aggregator

Karl Bode, reporting for Vice: Back in 2012, the US Supreme Court declared it was illegal for law enforcement to attach a GPS tracker to a suspect's car without first getting a warrant. But in 2018, cops in Indiana charged a suspected drug dealer with theft after he removed such a tracking device from his SUV, triggering a legal debate over whether you can legally remove such devices. As it turns out, you most assuredly can. A new unanimous ruling from the Indiana Supreme Court has declared that the suspect in question did not "steal" the government-owned device, and that law enforcement should have known better before bringing the charges. The case started back in July of 2018, when the Warrick County, Indiana Sheriff's Office obtained a warrant to attach a GPS tracking device to an SUV belonging to Derek Heuring, after receiving a tip from a confidential information who claimed he used the vehicle to sell meth. While the attached device delivered Heuring's location data to police for around a week, it stopped transmitting shortly thereafter -- leading police to suspect it had been removed. Police waited another 10 days to see if the device would start transmitting again, then applied for a new search warrant to search both Heuring and his parents' homes. Under US law, law enforcement has to show probable cause that a crime has been committed before performing a property search. In Heuring's case, police declared that the probable cause was the suspicion that Heuring had committed a crime by removing the device, something the court was skeptical of from the start.

Read more of this story at Slashdot.

Facial recognition company Clearview AI notified customers that an intruder had gained "unauthorized access" to its entire list of customers, The Daily Beast reports. From a report: Clearview gained widespread attention in recent weeks after a wave of media coverage, starting with The New York Times in January. The company stands out from others due to its use of a database of over 3 billion photos the firm constructed by scraping images from Facebook, Twitter, Instagram, and other social networks and websites. Clearview sells its product to law enforcement clients particularly in the U.S. The company's app allows a customer to point their phone's camera at a subject, or upload a photo into the system. Then, the system provides links to other photos and related social media profiles of the suspected person online.

Read more of this story at Slashdot.

An anonymous reader quotes a report from Motherboard: Newly released and previously secret documents explain in greater detail how, and why, a section of the U.S. military decides to publicly release a steady stream of adversarial countries' malware, including hacking tools from North Korea and Russia. Cyber Command, or CYBERCOM, publishes the malware samples onto VirusTotal, a semi-public repository that researchers and defenders can then pore over to make systems more secure. The document provides more insight into how the U.S. military is engaged in an unusually public-facing campaign, and in particular highlights one of the reasons CYBERCOM wants to release other nation's hacking tools: to make it harder for enemy hackers to remain undetected. A previously secret section of one of the CYBERCOM documents reads "Posting malware to VT [VirusTotal] and Tweeting to bring attention and awareness supports this strategy by putting pressure on malicious cyber actors, disrupting their efforts." Motherboard obtained the redacted documents through a Freedom of Information Act (FOIA) request to CYBERCOM. CYBERCOM started publishing malware in 2018, with one sample coming from Russian-linked hacking group APT28. It has since released malware from North Korean hackers. CYBERCOM also has a dedicated Twitter account for distributing news of the samples. Some tweets even include memes such as "DPRK MALWARE" written onto conversation candy hearts to coincide with a release on Valentines Day. When it originally announced the campaign, CYBERCOM said it "initiated an effort to share unclassified malware samples it has discovered that it believes will have the greatest impact on improving global cybersecurity." But the documents show how the effort has a more offensive slant, too. In a statement a CYBERCOM spokesperson reiterated some of the agency's earlier public comments, writing, "We plan to continue to publicly disclose malware samples, which we believe will have the greatest impact on improving global security." You can read the documents here.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Hill: A National Security Agency (NSA) surveillance program that accessed American citizens' domestic phone calls and text messages resulted in only one investigation between 2015 and 2019 despite costing $100 million, a newly declassified study found. The report, which was produced by the Privacy and Civil Liberties Oversight Board and briefed to Congress on Tuesday, also found that the program only yielded information the FBI did not already have on two occasions during that four-year period. "Based on one report, F.B.I. vetted an individual, but, after vetting, determined that no further action was warranted," the report said, according to The New York Times. "The second report provided unique information about a telephone number, previously known to U.S. authorities, which led to the opening of a foreign intelligence investigation." The report contains no further details of the investigation in question or its outcome. The USA Freedom Act of 2015, the law that authorized the program, is set to expire March 15, but the Trump administration has asked Congress to extend it. The House Judiciary Committee is set to consider a bill that would end the program's authorization on Wednesday.

Read more of this story at Slashdot.

According to a report from The Wall Street Journal, Juul is planning to pitch federal officials on a locked version of its e-cigarettes that would bar users younger than 21 from using them. From a report: Citing sources familiar with the matter, the Wall Street Journal reported on Monday that Juul is preparing to present the Food and Drug Administration with a massive document laying out its commitment to curbing youth use as well as research about its products and marketing-related information. As part of these documents, Juul is reportedly planning to include a proposal for the new age-locked device. The company may submit the new device to the FDA in May, or file it as part of a submission later in 2020, the paper said. The Journal, citing a Juul official, reported that the company will also seek approval to market its e-cigarettes as a safer alternative to cigarettes -- an assertion previously made by the company that landed it in deep shit with the FDA, as Juul did not have the necessary approval to make such a claim. Juul's presumably regretful Big Tobacco buddy Altria has reportedly been closely involved with Juul's FDA application to keep its e-cigarettes on the market.

Read more of this story at Slashdot.

Disney-owned Hotstar, India's largest on-demand video streaming service with more than 300 million users, has blocked the newest episode of HBO's "Last Week Tonight with John Oliver" that was critical of Prime Minister Narendra Modi. From a report: The move has angered many of its customers ahead of Disney+'s launch in one of the world's largest entertainment markets next month. In the episode, aired hours before U.S. President Donald Trump's visit to India, Oliver talked about some of the questionable policies enforced by the ruling government in India and recent protests against "controversial figure" Modi's citizenship measures. The 19-minute news recap and commentary sourced its information from credible news outlets. The episode is available to stream in India through HBO's official channel on YouTube, where it has garnered more than 4 million views. Hotstar is the exclusive syndicating partner of HBO, Showtime and ABC in India.

Read more of this story at Slashdot.

An anonymous reader quotes a report from The Register: Samsung has admitted that what it calls a "small number" of users could indeed read other people's personal data following last week's unexplained Find my Mobile notification. Several Register readers wrote in to tell us that, after last Thursday's mystery push notification, they found strangers' personal data displayed to them. Many readers, assuming Samsung had been hacked, logged into its website to change their passwords. Now the company has admitted that a data breach did occur. Of potentially greater concern is the mystery 1/1 push notification from Find my Mobile, a baked-in app on stock Samsung Android distributions. Although the firm brushed off the worldwide notification as something to do with unspecified internal testing, many of those who wrote to El Reg said they had disabled the app. Stock apps cannot be uninstalled unless one effectively wipes the phone and installs a new operating system -- unlocking the bootloader and reformatting with a new third-party, customized ROM. Samsung did not answer our questions as to how a "disabled" app was able to receive and display push notifications. Nor did it say what other functions this "disabled" app was capable of executing. A spokeswoman told The Register: "A technical error resulted in a small number of users being able to access the details of another user. As soon as we became of aware of the incident, we removed the ability to log in to the store on our website until the issue was fixed." She added: "We will be contacting those affected by the issue with further details."

Read more of this story at Slashdot.

The Transportation Security Administration told employees to stop posting to TIkTok on Sunday, after New York Senator Chuck Schumer raised security concerns about the China-owned app. The Verge reports: The TSA's announcement to ban employees from using TikTok came shortly after Sen. Chuck Schumer (D-NY) penned a letter to its administrator, David Pekoske, requesting that the agency halt its use. According to The Hill, TSA employees have used TikTok to create and post videos explaining some of the agency's boarding processes and rules. The Department of Homeland Security, which houses the TSA, banned the use of TikTok from government-issued devices last month. Schumer cited this policy in his letter on Saturday. In December, the US Army banned soldiers from using the app, too. "TSA has never published any content to Tik Tok nor has it ever directed viewers to Tik Tok," a TSA spokesperson told The Verge. "A small number of TSA employees have previously used Tik Tok on their personal devices to create videos for use in TSA's social media outreach, but that practice has since been discontinued."

Read more of this story at Slashdot.

New submitter John Trumpian shares a report from Reuters: The U.S. Supreme Court on Monday refused to hear Apple's bid to avoid paying about $440 million in damages for using patent licensing firm VirnetX's internet security technology without permission in features such as FaceTime video calling. The justices rejected Apple's appeal in the long-running case in which a federal jury in 2016 found that Apple had infringed VirnetX's patents and awarded $302 million. A judge later increased that amount to $439.7 million including interest and other costs. The case dates back to 2010 when Nevada-based VirnetX filed suit in federal court in the Eastern District of Texas accusing Cupertino, California-based Apple of infringing four patents for secure networks, known as virtual private networks, and secure communications links. VirnetX said Apple infringed with its FaceTime and VPN on Demand features in products such as the iPhone and iPad. The U.S. Court of Appeals for the Federal Circuit in Washington, which specializes in patent disputes, upheld the judgment against Apple last year.

Read more of this story at Slashdot.

Fortran IV writes: In an attempt to "start a conversation" about copyright and IP theft, one of the largest subreddits on Reddit.com, the horror sub r/NoSleep, has gone private for a week. NoSleep, with nearly 14 million subscribers, is one of the largest collections of horror fiction on the internet; MIT used it to train an AI system to write horror stories. Authors retain copyright to all stories on NoSleep, but piracy remains an ongoing problem, so the moderators have elected to shutter the sub from 02/24/2020 to 03/02/2020 to draw attention to the issue.

Read more of this story at Slashdot.

"Earlier this week, the FCC successfully defeated Mozilla's attempt to undo the commission's repeal of net neutrality," reports Engadget. "But, while siding with the body, judges have asked the FCC to determine if repealing the law to prevent a multi-speed internet has had any negative consequences." That includes checking if net neutrality repeal has harmed public safety, reduced spending in infrastructure or hampered the Lifeline program. Consequently, the FCC will launch a period where the public and interested parties can share their views on the process. This is not an opportunity to re-litigate net neutrality repeal, but it is an opportunity to examine if the FCC acted properly and with regard to its broader obligations. The court, for instance, has directed the body to see if repeal has harmed public safety and reduced investment in critical infrastructure... The Register claims that the FCC is behaving churlishly, burying its request for comment in a wordy title that does not reflect its true intentions. But FCC Commissioner Jessica Rosenworcel published a statement asking people to "make some noise" and write in. Rosenworcel says that the FCC's decision to repeal net neutrality was on the "wrong side of history" and that the public should demand an "open internet." Those wishing to make a comment can do so on the FCC's Electronic Filing System, entering 17-108 (Restoring Internet Freedom) in the proceedings box. The deadline for comments is March 30th.

Read more of this story at Slashdot.

1 out of 8 Americans live in California. Now a proposed California law "would provide most adults in the state with a universal basic income of $1,000 per month, similar to the proposed plan of former presidential candidate Andrew Yang," reports Newsweek: The California Universal Basic Income (UBI) Program was introduced by Democratic California State Assemblymember Evan Low on Thursday. Low was the co-chair of Yang's campaign and the proposal bears a striking similarity to the former candidate's national plan... The program would be paid for with a state value-added tax of 10 percent on goods and services, with exemptions for groceries, medicine, medical supplies, clothing, textbooks and other items. Recipients of several programs, including the state's Medicaid plan, would be ineligible... Funding the program with a value-added tax has been blasted by some who believe such a tax would disproportionately burden the poor. Concerns have also been raised over potentially forcing people to choose between UBI and other existing public assistance programs... Proponents of UBI argue that the Yang plan and others could counter the anticipated problem of increasing automation inevitably leading to widespread unemployment. Experts warn that a large percentage of the workforce is likely to be decimated by automation, with some studies estimating as many as 73 million jobs eliminated by 2030.

Read more of this story at Slashdot.

"So this is creepy," writes a Forbes cybersecurity reporter, saying Airbnb "has put aside the stories of hosts secretly spying on guests" to promote a new line of devices Forbes calls "surveillance bugs to make sure guests behave." Vice reports: As part of its "party prevention" campaign, the home-sharing service is offering discounts on devices designed to alert hosts when there's an irregular level of noise in their homes... An email I received on Thursday from Airbnb (I've occasionally rented out my apartment) told me to "plan ahead to protect your home from unauthorized parties" and offered special discounts on "three of the top party prevention devices." The devices with the discounts range in price from $52 to $265. Websites for the three devices state that they monitor homes 24/7, can alert homeowners if anything unusual appears to be happening, and note that they don't record audio.... "[T]he devices detect issues in real time, keeping your property safe and your relationship with neighbors strong, all while protecting your guests' privacy," the email from Airbnb said. Airbnb stipulates that hosts must make guests aware that their homes are equipped with the noise surveillance devices — a policy that was reiterated to me by an Airbnb spokesman... Evan Greer, deputy director of Fight for the Future, an U.S. organization that advocates for digital rights, said the party prevention campaign speaks to a broader trend of living under constant surveillance. "Certainly a device that only measures an increase in noise is better than having internet-connected surveillance cameras or listening devices in your home," she said. "But we're hurtling toward a world where almost everything we own is monitoring us in some way, and I'm not sure that's actually going to be a safer world."

Read more of this story at Slashdot.

Gizmodo shares the saga of a now-deleted video claiming to show Call of Duty's new "battle royale" mode: The YouTube video, initially posted by a user who goes by TheGamingRevoYT, was slammed with a copyright claim and ripped from the platform. Meanwhile, other gamers noticed that Reddit posts and Twitter threads even mentioning the upcoming release were being taken down for "copyright infringement." Last week, when one Redditor found a leak of what appeared to be the cover art for the new game, that got hit with a copyright claim too — and some other legal action. According to court documents obtained by TorrentFreak, Activision has spent the last week actively subpoenaing Reddit to uncover the identity of the Reddit user who leaked the initial artwork... It's worth noting, as TorrentFreak points out, that there wasn't technically any "infringing content" posted to the thread itself — just an external link to a site that hosted the image in question.

Read more of this story at Slashdot.

America's Justice Department "has filed a brief in support of Oracle in its Supreme Court battle against Google over whether Java should have copyright protection," reports ZDNet: The Justice Department filed its amicus brief to the Supreme Court this week, joining a mighty list of briefs from major tech companies and industry luminaries — including Scott McNealy, co-founder of Sun, which Oracle bought in 2010, acquiring Sun-built Java in the process. While Microsoft, IBM and others have backed Google's arguments in the decade-long battle, McNealy, like the Justice Department, is opposing Google. McNealy called Google's description of how it uses Java packages a "woeful mischaracterization of the artful design of the Java packages" and "an insult to the hard-working developers at Sun who made Java such a success...." Joe Tucci, former CEO of now Dell-owned enterprise storage giant EMC, threw in his two cents against Google. "Accepting Google's invitation to upend that system by eliminating copyright protection for creative and original computer software code would not make the system better — it would instead have sweeping and harmful effects throughout the software industry," Tucci's brief reads. Oracle is also questioning the motives of Google's allies, reports The Verge: After filing a Supreme Court statement last week, Oracle VP Ken Glueck posted a statement over the weekend assailing the motives of Microsoft, IBM, and the CCIA industry group, all of which have publicly supported Google. Glueck's post comes shortly after two groups — an interdisciplinary panel of academics and the American Conservative Union Foundation — submitted legal briefs supporting Oracle. Both groups argued that Google should be liable for copying code from the Java language for the Android operating system. The ACUF argued that protecting Oracle's code "is fundamental to a well-ordered system of private property rights and indeed the rule of law itself...." Earlier this year, Google garnered around two dozen briefs supporting its position. But Oracle claims that in reality, "Google appears to be virtually alone — at least among the technology community." Glueck says Google's most prominent backers had ulterior motives or "parochial agendas"; either they were working closely with Google, or they had their own designs on Java... Even if you accept Oracle's arguments wholeheartedly, there's a long list of other Google backers from the tech community. Advocacy groups like the Electronic Frontier Foundation and the Center for Democracy and Technology signed on to amicus briefs last month, as did several prominent tech pioneers, including Linux creator Linus Torvalds and Apple cofounder Steve Wozniak. The CCIA brief was signed by the Internet Association, a trade group representing many of the biggest companies in Silicon Valley. Patreon, Reddit, Etsy, the Mozilla Corporation, and other midsized tech companies also backed a brief raising "fundamental concerns" about Oracle's assertions.

Read more of this story at Slashdot.

A U.S. Congressional subcommittee is now "pursuing a deeper understanding of how Ring's partnerships with local and state law enforcement agencies mesh with the constitutional protections Americans enjoy against unbridled police surveillance," reports Gizmodo: Rep. Raja Krishnamoorthi, chairman of the House Oversight and Reform subcommittee on economic and consumer policy, is seeking to learn why, in more than 700 jurisdictions, police have signed contracts that surrender control over what city officials can say publicly about the Amazon-owned company... "In one instance, Ring is reported to have edited a police department's press release to remove the word 'surveillance,'" the letter says, citing a Gizmodo report from last fall. But that's just the beginning, reports Ars Technica: Congress wants a list of every police deal Ring actually has, the House Subcommittee on Economic and Consumer Policy wrote in a letter (PDF) dated February 19. After that, the Subcommittee wants to know... well, basically everything. The request for information asks for documentation relating to "all instances in which a law enforcement agency has requested video footage from Ring," as well as full lists of all third-party firms that get any access to Ring users' personal information or video footage. Ring is also asked to send over copies of every privacy notice, terms of service, and law enforcement guideline it has ever had, as well as materials relating to its marketing practices and any potential future use of facial recognition. And last but not least, the letter requests, "All documents that Ring or Amazon has produced to state attorneys general, the Federal Trade Commission, the Department of Justice, or Congress in response to investigations into Ring...." The company in the fall pulled together a feel-good promotional video comprising images of children ringing Ring doorbells to trick-or-treat on Halloween. It is unclear if Ring sought consent to use any of the clearly visible images of the children or their parents shown in that video... Ring has also faced pressure to describe its plans for future integration of facial recognition systems into its devices. While the company has stated repeatedly that it has no such integration, documents and video promotional materials obtained by reporters in the past several months show that the company is strongly looking into it for future iterations of the system... The House letter gives Amazon a deadline of March 4 to respond with all the requested documentation. Amazon responded by cutting the price of a Ring doorbell camera by $31 -- and offering to also throw in one of Amazon's Alexa-enabled "Echo Dot" smart speakers for free.

Read more of this story at Slashdot.

Long-time Slashdot reader DogDude shared this article from CNN: Tucked into the sign-up process for many popular e-commerce sites and apps are dense terms-of-service agreements that legal experts say are changing the nature of consumer transactions, creating a veil of secrecy around how these companies function. The small print in these documents requires all signatories to agree to binding arbitration and to clauses that ban class actions. Just by signing up for these services, consumers give up their rights to sue companies like Amazon, Uber and Walmart before a jury of their peers, agreeing instead to undertake a private process overseen by a paid arbitrator... The proliferation of apps and e-commerce means that such clauses now cover millions of everyday commercial transactions, from buying groceries to getting to the airport... Consumers are "losing access to the courthouse," said Imre Szalai, a law professor at Loyola University New Orleans.

Read more of this story at Slashdot.

Long-time Slashdot reader zoobab shares this update from the Foundation for a Free Information Infrastructure, a Munich-based non-profit opposing ratification of a "Unified Patent Court" by Germany. They argue such a court will "validate and expand software patents in Europe," and they've come up with a novel argument to stop it. "Germany cannot ratify the current Unitary Patent due to Brexit..." The U.K. is now a "third state" within the meaning of AETR case-law, [which] makes clear that: "Each time the Community, with a view to implementing a common policy envisaged by the Treaty, adopts provisions laying down common rules, whatever form they may take, the Member States no longer have the right, acting individually or even collectively, to undertake obligations with third countries which affect those rules or alter their scope..." This practically means that the ratification procedure for the Agreement on the Unified Patent Court must now come to an end, as that Agreement no longer applies due to the current significant changes (i.e. Brexit) in the membership requirements of its own ratification rules. The nonprofit also argues that the Unitary Patent "is a highly controversial and extreme issue, as it allows new international patent courts to have the last word on the development and application of patent law and industrial property monopolies including, more seriously, the validation and expansion of software patents, that is the key sector on which whole industries and markets depend."

Read more of this story at Slashdot.

Long-time Slashdot reader Garabito writes: The Department of Homeland Security has revealed that an unnamed U.S. natural gas compression facility was forced to shut down operations for two days after becoming infected with ransomware. The plant was targeted with a phishing e-mail, that allowed the attacker to access its IT network and then pivot to its Operational Technology (OT) control network, where it compromised Windows PCs used as human machine interface, data historians and polling servers, which led the plant operator to shut it down along with other assets that depended on it, including pipelines. According to the DHS CISA report, the victim failed to implement robust segmentation between the IT and OT networks, which allowed the adversary to traverse the IT-OT boundary and disable assets on both networks.

Read more of this story at Slashdot.

Personal information from more than 10.6 million people was published online this week, reports ZDNet -- all from people who'd stayed at MGM Resorts hotels (which include the Bellagio, Mandalay Bay, and ARIA): Besides details for regular tourists and travelers, included in the leaked files are also personal and contact details for celebrities, tech CEOs, reporters, government officials, and employees at some of the world's largest tech companies. ZDNet verified the authenticity of the data today, together with a security researcher from Under the Breach, a soon-to-be-launched data breach monitoring service. A spokesperson for MGM Resorts confirmed the incident via email. According to our analysis, the MGM data dump that was shared today contains personal details for 10,683,188 former hotel guests. Included in the leaked files are personal details such as full names, home addresses, phone numbers, emails, and dates of birth... These users now face a higher risk of receiving spear-phishing emails, and being SIM swapped, Under the Breach told ZDNet. Twitter CEO Jack Dorsey, pop star Justin Bieber, and DHS and TSA officials are some of the big names Under the Breach spotted in the leaked files. While the data appears to be several years old, Irina Nesterovsky, Head of Research at threat intel firm KELA, tells ZDNet that the data has been shared in "hacking forums" since last July. MGM blames the breach on "unauthorized access to a cloud server" last summer -- pointing out that at least no credit card information was stolen, and that they notified all affected customers. But NBC News "spoke to a man with a Secret Service email address who was surprised to learn that he had been hacked. He said MGM never notified him about to breach." MGM told ZDNet that "we take our responsibility to protect guest data very seriously, and we have strengthened and enhanced the security of our network to prevent this from happening again."

Read more of this story at Slashdot.