aggregator

Online free speech has been given a victory, with a federal court ruling that a Redditor can remain anonymous in a copyright lawsuit. From a report: This means anyone from around the globe who posts on Reddit can still rely on First Amendment protections for anonymous free speech, because Reddit is a US platform with a US audience. The Electronic Frontier Foundation fought on behalf of Reddit commenter Darkspilver, a Jehovah's Witness who posted public and internal documents from The Watch Tower Bible and Tract Society online. Watch Tower subpoenaed Reddit to provide identity information on Darkspilver for the court case, but the EFF filed a motion to quash this, citing "deep concerns that disclosure of their identity would cause them to be disfellowshipped by their community." In February 2019, Darkspilver posted an advertisement by the Jehovah's Witness organization that asks for donations, as well as a chart showing what personal data the organization keeps. Watch Tower said both of these were copyrighted items. The Redditor argued it was fair use, because he posted the ad for commentary and criticism purposes.

Read more of this story at Slashdot.

Wikmedia, the foundation that runs Wikipedia said Thursday it had filed a lawsuit with the European Court of Human Rights to lift Turkey's two-year block on the online encyclopedia. From a report: Wikipedia said the ban violates fundamental freedoms, including the right to freedom of expression, which is guaranteed under the European Convention. The application, which was announced today during a press call, comes after Wikipedia's "continued and exhaustive" attempts to overturn the ban in Turkish courts failed to bear fruit. "Wikipedia is a global resource that everyone can be actively part of shaping," said Katherine Maher, Wikimedia executive director. "It is through this collective process of writing and rewriting and debate that Wikipedia becomes more useful, more comprehensive, and more representative. It is also through this process that we, a global society, establish a more comprehensive consensus on how we see the world." Turkey rolled out a blanket ban on Wikipedia citing national security concerns, in a move that has been widely condemned as a crackdown on free speech.

Read more of this story at Slashdot.

An anonymous reader shares a report: If you're taking a trip in to or out of the US, border agents currently have free rein to search through your digital devices. Unlike police, agents don't need a warrant to look through your phones, laptops and other electronics. Two US senators are hoping to change that with a bipartisan bill. Sen. Ron Wyden, a Democrat from Oregon, and Sen. Rand Paul, a Republican from Kentucky, on Wednesday introduced the Protecting Data at the Border Act, which would require agents to obtain a warrant before they can search Americans' devices at the border. The number of electronic searches at the border has spiked in the last four years. In 2018, the Department of Homeland Security conducted more than 33,000 searches on devices, compared with 4,764 searches in 2015. Customs and Border Protection declined to comment. "The border is quickly becoming a rights-free zone for Americans who travel. The government shouldn't be able to review your whole digital life simply because you went on vacation, or had to travel for work," Wyden said in a statement.

Read more of this story at Slashdot.

CNEX Labs, a Silicon Valley startup backed by Microsoft and Dell, is accusing high-level Huawei executive Eric Xu of participating in a conspiracy to steal its trade secrets (Warning: source paywalled; alternative source), reports The Wall Street Journal. From a report: The Journal quotes a newly released hearing transcript that offers some details in a largely locked-down trial. According to its write-up, CNEX claims that Xu -- one of Huawei's rotating chairmen -- "directed a Huawei engineer to analyze Cnex's technical information." The engineer then allegedly posed as a potential CNEX customer to obtain details about its operations. CNEX also says that Xu was briefed on a plot to surreptitiously gather information from Xiamen University, which had obtained a computer memory board from CNEX. According to the Journal, Huawei lawyers admitted that Xu had been "in the chain of command that had requested" information about CNEX, but they denied that any trade secrets had been stolen. Huawei originally filed a lawsuit against CNEX co-founder Yiren "Ronnie" Huang in 2017, claiming Huang -- who left Huawei in 2013 -- had poached employees and used its patents to build CNEX's solid-state drive technology. CNEX counter-sued, claiming that Huawei had misappropriated its tech and was trying to gather even more information through the lawsuit.

Read more of this story at Slashdot.

PolygamousRanchKid shares an excerpt from a report via The Economist: Most online fraud involves identity theft, which is why businesses that operate on the web have a keen interest in distinguishing impersonators from genuine customers. Passwords help. But many can be guessed or are jotted down imprudently. Newer phones, tablets, and laptop and desktop computers often have beefed-up security with fingerprint and facial recognition. But these can be spoofed. To overcome these shortcomings the next level of security is likely to identify people using things which are harder to copy, such as the way they walk. Many online security services already use a system called device fingerprinting. This employs software to note things like the model type of a gadget employed by a particular user; its hardware configuration; its operating system; the apps which have been downloaded onto it; and other features, including sometimes the Wi-Fi networks it regularly connects through and devices like headsets it plugs into. LexisNexis Risk Solutions, an American analytics firm, has catalogued more than 4 billion phones, tablets and other computers in this way for banks and other clients. Roughly 7% of them have been used for shenanigans of some sort. But device fingerprinting is becoming less useful. Apple, Google and other makers of equipment and operating systems have been steadily restricting the range of attributes that can be observed remotely. That is why a new approach, behavioral biometrics, is gaining ground. It relies on the wealth of measurements made by today's devices. These include data from accelerometers and gyroscopic sensors, that reveal how people hold their phones when using them, how they carry them and even the way they walk. Touchscreens, keyboards and mice can be monitored to show the distinctive ways in which someone's fingers and hands move. Sensors can detect whether a phone has been set down on a hard surface such as a table or dropped lightly on a soft one such as a bed. If the hour is appropriate, this action could be used to assume when a user has retired for the night. These traits can then be used to determine whether someone attempting to make a transaction is likely to be the device's habitual user. If used wisely, the report says behavioral biometrics could be used to authenticate account-holders without badgering them for additional passwords or security questions; it could even be used for unlocking the doors of a vehicle once the gait of the driver, as measured by his phone, is recognized, for example. "Used unwisely, however, the system could become yet another electronic spy, permitting complete strangers to monitor your actions, from the moment you reach for your phone in the morning, to when you fling it on the floor at night," the report adds.

Read more of this story at Slashdot.

Millions of golfer records from the Game Golf app, including GPS details from courses played, usernames and passwords, and even Facebook login data, were all exposed for anyone with an internet browser to see -- a veritable hole-in-one for a cyberattacker looking to build profiles for potential victims, to be used in follow-on social-engineering attacks. Threatpost reports: Security Discovery researcher Bob Diachenko recently ran across an Elastic database that was not password-protected and thus visible in any browser. Further inspection showed that it belongs to Game Golf, which is a family of apps developed by San Francisco-based Game Your Game Inc. Game Golf comes as a free app, as a paid pro version with coaching tools and also bundled with a wearable. It's a straightforward analyzer for those that like to hit the links -- tracking courses played, GPS data for specific shots, various player stats and so on -- plus there's a messaging and community function, and an optional "caddy" feature. It's popular, too: It has 50,000+ installs on Google Play. Unfortunately, Game Golf landed its users in a sand trap of privacy concerns by not securing the database: Security Discovery senior security researcher Jeremiah Fowler said that the bucket included all of the aforementioned analyzer information, plus profile data like usernames and hashed passwords, emails, gender, and Facebook IDs and authorization tokens. In all, the exposure consisted of millions of records, including details on "134 million rounds of golf, 4.9 million user notifications and 19.2 million records in a folder called 'activity feed,'" Fowler said. The database also contained network information for the company: IP addresses, ports, pathways and storage info that "cybercriminals could exploit to access deeper into the network," according to Fowler, writing in a post on Tuesday. No word on whether malicious players took a swing at the data, as it were, but the sheer breadth of the information that the app gathers is concerning, Fowler noted.

Read more of this story at Slashdot.

Two Amazon shareholder proposals about the company's controversial facial recognition technology failed to pass Wednesday, following a concerted push by civil rights groups and activist investors. From a report: One proposal would have banned Amazon from selling its Rekognition technology to government agencies unless it first determines the software doesn't infringe on civil liberties. The other proposal called for an independent study of the potential privacy and human rights violations caused by Rekognition. Both proposals were presented at Amazon's annual shareholder meeting in Seattle on Wednesday. The company said it isn't disclosing the vote tallies until this Friday. "The fact that there needed to be a vote on this is an embarrassment for Amazon's leadership team. It demonstrates shareholders do not have confidence that company executives are properly understanding or addressing the civil and human rights impacts of its role in facilitating pervasive government surveillance," Shankar Narayan, the American Civil Liberties Union of Washington's Technology and Liberty Project director, said in a statement. "While we have yet to see the exact breakdown of the vote, this shareholder intervention should serve as a wake-up call for the company to reckon with the real harms of face surveillance and to change course." Both proposals, which were non-binding, were long shots to pass, since Amazon's board said it was against the proposals. Major shareholders typically follow such positions to show support for the board. Also, CEO Jeff Bezos, Amazon's board chairman, is the company's biggest shareholder, controlling about 16% of its stock, and wasn't expected to vote for either proposal.

Read more of this story at Slashdot.

On May 14, San Francisco became the first US city to ban police and government agencies from using facial recognition. On May 22, Amazon shareholders will vote on whether to restrict the company's sale of its own facial recognition software. But at cruise operator Royal Caribbean, facial recognition still has plenty of potential. From a report: Like some airlines, Royal Caribbean has started to roll out facial recognition and other technologies to streamline its boarding process. The company's SVP of digital, Jay Schneider, tells Quartz that the typical wait time to board is 10 minutes with a mobile boarding pass; less if the passenger opts into facial recognition by uploading a "security selfie." Before those additions, he says the typical wait time was around 90 minutes. "We wanted it to be a welcoming experience, such that the agent knows who you are when you're getting there," Schneider says, adding that the company wants to turn facial recognition "not into a stop and frisk moment, but into a way to welcome you on vacation, answer any questions, and let me just get you on your way." As people churn through the line faster with mobile boarding passes and facial recognition, the rest of the line benefits as well -- that 90-minute wait will average more like 20 minutes for even those passengers boarding the old-fashioned way. Schneider says Royal Caribbean deletes security selfies at the end of each trip, to avoid storing data any longer than necessary. Royal Caribbean has also rolled out mobile boarding to board its crew members; Schneider says the technology saves the company 50,000 crew hours each year.

Read more of this story at Slashdot.

The Environmental Protection Agency plans to change the way it calculates the health risks of air pollution, a shift that would make it easier to roll back a key climate change rule because it would result in far fewer predicted deaths from pollution, New York Times reported this week, citing five people with knowledge of the agency's plans. From the report: The E.P.A. had originally forecast that eliminating the Obama-era rule, the Clean Power Plan, and replacing it with a new measure would have resulted in an additional 1,400 premature deaths per year. The new analytical model would significantly reduce that number and would most likely be used by the Trump administration to defend further rollbacks of air pollution rules if it is formally adopted. The proposed shift is the latest example of the Trump administration downgrading the estimates of environmental harm from pollution in regulations. In this case, the proposed methodology would assume there is little or no health benefit to making the air any cleaner than what the law requires. Many experts said that approach was not scientifically sound and that, in the real world, there are no safe levels of the fine particulate pollution associated with the burning of fossil fuels.

Read more of this story at Slashdot.

Qualcomm illegally suppressed competition in the market for smartphone chips by threatening to cut off supplies and extracting excessive licensing fees, a U.S. judge ruled, a decision that could force the company to overhaul its business practices. From a report: The decision issued late Tuesday night by U.S. District Judge Lucy Koh in San Jose, California, caused Qualcomm shares to plunge 9.5 percent in early trading on Wednesday. "Qualcomm's licensing practices have strangled competition" in parts of the chip market for years, harming rivals, smartphone makers, and consumers, Koh wrote in a 233-page decision. She ordered the San Diego-based company to renegotiate licensing agreements at reasonable prices, without threatening to cut off supplies, and ordered that it be monitored for seven years to ensure its compliance. Qualcomm said it will immediately ask Koh to put her decision on hold, and also seek a quick appeal to the federal appeals court in California. "We strongly disagree with the judge's conclusions, her interpretation of the facts and her application of the law," general counsel Don Rosenberg said in a statement.

Read more of this story at Slashdot.

An anonymous reader quotes a report from CNBC: The U.S. administration is considering limits to Chinese video surveillance firm Hikvision's ability to buy U.S. technology, the New York Times reported on Tuesday, in a move that deepens worries about trade frictions between the world's two top economies. The move would effectively place Hikvision on a U.S. blacklist and U.S. companies may have to obtain government approval to supply components to Hikvision, the paper said. The U.S. Commerce Department blocked Huawei Technologies from buying U.S. goods last week, effectively banning U.S. companies from doing business with the Chinese firm, a major escalation in the trade war, saying Huawei was involved in activities contrary to national security. Hikvision and Dahua Technology which produce audio-visual equipment that can be used for surveillance were specifically cited in a letter to Trump's top advisers last month, signed by more than 40 lawmakers. The lawmakers said China's actions in its western region of Xinjiang "may constitute crimes against humanity" and urged tighter U.S. export controls to ensure that U.S. companies are not assisting the Chinese government's crackdown there. The issue stems around the facilities in China that "U.N. experts describe as mass detention centers holding more than 1 million ethnic Uighurs and other Muslims," reports CNBC. "Beijing has said its measures in Xinjiang, which are also reported to include widespread surveillance of the population, are aimed at stemming the threat of Islamist militancy. The facilities or camps that have opened are vocational training centers, the government has said."

Read more of this story at Slashdot.

Governor Jay Inslee signed legislation Tuesday making Washington the first state to approve composting as an alternative to burying or cremating human remains. The Associated Press reports: It allows licensed facilities to offer "natural organic reduction," which turns a body, mixed with substances such as wood chips and straw, into about two wheelbarrows' worth of soil in a span of several weeks. Loved ones are allowed to keep the soil to spread, just as they might spread the ashes of someone who has been cremated -- or even use it to plant vegetables or a tree. Supporters say the method is an environmentally friendly alternative to cremation, which releases carbon dioxide and particulates into the air, and conventional burial, in which people are drained of their blood, pumped full of formaldehyde and other chemicals that can pollute groundwater, and placed in a nearly indestructible coffin, taking up land. State law previously dictated that remains be disposed of by burial or cremation. The law, which takes effect in May 2020, added composting as well as alkaline hydrolysis, a process already legal in 19 other states. The latter uses heat, pressure, water and chemicals like lye to reduce remains.

Read more of this story at Slashdot.

Bill Hanvey, president and CEO of the Auto Care Association, argues that car owners (or lessees) should be the only ones who can control their car's data. "He or she should be aware of the data the car transmits, have control over it and determine who can see it," Hanvey writes. Many have argued this position for the privacy angle, but Harvey takes a different facet of this conversation, pointing out that carmakers control our data to limit where we get repairs or services done. If policymakers don't act on behalf of consumers, Hanvey writes, car and truck owners may be forced to go to select service centers for repairs, circumventing the more than 180,000 independent repair shops across the country that have all the tools needed to work on today's newest cars, but lack access to the necessary diagnostic information needed to complete the job. An anonymous reader shares the report: Because of the increasing complexity of cars and the Internet of Things, data is critical to repair and service. When carmakers control the data, they can choose which service centers receive our information. They're more likely to share our data exclusively with their branded dealerships than with independent repair shops, which could have the edge in price and convenience. However, independent repair shops currently make 70 percent of outside warranty repairs throughout the country. There are more than 180,000 independent repair shops across the country; most have all the tools needed to work on today's connected and complex cars, and most of today's highly trained service technicians can perform anything from basic tuneups to sophisticated electronic diagnostics. But without access to car data, they're working blindfolded, unable to see the diagnostic information they need. The solution is simple. The only person who should control car data is the car owner (or lessee). He or she should be aware of the data the car transmits, have control over it and determine who can see it. Digitization of the auto industry is, ultimately, a good thing. Today's connected cars are paving the way for autonomous vehicles and vehicle-to-vehicle communications, and eventually vehicle-to-infrastructure communications making our roads safer. But unlike Alexa and Nest, consumers are unaware of the degree to which their own car collects and processes data. It's clear, because of its value -- as high as $750 billion by 2030 -- carmakers have no incentive to release control of the data collected from our vehicles. Policymakers, however, have the opportunity to give drivers control -- not just so that they can keep their data private but also so that they can share it with the people they want to see it. This will let car owners maintain what they've had for a century: the right to decide who fixes their car.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Vice: A collection of unelected lawyers [from the American Law Institute] this week is quietly pushing a new proposal that could dramatically erode your legal rights, leaving you at the mercy of giant corporations eager to protect themselves from accountability. Occasionally, this coalition (including all the members of the Supreme Court) meets to create "restatements," effectively an abridged synopsis or reference guide for the latest established precedents and legal trends. While restatements themselves aren't legally binding, they're very influential and often help shape judicial opinions. Seven years ago, the ALI began pondering a new restatement governing consumer contracts -- and your legal rights as a consumer. Today, the ALI meets to vote on the approval of this latest restatement. But a long line of legal experts have been blasting the group's updated language governing consumer contracts. Specifically, they noted that the updated draft language proclaims that consumers would not need to read a contract to be bound by its terms. The draft states as long as consumers received "reasonable notice" and had "reasonable opportunity to review" it, the contract would be legally binding. Under this model, consumers wouldn't need to even understand the contract to be bound by it, a problem given data suggests such agreements are often incomprehensible to the average user. The language was problematic enough to result in a letter this week by 23 state attorneys general, criticizing the ALI's proposal as a major threat to consumer rights. "To call boilerplate language that consumers never read (or if they did read, could not understand) a 'contract' simply has the effect of locking consumers in to terms that are likely to be stacked against them," John Bergmayer, Senior Counsel at consumer group Public Knowledge, said in an email. Traditionally, "contracts" are legal documents that are mutually agreed to after negotiation between two parties. Functionally, this isn't how Terms of Service, which few people read and few people can be expected to read and understand, work in the real world. "For some reason, everything you learn about contracts in the first year of law school gets tossed out the window when it comes to large companies unilaterally setting terms for consumers," Bergmayer added.

Read more of this story at Slashdot.

Comcast is reportedly working on a device designed to closely monitor a user's health. "The device will monitor people's basic health metrics using ambient sensors, with a focus on whether someone is making frequent trips to the bathroom or spending more time than usual in bed," reports CNBC. "Comcast is also building tools for detecting falls, which are common and potentially fatal for seniors." The Verge reports: Many products on the market today already have the motion sensors, cameras, and other hardware that allow for what Comcast seems to be envisioning -- but not even Amazon or Google have directly sought to keep such a close eye on their customers' personal health with their respective Echo and Home devices. Comcast itself already offers home security services, and the company's much-touted X1 voice remote for its Xfinity cable platform has helped Comcast make advancements in recognizing and processing voice commands. According to CNBC, Comcast's device won't offer functionality like controlling smart home devices, nor will it have the ability to search for answers to a person's questions on the internet. But it will reportedly "have a personality like Alexa" and be able to place calls to emergency services. In an email to The Verge, a Comcast spokesperson said the company's upcoming device "is NOT a smart speaker" and "is purpose-built to be a sensor that detects motion." It's said that Comcast aims to offer the device and a companion health tracking service to "at-risk people, including seniors and people with disabilities." The company is also in discussions with hospitals about potentially "using the device to ensure that patients don't end up back in the hospital after they've been discharged."

Read more of this story at Slashdot.

In a blog post, Microsoft Corporate Vice President and Deputy General Counsel Julie Brill says the European Union's General Data Protection Regulation (GDPR) has been very effective in changing the way that tech companies handle personal data, and feels the U.S. should enact something similar at the federal level. TechSpot reports: "[Companies] have adapted, putting new systems and processes in place to ensure that individuals understand what data is collected about them and can correct it if it is inaccurate and delete it or move it somewhere else if they choose," she wrote. Brill points out that the GDPR has inspired other countries to adopt similar regulations. She also pats her company on the back for being "the first company to provide the data control rights at the heart of GDPR to our customers around the globe, not just in Europe." However, such self-regulation is not good enough. While some states such as California and Illinois have strong data protection laws in place, Brill feels the US needs something similar to the GDPR at the federal level. "No matter how much work companies like Microsoft do to help organizations secure sensitive data and empower individuals to manage their own data, preserving a strong right to privacy will always fundamentally be a matter of law that falls to governments," Brill states. "Despite the high level of interest in exercising control over personal data from U.S. consumers, the United States has yet to join the EU and other nations around the world in passing national legislation that accounts for how people use technology in their lives today." Brill suggests the federal government should enact regulation that models the California Consumer Privacy Act (CCPA), which goes into effect next year. "Brill says that consumers have the right to control their information and that companies need to be held to a higher degree of accountability and transparency with how they collect and use customer data," reports TechSpot. "The new laws also need to have teeth."

Read more of this story at Slashdot.

The Tor Project today made the first stable version of its privacy-focused browser available on the Google Play Store. From a report: This new mobile browser integrates the Tor protocol stack into a standalone browser and replaces Orfox as the main way to navigate the Tor network from an Android device. Tor Project developers have been working on this browser for eight months now, since September 2018, when they first released an alpha version for public testing. "We made it a priority to reach the rising number of users who only browse the web with a mobile device," said Isabela Bagueros, Executive Director of the Tor Project. "These users often face heavy surveillance and censorship online, so it is critical for us to reach them. We made sure there are no proxy bypasses, that first-party isolation is enabled to protect you from cross-site tracking, and that most of the fingerprinting defenses are working," the Tor team added.

Read more of this story at Slashdot.

An anonymous reader quotes a report from the Daily Dot: A consumer advocacy group has found that not all Facebook users have been given the ability to opt out of the company's facial recognition. According to Consumer Reports, despite Facebook rolling out a new privacy setting last year allowing users to choose whether the company can use such technology to detect them in photos, some users say they have never been granted the option. After analyzing the accounts of 31 users throughout the U.S., Consumer Reports discovered that 8 accounts, or roughly 25 percent, did not have the face recognition setting. Consumer Reports set up its own test accounts to determine whether the privacy setting would be available but found that around half a dozen did not have the ability to disable face recognition.

Read more of this story at Slashdot.

Slashdot reader Joce640k shares a report from the BBC: Ecuador has begun giving the U.S. some of WikiLeaks co-founder Julian Assange's possessions left behind following his stay in its London embassy. The material includes manuscripts, legal papers, medical records and electronic equipment. Mr Assange's lawyer said the move was "completely unprecedented in the history of asylum." "Ecuador is committing a flagrant violation of the most basic norms of the institution of asylum by handing over all the asylee's personal belongings indiscriminately to the country that he was being protected from," added lawyer Aitor Martinez. WikiLeaks' Editor-in-Chief, Kristinn Hrafnsson, said that there was "no doubt" that Ecuador had "tampered" with the belongings it had sent to the U.S.

Read more of this story at Slashdot.

united_notions writes: Last year, The Guardian ran an opinion article arguing that everyone should be allocated "an air mile allowance -- say enough for one long-haul return flight a year, or three short-haul flights. [...] If you don't want to use your allowance, you could sell it off in a government-regulated online marketplace. If you're keen to do a holiday a month, you'll have to buy your allowance from someone else." But despite continuing concerns over the environmental harm caused by air travel, this idea has not found much subsequent support. Instead, serious air time is given to meager plans like weighing passengers. Do Slashdotters think rationing would work? Could serious coordinated inter-governmental restrictions on air travel change our behavior? Might it just spur corporations into finishing up carbon-neutral passenger planes?

Read more of this story at Slashdot.