aggregator

Russian Hackers Are Linked To Sweeping Bid To Steal Vaccine Data

Slashdot - Your Rights Online - Pt, 2020-07-17 22:04
Russian state intelligence is hacking international research centers that are racing to develop a Covid-19 vaccine, the U.K., U.S. and Canadian governments said. From a report: It is unclear whether research facilities have been damaged or if the vaccine programs have been set back as a result of the hacks but officials warned that the cyber attacks are ongoing. In a dramatic statement on Thursday, Britain's National Cyber Security Centre (NCSC) said vaccine and therapeutic sectors in multiple countries have been targeted by a group known as APT29, which it said is "almost certainly" part of Russian state intelligence. Security agencies in the U.S. and Canada later issued their own statements backing up the findings. "It is completely unacceptable that the Russian intelligence services are targeting those working to combat the coronavirus pandemic," British Foreign Secretary Dominic Raab said. "While others pursue their selfish interests with reckless behavior, the U.K. and its allies are getting on with the hard work of finding a vaccine and protecting global health."

Read more of this story at Slashdot.

Iranian Spies Accidentally Leaked Videos of Themselves Hacking

Slashdot - Your Rights Online - Pt, 2020-07-17 15:00
An anonymous reader quotes a report from Wired: Researchers at IBM's X-Force security team revealed today that they've obtained roughly five hours of video footage that appears to have been recorded directly from the screens of hackers working for a group IBM calls ITG18, and which other security firms refer to as APT35 or Charming Kitten. It's one of the most active state-sponsored espionage teams linked to the government of Iran. The leaked videos were found among 40 gigabytes of data that the hackers had apparently stolen from victim accounts, including U.S. and Greek military personnel. Other clues in the data suggest that the hackers targeted U.S. State Department staff and an unnamed Iranian-American philanthropist. The IBM researchers say they found the videos exposed due to a misconfiguration of security settings on a virtual private cloud server they'd observed in previous APT35 activity. The files were all uploaded to the exposed server over a few days in May, just as IBM was monitoring the machine. The videos appear to be training demonstrations the Iran-backed hackers made to show junior team members how to handle hacked accounts. They show the hackers accessing compromised Gmail and Yahoo Mail accounts to download their contents, as well as exfiltrating other Google-hosted data from victims. This sort of data exfiltration and management of hacked accounts is hardly sophisticated hacking. It's more the kind of labor-intensive but relatively simple work that's necessary in a large-scale phishing operation. But the videos nonetheless represent a rare artifact, showing a first-hand view of state-sponsored cyberspying that's almost never seen outside of an intelligence agency.

Read more of this story at Slashdot.

Tech Firms Like Facebook Must Restrict Data Sent From EU To US, Court Rules

Slashdot - Your Rights Online - Pt, 2020-07-17 07:03
The European Court of Justice has ruled that the "Privacy Shield" data transfer agreement, which had allowed tech companies to transfer EU user data to the US, failed to adequately protect Europeans' data from US surveillance and security laws and was therefore invalid. What this means is companies like Facebook "could be prevented from sending data back to the US," reports The Guardian. From the report: The ruling of the court of justice of the European Union (CJEU) does not immediately end such transfers, but requires data protection authorities (DPAs) in individual member states to vet the sending of any new data to make sure people's personal information remains protected according to the EU's data protection laws (GDPR). The complaint, which goes back to October 2014, was lodged by Austrian privacy activist Max Schrems. He argued, following the Snowden revelations, that the privacy of European citizens could not be guaranteed if their data was sent to the US, given the evidence of widespread eavesdropping by the country's National Security Agency (NSA), and the fact that the US legal system only protected the rights of US citizens. Schrems' initial complaint led to the overturning of the EU/US "safe harbor," which had governed data transfer between the two countries, and the creation of a new treaty, the EU/US "privacy shield." This latest ruling has overturned that policy too. [...] The ruling is not a total halt on data transfers between the EU and US, said Lisa Peets, a partner at Covington, which represented the UK's software industry in the case. The court upheld the use of "standard contractual clauses" (SCCs) to transfer personal data between Europe and US, allowing companies to seek specific consent from users for data to be exported. "Data flows between Europe and the United States are an integral part of the European economy and of the day-to-day lives of millions of European consumers, and the SCCs are the backbone for many of those data transfers," Peets said. "As for the privacy shield, the European commission will be highly focused on finding a resolution and will be actively working work with the US government to identify a path forward."

Read more of this story at Slashdot.

Apple Wins Fight Over $14.9 Billion Tax Bill in Blow To EU

Slashdot - Your Rights Online - Śr, 2020-07-15 22:10
Apple won its court fight over a record 13 billion-euro ($14.9 billion) Irish tax bill in a crushing blow to European Union Competition Commissioner Margrethe Vestager's crackdown on preferential fiscal deals for companies. From a report: The judgment by the EU's lower court on Wednesday vindicates Apple Chief Executive Officer Tim Cook's challenge against a decision he labeled as "political crap." While the EU General Court's ruling can still be appealed, judges delivered a stinging attack on the European Commission for failing to show "to the requisite legal standard" that Ireland's tax deal broke state-aid law by giving Apple an unfair advantage. "The commission's intent seemed to be a political one: to punish Apple for its overall tax planning, rather than to reach a result that accorded with the legal or economic position," Dan Neidle, a tax lawyer with Clifford Chance said in a statement. "The court has, quite rightly, followed the law and not any wider political objectives."

Read more of this story at Slashdot.

Tech CEO Found Decapitated and Dismembered In His NYC Apartment

Slashdot - Your Rights Online - Śr, 2020-07-15 19:57
According to ABC News, 33-year-old tech entrepreneur Fahim Saleh was discovered decapitated and dismembered in his Manhattan apartment on Tuesday. The death was deemed a homicide and no arrests have been made as of yet. From the report: Saleh co-founded Pathao, a ride-share app that's popular in Bangledash. More recently, he was the CEO of Gokada, a motorcycle ride-sharing and delivery company based Nigeria, which has faced financial setbacks and recently laid off most of its staff. According to surveillance video from Monday, Saleh was seen around 1:40 p.m. being followed into his apartment elevator by a man wearing a suit, gloves, hat and mask and carrying a briefcase. When the elevator arrives at the seventh floor, which opened right into Saleh's apartment, he falls immediately, the apparent result of an attack. Saleh's body was found Tuesday afternoon by his sister who was concerned after she had not heard from him for a day. She can be seen in surveillance footage entering the building, but the suspected killer is not seen leaving, leading law enforcement to believe she may have interrupted the act of dismembering, police sources said. There is a second way out of the apartment, through a service entrance, according to the sources. Saleh's torso was detached from his head and limbs, which were found nearby in several large bags, sources said. An electric saw was also recovered, still plugged into an electrical outlet, according to law enforcement sources. His dog was found alive in the apartment.

Read more of this story at Slashdot.

Huawei Fights Back

Slashdot - Your Rights Online - Śr, 2020-07-15 12:00
mspohr writes: Looks like Huawei is going to fight back against the U.S. for the sanctions it has imposed on the company... using the U.S. patent system, which recently made some changes to FRAND agreements (fair, reasonable, and non-discriminatory) to make it even easier to sue. They're starting with Verizon and its suppliers, HP and Cisco. "It has filed patent infringement claims against Verizon for its own technology and for products Verizon has acquired from Cisco and Hewlett-Packard and demanded royalty payments for hundreds of patents," reports Forbes. "Huawei's patents may not even be practiced in the firms' accused products, but Huawei is using the legal process to compel court discovery on Verizon's and its suppliers' confidential information to enrich Huawei's knowledge of competitors' products and technology." [...] The report adds: "It is likely that the Trump Administration simply had not considered how Huawei would turn U.S. patent law against U.S. companies, since the President and his team have consistently led the charge to rid Chinese-controlled companies from the communications infrastructure in the U.S. and abroad, especially in 5G." Didn't see that coming?

Read more of this story at Slashdot.

Google Faces Lawsuit Over Tracking In Apps Even When Users Opted Out

Slashdot - Your Rights Online - Śr, 2020-07-15 04:10
Google records what people are doing on hundreds of thousands of mobile apps even when they follow the company's recommended settings for stopping such monitoring, a lawsuit seeking class action status alleged on Tuesday. Reuters reports: The new complaint in a U.S. district court in San Jose accuses Google of violating federal wiretap law and California privacy law by logging what users are looking at in news, ride-hailing and other types of apps despite them having turned off "Web & App Activity" tracking in their Google account settings. The lawsuit alleges the data collection happens through Google's Firebase, a set of software popular among app makers for storing data, delivering notifications and ads, and tracking glitches and clicks. Firebase typically operates inside apps invisibly to consumers. "Even when consumers follow Google's own instructions and turn off 'Web & App Activity' tracking on their 'Privacy Controls,' Google nevertheless continues to intercept consumers' app usage and app browsing communications and personal information," the lawsuit contends. Google uses some Firebase data to improve its products and personalize ads and other content for consumers, according to the lawsuit.

Read more of this story at Slashdot.

White House Reportedly Orders Hospitals To Bypass CDC During COVID-19 Data Collection

Slashdot - Your Rights Online - Śr, 2020-07-15 03:30
The Trump administration is now ordering hospitals to send coronavirus patient data to a database in Washington, DC as part of a new initiative that may bypass the Centers for Disease Control and Prevention (CDC), according to a report from The New York Times published on Tuesday. The Verge reports: As outlined in a document (PDF) posted to the website of the Department of Health and Human Services (HHS), hospitals are being ordered to send data directly to the administration, effective tomorrow, a move that has alarmed some within the CDC, according to The Times. The database that will collect and store the information is referred to in the document as HHS Protect, which was built in part by data mining and predictive analytics firm Palantir. The Silicon Valley company is known most for its controversial contract work with the US military and other clandestine government agencies as well as for being co-founded and initially funded by Trump ally Peter Thiel. "A unique link will be sent to the hospital points of contact. This will direct the [point of care] to a hospital-specific secure form that can then be used to enter the necessary information. After completing the fields, click submit and confirm that the form has been successfully captured," reads the HHS instructions. "A confirmation email will be sent to you from the HHS Protect System. This method replaces the emailing of individual spreadsheets previously requested." While the White House's official reasoning is that this plan will help make data collection on the spread of COVID-19 more centralized and efficient, some current and former public health officials fear the bypassing of the CDC may be an effort to politicize the findings and cut experts out of the loop with regard to federal messaging and guidelines, The Times reports.

Read more of this story at Slashdot.

German Court Bans Tesla Ad Statements Related To Autonomous Driving

Slashdot - Your Rights Online - Śr, 2020-07-15 00:10
An anonymous reader quotes a report from Reuters: Germany has banned Tesla from repeating what a court says are misleading advertising statements relating to the capabilities of the firm's driver assistance systems and to autonomous driving, a Munich judge ruled on Tuesday. Tesla can appeal the ruling. The case was brought by Germany's Wettbewerbszentrale, an industry sponsored body tasked with policing anti-competitive practices. The Munich court agreed with the industry body's assessment and banned Tesla Germany from including "full potential for autonomous driving" and "Autopilot inclusive" in its German advertising materials. It said such claims amounted to misleading business practices, adding that the average buyer might be given the impression that the car could drive without human intervention and might suggest such a system was now legal on German roads.

Read more of this story at Slashdot.

California Investigating Google For Potential Antitrust Violations

Slashdot - Your Rights Online - Wt, 2020-07-14 03:25
California has opened its own antitrust probe into Google, leaving just one state that has yet to do so. "In September, attorneys general from 48 states, Puerto Rico and the District of Columbia announced an antitrust investigation into Google focused on the company's dominance of the advertising technology market," reports Politico. "Over the past 10 months, that investigation -- led by Texas -- has expanded into other aspects of the company's business, including its conduct in the search market." From the report: California -- which houses Google's headquarters in Mountain View -- was the most notable holdout in the multi-state group, and Democratic Attorney General Xavier Becerra has repeatedly declined to answer questions about why the state wasn't a participant. The California antitrust probe is a separate investigation from the multi-state effort, two of the individuals said. All of the individuals spoke on condition of anonymity to talk openly about a confidential probe. Alabama is now the only state that is not investigating the company. It was not immediately clear what aspect of Google's business California is targeting. Google has previously been in California's crosshairs over antitrust concerns. In the early 2010s, California was among five states that investigated Google alongside the Federal Trade Commission over allegations the tech giant biased its search results to favor its own products. The FTC opted against filing an antitrust suit and closed its probe in January 2013. California and the other states, which included Texas, New York, Oklahoma and Ohio, later closed their probes in 2014. California has its own antitrust laws, the Cartwright Act and the Unfair Competition Act, that are sometimes interpreted more broadly than the U.S. federal antitrust law. Unlike federal antitrust law, California's laws do allow government enforcers to seek restitution or civil penalties for violations.

Read more of this story at Slashdot.

US Threatens To Restrict WeChat Following TikTok Backlash

Slashdot - Your Rights Online - Wt, 2020-07-14 02:45
Amid intense scrutiny over TikTok as a potential national security risk in the U.S., WeChat, the essential tool for Chinese people's day-to-day life, is also taking heat from Washington. TechCrunch reports: White House trade advisor Peter Navarro told Fox Business on Sunday that "[TikTok] and WeChat are the biggest forms of censorship on the Chinese mainland, and so expect strong action on that." Navarro alleged that "all of the data that goes into those mobile apps that kids have so much fun with and seem so convenient, it goes right to servers in China, right to the Chinese military, the Chinese communist party, and the agencies which want to steal our intellectual property." It's unclear how the U.S. restriction will play out, if it will at all, though some WeChat users are already speculating workarounds to stay in touch with their family and friends back home. In the case that the Tencent-owned messenger is removed by Apple App Store or Google Play, U.S.-based users could switch to another regional store to download the app. If it were an IP address ban, they could potentially access the app through virtual private networks (VPNs), tools that are familiar to many in China to access online services blocked by Beijing's Great Firewall.

Read more of this story at Slashdot.

iPhone User Sues Microsoft's LinkedIn For Spying Through Apple's 'Clipboard'

Slashdot - Your Rights Online - N, 2020-07-12 18:34
"Microsoft's LinkedIn was sued by a New York-based iPhone user on Friday for allegedly reading and diverting users' sensitive content from Apple Inc's Universal Clipboard application," reports Reuters. According to Apple's website, Universal Clipboard allows users to copy text, images, photos, and videos on one Apple device and then paste the content onto another Apple device. According to the lawsuit filed in San Francisco federal court by Adam Bauer, LinkedIn reads the Clipboard information without notifying the user. LinkedIn did not immediately respond to Reuters request for comment. According to media reports from last week, 53 apps including TikTok and LinkedIn were reported to be reading users' Universal Clipboard content, after Apple's latest privacy feature started alerting users whenever the clipboard was accessed with a banner saying "pasted from Messages..." A LinkedIn executive had said on Twitter last week that the company released a new version of its app to end this practice... According to the complaint, LinkedIn has not only been spying on its users, it has been spying on their nearby computers and other devices, and it has been circumventing Apple's Universal Clipboard timeout.

Read more of this story at Slashdot.

Wells Fargo Tells Employees: Delete TikTok from Company Phones

Slashdot - Your Rights Online - N, 2020-07-12 15:34
An anonymous reader quotes Engadget: Wells Fargo does not want TikTok on its employees' phones. According to The Information, the financial institution sent its employees a note, telling them to remove the app from corporate devices immediately... A Wells Fargo spokesperson confirmed the company's move to The Information, explaining that it came to the decision due to concerns about TikTok's privacy practices: "We have identified a small number of Wells Fargo employees with corporate-owned devices who had installed the TikTok application on their device. Due to concerns about TikTok's privacy and security controls and practices, and because corporate-owned devices should be used for company business only, we have directed those employees to remove the app from their devices."

Read more of this story at Slashdot.

Why Did a Tech Executive Install 1,000 Security Cameras Around San Francisco?

Slashdot - Your Rights Online - N, 2020-07-12 01:34
The New York Times explains why Chris Larsen installed over a thousand surveillance cameras around San Francisco to monitor 135 city blocks: It sounds sinister. A soft-spoken cryptocurrency mogul is paying for a private network of high-definition security cameras around the city. Zoom in and you can see the finest details: the sticker on a cellphone, the make of a backpack, the color of someone's eyes... While violent crime is not high in the city, property crime is a constant headache. Anyone who lives here knows you shouldn't leave anything — not a pile of change, not a scarf — in a parked car... locals are tired of the break-ins. So how do they reconcile "defund the police" with "stop the smash and grabs"? Mr. Larsen believes he has the answer: Put security cameras in the hands of neighborhood groups. Put them everywhere. He's happy to pay for it.... Here is what he is doing: Writing checks for nearly $4 million to buy cameras that record high-definition video of the streets and paying to have them maintained by a company called Applied Video Solutions. The rest is up to locals in neighborhood coalitions like Community Benefit Districts, nonprofits formed to provide services to the area. Here is how the project works: Neighbors band together and decide where to put the cameras. They are installed on private property at the discretion of the property owner, and in San Francisco many home and business owners want them. The footage is monitored by the neighborhood coalition. The cameras are always recording... As proponents of Mr. Larsen's network see things, they get the safety of a surveillance state without the state... It is arguably more compelling evidence in court because the video is monitored by a third-party intermediary who can testify that it is a continuous feed. It is time stamped. And because the network covers many blocks, the footage can tell a broader story than a single camera about an event that might be moving from block to block, in the case of, for example, a fight.... "This has underscored the importance of not just cameras but of communitywide camera coverage," Mr. Larsen said. "Body cams show some pretty core weaknesses because we don't have universal access to police body cam footage, and there's a fundamental conflict of interest if the video shows something bad for the department." The answer is more cameras, he said, and then keep that footage in the hands of citizens. He argued that trust will come in the form of full city camera coverage, so police can play a smaller, more subtle role. Individual vigilantism will not work, he argued, but strong neighborhoods with continuous video feeds on every corner will. "That's the winning formula," Mr. Larsen said. "Pure coverage." The locally-stored footage is erased after 30 days. Thought it's not covered by the city's newly-enacted ban on facial recognition software, Larsen says "We're strongly opposed to facial recognition technology. Facial recognition is too powerful given the lack of laws and protections to make it acceptable."

Read more of this story at Slashdot.

TikTok Pulls Out of Hong Kong

Slashdot - Your Rights Online - So, 2020-07-11 23:34
AmiMoJo quotes TechCrunch: TikTok announced that it would pull out of Hong Kong, which is facing an unprecedented wave of control from the Beijing government after the promulgation of the national security law. "In light of recent events, we've decided to stop operations of the TikTok app in Hong Kong," said a TikTok spokesperson. The company declined further comment on the decision... ByteDance, founded by Chinese serial entrepreneur Zhang Yiming, has been working to disassociate TikTok from its Chinese ownership and Beijing censorship. Efforts have ranged from keeping an overseas data center for TikTok that's supposedly out of reach by the Chinese authority, giving outside experts a glimpse into its moderation process, through to hiringDisney's Kevin Mayer as the app's new global face.

Read more of this story at Slashdot.

'Guilty' Verdict for Russian Who Stole 117M Dropbox and LinkedIn Login Codes in 2012

Slashdot - Your Rights Online - So, 2020-07-11 20:34
In 2012 "Russian hacker" Yevgeniy Nikulin breached the internal networks of LinkedIn, Dropbox, and Formspring, and then sold their user databases on the black market, reports ZDNet. (He stole 117 million login codes, according to Bloomberg.) Nikulin was arrested in 2016 (while on vacation in the Czech Republic), and after an extradition battle spent years in U.S. prisons while awaiting his trial, which Bloomberg calls "an ongoing constitutional violation that deeply distressed U.S. District Judge William Alsup." Yesterday a jury finally found Nikulin guilty: It was the first trial in Northern California since the coronavirus pandemic shut Bay Area courtrooms in mid-March... The trial started in early March but was interrupted by the coronavirus pandemic and a shelter-in-place order for the Bay Area on March 16, when almost all in-person court hearings were postponed nationwide... Forced by circumstances to twice delay the trial, Alsup stood firm on a July 7 start. The judge, Nikulin and lawyers wore masks. Witnesses testified from behind a glass panel... Nikulin is scheduled to be sentenced Sept. 29. The Justice Department said he faces as long as 10 years in prison for each count of selling stolen usernames and passwords, installing malware on protected computers and as many as five years for each count of conspiracy and computer hacking. He also faces a mandatory two year sentence for identity theft, according to prosecutors.

Read more of this story at Slashdot.

DuckDuckGo Restored in India, Responds to Favicon Concerns

Slashdot - Your Rights Online - So, 2020-07-11 16:34
DuckDuckGo made the news twice this week. First its service was reinstated across India last Saturday, after being unreachable for nearly three days, for reasons which remain unclear. "We have contacted the Indian government but have not yet received a response," a DuckDuckGo spokesperson told The Verge. "We are bewildered on why the Indian government would instruct Indian ISPs to block DuckDuckGo, but are optimistic that this will be resolved soon." But at roughly the same time the search engine faced another controversy about how DuckDuckGo fetches favicons, according to one cybersecurity blog: First submitted as an issue in July 2019, GitHub user Tritonio flagged the offending script, saying: "This seems to be leaking all(?) the domains that users visit to your servers." The script in the Android version of the DuckDuckGo application showed that favicon fetching was routed through DuckDuckGo systems, rather than made via direct website requests. Daniel "tagawa" Davis, communications manager at DuckDuckGo, said at the time that the "internal" favicon service was used to simplify the favicon location process, but as the service is rooted in DuckDuckGo's existing systems, the script adhered to the company's privacy policy which pledges not to collect or store any personal user information. The case was then closed. However, when the issue became public on the GitHub tracker this week, this assurance was not enough for everyone. Some users requested that the case be re-examined, citing potential information leaks caused by the script choice, considered by some as an inherent 'design' flaw or human error. In response to the discussion concerning the favicon telemetry, founder and CEO Gabriel Weinberg said he was "happy to commit us to move to doing this locally in the browser" and will address it as a matter of priority. He added that as DuckDuckGo's services are encrypted and "throw away PII [personally identifiable information] like IP addresses by design", no information was collected, stored, or leaked. The company's slogan is "Privacy Simplified". It is this concept, Weinberg told The Daily Swig, that led to the rapid decision in changing how favicons are managed. Weinberg acknowledged that there is an ongoing security debate concerning which option for fetching favicons is more secure, and arguments can be made for each choice — but added they both offer "basically a similar amount" of privacy... You can ask a browser to connect to a website and fetch the favicon — potentially making multiple requests in the process — or you can use the firm's encrypted service... "It's a known anonymous service," Weinberg told us. "You're already connected to DuckDuckGo because you're using the app. It's not that it is leaking any more information, because you conduct a search with us which has the favicons anyway." DuckDuckGo's service is also faster and uses less bandwidth as the service is running server-side and favicons are cached, Weinberg says.

Read more of this story at Slashdot.

US Secret Service Creates New Cyber Fraud Task Force

Slashdot - Your Rights Online - So, 2020-07-11 12:00
The U.S. Secret Service announced the creation of the Cyber Fraud Task Force (CFTF) after the merger of its Financial Crimes Task Forces (FCTFs) and Electronic Crimes Task Forces (ECTFs) into a single unified network. Bleeping Computer reports: CFTF's main goal is to investigate and defend American individuals and businesses from a wide range of cyber-enabled financial crimes, from business email compromise (BEC) scams and ransomware attacks to data breaches and the illegal sale of stolen personal information and credit cards on the Internet and the dark web. Consolidating the two task forces into CFTF will allow the Secret Service to boost its agents' ability to prevent, detect, and mitigate financially-motivated cybercrime by improving coordination, sharing of resources and expertise, and best practices dissemination. "The creation of the new Cyber Fraud Task Force (CFTF), will offer a specialized cadre of agents and analysts, trained in the latest analytical techniques and equipped with the most cutting-edge technologies," said Michael D'Ambrosio, U.S. Secret Service Assistant Director. At the moment, the Secret Service has already operationalized CFTFs in 42 domestic offices and in 2 international locations (London and Rome). The Department of Homeland Security federal law enforcement agency also plans to increase the number of CFTF locations through its network of more than 160 offices across the U.S. and around the globe.

Read more of this story at Slashdot.

Police Surveilled Protests With Help From Twitter-Affiliated Startup Dataminr

Slashdot - Your Rights Online - So, 2020-07-11 05:30
An anonymous reader quotes a report from The Intercept: Leveraging close ties to Twitter, controversial artificial intelligence startup Dataminr helped law enforcement digitally monitor the protests that swept the country following the killing of George Floyd, tipping off police to social media posts with the latest whereabouts and actions of demonstrators, according to documents reviewed by The Intercept and a source with direct knowledge of the matter. The monitoring seems at odds with claims from both Twitter and Dataminr that neither company would engage in or facilitate domestic surveillance following a string of 2016 controversies. Twitter, up until recently a longtime investor in Dataminr alongside the CIA, provides the company with full access to a content stream known as the "firehose" -- a rare privilege among tech firms and one that lets Dataminr, recently valued at over $1.8 billion, scan every public tweet as soon as its author hits send. Both companies denied that the protest monitoring meets the definition of surveillance. Dataminr's Black Lives Matter protest surveillance included persistent monitoring of social media to tip off police to the locations and activities of protests, developments within specific rallies, as well as instances of alleged "looting" and other property damage. According to the source with direct knowledge of Dataminr's protest monitoring, the company and Twitter's past claims that they don't condone or enable surveillance are "bullshit," relying on a deliberately narrowed definition. "It's true Dataminr doesn't specifically track protesters and activists individually, but at the request of the police they are tracking protests, and therefore protesters," this source explained. According to internal materials reviewed by The Intercept, Dataminr meticulously tracked not only ongoing protests, but kept comprehensive records of upcoming anti-police violence rallies in cities across the country to help its staff organize their monitoring efforts, including events' expected time and starting location within those cities. A protest schedule seen by The Intercept shows Dataminr was explicitly surveilling dozens of protests big and small, from Detroit and Brooklyn to York, Pennsylvania, and Hampton Roads, Virginia. Company documents also show the firm instructed members of its staff to look for instances of "lethal force used against protesters by police or vice-versa," "property damage," "widespread arson or looting against government or commercial infrastructure," "new instances of officer-involved shootings or death with potential interpretation of racial bias," and occasions when a "violent protests spreads to new major American city." Staff were also specifically monitoring social media for posts about "Officers involved in Floyd's death" -- all of which would be forwarded to Dataminr's governmental customers through a service named "First Alert." [...] First Alert also scans other popular platforms like Snapchat and Facebook, the latter being particularly useful for protest organizers trying to rapidly mobilize their communities. On at least one occasion, according to MPD records, Dataminr was able to point police to a protest's Facebook event page before it had begun.

Read more of this story at Slashdot.

Canadian Genetic Non-Discrimination Act Upheld

Slashdot - Your Rights Online - So, 2020-07-11 04:30
Long-time Slashdot reader kartis writes: Canada's Supreme Court upheld the Genetic Non-Discrimination Act (GINA) which prohibits under criminal penalty, employers or insurers from demanding or using genetic information. This was a result of a private member's bill in Parliament, which meant it passed without the government's support, and in fact both the Federal government and Quebec government (which had gotten it declared unconstitutional as outside federal powers) argued that it extended criminal powers into a provincial jurisdiction. Well, the Supreme Court has surprisingly upheld it in a 5-4 decision, which means great things for Canadians' privacy, and also suggests a wider ability for federal privacy legislation than many jurists had thought.

Read more of this story at Slashdot.