aggregator

Edward Snowden and EFF Slam Apple's Plans To Scan Messages and iCloud Images

Slashdot - Your Rights Online - So, 2021-08-07 00:50
Apple's plans to scan users' iCloud Photos library against a database of child sexual abuse material (CSAM) to look for matches and childrens' messages for explicit content has come under fire from privacy whistleblower Edward Snowden and the Electronic Frontier Foundation (EFF). MacRumors reports: In a series of tweets, the prominent privacy campaigner and whistleblower Edward Snowden highlighted concerns that Apple is rolling out a form of "mass surveillance to the entire world" and setting a precedent that could allow the company to scan for any other arbitrary content in the future. Snowden also noted that Apple has historically been an industry-leader in terms of digital privacy, and even refused to unlock an iPhone owned by Syed Farook, one of the shooters in the December 2015 attacks in San Bernardino, California, despite being ordered to do so by the FBI and a federal judge. Apple opposed the order, noting that it would set a "dangerous precedent." The EFF, an eminent international non-profit digital rights group, has issued an extensive condemnation of Apple's move to scan users' iCloud libraries and messages, saying that it is extremely "disappointed" that a "champion of end-to-end encryption" is undertaking a "shocking about-face for users who have relied on the company's leadership in privacy and security." The EFF highlighted how various governments around the world have passed laws that demand surveillance and censorship of content on various platforms, including messaging apps, and that Apple's move to scan messages and "iCloud Photos" could be legally required to encompass additional materials or easily be widened. "Make no mistake: this is a decrease in privacy for all "iCloud Photos" users, not an improvement," the EFF cautioned.

Read more of this story at Slashdot.

Infrastructure Bill Could Enable Government To Track Drivers' Travel Data

Slashdot - Your Rights Online - Pt, 2021-08-06 05:30
Presto Vivace shares a report from The Intercept: The Senate's $1.2 trillion bipartisan infrastructure bill proposes a national test program that would allow the government to collect drivers' data in order to charge them per-mile travel fees. The new revenue would help finance the Highway Trust Fund, which currently depends mostly on fuel taxes to support roads and mass transit across the country. Under the proposal, the government would collect information about the miles that drivers travel from smartphone apps, another on-board device, automakers, insurance companies, gas stations, or other means. For now, the initiative would only be a test effort -- the government would solicit volunteers who drive commercial and passenger vehicles -- but the idea still raises concerns about the government tracking people's private data. The bill would establish an advisory board to guide the program that would include officials representing state transportation departments and the trucking industry as well as data security and consumer privacy experts. As the four-year pilot initiative goes on, the Transportation and Treasury departments would also have to keep Congress informed of how they maintain volunteers' privacy and how the per-mile fee idea could affect low-income drivers. Still, [Sean Vitka, policy counsel at Demand Progress] said the concept could put Americans' private data at risk. "We already know the government is unable to keep data like this secure, which is another reason why the government maintaining a giant database of travel information about people in the United States is a bad idea." "If you think this is a bad idea, NOW would be a good time to let your Senators and representative know," says Slashdot reader Presto Vivace.

Read more of this story at Slashdot.

Apple Confirms It Will Begin Scanning iCloud Photos for Child Abuse Images

Slashdot - Your Rights Online - Cz, 2021-08-05 21:10
Apple will roll out a technology that will allow the company to detect and report known child sexual abuse material to law enforcement in a way it says will preserve user privacy. From a report: Apple told TechCrunch that the detection of child sexual abuse material (CSAM) is one of several new features aimed at better protecting the children who use its services from online harm, including filters to block potentially sexually explicit photos sent and received through a child's iMessage account. Another feature will intervene when a user tries to search for CSAM-related terms through Siri and Search. Most cloud services -- Dropbox, Google, and Microsoft to name a few -- already scan user files for content that might violate their terms of service or be potentially illegal, like CSAM. But Apple has long resisted scanning users' files in the cloud by giving users the option to encrypt their data before it ever reaches Apple's iCloud servers. Apple said its new CSAM detection technology -- NeuralHash -- instead works on a user's device, and can identify if a user uploads known child abuse imagery to iCloud without decrypting the images until a threshold is met and a sequence of checks to verify the content are cleared. News of Apple's effort leaked Wednesday when Matthew Green, a cryptography professor at Johns Hopkins University, revealed the existence of the new technology in a series of tweets. The news was met with some resistance from some security experts and privacy advocates, but also users who are accustomed to Apple's approach to security and privacy that most other companies don't have.

Read more of this story at Slashdot.

The State Department and 3 Other US Agencies Earn a D For Cybersecurity

Slashdot - Your Rights Online - Cz, 2021-08-05 05:30
An anonymous reader quotes a report from Ars Technica: Cybersecurity at eight federal agencies is so poor that four of them earned grades of D, three got Cs, and only one received a B in a report issued Tuesday by a US Senate Committee. "It is clear that the data entrusted to these eight key agencies remains at risk," the 47-page report stated. "As hackers, both state-sponsored and otherwise, become increasingly sophisticated and persistent, Congress and the executive branch cannot continue to allow PII and national security secrets to remain vulnerable." The report, issued by the Senate Committee on Homeland Security and Governmental Affairs, comes two years after a separate report found systemic failures by the same eight federal agencies in complying with federal cybersecurity standards. The earlier report (PDF) found that during the decade spanning 2008 to 2018, the agencies failed to properly protect personally identifiable information, maintain a list of all hardware and software used on agency networks, and install vendor-supplied security patches in a timely manner. The 2019 report also highlighted that the agencies were operating legacy systems that were costly to maintain and hard to secure. All eight agencies -- including the Social Security Administration and the Departments of Homeland Security, State, Transportation, Housing and Urban Development, Agriculture, Health and Human Services, and Education -- failed to protect sensitive information they stored or maintained. Tuesday's report, titled Federal Cybersecurity: America's Data Still at Risk, analyzed security practices by the same agencies for 2020. It found that only one agency had earned a grade of B for its cybersecurity practices last year. "What this report finds is stark," the authors wrote. "Inspectors general identified many of the same issues that have plagued Federal agencies for more than a decade. Seven agencies made minimal improvements, and only DHS managed to employ an effective cybersecurity regime for 2020. As such, this report finds that these seven Federal agencies still have not met the basic cybersecurity standards necessary to protect America's sensitive data." State Department systems, the auditors found, frequently operated without the required authorizations, ran software (including Microsoft Windows) that was no longer supported, and failed to install security patches in a timely manner. The department's user management system came under particular criticism because officials couldn't provide documentation of user access agreements for 60 percent of sample employees that had access to the department's classified network. "This network contains data which if disclosed to an unauthorized person could cause 'grave damage' to national security," the auditors write. "Perhaps more troubling, State failed to shut off thousands of accounts after extended periods of inactivity on both its classified and sensitive but unclassified networks. According to the Inspector General, some accounts remained active as long as 152 days after employees quit, retired, or were fired. Former employees or hackers could use those unexpired credentials to gain access to State's sensitive and classified information, while appearing to be an authorized user. The Inspector General warned that without resolving issues in this category, 'the risk of unauthorized access is significantly increased.'" Ars Technica adds that the Social Security Administration "suffered many of the same shortcomings, including a lack of authorization for many systems, use of unsupported systems, failure to Compile an Accurate and Comprehensive IT Asset Inventory, and Failure to Provide for the Adequate Protection of PII."

Read more of this story at Slashdot.

Senate Democrats To Introduce Legislation That Would Tax Energy Companies Responsible For Major Greenhouse Gas Emissions

Slashdot - Your Rights Online - Cz, 2021-08-05 04:02
Zack Budryk writes via The Hill: The Polluters Pay Climate Fund Act, sponsored by Sen. Chris Van Hollen (D-Md.), would require between 25 to 30 of the U.S. corporations responsible for the most greenhouse gas pollution to pay $300 billion into a fund over 10 years. The legislation would require companies to pay into the fund if they were responsible for at least .05 percent of global carbon dioxide and methane emissions between 2000 and 2019 based on data from the Treasury Department and Environmental Protection Agency. In a document shared with The Hill, Van Hollen's office estimated major companies such as Shell, ExxonMobil and Chevron would be taxed $5 billion to $6 billion annually under the bill. The Democratic senator pointed to other policies that could accompany the measure, such as carbon pricing and a clean-energy standard. The exact uses of the money in the fund have not yet been determined, Van Hollen said, adding there would be a public comment period. Possible uses include building more climate-resilient infrastructure, particularly in disadvantaged communities and communities of color. [...] After years of opposition, major institutions and trade groups like the American Petroleum Institute and the U.S. Chamber of Commerce have come out in favor of a tax on carbon emissions in recent months. However, Van Hollen's proposal would go further than that, specifically targeting major players like Exxon Mobil and Chevron. Further reading: Democrats Seek $500 Billion in Climate Damages From Big Polluting Companies (The New York Times)

Read more of this story at Slashdot.

The IRS Has Seized $1.2 Billion Worth of Cryptocurrency This Fiscal Year

Slashdot - Your Rights Online - Cz, 2021-08-05 03:25
The U.S. government regularly holds auctions for its stockpile of bitcoin, ethereum, litecoin and other cryptocurrencies it seizes and then holds in crypto wallets. "In fiscal year 2019, we had about $700,000 worth of crypto seizures. In 2020, it was up to $137 million. And so far in 2021, we're at $1.2 billion," said Jarod Koopman, director of the IRS' cybercrime unit. CNBC reports: As cybercrime picks up -- and the haul of digital tokens along with it -- government crypto coffers are expected to swell even further. Interviews with current and former federal agents and prosecutors suggest the U.S. has no plans to step back from its side hustle as a crypto broker. The crypto seizure and sale operation is growing so fast that the government just enlisted the help of the private sector to manage the storage and sales of its hoard of crypto tokens. [...] Once a case is closed and the crypto has been exchanged for fiat currency, the feds then divvy the spoils. The proceeds of the sale are typically deposited into one of two funds: The Treasury Forfeiture Fund or the Department of Justice Assets Forfeiture Fund. "The underlying investigative agency determines which fund the money goes to," said [Sharon Cohen Levin, who worked on the first Silk Road prosecution and spent 20 years as chief of the money laundering and asset forfeiture unit in the U.S. Attorney's Office for the Southern District of New York]. Koopman said the crypto traced and seized by his team accounts for roughly 60% to 70% of the Treasury Forfeiture Fund, making it the largest individual contributor. Once placed into one of these two funds, the liquidated crypto can then be put toward a variety of line items. Congress, for example, can rescind the money and put that cash toward funding projects. "Agencies can put in requests to gain access to some of that money for funding of operations," said Koopman. "We're able to put in a request and say, "We're looking for additional licenses or additional gear,' and then that's reviewed by the Executive Office of Treasury." Some years, Koopman's team receives varying amounts based on the initiatives proposed. Other years, they get nothing because Congress will choose to rescind all the money out of the account.

Read more of this story at Slashdot.

Google+ Class Action Starts Paying Out $2.15 For G+ Privacy Violations

Slashdot - Your Rights Online - Cz, 2021-08-05 01:20
Ron Amadeo writing via Ars Technica: Who remembers the sudden and dramatic death of Google+? Google's Facebook competitor and "social backbone" was effectively dead inside the company around 2014, but Google let the failed service hang around for years in maintenance mode while the company spun off standalone products. In 2018, The Wall Street Journal reported that Google+ had exposed the private data of "hundreds of thousands of users" for years, that Google knew about the problem, and that the company opted not to disclose the data leak for fear of regulatory scrutiny. In the wake of the report, Google was forced to acknowledge the data leak, and the company admitted that the "private" data of 500,000 accounts actually wasn't private. Since nobody worked on Google+ anymore, Google's "fix" for the bug was to close Google+ entirely. Then the lawsuits started. Today's class-action lawsuit, Matt Matic and Zak Harris v. Google, was filed in October 2018 and blames Google's "lax approach to data security" for the bugs. The complaint added, "Worse, after discovery of this vulnerability in the Google+ platform, Defendants kept silent for at least seven months, making a calculated decision not to inform users that their Personal Information was compromised, further compromising the privacy of consumers' information and exposing them to risk of identity theft or worse." The case website with full details is at googleplusdatalitigation.com. The case was settled in June 2020, with Google agreeing to pay out $7.5 million. After losing about half of that money to legal and administrative fees, and with 1,720,029 people filling out the right forms by the October 2020 deadline, the payout for each person is a whopping $2.15.

Read more of this story at Slashdot.

SEC Chair Calls On Congress To Help Rein In Crypto 'Wild West'

Slashdot - Your Rights Online - Wt, 2021-08-03 22:40
The chair of the U.S. Securities and Exchange Commission (SEC) on Tuesday called on Congress to give the agency more authority to better police cryptocurrency trading, lending and platforms, a "Wild West" he said is riddled with fraud and investor risk. Reuters reports: Gary Gensler said the crypto market involves many tokens which may be unregistered securities and leaves prices open to manipulation and millions of investors vulnerable to risks. "This asset class is rife with fraud, scams and abuse in certain applications," Gensler told a global conference. "We need additional Congressional authorities to prevent transactions, products and platforms from falling between regulatory cracks." The industry has been waiting with bated breath to see how Gensler, a Democratic appointee who took the SEC helm in April, will approach oversight of the market, which he has previously said should be brought within traditional financial regulation. On Tuesday, Gensler provided more insight on his thinking, saying he would like Congress to give the SEC the power to oversee cryptocurrency exchanges, which are not currently within the SEC's remit. He also called on lawmakers to give the SEC more power to oversee crypto lending, and platforms like peer-to-peer decentralized finance (DeFi) sites that allow lenders and borrowers to transact in cryptocurrencies without traditional banks. "If we don't address these issues, I worry a lot of people will be hurt."

Read more of this story at Slashdot.

Pegasus Spyware Found On Journalists' Phones, French Intelligence Confirms

Slashdot - Your Rights Online - Wt, 2021-08-03 04:02
French intelligence investigators have confirmed that Pegasus spyware has been found on the phones of three journalists, including a senior member of staff at the country's international television station France 24. Pegasus is the hacking software -- or spyware -- that is developed, marketed and licensed to governments around the world by NSO Group. The malware has the capability to infect billions of phones running either iOS or Android operating systems. It enables operators of the spyware to extract messages, photos and emails, record calls and secretly activate microphones. The Guardian reports: It is the first time an independent and official authority has corroborated the findings of an international investigation by the Pegasus project -- a consortium of 17 media outlets, including the Guardian. Forbidden Stories, a Paris-based nonprofit media organization, and Amnesty International initially had access to a leaked list of 50,000 numbers that, it is believed, have been identified as those of people of interest by clients of Israeli firm NSO Group since 2016, and shared access with their media partners. France's national agency for information systems security (Anssi) identified digital traces of NSO Group's hacking spyware on the television journalist's phone and relayed its findings to the Paris public prosecutor's office, which is overseeing the investigation into possible hacking. Anssi also found Pegasus on telephones belonging to Lenaig Bredoux, an investigative journalist at the French investigative website Mediapart, and the site's director, Edwy Plenel. Forbidden Stories believes at least 180 journalists worldwide may have been selected as people of interest in advance of possible surveillance by government clients of NSO. Le Monde reported that the France 24 journalist, based in Paris, had been selected for "eventually putting under surveillance." Police experts discovered the spyware had been used to target the journalist's phone three times: in May 2019, September 2020 and January 2021, the paper said. Bredoux told the Guardian that investigators had found traces of Pegasus spyware on both her and Plenel's mobile phones. She said the confirmation of long-held suspicions that they had been targeted contradicted the repeated denials of those who were believed to be behind the attempt to spy on them.

Read more of this story at Slashdot.

Australian Court Rules An AI Can Be Considered An Inventor On Patent Filings

Slashdot - Your Rights Online - Wt, 2021-08-03 01:20
An Australian Court has decided that an artificial intelligence can be recognized as an inventor in a patent submission. The Register reports: In a case brought by Stephen Thaler, who has filed and lost similar cases in other jurisdictions, Australia's Federal Court last month heard and decided that the nation's Commissioner of Patents erred when deciding that an AI can't be considered an inventor. Justice Beach reached that conclusion because nothing in Australia law says the applicant for a patent must be human. As Beach's judgement puts it: "... in my view an artificial intelligence system can be an inventor for the purposes of the Act. First, an inventor is an agent noun; an agent can be a person or thing that invents. Second, so to hold reflects the reality in terms of many otherwise patentable inventions where it cannot sensibly be said that a human is the inventor. Third, nothing in the Act dictates the contrary conclusion." The Justice also worried that the Commissioner of Patents' logic in rejecting Thaler's patent submissions was faulty. "On the Commissioner's logic, if you had a patentable invention but no human inventor, you could not apply for a patent," the judgement states. "Nothing in the Act justifies such a result." Justice Beach therefore sent Thaler's applications back to the Commissioner of Patents, with instructions to re-consider the reasons for their rejection. Thaler has filed patent applications around the world in the name of DABUS -- a Device for the Autonomous Boot-strapping of Unified Sentience. Among the items DABUS has invented are a food container and a light-emitting beacon.

Read more of this story at Slashdot.

The Push For a 'PBS For the Internet'

Slashdot - Your Rights Online - Wt, 2021-08-03 00:02
An anonymous reader quotes a report from Axios: The concept of a new media ecosystem that's non-profit, publicly funded and tech-infused is drawing interest in policy circles as a way to shift the power dynamics in today's information wars. Revamping the structure and role of public media could be part of the solution to shoring up local media, decentralizing the distribution of quality news, and constraining Big Tech platforms' amplification of harmful or false information. Congress in 1967 authorized federal operating money to broadcast stations through a new agency, the Corporation for Public Broadcasting, and what is now PBS launched down-the-middle national news programming and successful kids shows like "Mr. Rogers' Neighborhood" and "Sesame Street." NPR was born in 1971. Despite dust-ups over political interference of national programming and funding, hundreds of local community broadcast stations primarily received grants directly to choose which national programs to support. A new policy paper from the German Marshall Fund proposes a full revamp of the CPB to fund not just broadcast stations, but a wide range of digital platforms and potential content producers including independent journalists, local governments, nonprofits and educational institutions. The idea is to increase the diversity of local civic information, leaning on anchor institutions like libraries and colleges that communities trust. Beyond content, the plan calls for open protocol standards and APIs to let consumers mix and match the content they want from a wide variety of sources, rather than being at the mercy of Facebook, Twitter or YouTube algorithms. Data would be another crucial component. In order to operate, entities in the ecosystem would have to commit to basic data ethics and rules about how personal information is used.

Read more of this story at Slashdot.

Amazon Will Pay You $10 in Credit for Your Palm Print Biometrics

Slashdot - Your Rights Online - Pn, 2021-08-02 21:25
How much is your palm print worth? If you ask Amazon, it's about $10 in promotional credit if you enroll your palm prints in its checkout-free stores and link it to your Amazon account. From a report: Last year, Amazon introduced its new biometric palm print scanners, Amazon One, so customers can pay for goods in some stores by waving their palm prints over one of these scanners. By February, the company expanded its palm scanners to other Amazon grocery, book and 4-star stores across Seattle. Amazon has since expanded its biometric scanning technology to its stores across the U.S., including New York, New Jersey, Maryland, and Texas. The retail and cloud giant says its palm scanning hardware "captures the minute characteristics of your palm -- both surface-area details like lines and ridges as well as subcutaneous features such as vein patterns -- to create your palm signature," which is then stored in the cloud and used to confirm your identity when youâ(TM)re in one of its stores.

Read more of this story at Slashdot.

Banned Chinese Facial Recognition Technology Was Used in Search for US Protesters

Slashdot - Your Rights Online - Pn, 2021-08-02 13:34
Some protesters in Minnesota set a fire last year. But then the surveillance footage from that day "set off a nearly yearlong, international manhunt...involving multiple federal agencies and Mexican police. The pursuit also involved a facial recognition system made by a Chinese company that has been blacklisted by the U.S. government." The New York Times tells the story of the couple who was eventually arrested: Ms. Yousif gave birth while on the run, and was separated from her baby for four months by the authorities. To prosecutors, the pursuit of Mr. Felan, who was charged with arson, and Ms. Yousif, who was charged with helping him flee, was a routine response to a case of property destruction... But beyond the prosecutorial aftermath of the racial justice protests, the eight-month saga of a young Minnesota couple exposed an emerging global surveillance system that might one day find anyone, anywhere, the technology traveling easily over borders while civil liberties struggle to keep pace... They drove, heading south on Interstate 35, a highway that runs down the middle of the country, stretching from Duluth, Minn., on Lake Superior, to Laredo, Texas, on the Mexican border. They had made their way through Iowa and just hit the northern part of Missouri, 300 miles from Rochester, when police first caught up with them. A warrant had been issued for Mr. Felan's arrest, allowing the authorities to ping his cellphone to locate him. According to a court document, late on a Monday night, more than a week after the events in St. Paul, local police in rural western Missouri, who were asked to go where the phone was pinging, stopped a black S.U.V. registered to Mr. Felan. Ms. Yousif was driving, and said she didn't know where Mr. Felan was. The police let her go... Over the next week, police kept pinging the location of Mr. Felan's phone but kept missing him. According to a court document, he sent a message to his brother in Texas saying he was turning it off between messages, worried about being tracked; the couple eventually bought new phones... On a Friday night in mid-June 2020, a surveillance camera at a Holiday Inn outside San Antonio captured Ms. Yousif and Mr. Felan driving his mother's brown Toyota Camry into the hotel's parking lot. They got out of the car, walked outside the view of the camera and then disappeared... Later in Mexico, at a meeting with law enforcement officials in Coahuila, Federico Pérez Villoro, an investigative journalist, remembers meeting a government employee in charge of Mexico's first large-scale facial recognition system who'd said America's FBI had asked them for help finding people accused of terrorism. This is significant because they were using the Dahua surveillance system from China, that's partly state-owned and "blacklisted by the U.S. government in 2019...According to a notice in the Federal Register, Dahua's products were used in "China's campaign of repression, mass arbitrary detention and high-technology surveillance" against Uighurs and other Muslim minority groups." Ironically, in the end it wasn't the $30 million system that identified the couple, according to the U.S. Justice Department. It was somebody who'd contacted them directly to collect the $20,000 reward. "But the technology is spreading globally, in part because China is aggressively marketing it abroad, said Marc Rotenberg, president of the Center for A.I. and Digital Policy, a nonprofit in Washington.... China is marketing mass surveillance technology to its trading partners in Africa, Asia and South America, he explained, pitching it as a way to minimize crime and promote public order in major metropolitan areas." In a 2019 report on video analytics, the American Civil Liberties Union argued that millions of surveillance cameras installed in recent decades are "waking up" thanks to automation, such as facial recognition technology, which allows them to not just record, but to analyze what is happening and flag what they see...

Read more of this story at Slashdot.

To Fight Vaccine Misinformation, US Recruits an 'Influencer Army'

Slashdot - Your Rights Online - Pn, 2021-08-02 06:34
The New York Times tells the story of 17-year-old Ellie Zeiler, a TikTok creator with over 10 million followers, who received an email in June from Village Marketing, an influencer marketing agency. "It said it was reaching out on behalf of another party: the White House." Would Ms. Zeiler, a high school senior who usually posts short fashion and lifestyle videos, be willing, the agency wondered, to participate in a White House-backed campaign encouraging her audience to get vaccinated against the coronavirus...? Ms. Zeiler quickly agreed, joining a broad, personality-driven campaign to confront an increasingly urgent challenge in the fight against the pandemic: vaccinating the youthful masses, who have the lowest inoculation rates of any eligible age group in the United States... To reach these young people, the White House has enlisted an eclectic army of more than 50 Twitch streamers, YouTubers, TikTokers and the 18-year-old pop star Olivia Rodrigo, all of them with enormous online audiences. State and local governments have begun similar campaigns, in some cases paying "local micro influencers" — those with 5,000 to 100,000 followers — up to $1,000 a month to promote Covid-19 vaccines to their fans. The efforts are in part a counterattack against a rising tide of vaccine misinformation that has flooded the internet, where anti-vaccine activists can be so vociferous that some young creators say they have chosen to remain silent on vaccines to avoid a politicized backlash... State and local governments have taken the same approach, though on a smaller scale and sometimes with financial incentives. In February, Colorado awarded a contract worth up to $16.4 million to the Denver-based Idea Marketing, which includes a program to pay creators in the state $400 to $1,000 a month to promote the vaccines... Posts by creators in the campaign carry a disclosure that reads "paid partnership with Colorado Dept. of Public Health and Environment...." Other places, including New Jersey, Oklahoma City County and Guildford County, N.C., as well as cities like San Jose, Calif., have worked with the digital marketing agency XOMAD, which identifies local influencers who can help broadcast public health information about the vaccines. In another article, the Times notes that articles blaming Bill Gates for the pandemic appeared on two local news sites (one in Atlanta, and one in Phoenix) that "along with dozens of radio and television stations, and podcasts aimed at local audiences...have also become powerful conduits for anti-vaccine messaging, researchers said."

Read more of this story at Slashdot.

The Case for Another Antitrust Action Against Microsoft

Slashdot - Your Rights Online - Pn, 2021-08-02 03:34
"Since its own brush with antitrust regulation decades ago, Microsoft has slipped past significant scrutiny," argues a new article from The Atlantic. But it also asks if there's now a case for another antitrust action — or if we're convinced instead that "The company is reluctantly guilty of the sin of bigness, yes, but it is benevolent, don't you see? Reformed, even! No need to cast your pen over here!" Right now, it's not illegal to be big. It's not illegal to be really big. In fact, it's not even illegal to be a monopoly. Current antitrust law allows for the possibility that you might be the sole player in your industry because you're just that well managed and your product is just that good, or it's just cost-prohibitive for any other company to compete with you. Think power utilities, such as Duke Energy, or the TV and internet giant Comcast. Antitrust law comes into play only if you use your monopoly to suppress competition or to charge unfairly high prices. (If this feels like a legal tautology, it sort of is: Who's to know what's a fair price if there isn't any competition? Nevertheless, here we are...) Yet if bigness alone is enough to draw scrutiny, Microsoft must draw it. Courts have disagreed on what size market share a product or company must own to be considered a monopoly, but the historical benchmark is about 75 percent. Estimates vary as to what percentage of computers run Microsoft's Windows operating system, but Gartner research puts it as high as 83 percent... Biden, Khan, Senator Amy Klobuchar, and others are asking whether consumers suffer any nonfinancial harm from this lack of competition. Is switching from Windows to Apple's Mac OS unnecessarily hard? Is Windows as good a product as it would be if it faced more robust competition? When Windows has major security flaws, for example, billions of customers and companies are impacted, because of its market share. If we're wondering whether crappy airline experiences are a competition problem, should the same question apply to crappy computer security? In fact, in areas where Microsoft faces strong competition, it's reverting to some of the behaviors that got it sued in the '90s — namely, bundling. Microsoft and Amazon are essentially a duopoly when it comes to cloud services... Microsoft offers its big business customers an "integrated ecosystem" of Windows, Office, and its back-end cloud services; some analysts even point to this as a reason to keep buying Microsoft stock. That's just smart business, right? Yes, unless you're at a disadvantage by not taking the bundle. Some customers have complained that Microsoft charges extra for some Windows licenses if you're not using its cloud-computing business, Azure... Microsoft does much more that we're happy to call "evil" when other companies are involved. It defied its own workers in favor of contracts with the Department of Defense; it's been quietly doing lots of business with China for decades, including letting Beijing censor results on its Bing search engine and developing AI that critics say can be used for surveillance and repression; it reportedly tried to sell facial-recognition technology to the DEA. So why does none of it stick? Well, partly because it's possible that Microsoft isn't actually doing anything wrong, from a legal perspective. Yet it's so big and so dominant and owns so much expensive physical infrastructure that hardly any company can compete with it. Is that illegal? Should it be? It's now the world's second largest tech company by market valuation — over $2 trillion and even ahead of Google, Amazon, Facebook, and Tesla (and behind only Apple). For the three months ended in June, Microsoft's net income rose 47% over the same period a year ago, according to TechCrunch, with a revenue for just those three months of $46.2 billion. The Atlantic argues Microsoft has successfully rebranded itself as nice and a little boring, while playing up the fact that it lost a decade in consumer markets like smartphones because it was distracted by its last antitrust lawsuit. Yet meanwhile it's acquired major tech brands like LinkedIn, Minecraft, Skype, and even attempted to buy TikTok, Pinterest, and Discord (as well as "almost two dozen game-development studios to beef up its Xbox offerings"). And of course, GitHub.

Read more of this story at Slashdot.

Zoom Agrees to $85M Settlement in Possible Class Action Over Data-Sharing, Zoombombing

Slashdot - Your Rights Online - Pn, 2021-08-02 01:20
Zoom has agreed to pay $85 million — and to bolster its security practices — to settle a lawsuit that had claimed Zoom violated users' privacy rights by sharing their personal data with Facebook, Google and LinkedIn, and by failing to stop Zoombombing. Engadget reports: The preliminary settlement also requires tougher security measures, such as warning about participants with third-party apps and offering special privacy-oriented training to Zoom staff. Judge Lucy Koh said the company was largely protected against zoombombing claims thanks to the Communications Decency Act's Section 230 safeguards against liability for users' actions. The settlement could also lead to payouts if the lawsuit achieves a proposed class action status, but don't expect a windfall. Subscribers would receive a refund of either 15 percent or $25, whichever was larger, while everyone else would receive as much as $15. Lawyers intended to collect up to $21.25 million in legal costs.

Read more of this story at Slashdot.

Russia's 'Nonsensical, Impossible Quest' to Create Its Own Domestic Internet

Slashdot - Your Rights Online - N, 2021-08-01 20:49
"It was pretty strange when Russia decided to announce last week that it had successfully run tests between June 15 and July 15 to show it could disconnect itself from the internet," writes an associate professor of cybersecurity policy at Tufts Fletcher School of Law and Diplomacy. The tests seem to have gone largely unnoticed both in and outside of Russia, indicating that whatever entailed did not involve Russia actually disconnecting from the global internet... since that would be impossible to hide. Instead, the tests — and, most of all, the announcement about their success — seem to be intended as some kind of signal that Russia is no longer dependent on the rest of the world for its internet access. But it's not at all clear what that would even mean since Russia is clearly still dependent on people and companies in other countries for access to the online content and services they create and host — just as we all are... For the past two years, ever since implementing its "sovereign internet law" in 2019, Russia has been talking about establishing its own domestic internet that does not rely on any infrastructure or resources located outside the country. Presumably, the tests completed this summer are related to that goal of being able to operate a local internet within Russia that does not rely on the global Domain Name System to map websites to specific IP addresses. This is not actually a particularly ambitious goal — any country could operate its own domestic internet with its own local addressing system if it wanted to do so instead of connecting to the larger global internet... The Center for Applied Internet Data Analysis at the University of California San Diego maintains an Internet Outage Detection and Analysis tool that combines three data sets to identify internet outages around the world... The data sets for Russia from June 15 through July 15, the period of the supposed disconnection tests, shows few indications of any actual disconnection other than a period around July 5 when unsolicited traffic from Russia appears to have dropped off. Whatever Russia did this summer, it did not physically disconnect from the global internet. It doesn't even appear to have virtually disconnected from the global internet in any meaningful sense. Perhaps it shifted some of its critical infrastructure systems to rely more on domestic service providers and resources. Perhaps it created more local copies of the addressing system used to navigate the internet and tested its ability to rely on those. Perhaps it tested its ability to route online traffic within the country through certain chokepoints for purposes of better surveillance and monitoring. None of those are activities that would be immediately visible from outside the country and all of them would be in line with Russia's stated goals of relying less on internet infrastructure outside its borders and strengthening its ability to monitor online activity. But the goal of being completely independent of the rest of the world's internet infrastructure while still being able to access the global internet is a nonsensical and impossible one. Russia cannot both disconnect from the internet and still be able to use all of the online services and access all of the websites hosted and maintained by people in other parts of the world, as appears to have been the case during the monthlong period of testing... Being able to disconnect your country from the internet is not all that difficult — and certainly nothing to brag about. But announcing that you've successfully disconnected from the internet when it's patently clear that you haven't suggests both profound technical incompetence and a deep-seated uncertainty about what a domestic Russian internet would actually mean.

Read more of this story at Slashdot.

UK Pharmaceutical Firm Fined For Hiking Drug Price 6,000%

Slashdot - Your Rights Online - N, 2021-08-01 13:34
Slashdot reader Bruce66423 shares a report from the Guardian: The UK's competition watchdog has imposed fines of more than £100m on the pharmaceutical company Advanz and its former private equity owners after it was found to have inflated the price of its thyroid tablets by up to 6,000%. An investigation by the Competition and Markets Authority (CMA) found that the private-equity backed pharmaceutical company charged "excessive and unfair prices" for liothyronine tablets, which are used to treat thyroid hormone deficiency. Advanz took advantage of limited competition in the market from 2007 to bring in sustained price hikes for the drug, often used by patients with depression and fatigue, of more than 6,000% in the space of 10 years, according to the investigation. The CMA said that between 2007 and 2017, the price paid by the National Health Service for liothyronine tablets rose from £4.46 to £258.19, a rise of almost 6,000%, while production costs remained broadly stable... Dr Andrea Coscelli, the CMA's chief executive, said: "Advanz's decision to ratchet up the price of liothyronine tablets and impose excessive and unfair prices for over eight years came at a huge cost to the NHS, and ultimately to UK taxpayers. "But that wasn't all. It also meant that people dealing with depression and extreme fatigue, as a result of their thyroid conditions, were told they could not continue to receive the most effective treatment for them due its increased price."

Read more of this story at Slashdot.

US Justice Department Says Russians Hacked Its Federal Prosecutors

Slashdot - Your Rights Online - So, 2021-07-31 23:34
In January America's federal Justice Department said there was no evidence that Russian hackers behind the massive SolarWinds breach had accessed classified systems, remembers the Associated Press. But today? The department said 80% of Microsoft email accounts used by employees in the four U.S. attorney offices in New York were breached. All told, the Justice Department said 27 U.S. Attorney offices had at least one employee's email account compromised during the hacking campaign. The Justice Department said in a statement that it believes the accounts were compromised from May 7 to Dec. 27, 2020. Such a timeframe is notable because the SolarWinds campaign, which infiltrated dozens of private-sector companies and think tanks as well as at least nine U.S. government agencies, was first discovered and publicized in mid-December... Jennifer Rodgers, a lecturer at Columbia Law School, said office emails frequently contained all sorts of sensitive information, including case strategy discussions and names of confidential informants, when she was a federal prosecutor in New York. "I don't remember ever having someone bring me a document instead of emailing it to me because of security concerns," she said, noting exceptions for classified materials... The Associated Press previously reported that SolarWinds hackers had gained access to email accounts belonging to the then-acting Homeland Security Secretary Chad Wolf and members of the department's cybersecurity staff...

Read more of this story at Slashdot.

After YouTube-dl Incident, GitHub's DMCA Process Now Includes Free Legal Help

Slashdot - Your Rights Online - So, 2021-07-31 16:34
"GitHub has announced a partnership with the Stanford Law School to support developers facing takedown requests related to the Digital Millennium Copyright Act (DMCA)," reports VentureBeat: While the DMCA may be better known as a law for protecting copyrighted works such as movies and music, it also has provisions (17 U.S.C. 1201) that criminalize attempts to circumvent copyright-protection controls — this includes any software that might help anyone infringe DMCA regulations. However, as with the countless spurious takedown notices delivered to online content creators, open source coders too have often found themselves in the DMCA firing line with little option but to comply with the request even if they have done nothing wrong. The problem, ultimately, is that freelance coders or small developer teams often don't have the resources to fight DMCA requests, which puts the balance of power in the hands of deep-pocketed corporations that may wish to use DMCA to stifle innovation or competition. Thus, GitHub's new Developer Rights Fellowship — in conjunction with Stanford Law School's Juelsgaard Intellectual Property and Innovation Clinic — seeks to help developers put in such a position by offering them free legal support. The initiative follows some eight months after GitHub announced it was overhauling its Section 1201 claim review process in the wake of a takedown request made by the Recording Industry Association of America (RIAA), which had been widely criticized as an abuse of DMCA... [M]oving forward, whenever GitHub notifies a developer of a "valid takedown claim," it will present them with an option to request free independent legal counsel. The fellowship will also be charged with "researching, educating, and advocating on DMCA and other legal issues important for software innovation," GitHub's head of developer policy Mike Linksvayer said in a blog post, along with other related programs. Explaining their rationale, GitHub's blog post argues that currently "When developers looking to learn, tinker, or make beneficial tools face a takedown claim under Section 1201, it is often simpler and safer to just fold, removing code from public view and out of the common good. "At GitHub, we want to fix this."

Read more of this story at Slashdot.