aggregator

NSA Improperly Collected US Phone Call Data After Saying Problem Was Fixed

Slashdot - Your Rights Online - So, 2019-06-29 00:40
An anonymous reader quotes a report from USA Today: The National Security Agency improperly collected phone call records of Americans last fall, months after a previous breach that compelled the agency to destroy millions of records from the contentious program, documents released Wednesday revealed. The redacted documents, obtained by the ACLU in a Freedom of Information Act lawsuit, do not indicate how many records NSA improperly collected in the October breach, nor which telecommunications provider submitted the improper data. "These documents provide further evidence that the NSA has consistently been unable to operate the call detail record program within the bounds of the law," the ACLU said in a letter to Congress this week lobbying for an end to the program. The letter says elements within the Office of the Director of National Intelligence concluded the October violations had a "significant impact" on privacy and civil rights, but that the Americans affected were not told of the breach.

Read more of this story at Slashdot.

Technology is Eroding the Ability To Move Around the Physical World Anonymously

Slashdot - Your Rights Online - Pt, 2019-06-28 23:21
Hal Hodson, a correspondent for Economist writes in a Twitter thread: Something really massive is happening, and I feel like society is barely grasping the tendrils of the implications. Technology is eroding one of the great levees of human society -- the ability to move around the physical world anonymously. This is happening because computers are getting better at spotting patterns in data, and the cost of capturing data that contain patterns about human beings is plummeting. Most adult humans have a device in their pocket capable of recognizing the patterns in another human's face. Face recognition is just the most obvious side of this new reality. It's easy to grasp that a computer can remember what your face looks like, because humans can do that too (not that well though). But computers don't care what data is used to tag you, only that the data is unique. You can measure someone's: heartbeat with a laser; breathing with the RF-waves in wifi; walking gait with a camera; geographical movements through their phone; and voice and emotional state through a microphone. These datasets all hold patterns which uniquely ID a person. Pretty much anyone can "scan" anyone at this point. The hard bit is matching the patterns in that data with a person's legal identity, figuring out to whom a pattern belongs. This means that control of and access to identity systems is more important than it has ever been before. The issue is that currently the world does not expect to be identified anywhere at any time, by anyone. Society runs on the assumption that people are unknowable in some spaces. I don't know what happens as that disappears, but I am worried. It's easy to imagine bad actors gathering all the data they can on everyone they can get their hands on. Doesn't matter if it isn't linked with an ID right now. Store it, and when someone becomes a threat, do the work to ID them in stored data, find something to get them with. Legal systems need to recreate and/or reinforce some of the levees that cheap compute and sensing are washing away. Maybe folks want to live in a world where anyone can set a drone or autonomous agent to track a person around town and report their movements. I don't think so. Addedum: the direction of travel is crystal clear here. Cheaper sensors, closer to the body and mind, coupled with ever-cheaperbetter computation. You can't rely on nature for "privacy" any more. You have to do it for ourselves, if you want.

Read more of this story at Slashdot.

A Second US City Has Banned Facial Recognition

Slashdot - Your Rights Online - Pt, 2019-06-28 15:00
An anonymous reader quotes a report from Motherboard: Somerville, Massachusetts just became the second U.S. city to ban the use of facial recognition in public space. The "Face Surveillance Full Ban Ordinance," which passed through Somerville's City Council on Thursday night, forbids any "department, agency, bureau, and/or subordinate division of the City of Somerville" from using facial recognition software in public spaces. The ordinance passed Somerville's Legislative Matters Committee on earlier this week. The ordinance defines facial surveillance as "an automated or semi-automated process that assists in identifying an individual, capturing information about an individual, based on the physical characteristics of an individual's face," which is operationally equivalent to facial recognition. San Francisco banned the use of facial recognition by police and city government agencies a month ago.

Read more of this story at Slashdot.

Trump White House Reportedly Debating Encryption Policy Behind Closed Doors

Slashdot - Your Rights Online - Pt, 2019-06-28 04:02
According to a report in Politico, the Trump administration held a National Security Council meeting on Wednesday that weighed the challenges and benefits of encryption. "One of Politico's sources said that the meeting was split into two camps: Decide, create and publicize the administration's position on encryption or go so far as to ask Congress for legislation to ban end-to-end encryption," reports Gizmodo. From the report: That would be a huge escalation in the encryption fight and, moreover, would probably be unsuccessful due to a lack of willpower in Congress. No decision was made by the Trump administration officials, Politico reported. The White House did not respond to a request for comment. The fact that these discussions are ongoing both within the White House and with Silicon Valley shows that the issue is still very much alive within the corridors of power.

Read more of this story at Slashdot.

The Pentagon Has a Laser That Can Identify People From a Distance By Their Heartbeat

Slashdot - Your Rights Online - Pt, 2019-06-28 02:03
An anonymous reader quotes a report from MIT Technology Review: A new device, developed for the Pentagon after U.S. Special Forces requested it, can identify people without seeing their face: instead it detects their unique cardiac signature with an infrared laser. While it works at 200 meters (219 yards), longer distances could be possible with a better laser. "I don't want to say you could do it from space," says Steward Remaly, of the Pentagon's Combatting Terrorism Technical Support Office, "but longer ranges should be possible." Contact infrared sensors are often used to automatically record a patient's pulse. They work by detecting the changes in reflection of infrared light caused by blood flow. By contrast, the new device, called Jetson, uses a technique known as laser vibrometry to detect the surface movement caused by the heartbeat. This works though typical clothing like a shirt and a jacket (though not thicker clothing such as a winter coat).

Read more of this story at Slashdot.

Google's New ReCAPTCHA Has a Dark Side

Slashdot - Your Rights Online - Pt, 2019-06-28 00:40
An anonymous reader quotes a report from Fast Company: We've all tried to log into a website or submit a form only to be stuck clicking boxes of traffic lights or storefronts or bridges in a desperate attempt to finally convince the computer that we're not actually a bot. For many years, this has been one of the predominant ways that reCaptcha -- the Google-run internet bot detector -- has determined whether a user is a bot or not. But last fall, Google launched a new version of the tool, with the goal of eliminating that annoying user experience entirely. Now, when you enter a form on a website that's using reCaptcha V3, you won't see the "I'm not a robot" checkbox, nor will you have to prove you know what a cat looks like. Instead, you won't see anything at all. Google is also now testing an enterprise version of reCaptcha v3, where Google creates a customized reCaptcha for enterprises that are looking for more granular data about users' risk levels to protect their site algorithms from malicious users and bots. But this new, risk-score based system comes with a serious trade-off: users' privacy. According to two security researchers who've studied reCaptcha, one of the ways that Google determines whether you're a malicious user or not is whether you already have a Google cookie installed on your browser. It's the same cookie that allows you to open new tabs in your browser and not have to re-log in to your Google account every time. But according to Mohamed Akrout, a computer science PhD student at the University of Toronto who has studied reCaptcha, it appears that Google is also using its cookies to determine whether someone is a human in reCaptcha v3 tests. Akrout wrote in an April paper about how reCaptcha v3 simulations that ran on a browser with a connected Google account received lower risk scores than browsers without a connected Google account. "Because reCaptcha v3 is likely to be on every page of a website, if you're signed into your Google account there's a chance Google is getting data about every single webpage you go to that is embedded with reCaptcha v3 -- and there many be no visual indication on the site that it's happening, beyond a small reCaptcha logo hidden in the corner," the report adds.

Read more of this story at Slashdot.

Intel Launches Blockbuster Auction For Its Mobile Portfolio

Slashdot - Your Rights Online - Pt, 2019-06-28 00:00
In what looks set to become one of the highest profile patent sales in years, Intel has put its IP relating to cellular wireless connectivity on the auction block. The company is seeking to divest around 8,500 assets from its massive portfolio. From a report: The news comes as the chip giant searches for a buyer for its 5G smartphone modem business having announced in April that it was pulling out of the market. That was after as it had become increasingly clear that the company, which has been the supplier of 4G modem chips to Apple for the last few years, was struggling to release a 5G product even though the rollout of the next generation of mobile technology is well underway. The auction offering is comprised of two parts: the cellular portfolio and a connected device portfolio. The former includes approximately 6,000 patent assets related to 3G, 4G and 5G cellular standards and an additional 1,700 assets that read on wireless implementation technologies. The latter is made up of 500 patents with broad applicability across the semiconductor and electronics industries. Although that represents a large portion of Intel's cellular IP it is understood that it will retain significant wireless assets.

Read more of this story at Slashdot.

When You Listen, They Watch: Pre-Saving Albums Can Allow Labels To Track Users on Spotify

Slashdot - Your Rights Online - Cz, 2019-06-27 23:20
Pre-saving albums on Spotify can give music labels access to personal user data like emails addresses and playlists, according to a Billboard report. From a report: To pre-save music, which adds a release to a user's library as soon as it comes out, Spotify users click through and approve permissions that give the label far more account access than the streaming giant normally grants them -- enough to track what they listen to, change what artists they follow and potentially even control their music streaming remotely. This lets labels access some of the data that streaming companies usually guard for themselves -- which they want in order to compete with the streaming giants on a more even playing field. But at a time when the policies of online giants like Google and Facebook has made online privacy a contentious issue, music's pre-saving process could begin to spark concern among consumers, and perhaps even regulators. Labels also ask for far more permissions than they need. Spotify users who, for example, tried to pre-save the Little Mix single "Bounce Back" from links shared by the act or its label, Sony Music, were prompted to agree that Spotify could allow Sony to "view your Spotify account data," "view your activity on Spotify" and "take actions in Spotify on your behalf." The exact permissions Sony requests are only visible to those who click through to the corresponding submenus, so users may not fully understand all that they're agreeing to -- or that the changes apply to their account unless they change it on Spotify's website.

Read more of this story at Slashdot.

India Reportedly Wants To Build Its Own WhatsApp For Government Communications

Slashdot - Your Rights Online - Cz, 2019-06-27 16:41
India may have plans to follow France's footsteps in building a chat app and requiring government employees to use it for official communications. From a report: The New Delhi government is said to be pondering about the need to have homegrown email and chat apps, local news outlet Economic Times reported on Thursday. The rationale behind the move is to cut reliance on foreign entities, the report said, a concern that has somehow manifested amid U.S.'s ongoing tussle with Huawei and China. "We need to make our communication insular," an unnamed top government official was quoted as saying by the paper. The person suggested that by putting Chinese giant Huawei on the entity list, the U.S. has "set alarm bells ringing in New Delhi." India has its own ongoing trade tension with the U.S. Donald Trump earlier this month removed the South Asian nation from a special trade program after India did not assure him that it "unfortunate," and weeks later, increased tariffs on some U.S. exports.

Read more of this story at Slashdot.

EU Should Ban AI-Powered Citizen Scoring and Mass Surveillance, Say Experts

Slashdot - Your Rights Online - Cz, 2019-06-27 16:02
A group of policy experts assembled by the EU has recommended that it ban the use of AI for mass surveillance and mass "scoring of individuals"; a practice that potentially involves collecting varied data about citizens -- everything from criminal records to their behavior on social media -- and then using it to assess their moral or ethical integrity. From a report: The recommendations are part of the EU's ongoing efforts to establish itself as a leader in so-called "ethical AI." Earlier this year, it released its first guidelines on the topic, stating that AI in the EU should be deployed in a trustworthy and "human-centric" manner. The new report offers more specific recommendations. These include identifying areas of AI research that require funding; encouraging the EU to incorporate AI training into schools and universities; and suggesting new methods to monitor the impact of AI. However, the paper is only a set of recommendations at this point, and not a blueprint for legislation. Notably, the suggestions that the EU should ban AI-enabled mass scoring and limit mass surveillance are some of the report's relatively few concrete recommendations.

Read more of this story at Slashdot.

Second Florida City Pays Giant Ransom To Ransomware Gang In a Week

Slashdot - Your Rights Online - Cz, 2019-06-27 00:40
Less than a week after a first Florida city agreed to pay a whopping $600,000 to get their data back from hackers, now, a second city's administration has taken the same path. On Monday, in an emergency meeting of the city council, the administration of Lake City, a small Florida city with a population of 65,000, voted to pay a ransom demand of 42 bitcoins, worth nearly $500,000. ZDNet reports: The decision to pay the ransom demand was made after the city suffered a catastrophic malware infection earlier this month, on June 10, which the city described as a "triple threat." Despite the city's IT staff disconnecting impacted systems within ten minutes of detecting the attack, a ransomware strain infected almost all its computer systems, with the exception of the police and fire departments, which ran on a separate network. A ransom demand was made a week after the infection, with hackers reaching out to the city's insurance provider -- the League of Cities, which negotiated a ransom payment of 42 bitcoins last week. City officials agreed to pay the ransom demand on Monday, and the insurer made the payment yesterday, on Tuesday, June 25, local media reported. The payment is estimated to have been worth between $480,000 to $500,000, depending on Bitcoin's price at the time of the payment. The city's IT staff is now working to recover their data after receiving a decryption key.

Read more of this story at Slashdot.

Google Warns of Microsoft SwiftKey Losing Access To Gmail on July 15

Slashdot - Your Rights Online - Śr, 2019-06-26 22:42
Speaking of Google, the company is sending out warnings to Microsoft SwiftKey users that the keyboard will no longer be able to access the data in Google Accounts, including Gmail content, starting on July 15th. From a report: In an email, Google is telling SwiftKey users who have integrated the keyboard replacement with Gmail that the integration will no longer work on July 15th, 2019, unless SwiftKey complies with Google's updated data policies. When users install SwiftKey, they can personalize the keyboard by integrating it into email accounts such as Gmail. When integrating in other services, though, the app requests various permissions in how they can access the content in this service.

Read more of this story at Slashdot.

Firefox Will Give You a Fake Browsing History To Fool Advertisers

Slashdot - Your Rights Online - Śr, 2019-06-26 22:02
Security through obscurity is out, security through tomfoolery is in. From a report: That's the basic philosophy sold by Track THIS, "a new kind of incognito" browsing project, which opens up 100 tabs crafted to fit a specific character -- a hypebeast, a filthy rich person, a doomsday prepper, or an influencer. The idea is that your browsing history will be depersonalized and poisoned, so advertisers won't know how to target ads to you. It was developed as a collaboration between mschf (pronounced "mischief") internet studios and Mozilla's Firefox as a way of promoting Firefox Quantum, the newest Firefox browser. [...] Just a warning -- if you use Track THIS it may take several minutes for all 100 tabs to load. (I used Chrome as my browser.) But when as it gradually loads, it's like taking a first-person journey through someone else's consciousness.

Read more of this story at Slashdot.

Google Now Allows Users To Auto-Delete Their Location History

Slashdot - Your Rights Online - Śr, 2019-06-26 20:00
Google today began rolling out location history deletion tools to Android and iOS, giving users a relatively simple way to limit the scope of Google's location tracking. Users can only choose between deleting data after three or 18 months. In a blog post, Google wrote: Choose a time limit for how long you want your activity data to be saved -- 3 or 18 months -- and any data older than that will be automatically deleted from your account on an ongoing basis. These controls are coming first to Location History and Web & App Activity and will roll out in the coming weeks.

Read more of this story at Slashdot.

After Republican Protest, Oregon's Climate Plan Dies

Slashdot - Your Rights Online - Śr, 2019-06-26 15:00
Oregon's climate change bill that would cap carbon emissions and make polluters pay for their greenhouse gas production is dead, Senate President Peter Courtney, a Democrat, announced on the state Senate floor Tuesday morning. "As a walkout by Republican senators over the cap-and-trade bill entered its sixth day -- and in an apparent attempt to bring them back -- Courtney gave assurances that the bill would die in the Senate chamber," reports NPR. From the report: Republican Sen. Cliff Bentz said Tuesday morning he had only just heard of Courtney's announcement and that he had questions about its meaning. "The question becomes, 'What are they trying to do?' " said Bentz, who is believed to be staying in Idaho while the boycott plays out. "Are they trying to make some sort of arrangement? If they are suggesting they don't have the votes, what's the procedure they're going to use to kill the bill?" Sen. Tim Knopp, a Republican from Bend, Ore., echoed that confusion. "We need clarification. What does that mean?" Knopp said. "Does it mean it's dead until the 2020 session? Is the governor going to take it up in a special session?" Meanwhile, senators who backed the bill appeared livid and declined to speak to reporters on the floor. All 11 Republican senators fled the state last week to avoid voting on the bill. Gov. Kate Brown ordered the Oregon State Police to find the Senate Republicans and bring them back to the Capital in Salem for a vote, but none of the Republicans had been found. The New York Times explains what this fight is really about, what's actually in the bill, and how Oregon's bill compares to other state climate policies. Here's an excerpt from the report: Senate Republicans say the legislation would have a devastating effect on farmers, dairies and the state's struggling logging industry, among others. More than that, Republicans say, the bill represents an existential threat to rural life, and they want the residents of Oregon to decide on the proposal, not the Democrats who control the state's capital. The highly debated bill would make Oregon one of several states to impose an emissions-trading program, a market-based approach to lowering greenhouse gas emissions. The bill would place limits on the amount of carbon dioxide that businesses could lawfully emit. By 2050, for instance, the bill would mandate an 80 percent reduction in emissions from 1990 levels. Some businesses would be required to buy credits for every ton of greenhouse gas they produce. Those credits would then be purchased at special auctions and traded among businesses. Over time, the state would make fewer credits available, ultimately forcing companies to pollute less. The plan, commonly known as cap-and-trade, is modeled after a California law. It is far more extensive than most. Oregon would become just the second state, after California, to require that businesses in every sector of the economy pay for the planet-warming greenhouse gases that they emit.

Read more of this story at Slashdot.

US Tech Companies Sidestep a Trump Ban, To Keep Selling To Huawei

Slashdot - Your Rights Online - Śr, 2019-06-26 05:30
An anonymous reader quotes a report from The New York Times: A number of the United States' biggest chip makers have sold millions of dollars of products to Huawei despite a Trump administration ban (alternative source) on the sale of American technology to the Chinese telecommunications giant, according to four people with knowledge of the sales. Since the Commerce Department enacted the ban in May, American companies including Intel and Micron have found ways to sell technology to Huawei, said the people, who spoke on the condition they not be named because they were not authorized to disclose the sales. The components began to flow to Huawei about three weeks ago, the people said. Goods produced by American companies overseas are not always considered American-made, and the suppliers are taking advantage of this. The sales will help Huawei continue to sell products such as smartphones and servers.

Read more of this story at Slashdot.

San Francisco Becomes First US City To Ban Sale of E-Cigarettes

Slashdot - Your Rights Online - Śr, 2019-06-26 00:40
San Francisco voted to ban e-cigarettes in the first legislation of its kind in the United States. The Guardian reports: Supervisors approved a measure banning the sale and distribution of e-cigarettes in an effort to curb the rise of youth vaping. The measure will now go for final approval to San Francisco Mayor London Breed, who said she will sign the legislation, and stores in the city will be required to remove e-cigarettes from their shelves. After decades of decline in youth cigarette smoking, the rise of vaping has led to a major boost in nicotine use for people under the age of 21.

Read more of this story at Slashdot.

Ex-Chair of FCC Broadband Committee Gets Five Years In Prison For Fraud

Slashdot - Your Rights Online - Śr, 2019-06-26 00:03
An anonymous reader quotes a report from Ars Technica: The former head of FCC Chairman Ajit Pai's Broadband Deployment Advisory Committee (BDAC) was sentenced to five years in prison for defrauding investors. Elizabeth Ann Pierce was CEO of Quintillion, an Alaskan telecom company, when she lied to two investment firms in New York in order to raise $270 million to build a fiber network. She also defrauded two individual investors out of $365,000 and used a large chunk of that money for personal expenses. Pierce, 55, pleaded guilty and last week was given the five-year prison sentence in U.S. District Court for the Southern District of New York, U.S. Attorney Geoffrey Berman announced. Pierce was also "ordered to forfeit $896,698.00 and all of her interests in Quintillion and a property in Texas." She will also be subject to a restitution order to compensate her victims "at a later date." Pierce landed the top sot on Pai's broadband advisory committee in April 2017. "But she left Quintillion in July 2017 as her scheme unraveled, and she resigned from the FCC advisory panel," reports Ars. "Pai appointed a new chair for his committee two months later; he thanked Pierce for her service, saying she did 'an excellent job' chairing the committee and 'wish[ed] her all the best in her future endeavors.'" According to Berman's announcement, Pierce forged contracts in order to raise $270 million from investors.

Read more of this story at Slashdot.

FedEx Sues US Government Over 'Impossible' Task of Policing Exports To China

Slashdot - Your Rights Online - Wt, 2019-06-25 15:00
An anonymous reader quotes a report from Reuters: U.S. parcel delivery firm FedEx Corp on Monday sued the U.S. government, saying it should not be held liable if it inadvertently shipped products that violated a Trump administration ban on exports to some Chinese companies. In court filings in the District of Columbia, FedEx said it should not be expected to enforce the export ban, and could not reasonably be held liable for shipping products that it did not know about. Export restriction rules "essentially deputize FedEx to police the contents of the millions of packages it ships daily even though doing so is a virtually impossible task, logistically, economically, and in many cases, legally," it said in a filing.

Read more of this story at Slashdot.

US Senators Want Social Media Firms To Tell Users How Much Their Data Is Worth

Slashdot - Your Rights Online - Wt, 2019-06-25 05:30
An anonymous reader shares a report from CNBC: A bipartisan team of senators introduced a bill Monday to require social media companies to disclose more information about the data they collect and monetize from their consumers. The Dashboard Act, which stands for Designing Accounting Safeguards to Help Broaden Oversight And Regulations on Data, aims to help consumers understand the price of using social media services that are free on face value. The bill seeks to require "commercial data operators" with more than 100 million monthly active users to disclose the type of data they collect from users and give them "an assessment of the value of that data," according to a press release announcing the bill. It also would require the companies to file an annual report disclosing third-party contracts involving data collection and give users the right to delete some or all of their collected data.

Read more of this story at Slashdot.