing student, a criminal, or a terrorist."

Read more of this story at Slashdot.

Bruce Perens Explains That 'GPL Is A Contract' Court Case

Slashdot - Your Rights Online - N, 2017-06-04 03:39
Bruce Perens co-founded the Open Source Initiative with Eric Raymond -- and he's also Slashdot reader #3,872. Bruce Perens writes: There's been a lot of confusion about the recent Artifex v. Hancomcase, in which the court found that the GPL was an enforceable contract. I'm going to try to explain the whole thing in clear terms for the legal layman. Two key quotes: "What has changed now is that for the purposes of the court, the GPL is both a license, which can be enforced through a claim of copyright infringement, and a contract, which can be enforced through a claim of breach of contract. You can allege both in your court claim in a single case, and fall back on one if you can't prove the other. Thus, the potential to enforce the GPL in court is somewhat stronger than before this finding, and you have a case to cite rather than spending time in court arguing whether the GPL is a contract or not...""Another interesting point in the case is that the court found Artifex's claim of damages to be admissible because of their use of dual-licensing. An economic structure for remuneration of the developer by users who did not wish to comply with the GPL terms, and thus acquired a commercial license, was clearly present."

Read more of this story at Slashdot.

Network Time Protocol Hardened To Protect Users From Spying, Increase Privacy

Slashdot - Your Rights Online - N, 2017-06-04 00:34
AmiMoJo quotes the Register: The Internet Engineering Task Force has taken another small step in protecting everybody's privacy... As the draft proposal explains, the RFCs that define NTP have what amounts to a convenience feature: packets going from client to server have the same set of fields as packets sent from servers to clients... "Populating these fields with accurate information is harmful to privacy of clients because it allows a passive observer to fingerprint clients and track them as they move across networks". The header fields in question are Stratum, Root Delay, Root Dispersion, Reference ID, Reference Timestamp, Origin Timestamp, and Receive Timestamp. The Origin Timestamp and Receive Timestamp offer a handy example or a "particularly severe information leak". Under NTP's spec (RFC 5905), clients copy the server's most recent timestamp into their next request to a server – and that's a boon to a snoop-level watcher. The proposal "proposes backward-compatible updates to the Network Time Protocol to strip unnecessary identifying information from client requests and to improve resilience against blind spoofing of unauthenticated server responses." Specifically, client developers should set those fields to zero.

Read more of this story at Slashdot.

Can Older IT Workers 'Navigate' Ageism?

Slashdot - Your Rights Online - So, 2017-06-03 16:34
Slashdot reader snydeq writes, "In an industry that favors youth over experience, the best defense against age discrimination may be avoiding becoming a victim in the first place, writes Bob Violino in a report on your rights and how to deal with ageism in IT." From the article: That includes being a lifelong learner and staying on top of developments in your field at every stage of your career, and seeking out training at your workplace and on your own. Make sure your employer knows you're willing to undertake training to retain and gain knowledge and skills. It's also important to show current or potential employers that you bring value to the organization through experience and flexibility. The article suggests bringing any concerns about ageism to your Human Resources department -- and documenting any age-related incidents. But it also quotes a labor attorney who argues "Many employers believe that older workers are reluctant to try new technologies," adding that age discrimination is more prevalent in specific industries including technology. Another labor attorney even suggests tech firms are hiring younger workers because they ask for lower salaries and less time off. He also points out that in the U.S. laid-off workers are actually entitled to a list showing the positions and ages of all other affected employees -- which in cases of age discrimination can provide grounds for a class action lawsuit.

Read more of this story at Slashdot.

CIA Malware Can Switch Clean Files With Malware When You Download Them Via SMB

Slashdot - Your Rights Online - So, 2017-06-03 15:00
An anonymous reader quotes a report from Bleeping Computer: "After taking last week off, WikiLeaks came back today and released documentation on another CIA cyber weapon. Codenamed Pandemic, this is a tool that targets computers with shared folders, from where users download files via SMB. The way Pandemic works is quite ingenious and original, and something not seen before in any other malware strain. According to a leaked CIA manual, Pandemic is installed on target machines as a "file system filter driver." This driver's function is to listen to SMB traffic and detect attempts from other users to download shared files from the infected computer. Pandemic will intercept this SMB request and answer on behalf of the infected computer. Instead of the legitimate file, Pandemic will deliver a malware-infected file instead. According to the CIA manual, Pandemic can replace up to 20 legitimate files at a time, with a maximum size of 800MB per file, and only takes 15 seconds to install. Support is included for replacing both 32-bit and 64-bit files. The tool was specifically developed to replace executable files, especially those hosted on enterprise networks via shared folders. The role of this cyber weapon is to infect corporate file sharing servers and deliver a malicious executable to other persons on the network, hence the tool's name of Pandemic.

Read more of this story at Slashdot.

FCC Seeks To Increase ISP Competition In Apartment Buildings

Slashdot - Your Rights Online - So, 2017-06-03 05:30
An anonymous reader quotes a report from Ars Technica: Exclusive deals between broadband providers and landlords have long been a problem for Internet users, despite rules that are supposed to prevent or at least limit such arrangements. The Federal Communications Commission is starting to ask questions about whether it can do more to stop deals that impede broadband competition inside apartment and condominium buildings. FCC Chairman Ajit Pai yesterday released a draft Notice of Inquiry (NOI) that seeks public comment "on ways to facilitate greater consumer choice and to enhance broadband deployment in multiple tenant environments (MTEs)." The commission is scheduled to vote on the NOI at its June 22 meeting, and it would then take public comments before deciding whether to issue new rules or take any other action. The NOI discusses preempting local rules "that may expressly prohibit or have the effect of prohibiting the provision of telecommunications services" in multi-unit buildings. But one San Francisco regulation that could be preempted was designed to boost competition by expanding access to wires inside buildings. It's too early to tell whether the FCC really wants to preempt any state or city rules or what authority the FCC would use to do so. The NOI could also lead to an expansion of FCC rules, as it seeks comment on whether the commission should impose new restrictions on exclusive marketing and bulk billing arrangements between companies and building owners. The NOI further seeks comment on how "revenue sharing agreements and exclusive wiring arrangements between MTE owners and broadband providers may affect broadband competition" and "other contractual provisions and non-contractual practices that may impact the ability of broadband providers to compete in MTEs." The NOI also asks whether the commission should encourage cities and states to adopt model codes that promote competition in multi-unit buildings, and the document asks what practices those model codes should prohibit or mandate.

Read more of this story at Slashdot.

'Our Streets Are Made For People': San Francisco Mulls Ban On Delivery Robots

Slashdot - Your Rights Online - So, 2017-06-03 04:05
Norman Yee, an American elected official in San Francisco, has recently proposed legislation that would prohibit autonomous delivery robots -- which includes those with a remote human operator -- on public streets in the city. In a statement provided to Recode, Yee said, "our streets and our sidewalks are made for people, not robots." He also worries that many delivery jobs would disappear. The proposed legislation is causing a headache for one high-tech startup in particular. The tech company is called Marble, which uses bots fitted with camera and ultrasonic sensors to deliver small packages and food within a one or two mile radius. The delivery robots themselves travel at a walking pace and use cameras and sensors to avoid pedestrians and navigate pavements. The Guardian reports: San Francisco police commander Robert O'Sullivan is in favor of the legislation, fearing the robots could harm children, the elderly, and those with limited mobility. "If hit by a car, they also have the potential of becoming a deadly projectile," he told a local TV station. Marble CEO Matt Delaney says these fears are unfounded. "We care that our robots are good citizens of the sidewalk," he says. "We've taken a lot of care from the ground up to consider their need to sense and intuit how people are going to react."

Read more of this story at Slashdot.

Chinese 'Fireball' Malware Infects Nearly 250 Million Computers Worldwide

Slashdot - Your Rights Online - So, 2017-06-03 02:05
Check Point researchers have discovered a massive malware campaign, dubbed Fireball, that has already infected more than 250 million computers across the world, including Windows and Mac OS. The Fireball malware "is an adware package that takes complete control of victim's web browsers and turns them into zombies, potentially allowing attackers to spy on victim's web traffic and potentially steal their data," reports The Hacker News. From the report: Check Point researchers, who discovered this massive malware campaign, linked the operation to Rafotech, a Chinese company which claims to offer digital marketing and game apps to 300 million customers. While the company is currently using Fireball for generating revenue by injecting advertisements onto the browsers, the malware can be quickly turned into a massive destroyer to cause a significant cyber security incident worldwide. Fireball comes bundled with other free software programs that you download off of the Internet. Once installed, the malware installs browser plugins to manipulate the victim's web browser configurations to replace their default search engines and home pages with fake search engines ( "It's important to remember that when a user installs freeware, additional malware isn't necessarily dropped at the same time," researchers said. "Furthermore, it is likely that Rafotech is using additional distribution methods, such as spreading freeware under fake names, spam, or even buying installs from threat actors."

Read more of this story at Slashdot.

Google Could Face a $9 Billion EU Fine For Rigging Search Results In Its Favor

Slashdot - Your Rights Online - So, 2017-06-03 00:40
schwit1 quotes a report from The Independent: EU antitrust regulators aim to slap a hefty fine on Alphabet unit Google over its shopping service before the summer break in August, two people familiar with the matter said, setting the stage for two other cases involving the U.S. company. The European Commission's decision will come after a seven-year investigation into the world's most popular internet search engine was triggered by scores of complaints from both U.S. and European rivals. Fines for companies found guilty of breaching EU antitrust rules can reach 10 percent of their global turnover, which in Google's case could be about $9 billion of its 2016 turnover. Apart from the fine, the Commission will tell Google to stop its alleged anti-competitive practices but it is not clear what measures it will order the company to adopt to ensure that rivals get equal treatment in internet shopping results. The company has also been charged with using its Android mobile operating system to squeeze out rivals and with blocking competitors in online search advertising related to its "AdSense for Search" platform. The platform allows Google to act as an intermediary for websites such as online retailers, telecoms operators or newspapers. The Commission has warned of massive fines in both cases.

Read more of this story at Slashdot.

Hollywood Sees Illegal Streaming Devices as 'Piracy 3.0'

Slashdot - Your Rights Online - Pt, 2017-06-02 22:40
After hunting down torrent sites for more than a decade, Hollywood now has a more complex piracy threat to deal with. From a report: Piracy remains a major threat for the movie industry, MPA Stan McCoy said yesterday during a panel session at the St. Petersburg International Economic Forum. Much like Hollywood, copyright infringers are innovators who constantly change their "business models" and means of obtaining content. Where torrents were dominant a few years ago, illegal streaming devices are now the main threat, with McCoy describing their rise as Piracy 3.0. "Piracy is not a static challenge. The pirates are great innovators in their own right. So even as we innovate in trying to pursue these issues, and pursue novel ways of fighting piracy, the pirates are out there coming up with new business models of their own," McCoy said. "If you think of old-fashioned peer-to-peer piracy as 1.0, and then online illegal streaming websites as 2.0, in the audio-visual sector, in particular, we now face challenge number 3.0, which is what I'll call the challenge of illegal streaming devices."

Read more of this story at Slashdot.

After Bomb Threats, FCC Proposes Letting Police Unveil Anonymous Callers

Slashdot - Your Rights Online - Pt, 2017-06-02 19:25
Police should be allowed to unmask anonymous callers who have made serious threats over the phone, the Federal Communications Commission has proposed. From a report: The proposal would allow law enforcement, and potentially the person who's been called, to learn the phone number of an anonymous caller if they receive a "serious and imminent" threat that poses "substantial risk to property, life, safety, or health." Specifics are still up in the air. The FCC is asking (PDF), for instance, whether unveiled caller ID information should only be provided to law enforcement officials investigating a threat, to ensure that this exemption isn't abused.

Read more of this story at Slashdot.

Hearing Tuesday: EFF Asks California Supreme Court To Allow the Public Access to License Plate Reader Data Collected By Los Angeles Police

Electronic Frontier Foundation - Pt, 2017-06-02 18:46

Los Angeles—On Tuesday, June 6, at 9:30 am, the Electronic Frontier Foundation (EFF) and the ACLU Foundation of Southern California will argue that license plate data, collected by police indiscriminately on millions of drivers each day, are not investigative records that police can shield from public scrutiny.

Automated License Plate Readers (ALPRs) are high-speed cameras mounted on light poles and police cars that continuously scan the plates of every passing car. They collect not only the license plate number but also the time, date, and location of each plate scanned, along with a photograph of the vehicle and sometimes its occupants. Police departments store this data for years. Location data like this, especially when stored over time, can reveal sensitive information about the history of a person’s movements, associations, and habits.

EFF submitted public records requests to Los Angeles law enforcement agencies asking for a week’s worth of data collected by the hundreds of ALPR cameras around the city and county of Los Angeles. When the agencies refused, EFF teamed up with ACLU to sue for access to the records. A lower court ruled all license plate data could be withheld from disclosure as “records of law enforcement investigations.”

EFF co-counsel Peter Bibring, director of police practices at the ACLU SoCal, will argue that ALPR data are not investigative records because they are collected indiscriminately on all drivers within view of the cameras—the vast majority of whom are innocent citizens going about their daily lives. The data should be released so the public can understand and scrutinize how this intrusive technology is used.

What: Hearing in ACLU of SoCal and EFF v. Superior Court of Los Angeles

When: Tuesday, June 6, 9:30 am

Where: California Supreme Court
             Ronald Reagan State Office Building
             300 South Spring Street, Third Floor, North Tower
             Los Angeles, California

For more information on this case:

For more information on ALPRs:

Contact: Jennifer Lynch

Trump Misunderstood MIT Climate Research, University Officials Say

Slashdot - Your Rights Online - Pt, 2017-06-02 18:40
MIT officials said U.S. President Donald Trump badly misunderstood their research when he cited it on Thursday to justify withdrawing the United States from the Paris Climate Agreement. From a report: Trump announced during a speech at the White House Rose Garden that he had decided to pull out of the landmark climate deal, in part because it would not reduce global temperatures fast enough to have a significant impact. "Even if the Paris Agreement were implemented in full, with total compliance from all nations, it is estimated it would only produce a two-tenths of one degree Celsius reduction in global temperature by the year 2100," Trump said. "Tiny, tiny amount." That claim was attributed to research conducted by MIT, according to White House documents seen by Reuters. The Cambridge, Massaschusetts-based research university published a study in April 2016 titled "How much of a difference will the Paris Agreement make?" showing that if countries abided by their pledges in the deal, global warming would slow by between 0.6 degree and 1.1 degrees Celsius by 2100. "We certainly do not support the withdrawal of the U.S. from the Paris agreement," said Erwan Monier, a lead researcher at the MIT Joint Program on the Science and Policy of Global Change, and one of the study's authors. "If we don't do anything, we might shoot over 5 degrees or more and that would be catastrophic," said John Reilly, the co-director of the program, adding that MIT's scientists had had no contact with the White House and were not offered a chance to explain their work.

Read more of this story at Slashdot.