aggregator

Disney Fires Back Against Scarlett Johansson's Black Widow Lawsuit

Slashdot - Your Rights Online - Wt, 2021-08-24 04:02
Disney has filed a motion to have Scarlett Johansson's lawsuit against the company moved to private arbitration, the latest in the ongoing saga of her complaint against the company over Black Widow's streaming release. The Verge reports: Disney's lawyers filed the motion Friday in Los Angeles Superior Court on the grounds that Periwinkle Entertainment, which negotiated her deal, agreed that any claims related to her role in the Marvel film would be handled in confidential arbitration. But the motion also took several swipes at Johansson's complaint that argued Marvel, compelled by its parent company Disney, breached an agreement when Black Widow debuted on Disney Plus through Premier Access the same day that it premiered in theaters. The Hollywood Reporter earlier reported the motion. Johansson's complaint argued that the film's hybrid release cut into her potential earnings, as a simultaneous streaming release hampered the film's box office permanence and therefore impacted her bonuses. At issue is whether the film should have debuted as a theatrical exclusive. But according to Disney's motion, Periwinkle's contract with Marvel "does not mandate theatrical distribution -- let alone require that any such distribution be exclusive." Furthermore, the motion states, the contract stated that any theatrical obligations would be met with showings on "no less than 1,500 screens." The motion stated the film in fact debuted on more than 9,600 scenes in the US and 30,000-plus screens worldwide. Additionally, Disney's lawyers also took issue with Johansson's claim that she'd lost earnings under the hybrid release model -- though it's still unclear what specifically was promised. Furthermore, the motion states, the contract stated that any theatrical obligations would be met with showings on "no less than 1,500 screens." The motion stated the film in fact debuted on more than 9,600 scenes in the US and 30,000-plus screens worldwide. Additionally, Disney's lawyers also took issue with Johansson's claim that she'd lost earnings under the hybrid release model -- though it's still unclear what specifically was promised. Disney also provided updated figures on Black Window's performance, showing that it's continued to bring in big figures at both the box office and through early access rentals. As of August 15th, Black Widow has raked in more than $367 million in box office receipts worldwide and more than $125 million in streaming and download receipts, the motion stated, offering seldom-shared figures about the success of a hybrid release in both theaters as well as on a streaming service itself. Accounting for the $55 million the film pulled in on Premier Access and the $80 million in domestic box office receipts during its opening weekend, Black Widow's numbers surpassed the opening weekend figures of other Marvel films released pre-pandemic, the company argued, including Ant-Man and the Wasp and Guardians of the Galaxy. Disney's lawyers revealed in the motion that it served Periwinkle a demand for private arbitration on August 10th, a little over a week after Johansson's initial complaint was filed. The motion stated Periwinkle had yet to respond. Disney also reiterated its previous position that the complaint had "no merit." In a statement cited by The Hollywood Reporter, Johansson's attorney John Berlinski said that Disney "knows that Marvel's promises to give Black Widow a typical theatrical release "like its other films' had everything to do with guaranteeing that Disney wouldn't cannibalize box office receipts in order to boost Disney+ subscriptions. Yet that is exactly what happened -- and we look forward to presenting the overwhelming evidence that proves it."

Read more of this story at Slashdot.

Apple Has Been CSAM Scanning Your iCloud Mail Since 2019

Slashdot - Your Rights Online - Wt, 2021-08-24 02:45
According to 9to5Mac, Apple has confirmed that it's already been scanning iCloud Mail for Child Sexual Abuse Material (CSAM), and has been doing so since 2019. It has not, however, been scanning iCloud Photos or iCloud backups, which sent the internet into a frenzy when it announced its intents to begin doing so. From the report: The clarification followed me querying a rather odd statement by the company's anti-fraud chief [Eric Friedman]: that Apple was "the greatest platform for distributing child porn." That immediately raised the question: If the company wasn't scanning iCloud photos, how could it know this? [...] Apple confirmed to me that it has been scanning outgoing and incoming iCloud Mail for CSAM attachments since 2019. Email is not encrypted, so scanning attachments as mail passes through Apple servers would be a trivial task. Apple also indicated that it was doing some limited scanning of other data, but would not tell me what that was, except to suggest that it was on a tiny scale. It did tell me that the "other data" does not include iCloud backups. Although Friedman's statement sounds definitive -- like it's based on hard data -- it's now looking likely that it wasn't. It's our understanding that the total number of reports Apple makes to CSAM each year is measured in the hundreds, meaning that email scanning would not provide any kind of evidence of a large-scale problem on Apple servers. The explanation probably lays in the fact that other cloud services were scanning photos for CSAM, and Apple wasn't. If other services were disabling accounts for uploading CSAM, and iCloud Photos wasn't (because the company wasn't scanning there), then the logical inference would be that more CSAM exists on Apple's platform than anywhere else. Friedman was probably doing nothing more than reaching that conclusion.

Read more of this story at Slashdot.

38 Million Records Were Exposed Online -- Including Contact-Tracing Info

Slashdot - Your Rights Online - Pn, 2021-08-23 22:04
More than a thousand web apps mistakenly exposed 38 million records on the open internet, including data from a number of Covid-19 contact tracing platforms, vaccination sign-ups, job application portals, and employee databases. The data included a range of sensitive information, from people's phone numbers and home addresses to social security numbers and Covid-19 vaccination status. From a report: The incident affected major companies and organizations, including American Airlines, Ford, the transportation and logistics company J.B. Hunt, the Maryland Department of Health, the New York City Municipal Transportation Authority, and New York City public schools. And while the data exposures have since been addressed, they show how one bad configuration setting in a popular platform can have far-reaching consequences. The exposed data was all stored in Microsoft's Power Apps portal service, a development platform that makes it easy to create web or mobile apps for external use. If you need to spin up a vaccine appointment sign-up site quickly during, say, a pandemic, Power Apps portals can generate both the public-facing site and the data management backend. Beginning in May, researchers from the security firm Upguard began investigating a large number of Power Apps portals that publicly exposed data that should have been private -- including in some Power Apps that Microsoft made for its own purposes. None of the data is known to have been compromised, but the finding is significant still, as it reveals an oversight in the design of Power Apps portals that has since been fixed. In addition to managing internal databases and offering a foundation to develop apps, the Power Apps platform also provides ready-made application programming interfaces to interact with that data. But the Upguard researchers realized that when enabling these APIs, the platform defaulted to making the corresponding data publicly accessible. Enabling privacy settings was a manual process. As a result, many customers misconfigured their apps by leaving the insecure default.

Read more of this story at Slashdot.

The Fierce Legal Battle at the Heart of the Fight Over Reclining Airline Seats

Slashdot - Your Rights Online - Pn, 2021-08-23 18:40
An excerpt from Slate's interview with law professor Michael Heller, who has co-written a book called 'Mine!: How the Hidden Rules of Ownership Control Our Lives': Heller: Just to give you a concrete example, there's a guy named James Beach who was flying from Boston to Denver, and he had actually a little plastic clamp called a Knee Defender, which you can buy online. It's really very effective. You stick it on the seat in front of you, on the little tray table, and it keeps the seat in front of you from leaning back. On this particular flight, the woman in front of him tried to lean back. She couldn't; she realized what was wrong. She asked him to take them off. He didn't comply. She turned around and threw her water at him. The pilot did an emergency landing right away. They were taken off the flight. The plane went on to Denver an hour and 38 minutes late. But those little Knee Defenders turn out to reveal a tremendous amount about the ownership conflicts that are all through our lives. The woman in front is saying, "That space behind my seat, it's mine, because the little button reclines the seat." And the guy behind, like the kids in the playground, he's saying, "No, it was mine. I had it first, for my laptop," or "I possessed it first with my knees." So that wedge of space is an ownership battle, it turns out, between attachment and possession and first-in-time. When I talk to audiences about that conflict, I always poll them, and it's amazing to me that invariably half say the person in front is in the right, and half say the person in back is in the right. What's most amazing is how each side is just amazed that anybody else could have a different view. It feels and looks and seems so obvious, what's mine, the same way it is to toddlers on a playground. But that little conflict on the airplane seat is not just an accident, it turns out. It's deliberately engineered by the airlines so they can sell that same space twice. Most of us are just polite; we try to work it out, and that's true in all of the ownership conflicts we go through throughout our day, throughout our lives, in the Starbucks line, to line up at Disney World. Anywhere that we're trying to make something mine, our experience is being engineered and designed by some owner to shape our behavior. And on the airplane seat, the design is to get us to fight with each other instead of being mad at the airlines, to not realize that they're selling that same space twice. And what they're using is one of the most advanced tools of ownership design that Jim and I have uncovered in doing this work, which is what we call strategic ambiguity. Ownership is ambiguous a lot more often than people realize. And that ambiguity is really valuable, in this case to the airlines.

Read more of this story at Slashdot.

Court Rules Govt Officials' Internet Browsing Histories Are Not Public Records

Slashdot - Your Rights Online - Pn, 2021-08-23 03:39
Law professor and legal commentator Jonathan H. Adler shares an update about a nonprofit group advocating for accountable government: The Cause of Action Institute sought to obtain the internet browsing histories of several government officials, including the Secretary of Agriculture and Director of the Office of Management and Budget, under the Freedom of Information Act (FOIA). A district court rejected their claim, concluding that browsing histories are not agency records under FOIA. Yesterday a panel of the U.S. Court of Appeals for the D.C. Circuit agreed. In Cause of Action Institute v. OMB, Judge Rao (joined by Judges Srinivasan and Sentelle) agreed with the district court that federal agencies do not exercise the requisite degree of control over internet browsing histories for the histories to constitute agency records subject to FOIA disclosure. As Judge Rao explained, the "agencies' retention and access policies for browsing histories, along with the fact they did not use any of the officials' browsing histories for any reason, lead to the conclusion that these documents are not agency records."

Read more of this story at Slashdot.

Smartphone Company Alleged To Be a Scam Defrauding 300 Investors of $10 Million

Slashdot - Your Rights Online - N, 2021-08-22 20:34
In a 2015 video, PCMag's lead mobile analyst Sascha Segan showed off "One of the coolest phones at this year's CES." He's now written an article titled "How I Got Suckered by an (Alleged) $10M Phone Scam. The biggest mobile-phone mystery of the 2010s is finally coming to an ignominious end, as yesterday the U.S. attorney for Utah charged Chad Sayers, founder of entirely notional mobile phone firm Saygus, with conducting a $10 million fraud scheme. Saygus "had" a series of "phones" from 2009-2016 that existed as prototypes that the company took on trade shows and to press tours. There was never any real evidence of production runs. The U.S. Attorney now claims Sayers and associated took $10 million in investor money and lived on it without ever really planning to release a product. (I learned this via David Ruddock....) The phone kept just...not happening. Sayers' genius was that he produced just enough prototypes to show off and kept them in a constant state of pre-sale... "DEFENDANT failed to disclose that device certification with Verizon expired in 2013 and was never renewed," the Department of Justice notes. A new version of the phone then popped up again in 2015, this one supposedly covered in Kevlar with 320GB of storage. Sayers flogged that prototype until early 2016, at which point he said it was coming "next month." The Department of Justice says: "Between April 7, 2015 and January 10, 2017, DEFENDANT made at least 26 public statements on Twitter that its phone would be shipping 'this month,' 'this week,' or was otherwise launching, when in fact, it has never launched...." Sayers kept going on press tours and buying expensive trade-show booths with prototypes of phones that would never hit the market, drumming up enough gullible mainstream press coverage (myself included) to presumably attract a continual stream of investors with his claim of being the next big thing.

Read more of this story at Slashdot.

AI-Powered Tech Put a 65-Year-Old in Jail For Almost a Year Despite 'Insufficient Evidence'

Slashdot - Your Rights Online - N, 2021-08-22 16:34
"ShotSpotter" is an AI-powered tool that claims it can detect the sound of gunshots. To install it can cost up to $95,000 per square mile — every year — reports the Associated Press. There's just one problem. "The algorithm that analyzes sounds to distinguish gunshots from other noises has never been peer reviewed by outside academics or experts." "The concern about ShotSpotter being used as direct evidence is that there are simply no studies out there to establish the validity or the reliability of the technology. Nothing," said Tania Brief, a staff attorney at The Innocence Project, a nonprofit that seeks to reverse wrongful convictions. A 2011 study commissioned by the company found that dumpsters, trucks, motorcycles, helicopters, fireworks, construction, trash pickup and church bells have all triggered false positive alerts, mistaking these sounds for gunshots. ShotSpotter CEO Ralph Clark said the company is constantly improving its audio classifications, but the system still logs a small percentage of false positives. In the past, these false alerts — and lack of alerts — have prompted cities from Charlotte, North Carolina, to San Antonio, Texas, to end their ShotSpotter contracts, the AP found. And the potential for problems isn't just hypothetical. Just ask 65-year-old Michael Williams: Williams was jailed last August, accused of killing a young man from the neighborhood who asked him for a ride during a night of unrest over police brutality in May... "I kept trying to figure out, how can they get away with using the technology like that against me?" said Williams, speaking publicly for the first time about his ordeal. "That's not fair." Williams sat behind bars for nearly a year before a judge dismissed the case against him last month at the request of prosecutors, who said they had insufficient evidence. Williams' experience highlights the real-world impacts of society's growing reliance on algorithms to help make consequential decisions about many aspects of public life... ShotSpotter evidence has increasingly been admitted in court cases around the country, now totaling some 200. ShotSpotter's website says it's "a leader in precision policing technology solutions" that helps stop gun violence by using "sensors, algorithms and artificial intelligence" to classify 14 million sounds in its proprietary database as gunshots or something else. But an Associated Press investigation, based on a review of thousands of internal documents, emails, presentations and confidential contracts, along with interviews with dozens of public defenders in communities where ShotSpotter has been deployed, has identified a number of serious flaws in using ShotSpotter as evidentiary support for prosecutors. AP's investigation found the system can miss live gunfire right under its microphones, or misclassify the sounds of fireworks or cars backfiring as gunshots. Forensic reports prepared by ShotSpotter's employees have been used in court to improperly claim that a defendant shot at police, or provide questionable counts of the number of shots allegedly fired by defendants. Judges in a number of cases have thrown out the evidence... The company's methods for identifying gunshots aren't always guided solely by the technology. ShotSpotter employees can, and often do, change the source of sounds picked up by its sensors after listening to audio recordings, introducing the possibility of human bias into the gunshot detection algorithm. Employees can and do modify the location or number of shots fired at the request of police, according to court records. And in the past, city dispatchers or police themselves could also make some of these changes. Three more eye-popping details from the AP's 4,000-word exposé "One study published in April in the peer-reviewed Journal of Urban Health examined ShotSpotter in 68 large, metropolitan counties from 1999 to 2016, the largest review to date. It found that the technology didn't reduce gun violence or increase community safety..." "Forensic tools such as DNA and ballistics evidence used by prosecutors have had their methodologies examined in painstaking detail for decades, but ShotSpotter claims its software is proprietary, and won't release its algorithm..." "In 2018, it acquired a predictive policing company called HunchLab, which integrates its AI models with ShotSpotter's gunshot detection data to purportedly predict crime before it happens."

Read more of this story at Slashdot.

$97 Million Stolen From Japanese Crypto Exchange

Slashdot - Your Rights Online - N, 2021-08-22 13:39
"Hackers have drained Japanese cryptocurrency exchange Liquid of $97 million worth of Ethereum and other digital coins," reports Forbes: The company, in a tweet posted late Thursday, announced the compromise and said it is moving assets that were not affected into more secure "cold wallet" storage. The company has also suspended deposits and withdrawals... Liquid did not put a dollar figure on the amount, but blockchain analytics company Elliptic said its analysis estimates the losses at about $97 million... Of that, $45 million were in Ethereum tokens, which are being converted into Ether, preventing the hacker from having those assets frozen. Other cryptos taken in the heist include Bitcoin, XRP, and stablecoins.

Read more of this story at Slashdot.

Court Rules California's 'Gig Worker' Initiative is Unconstitutional

Slashdot - Your Rights Online - So, 2021-08-21 16:34
Slashdot reader phalse phace tipped us off to a breaking story. Reuters reports: A California judge on Friday ruled that a 2020 ballot measure that exempted ride-share and food delivery drivers from a state labor law is unconstitutional as it infringed on the legislature's power to set standards at the workplace...which makes the entire ballot measure "unenforceable", Alameda County Superior Court Judge Frank Roesch wrote in the ruling. Gig economy companies including Uber, Lyft, Doordash and Instacart were pushing to keep drivers' independent contractor status, albeit with additional benefits.

Read more of this story at Slashdot.

Google Says Geofence Warrants Make Up One-Quarter Of All US Demands

Slashdot - Your Rights Online - So, 2021-08-21 04:02
For the first time, Google has published the number of geofence warrants it's historically received from U.S. authorities, providing a rare glimpse into how frequently these controversial warrants are issued. ZDNet's Zack Whittaker reports: The figures, published Thursday, reveal that Google has received thousands of geofence warrants each quarter since 2018, and at times accounted for about one-quarter of all U.S. warrants that Google receives. The data shows that the vast majority of geofence warrants are obtained by local and state authorities, with federal law enforcement accounting for just 4% of all geofence warrants served on the technology giant. According to the data, Google received 982 geofence warrants in 2018, 8,396 in 2019 and 11,554 in 2020. But the figures only provide a small glimpse into the volume of warrants received and did not break down how often it pushes back on overly broad requests. Geofence warrants are also known as "reverse-location" warrants, since they seek to identify people of interest who were in the near vicinity at the time a crime was committed. Police do this by asking a court to order Google, which stores vast amounts of location data to drive its advertising business, to turn over details of who was in a geographic area, such as a radius of a few hundred feet at a certain point in time, to help identify potential suspects. Google has long shied away from providing these figures, in part because geofence warrants are largely thought to be unique to Google. Law enforcement has long known that Google stores vast troves of location data on its users in a database called Sensorvault, first revealed by The New York Times in 2019. Google spokesperson Alex Krasov said in a statement: "We vigorously protect the privacy of our users while supporting the important work of law enforcement. We developed a process specifically for these requests that is designed to honor our legal obligations while narrowing the scope of data disclosed."

Read more of this story at Slashdot.

Apple's Anti-Fraud Chief Said Company Was 'The Greatest Platform For Distributing Child Porn'

Slashdot - Your Rights Online - So, 2021-08-21 03:25
An explanation for Apple's controversial decision to begin scanning iPhones for CSAM has been found in a 2020 statement by Apple's anti-fraud chief. Eric Friedman stated, in so many words, that "we are the greatest platform for distributing child porn." The revelation does, however, raise the question: How could Apple have known this if it wasn't scanning iCloud accounts...? 9to5Mac reports: The iMessage thread was spotted by the Verge as it works its way through the internal emails, messages, and other materials handed over by Apple as part of the discovery process in the Epic Games lawsuit. Ironically, Friedman actually suggests that Facebook does a better job of detecting it than Apple did: "The spotlight at Facebook etc. is all on trust and safety (fake accounts, etc). In privacy, they suck. Our priorities are the inverse. Which is why we are the greatest platform for distributing child porn, etc." A fellow exec queries this, asking whether it can really be true: "Really? I mean, is there a lot of this in our ecosystem? I thought there were even more opportunities for bad actors on other file sharing systems." Friedman responds with the single word, "Yes." The document is unsurprisingly labeled "Highly confidential -- attorneys' eyes only." The stunning revelation may well be explained by the fact that iCloud photo storage is on by default, even if it's just the paltry 5GB the company gives everyone as standard. This means the service may be the most-used cloud service for photos -- in contrast to competing ones where users have to opt in. Apple has said that it has been looking at the CSAM problem for some time, and was trying to figure out a privacy-protecting way to detect it. It may well be this specific conversation that led the company to prioritize these efforts.

Read more of this story at Slashdot.

Hacker Selling Private Data Allegedly From 70 Million AT&T Customers

Slashdot - Your Rights Online - So, 2021-08-21 00:42
An anonymous reader quotes a report from Restore Privacy: A well-known threat actor with a long list of previous breaches is selling private data that was allegedly collected from 70 million AT&T customers. We analyzed the data and found it to include social security numbers, date of birth, and other private information. The hacker is asking $1 million for the entire database (direct sell) and has provided RestorePrivacy with exclusive information for this report. The threat actor goes by the name of ShinyHunters and was also behind other previous exploits that affected Microsoft, Tokopedia, Pixlr, Mashable, Minted, and more. The hacker posted the leak on an underground hacking forum earlier today, along with a sample of the data that we analyzed. AT&T has initially denied the breach in a statement to RestorePrivacy. The hacker has responded by saying, "they will keep denying until I leak everything." "Based on our investigation yesterday, the information that appeared in an internet chat room does not appear to have come from our systems," AT&T said in a statement. When pressed harder and asked specifically if there was no AT&T breach, the company said: "Based on our investigation, no, we don't believe this was a breach of AT&T systems." "Given this information did not come from us, we can't speculate on where it came from or whether it is valid," they added. The hacker says they're willing to reach "an agreement" with AT&T to remove the data from sale. The possible breach of AT&T follows a T-Mobile hack from earlier this week, which impacts 40 million records of former and prospective customers.

Read more of this story at Slashdot.

China Passes Data Protection Law

Slashdot - Your Rights Online - Pt, 2021-08-20 16:00
China has passed a personal data protection law, state media Xinhua reports. TechCrunch: The law, called the Personal Information Protection Law (PIPL), is set to take effect on November 1. It was proposed last year -- signalling an intent by China's communist leaders to crack down on unscrupulous data collection in the commercial sphere by putting legal restrictions on user data collection. The new law requires app makers to offer users options over how their information is or isn't used, such as the ability not to be targeted for marketing purposes or to have marketing based on personal characteristics, according to Xinhua. It also places requirements on data processors to obtain consent from individuals in order to be able to process sensitive types of data such as biometrics, medical and health data, financial information and location data. While apps that illegally process user data risk having their service suspended or terminated. Any Western companies doing business in China which involves processing citizens' personal data must grapple with the law's extraterritorial jurisdiction -- meaning foreign companies will face regulatory requirements such as the need to assign local representatives and report to supervisory agencies in China.

Read more of this story at Slashdot.

Justice Department Says Facial Recognition Helped End an Almost 15-year Manhunt

Slashdot - Your Rights Online - Cz, 2021-08-19 20:04
A fugitive who Justice Department officials say had scammed more than 20 people out of hundreds of thousands of dollars was sentenced to four years in prison on Friday, after being on the run for almost 15 years. From a report: Austrian authorities were able to identify Randy Levine, 54, of Boca Raton, Florida, due to a facial recognition system according to the DOJ, after he tried to use an alias to open a bank account, leading to his arrest in June 2020. Levine fled the US in 2005, after authorities seized his passport as part of an investigation into an alleged scam he had been running, the DOJ said in a release. According to Levine's plea agreement, which he signed in May, he would offer to set up gambling accounts for people if they sent him money. To help sell the idea that he really could help people make bets, Levine reportedly played a recording of casino sounds while he was on calls with victims (which he made using a Las Vegas phone number). Levine came under investigation by the FBI, but was able to get a replacement for the passport that law enforcement officials seized, by claiming the passport had simply been lost. He eventually ended up in Poland, where he was arrested in 2008. There was, however, a legal battle over whether he could be extradited to the US, which continued until late 2011. By the time Polish courts had decided that he could be extradited, Levine had already slipped away.

Read more of this story at Slashdot.

Senators Challenge TikTok's 'Alarming' Plan To Collect Users' Voice and Face Biometrics

Slashdot - Your Rights Online - Cz, 2021-08-19 18:43
TikTok's plans to collect biometric identifiers from its users has prompted concern among U.S. lawmakers, who are demanding the company reveal exactly what information it collects and what it plans to do with that data. From a report: In a letter sent earlier this month addressed to TikTok CEO Shou Zi Chew, Sens. Amy Klobuchar (D-MN) and John Thune, (R-SD) say they are "alarmed" by the recent change to TikTok's privacy policy, which allows the company to "automatically collect biometric data, including certain physical and behavioral characteristics from video content posted by its users." TechCrunch first reported details of the new privacy policy back in June, when TikTok said it will seek "required permissions" to collect "faceprints and voiceprints" where required by law, but failed to elaborate on whether it's considering federal law, states laws, or both (only a handful of U.S. states have biometric privacy laws, including Illinois, Washington, California, Texas and New York). Klobuchar and Thune's letter asks TikTok to explicitly explain what constitutes a "faceprint" and "voiceprint," as well as to explain how this data will be used and how long it will be retained. The senators also quizzed TikTok on whether any data is gathered for users under the age of 18; whether it makes any inferences about its users based on the biometric data it collects; and to provide a list of all third parties that have access to the data.

Read more of this story at Slashdot.

Policy Groups Ask Apple To Drop Plans To Inspect iMessages, Scan for Abuse Images

Slashdot - Your Rights Online - Cz, 2021-08-19 18:03
More than 90 policy and rights groups around the world published an open letter on Thursday urging Apple to abandon plans for scanning children's messages for nudity and the phones of adults for images of child sex abuse. From a report: "Though these capabilities are intended to protect children and to reduce the spread of child sexual abuse material, we are concerned that they will be used to censor protected speech, threaten the privacy and security of people around the world, and have disastrous consequences for many children," the groups wrote in the letter, which was first reported by Reuters. The largest campaign to date over an encryption issue at a single company was organized by the U.S.-based nonprofit Center for Democracy & Technology (CDT). Some overseas signatories in particular are worried about the impact of the changes in nations with different legal systems, including some already hosting heated fights over encryption and privacy.

Read more of this story at Slashdot.

'Apple's Device Surveillance Plan Is a Threat To User Privacy -- And Press Freedom'

Slashdot - Your Rights Online - Cz, 2021-08-19 12:00
The Freedom of the Press Foundation is calling Apple's plan to scan photos on user devices to detect known child sexual abuse material (CSAM) a "dangerous precedent" that "could be misused when Apple and its partners come under outside pressure from governments or other powerful actors." They join the EFF, whistleblower Edward Snowden, and many other privacy and human rights advocates in condemning the move. Advocacy Director Parker Higgins writes: Very broadly speaking, the privacy invasions come from situations where "false positives" are generated -- that is to say, an image or a device or a user is flagged even though there are no sexual abuse images present. These kinds of false positives could happen if the matching database has been tampered with or expanded to include images that do not depict child abuse, or if an adversary could trick Apple's algorithm into erroneously matching an existing image. (Apple, for its part, has said that an accidental false positive -- where an innocent image is flagged as child abuse material for no reason -- is extremely unlikely, which is probably true.) The false positive problem most directly touches on press freedom issues when considering that first category, with adversaries that can change the contents of the database that Apple devices are checking files against. An organization that could add leaked copies of its internal records, for example, could find devices that held that data -- including, potentially, whistleblowers and journalists who worked on a given story. This could also reveal the extent of a leak if it is not yet known. Governments that could include images critical of its policies or officials could find dissidents that are exchanging those files. [...] Journalists, in particular, have increasingly relied on the strong privacy protections that Apple has provided even when other large tech companies have not. Apple famously refused to redesign its software to open the phone of an alleged terrorist -- not because they wanted to shield the content on a criminal's phone, but because they worried about the precedent it would set for other people who rely on Apple's technology for protection. How is this situation any different? No backdoor for law enforcement will be safe enough to keep bad actors from continuing to push it open just a little bit further. The privacy risks from this system are too extreme to tolerate. Apple may have had noble intentions with this announced system, but good intentions are not enough to save a plan that is rotten at its core.

Read more of this story at Slashdot.

Three Former Netflix Software Engineers Charged With Insider Trading By SEC

Slashdot - Your Rights Online - Cz, 2021-08-19 00:32
An anonymous reader quotes a report from Deadline: Three former Netflix software engineers are among those who have been charged by the U.S. Securities and Exchange Commission for alleged insider trading. In a complaint (PDF) filed in federal court in Seattle, the regulatory agency says the engineers and two associates generated more than $3 million in profits from a "long-running scheme." The cornerstone of the setup, according to the complaint, was confidential information they obtained about Netflix subscriber growth. Subscriber numbers at Netflix or, more recently, Disney and other companies, have been central to Wall Street's embrace or rejection of stocks in recent years. The SEC's complaint, Sung Mo "Jay" Jun was at the center of a long-running scheme to illegally trade on non-public information concerning the growth in Netflix's subscriber base. The complaint alleges that Sung Mo Jun, while employed at Netflix in 2016 and 2017, repeatedly tipped this information to his brother, Joon Mo Jun, and his close friend, Junwoo Chon, who both used it to trade in advance of multiple Netflix earnings announcements. After Sung Mo Jun left Netflix in 2017, the complaint says, he obtained confidential Netflix subscriber growth information from another Netflix insider, Ayden Lee. Sung Mo Jun allegedly traded himself and tipped Joon Jun and Chon in advance of Netflix earnings announcements from 2017 to 2019. The SEC alleges that Sung Mo Jun's former Netflix colleague Jae Hyeon Bae, another Netflix engineer, tipped Joon Jun based on Netflix's subscriber growth information in advance of Netflix's July 2019 earnings announcement. The SEC said its market abuse unit uncovered the trading ring by using data analysis tools to identify the traders' suspicious run of success. "We allege that a Netflix employee and his close associates engaged in a long-running, multimillion dollar scheme to profit from valuable, misappropriated company information," Erin E. Schneider, director of the SEC's San Francisco office, said in a press release. "The charges announced today hold each of the participants accountable for their roles in the scheme." The defendants allegedly tried to evade detection by using encrypted messaging applications and paying cash kickbacks," added Joseph Sansone, Chief of the SEC's market abuse unit. Sung Mo Jun, Joon Jun, Chon, and Lee have consented to the entry of judgments, the SEC said. If approved by the court, the judgments would permanently enjoin each from violating the charged provisions, with civil penalties to be decided later by the court. Sung Mo Jun also agreed to an officer and director bar. Bae consented to the entry of a final judgment, also subject to court approval, and imposing a civil penalty of $72,875.

Read more of this story at Slashdot.

Apple Censors Engraving Service, Report Claims

Slashdot - Your Rights Online - Śr, 2021-08-18 23:50
Apple censors references to Chinese politicians, dissidents and other topics in its engraving service, a report alleges. The BBC reports: Citizen Lab said it had investigated filters set up for customers who wanted something engraved on a new iPhone, iPad or other Apple device. And Apple had a broad list of censored words, not just in mainland China but also in Hong Kong and Taiwan. Apple said its systems "ensure local laws and customs are respected." "As with everything at Apple, the process for engraving is led by our values," chief privacy officer Jane Horvath wrote in a letter (PDF) provided to CitizenLab in advance of the publication of its report. And the engraving service tried not to allow trademarked phrases, alongside those that "are vulgar or culturally insensitive, could be construed as inciting violence, or would be considered illegal according to local laws, rules, and regulations." [CitizenLab's] new report found more than 1,100 filtered keywords, across six different regions, mainly relating to offensive content, such as racist or sexual words. But it alleges the rules are applied inconsistently and are much wider for China. "Within mainland China, we found that Apple censors political content, including broad references to Chinese leadership and China's political system, names of dissidents and independent news organizations, and general terms relating to religions, democracy, and human rights," it says. The report also alleges that censorship "bleeds" into both the Hong Kong and Taiwan markets. It found: 1,045 keywords blocked in mainland China; 542 in Hong Kong; and 397 in Taiwan. In contrast, Japan, Canada and the US had between 170 and 260 filtered words.

Read more of this story at Slashdot.

Apple's NeuralHash Algorithm Has Been Reverse-Engineered

Slashdot - Your Rights Online - Śr, 2021-08-18 20:00
An anonymous reader writes: Apple's NeuralHash algorithm (PDF) -- the one it's using for client-side scanning on the iPhone -- has been reverse-engineered. Turns out it was already in iOS 14.3, and someone noticed: Early tests show that it can tolerate image resizing and compression, but not cropping or rotations. We also have the first collision: two images that hash to the same value. The next step is to generate innocuous images that NeuralHash classifies as prohibited content. This was a bad idea from the start, and Apple never seemed to consider the adversarial context of the system as a whole, and not just the cryptography.

Read more of this story at Slashdot.