aggregator

The Supreme Court Fight Over Microsoft's Foreign Servers Is Over

Slashdot - Your Rights Online - Pt, 2018-04-06 15:00
An anonymous reader quotes a report from The Verge: The much-anticipated Supreme Court case U.S. v. Microsoft -- which could have decided the extent of American jurisdiction over foreign servers -- is now, for all intents and purposes, dead. On March 30th, the Department of Justice moved to drop the lawsuit as moot, and today, Microsoft filed to agree with the motion. While the Supreme Court has yet to officially drop the case, it's a foregone conclusion that they will. Both the government and Microsoft agree that the newly passed CLOUD Act renders the lawsuit meaningless. In U.S. v. Microsoft, federal law enforcement clashed with Microsoft over the validity of a Stored Communications Act warrant for data stored on a server in Dublin. The CLOUD Act creates clear new procedures for procuring legal orders for data in these kinds of cross-border situations. In last week's motion to vacate, DOJ disclosed that it had procured a new warrant under the CLOUD Act.

Read more of this story at Slashdot.

EFF: Google Should Not Help the US Military Build Unaccountable AI Systems

Slashdot - Your Rights Online - Pt, 2018-04-06 05:30
The Electronic Frontier Foundation's Peter Eckersley writes: Yesterday, The New York Times reported that there is widespread unrest amongst Google's employees about the company's work on a U.S. military project called "Project Maven." Google has claimed that its work on Maven is for "non-offensive uses only," but it seems that the company is building computer vision systems to flag objects and people seen by military drones for human review. This may in some cases lead to subsequent targeting by missile strikes. EFF has been mulling the ethical implications of such contracts, and we have some advice for Google and other tech companies that are considering building military AI systems. The EFF lists several "starting points" any company, or any worker, considering whether to work with the military on a project with potentially dangerous or risk AI applications should be asking: 1. Is it possible to create strong and binding international institutions or agreements that define acceptable military uses and limitations in the use of AI? While this is not an easy task, the current lack of such structures is troubling. There are serious and potentially destabilizing impacts from deploying AI in any military setting not clearly governed by settled rules of war. The use of AI in potential target identification processes is one clear category of uses that must be governed by law. 2.Is there a robust process for studying and mitigating the safety and geopolitical stability problems that could result from the deployment of military AI? Does this process apply before work commences, along the development pathway and after deployment? Could it incorporate the sufficient expertise to address subtle and complex technical problems? And would those leading the process have sufficient independence and authority to ensure that it can check companies' and military agencies' decisions? 3.Are the contracting agencies willing to commit to not using AI for autonomous offensive weapons? Or to ensuring that any defensive autonomous systems are carefully engineered to avoid risks of accidental harm or conflict escalation? Are present testing and formal verification methods adequate for that task? 4.Can there be transparent, accountable oversight from an independently constituted ethics board or similar entity with both the power to veto aspects of the program and the power to bring public transparency to issues where necessary or appropriate? For example, while Alphabet's AI-focused subsidiary DeepMind has committed to independent ethics review, we are not aware of similar commitments from Google itself. Given this letter, we are concerned that the internal transparency, review, and discussion of Project Maven inside Google was inadequate. Any project review process must be transparent, informed, and independent. While it remains difficult to ensure that that is the case, without such independent oversight, a project runs real risk of harm.

Read more of this story at Slashdot.

The FCC Is Refusing To Release Emails About Ajit Pai's 'Harlem Shake' Video

Slashdot - Your Rights Online - Pt, 2018-04-06 04:45
bumblebaetuna writes from a report via Motherboard: On the eve of the net neutrality repeal, just as tensions and public debate over the issue were reaching a fever pitch, someone in the FCC decided it would be a good idea to have chair Ajit Pai ridicule legitimate concerns of internet users with a video featuring an outdated meme and a pizzagate conspiracy theorist. Now, citing the infamous b5 FOIA exemption, the Federal Communications Commission is refusing to release emails related to the planning of the video. The b5 exemption is supposed to protect "inter-agency or intra-agency memorandum or letters which would be privileged in civil litigation," but each agency interprets that meaning differently.

Read more of this story at Slashdot.

Secret Service Warns of Chip Card Scheme

Slashdot - Your Rights Online - Pt, 2018-04-06 02:45
Brian Krebs reports of a new scheme where new debit cards are intercepted in the mail and the chips on the cards are replaced with chips from old cards. Thieves can then start draining funds from the account as soon as the modified card is activated. The warning comes from the U.S. Secret Service. Krebs on Security reports: The reason the crooks don't just use the debit cards when intercepting them via the mail is that they need the cards to be activated first, and presumably they lack the privileged information needed to do that. So, they change out the chip and send the card on to the legitimate account holder and then wait for it to be activated. The Secret Service memo doesn't specify at what point in the mail process the crooks are intercepting the cards. It could well involve U.S. Postal Service employees (or another delivery service), or perhaps the thieves are somehow gaining access to company mailboxes directly. Either way, this alert shows the extent to which some thieves will go to target high-value customers.

Read more of this story at Slashdot.

UK, Australia Investigating Facebook Amid Cambridge Analytica Data Scandal

Slashdot - Your Rights Online - Pt, 2018-04-06 02:03
Both the United Kingdom and Australia said Thursday that they have opened formal investigations into Facebook amid allegations that their citizens' data was improperly shared with Cambridge Analytica. ABC News reports: The Information Commissioner's Office in the U.K. is "looking at how data was collected from a third party app on Facebook and shared with Cambridge Analytica. We are also conducting a broader investigation into how social media platforms were used in political campaigning," according to Commissioner Elizabeth Denham. The office will investigate Facebook, along with 29 other organizations that have not been named. Earlier Thursday, Australia said it had opened a formal investigation into the tech giant amid allegations that Australian users' data was improperly shared with Cambridge Analytica. "Today I have opened a formal investigation into Facebook, following confirmation from Facebook that the information of over 300,000 Australian users may have been acquired and used without authorization," Angelene Falk, Australia's acting information commissioner and acting privacy commissioner, said. According to Falk, Australia will work with international regulatory agencies to investigate whether Facebook violated the country's privacy act. Under Australian law, the commissioner has the power to issue fines of up to $1.6 million to organizations that fail to comply with the act, according to the Australian Broadcasting Corporation. Australia and the U.K. joined the United States and Israel in investigating Facebook's breach of privacy.

Read more of this story at Slashdot.

Intel Tells Users to Uninstall Remote Keyboard App Over Unpatched Security Bugs

Slashdot - Your Rights Online - Pt, 2018-04-06 00:40
Intel has decided that instead of fixing three security bugs affecting the Intel Remote Keyboard Android app, it would be easier to discontinue the application altogether. BleepingComputer: The company announced its decision on Tuesday, following the discovery of three security bugs that affect all versions of the Intel Remote Keyboard. This is an Android application that Intel launched in 2015 to allow users to wirelessly control Intel NUC and Intel Compute Stick single-board computers. The bugs, discovered by three different researchers, when exploited, allow a nearby network attacker to inject keystrokes into remote keyboard sessions, and also execute malicious code on the user's Android device.

Read more of this story at Slashdot.

Online Gaming Could Be Stalled by Net Neutrality Repeal, ESA Tells Court

Slashdot - Your Rights Online - Cz, 2018-04-05 21:20
A video game industry lobby group is joining the lawsuit that seeks to reinstate net neutrality rules in the US, saying that the net neutrality repeal could harm multiplayer online games that require robust Internet connections. From a report: The Entertainment Software Association (ESA) yesterday filed a motion for leave to intervene so that it can support the case against the Federal Communications Commission. The lawsuit, filed by a mix of Democratic state attorneys general, tech companies such as Mozilla, and consumer advocacy groups, seeks to reverse the FCC's December 2017 vote to eliminate net neutrality rules. The ESA said its members will be harmed by the repeal "because the FCC's Order permits ISPs to take actions that could jeopardize the fast, reliable, and low-latency connections that are critical to the video game industry."

Read more of this story at Slashdot.

Facebook Was in Talks With Top Hospitals Until Last Month To Share Data of Most Vulnerable Patients

Slashdot - Your Rights Online - Cz, 2018-04-05 20:40
Facebook was in talks with top hospitals and other medical groups as recently as last month about a proposal to share data about the social networks of their most vulnerable patients, CNBC reported on Thursday. From the story: Facebook was intending to match it up with user data it had collected, and help the hospitals figure out which patients might need special care or treatment. The proposal never went past the planning phases and has been put on pause after the Cambridge Analytica data leak scandal raised public concerns over how Facebook and others collect and use detailed information about Facebook users. "This work has not progressed past the planning phase, and we have not received, shared, or analyzed anyone's data," a Facebook spokesperson told CNBC. But as recently as last month, the company was talking to several health organizations, including Stanford Medical School and American College of Cardiology, about signing the data-sharing agreement.

Read more of this story at Slashdot.

Microsoft: We'll Help Customers Create Patents But We Get a License To Use Them

Slashdot - Your Rights Online - Cz, 2018-04-05 18:00
Microsoft outlined a new intellectual-property policy on Thursday for co-developed technology that embraces open source and seeks to assure customers it won't run off with their innovations. From a report: The shared innovation principles build on its Azure IP Advantage program for helping customers combat patent trolls. The new principles for co-developed innovation cover ownership of existing technology, customer ownership of new patents, support for open source, licensing new IP back to Microsoft, software portability, transparency, and learning. Microsoft president Brad Smith says the principles aim to assuage customers' fears that Microsoft may end up using co-developed technology to rival them. [...] In return, Microsoft gets to license back any of the patents in the new technology but promises to limit their use to improving its own platform technologies, such as Azure, Azure AI services, Office 365, Windows, Xbox, and HoloLens. It also reserves the right to use "code and tools developed by or on behalf of Microsoft that are intended to provide technical assistance to customers in their respective businesses."

Read more of this story at Slashdot.

1.1.1.1: Cloudflare's New DNS Attracting 'Gigabits Per Second' of Rubbish

Slashdot - Your Rights Online - Cz, 2018-04-05 12:00
An anonymous reader quotes a report from ZDNet: Cloudflare's new speed and privacy enhancing domain name system (DNS) servers, launched on Sunday, are also part of an experiment being conducted in partnership with the Asia Pacific Network Information Center (APNIC). The experiment aims to understand how DNS can be improved in terms of performance, security, and privacy. "We are now critically reliant on the integrity of the DNS, yet the details of the way it operates still remains largely opaque," wrote APNIC's chief scientist Geoff Huston in a blog post. "We are aware that the DNS has been used to generate malicious denial of service attacks, and we are keen to understand if there are simple and widely deployable measures that can be taken to mitigate such attacks. The DNS relies on caching to operate efficiently and quickly, but we are still unsure as to how well caching actually performs. We are also unclear how much of the DNS is related to end user or application requirements for name resolution, and how much is related to the DNS chattering to itself." The Cloudflare-APNIC experiment uses two IPv4 address ranges, 1.1.1/24 and 1.0.0/24, which have been reserved for research use. Cloudflare's new DNS uses two addresses within those ranges, 1.1.1.1 and 1.0.0.1. These address ranges were originally configured as "dark traffic addresses", and some years ago APNIC partnered with Google to analyze the unsolicited traffic directed at them. There was a lot of it. "Our initial work with it certainly showed it to be an unusually strong attractor for bad traffic. At the time we stopped doing it with Google, it was over 50 gigabits per second. Quite frankly, few folk can handle that much noise," Huston told ZDNet on Wednesday. By putting Cloudflare's DNS on these research addresses, APNIC gets to see the noise as well as the DNS traffic -- or at least "a certain factored amount" of it -- for research purposes.

Read more of this story at Slashdot.

Facebook Is Changing the Way It Stores Call, Text History

Slashdot - Your Rights Online - Cz, 2018-04-05 01:30
Facebook issued a blog post today detailing the changes it has made to how it manages users' data. Among the new changes is a tweak to how Facebook collects and stores call and text history. Engadget reports: For those using Messenger or Facebook Lite on Android, an opt-in feature compiles users' call and text history, which the company says is used to help it surface the contacts you talk to most frequently. In its blog post today, Facebook said that it has reviewed the feature and can confirm that it doesn't actually collect the content of any messages. Additionally, going forward, it will delete logs older than a year and only the data required for the feature's functionality will be collected, meaning no extra data, such as call times, will be stored. The collection of such data became an issue last month, when software developer Dylan McKay discovered the logs after downloading a copy of his account data. Facebook initially said that it was an opt-in feature. It also said that the call and text history data were never sold. You can see how to turn off this feature here for Messenger and here for Facebook Lite.

Read more of this story at Slashdot.

Ask Slashdot: What Does Your Data Mean To Google?

Slashdot - Your Rights Online - Śr, 2018-04-04 23:30
shanen writes: Due to the recent kerfuffles, I decided to try again to see what Google had on me. This time I succeeded and failed, in contrast to the previous pure failures. Yes, I did find Google's takeout website and downloaded all of "my data," but no, it means nothing to me. Here are a few sub-questions I couldn't answer: 1. Much more data than I ever created, so where did the rest come from? 2. How does the data relate to the characteristic vector that Google uses to characterize me? 3. What tools do Googlers use to make sense of the data? Lots more questions, but those are the ones that are most bugging me right now. Question 2. is probably heaviest among them, since I've read that the vector has 700 dimensions... So do you have any answers? Or better questions? Or your own takeout experiences to share? Oh yeah, one more thing. Based on my own troubled experience with the download process, it is clear that Google doesn't really want us to download the so-called "our own" data. My Question 4. is now: "What is Google hiding about me from me?"

Read more of this story at Slashdot.

Facebook's Privacy Fixes Have Broken Tinder

Slashdot - Your Rights Online - Śr, 2018-04-04 22:50
Since the recent Cambridge Analytica data privacy scandal, Facebook has been rolling out more security and data privacy updates. "Today, however, the company announced sweeping changes to many of its most prominent APIs, restricting develop access in a number of crucial ways," reports The Verge. "Soon after, Tinder users started noting on Twitter that they had been kicked off the dating app and couldn't log back on, as those who used Facebook Login were caught in an infinite loop that appears to be related to an unknown bug." From the report: The app has been bringing up an error message to booted users, titled Facebook Permissions, stating that users need to provide more Facebook permissions in order to create or use a Tinder account. If users tap "Ask me," which is the only given option, the app requests they log into Facebook once more and the loop starts again. Roderick Hsiao, a senior software engineer at Tinder, tweeted that users could still access the service through its web browser while engineers worked on fixing the mobile client.

Read more of this story at Slashdot.

CenturyLink Fights Billing-Fraud Lawsuit By Claiming That It Has No Customers

Slashdot - Your Rights Online - Śr, 2018-04-04 22:10
An anonymous reader quotes a report from Ars Technica: CenturyLink is trying to force customers into arbitration in order to avoid a class-action lawsuit from subscribers who say they've been charged for services they didn't order. To do so, CenturyLink has come up with a surprising argument -- the company says it doesn't have any customers. While the customers sued CenturyLink itself, the company says the customers weren't actually customers of CenturyLink. Instead, CenturyLink says they were customers of 10 subsidiaries spread through the country. CenturyLink basically doesn't exist as a service provider -- according to a brief CenturyLink filed Monday. "That sole defendant, CenturyLink, Inc., is a parent holding company that has no customers, provides no services, and engaged in none of the acts or transactions about which Plaintiffs complain," CenturyLink wrote. "There is no valid basis for Defendant to be a party in this Proceeding: Plaintiffs contracted with the Operating Companies to purchase, use, and pay for the services at issue, not with CenturyLink, Inc." CenturyLink says those operating companies should be able to intervene in the case and "enforce class-action waivers," which would force the customers to pursue their claims via arbitration instead of in a class-action lawsuit. By suing CenturyLink instead of the subsidiaries, "it may be that Plaintiffs are hoping to avoid the arbitration and class-action waiver provisions," CenturyLink wrote.

Read more of this story at Slashdot.

Cambridge Analytica May Have Had Facebook Data From 87 Million People

Slashdot - Your Rights Online - Śr, 2018-04-04 20:42
Cambridge Analytica may have had data from more unwitting Facebook usersthan originally thought. From a report: Facebook now says that the data firm, which collected data about users without their permission, may have collected data on as many as 87 million people. Original reports from the New York Times pegged that number at closer to 50 million people. "In total, we believe the Facebook information of up to 87 million people -- mostly in the U.S." may have been improperly shared with Cambridge Analytica by apps that they or their friends used," Facebook CTO Mike Schroepfer wrote in a blog post Wednesday. From Facebook's blog post, "Given the scale and sophistication of the activity we've seen, we believe most people on Facebook could have had their public profile scraped in this way. "

Read more of this story at Slashdot.

Facebook Scans What You Send Other People on Messenger App

Slashdot - Your Rights Online - Śr, 2018-04-04 18:00
Sarah Frier, reporting for Bloomberg: Facebook scans the text and images that people send each other on Facebook Messenger, making sure it all abides by the company's rules governing content. If it doesn't, it gets blocked. The company confirmed the practice after an interview published earlier this week with Chief Executive Officer Mark Zuckerberg raised questions about Messenger's practices and privacy. Zuckerberg told Vox's Ezra Klein a story about receiving a phone call related to ethnic cleansing in Myanmar. Facebook had detected people trying to send sensational messages through the Messenger app, he said. "In that case, our systems detect what's going on," Zuckerberg said. "We stop those messages from going through." Some people reacted with concern on Twitter: "Was Facebook reading messages more generally?" Facebook has been under scrutiny in recent weeks over how it handles users' private data and the revelation struck a nerve. Messenger doesn't use the data from the scanned messages for advertising, the company said, but the policy may extend beyond what Messenger users expect.

Read more of this story at Slashdot.

Outgoing White House Emails Not Protected by Verification System

Slashdot - Your Rights Online - Śr, 2018-04-04 17:20
The security advocacy group Global Cyber Alliance tested the 26 email domains managed by the Executive Office of the President (EOP) and found that only one fully implements a security protocol that verifies the emails as genuinely from the White House. From a report: Of the 26 domains, 18 are not in compliance with a Department of Homeland Security directive to implement that protocol. Imagine the havoc someone could cause sending misinformation from a presidential aide's account: Such fraudulent messages could be used in phishing campaigns, to spread misinformation to careless reporters, or to embarrass White House employees by sending fake tirades under their names.

Read more of this story at Slashdot.

Swedes Turn Against Cashlessness

Slashdot - Your Rights Online - Śr, 2018-04-04 07:00
An anonymous reader quotes a report from The Guardian: It is hard to argue that you cannot trust the government when the government isn't really all that bad. This is the problem facing the small but growing number of Swedes anxious about their country's rush to embrace a cash-free society. Most consumers already say they manage without cash altogether, while shops and cafes increasingly refuse to accept notes and coins because of the costs and risk involved. Until recently, however, it has been hard for critics to find a hearing. "The Swedish government is a rather nice one, we have been lucky enough to have mostly nice ones for the past 100 years," says Christian Engstrom, a former MEP for the Pirate Party and an early opponent of the cashless economy. "In other countries there is much more awareness that you cannot trust the government all the time. In Sweden it is hard to get people mobilized." There are signs this might be changing. In February, the head of Sweden's central bank warned that Sweden could soon face a situation where all payments were controlled by private sector banks. The Riksbank governor, Stefan Ingves, called for new legislation to secure public control over the payments system, arguing that being able to make and receive payments is a "collective good" like defense, the courts, or public statistics. "Most citizens would feel uncomfortable to surrender these social functions to private companies," he said. "It should be obvious that Sweden's preparedness would be weakened if, in a serious crisis or war, we had not decided in advance how households and companies would pay for fuel, supplies and other necessities." The report mentions a recently-released opinion poll, which found that seven out of 10 Swedes wanted to keep the option to use cash, while just 25% wanted a completely cashless society.

Read more of this story at Slashdot.

Facebook CEO Says Not Planning To Extend European Privacy Law Globally

Slashdot - Your Rights Online - Śr, 2018-04-04 03:30
Facebook CEO Mark Zuckerberg said on Tuesday that the social network had no immediate plans to apply a strict new European Union law on data privacy in its entirety to the rest of the world. The news comes as Facebook reels from a scandal over its handling of personal information of millions of its users. Reuters reports: Zuckerberg told Reuters in a phone interview that Facebook already complies with many parts of the law ahead of its implementation in May. He said the company wanted to extend privacy guarantees worldwide in spirit, but would make exceptions, which he declined to describe. His comments signals that U.S. Facebook users, many of them still angry over the company's handling of personal information, may soon find themselves in a worse position than Europeans. The European law, called the General Data Protection Regulation (GDPR), is the biggest overhaul of online privacy since the birth of the internet, giving Europeans the right to know what data is stored on them and the right to have it deleted. Asked what parts of the EU law he would not extend worldwide, Zuckerberg said: "We're still nailing down details on this, but it should directionally be, in spirit, the whole thing." He did not elaborate.

Read more of this story at Slashdot.

WhatsApp Public Groups Can Leave User Data Vulnerable To Scraping

Slashdot - Your Rights Online - Śr, 2018-04-04 00:10
An anonymous reader writes: WhatsApp differentiates itself from parent company Facebook by touting its end-to-end encryption. "Some of your most personal moments are shared with WhatsApp," the company writes on its website, so "your messages, photos, videos, voice messages, documents, and calls are secured from falling into the wrong hands." But WhatsApp members may not be aware that when using the app's Group Chat feature, their data can be harvested by anyone in the group. What is worse, their mobile numbers can be used to identify and target them. WhatsApp groups are designed to enable groups of up to 256 people to join a shared chat without having to go through a central administrator. Group originators can add contacts from their phones or create links enabling anyone to opt-in. These groups, which can be found through web searches, discuss topics as diverse as agriculture, politics, pornography, sports, and technology. Not all groups have links, but in those that do, anyone who finds the link can join the group. While all new joining members are announced to the group, they are not required to provide a name or otherwise identify themselves. This design could leave inattentive members open to targeting, as a new report from European researchers shows. WhatsApp is used by more than 1.2 billion users worldwide.

Read more of this story at Slashdot.