Slashdot Deals: Cyber Monday Sale! Courses ranging from coding to project management - all eLearning deals 25% off with coupon code "CYBERMONDAY25". ×
The Courts

Judge: Stingrays Are 'Simply Too Powerful' Without Adequate Oversight ( 111

New submitter managerialslime sends news that an Illinois judge has issued new requirements the government must meet before it can use cell-site simulators, a.k.a. "stingrays," to monitor the communications of suspected criminals. While it's likely to set precedent for pushing back against government surveillance powers, the ruling is specific to the Northern District of Illinois for now. What is surprising is Judge Johnston’s order to compel government investigators to not only obtain a warrant (which he acknowledges they do in this case), but also to not use them when "an inordinate number of innocent third parties’ information will be collected," such as at a public sporting event. This first requirement runs counter to the FBI’s previous claim that it can warrantlessly use stingrays in public places, where no reasonable expectation of privacy is granted. Second, the judge requires that the government "immediately destroy" collateral data collection within 48 hours (and prove it to the court). Finally, Judge Johnston also notes: "Third, law enforcement officers are prohibited from using any data acquired beyond that necessary to determine the cell phone information of the target. A cell-site simulator is simply too powerful of a device to be used and the information captured by it too vast to allow its use without specific authorization from a fully informed court."

File Says NSA Found Way To Replace Email Program ( 93

schwit1 writes: Newly disclosed documents show that the NSA had found a way to create the functional equivalent of programs that had been shut down. The shift has permitted the agency to continue analyzing social links revealed by Americans' email patterns, but without collecting the data in bulk from American telecommunications companies — and with less oversight by the Foreign Intelligence Surveillance Court.

The disclosure comes as a sister program that collects Americans' phone records in bulk is set to end this month. Under a law enacted in June, known as the USA Freedom Act, the program will be replaced with a system in which the NSA can still gain access to the data to hunt for associates of terrorism suspects, but the bulk logs will stay in the hands of phone companies.

The newly disclosed information about the email records program is contained in a report by the NSA's inspector general that was obtained through a lawsuit under the Freedom of Information Act. One passage lists four reasons the NSA decided to end the email program and purge previously collected data. Three were redacted, but the fourth was uncensored. It said that "other authorities can satisfy certain foreign intelligence requirements" that the bulk email records program "had been designed to meet."


Nation-backed Hackers Using Evercookie and Web Analytics To Profile Targets ( 47

chicksdaddy writes: There's such a fine line between clever and criminal. That's the unmistakable subtext of the latest FireEye report on a new "APT" style campaign that's using methods and tools that are pretty much indistinguishable from those used by media websites and online advertisers. The difference? This time the information gathered from individuals is being used to soften up specific individuals with links to international diplomacy, the Russian government, and the energy sector.

The company released a report this week that presented evidence of a widespread campaign (PDF) that combines so-called "watering hole" web sites with a tracking script dubbed "WITCHCOVEN" and Samy Kamkar's Evercookie, the super persistent web tracking cookie. The tools are used to assemble detailed profiles on specific users including the kind of computer they use, the applications and web browsers they have installed, and what web sites they visit.

While the aims of those behind the campaign aren't known, FireEye said the use of compromised web sites and surreptitious tracking scripts doesn't bode well. "While many sites engage in profiling and tracking for legitimate purposes, those activities are typically conducted using normal third-party browser-based cookies and commercial ad services and analytics tools," FireEye wrote in its report. "In this case, while the individuals behind the activity used publicly available tools, those tools had very specific purposes....This goes beyond 'normal' web analytics," the company said.


EU Set To Crack Down On Bitcoin and Anonymous Payments After Paris Attack ( 274

An anonymous reader writes: Home affairs ministers from the European Union are set to gather in Brussels for crisis talks in the wake of the Paris attacks, and a crackdown on Bitcoin, pre-paid credit card and other forms of 'anonymous' online payments are on the agenda. From the article: "According to draft conclusions of the meeting, European interior and justice ministers will urge the European Commission (the EU executive arm) to propose measures to strengthen the controls of non-banking payment methods. These include electronic/anonymous payments, virtual currencies and the transfers of gold and precious metals by pre-paid cards."

FDA Signs Off On Genetically Modified Salmon Without Labeling ( 514

kheldan writes: Today, in a historic decision, the FDA approved the marketing of genetically-engineered salmon for sale to the general public, without any sort of labeling to indicate to consumers they've been genetically altered. According to the article: "Though the Federal Food, Drug, and Cosmetic Act (FD&C Act) gives the FDA the authority to require mandatory labeling of foods if there is a material difference between a GE product and its conventional counterpart, the agency says it is not requiring labeling of these GE fish 'Because the data and information evaluated show that AquAdvantage Salmon is not materially different from other Atlantic salmon.' In this case, the GE salmon use an rDNA construct composed of the growth hormone gene from Chinook salmon under the control of a promoter from another type of fish called an 'ocean pout.' According to the FDA, this tweak to the DNA allows the salmon to grow to market size faster than non-GE farm-raised salmon."
Social Networks

EFF launches Site To Track Censored Content On Social Media ( 39

Mark Wilson writes: There are many problems with the censoring of online content, not least that it can limit free speech. But there is also the question of transparency. By the very nature of censorship, unless you have been kept in the loop you would simply not know that anything had been censored. This is something the Electronic Frontier Foundation wants to change, and today the digital rights organization launches to blow the lid off online censorship. The site, run by EFF and Visualizing Impact, aims to reveal the content that is censored on Facebook, Google+, Twitter, Instagram, Flickr, and YouTube — not just the 'what' but the 'why'. If you find yourself the subject of censorship, the site also explains how to lodge an appeal.
The Media

Reuters Bans RAW Photo Format ( 206

grcumb writes: Reuters is the latest agency to join the ranks of the technically clueless who think that ethical problems can be solved using technical means. They recently issued a circular to their contributors, stating in part: "In future, please don't send photos to Reuters that were processed from RAW or CR2 files. If you want to shoot raw images that's fine, just take JPEGs at the same time. Only send us the photos that were originally JPEGs, with minimal processing...." The problem they claim to be addressing is doctored images, but they don't explain how they plan to ensure that the JPEGs weren't simply exported from RAW files with their EXIF data altered, or heck, just altered as JPEG. They also assert that getting JPEG files straight from the camera is quicker, which is fair enough. Lots of professionals shoot with RAW+JPEG at newsworthy events. They can send the JPEGs off quickly to meet the first deadline, then process the RAW files at leisure for higher quality publications.

YouTube Defending Select Videos Against DMCA Abuse 56

Galaga88 writes: It's not a complete solution, but YouTube is going to begin stepping up to defend select videos in court on fair use terms, including covering court costs. Will this help stem the tide of bad DMCA takedown requests, or just help the select few YouTube doesn't want to lose? From the blog post linked: We are offering legal support to a handful of videos that we believe represent clear fair uses which have been subject to DMCA takedowns. With approval of the video creators, we’ll keep the videos live on YouTube in the U.S., feature them in the YouTube Copyright Center as strong examples of fair use, and cover the cost of any copyright lawsuits brought against them. ... In addition to protecting the individual creator, this program could, over time, create a “demo reel” that will help the YouTube community and copyright owners alike better understand what fair use looks like online and develop best practices as a community.

Chicago Sends More Than 100,000 "Bogus" Camera-Based Speeding Tickets 200

Ars Technica, based on an in-depth report (paywalled) at the Chicago Tribune, says that the city of Chicago has been misusing traffic cameras to trigger automated speeding tickets. In particular, these cameras are placed in places where there are enhanced penalties for speeding, putatively intended to increase child safety. The automated observation system, though, has been used to send well over 100,000 tickets that the Tribune analysis deems "questionable," because they lack the evidence which is supposed to be required -- for instance, many of these tickets are unbacked by evidence of the presence of children, or were issued when the speeding rules didn't apply (next to a park when that park was closed).
The Internet

New Anti-Piracy Law In Australia Already Being Abused ( 73

Gumbercules!! writes: A small Australian ISP has received a demand that it block access to an overseas website or face legal action in the Federal Court, in a case in which a building company is demanding the ISP block access to an overseas site with a similar name. This case is being seen as a test case, potentially opening the way for companies and aggregated customers to use the new anti-piracy laws to block access to companies or their competition. The ISP in question has obviously been selected because they're very small and have limited financial capacity to fight a legal case.

Manhattan DA Pressures Google and Apple To Kill Zero Knowledge Encryption ( 291

An anonymous reader writes: In a speech to the 6th Annual Financial Crimes and Cybersecurity Symposium, New York County District Attorney for Manhattan Cyrus Vance Jr. has appealed to the tech community — specifically citing Google and Apple — to "do the right thing" and end zero-knowledge encryption in mobile operating systems. Vance Jr. praised FBI director James Comey for his 'outspoken' and 'fearless' advocacy against zero knowledge encryption, and uses the recent attacks on Paris as further justification for returning encryption keys to the cloud, so that communications providers can once again comply with court orders.

Georgia Gives Personal Data of 6 Million Voters To Georgia GunOwner Magazine ( 109

McGruber writes: A class action lawsuit alleges that Georgia Secretary of State Brian Kemp's office released the personal identifying information of Georgia voters to twelve organizations, "including statewide political parties, news media organizations and Georgia GunOwner Magazine".

According to Kemp, his office shares "voter registration data every month with news media and political parties that have requested it as required by Georgia law. Due to a clerical error where information was put in the wrong file, 12 recipients received a disc that contained personal identifying information that should not have been included."

The Atlanta Journal-Constitution independently confirmed the inclusion of the personal data in the October file. The AJC did so by accessing the October data disc, looking up information for an AJC staffer and confirming his Social Security number and driver's license information was included. The AJC has returned its copy of the disc to the state.


The War On Campus Sexual Assault Goes Digital 399 writes: According to a recent study of 27 schools, about one-quarter of female undergraduates said they had experienced nonconsensual sex or touching since entering college, but most of the students said they did not report it to school officials or support services. Now Natasha Singer reports at the NYT that in an effort to give students additional options — and to provide schools with more concrete data — a nonprofit software start-up in San Francisco called Sexual Health Innovations has developed an online reporting system for campus sexual violence. One of the most interesting features of Callisto is a matching system — in which a student can ask the site to store information about an assault in escrow and forward it to the school only if someone else reports another attack identifying the same assailant. The point is not just to discover possible repeat offenders. In college communities, where many survivors of sexual assault know their assailants, the idea of the information escrow is to reduce students' fears that the first person to make an accusation could face undue repercussions.

"It's this last option that makes Callisto unique," writes Olga Khazan. "Most rapes are committed by repeat offenders, yet most victims know their attackers. Some victims are reluctant to report assaults because they aren't sure whether a crime occurred, or they write it off as a one-time incident. Knowing about other victims might be the final straw that puts an end to their hesitation—or their benefit of the doubt. Callisto's creators claim that if they could stop perpetrators after their second victim, 60 percent of campus rapes could be prevented." This kind of system is based partly on a Michigan Law Review article about "information escrows," or systems that allow for the transmitting of sensitive information in ways that reduce "first-mover disadvantage" also known to economists as the "hungry penguin problem". As game theorist Michael Chwe points out, the fact that each person creates her report independently makes it less likely they'll later be accused of submitting copycat reports, if there are similarities between the incidents.

Carnegie Mellon Denies FBI Paid For Tor-Breaking Research ( 79

New submitter webdesignerdudes writes with news that Carnegie Mellon University now implies it may have been subpoenaed to give up its anonymity-stripping technique, and that it was not paid $1 million by the FBI for doing so. Wired reports: "In a terse statement Wednesday, Carnegie Mellon wrote that its Software Engineering Institute hadn’t received any direct payment for its Tor research from the FBI or any other government funder. But it instead implied that the research may have been accessed by law enforcement through the use of a subpoena. 'In the course of its work, the university from time to time is served with subpoenas requesting information about research it has performed,' the statement reads. 'The university abides by the rule of law, complies with lawfully issued subpoenas and receives no funding for its compliance.'"
The Courts

Taxi Owners Sue NYC Over Uber, While Court Overrules Class-Action Appeal ( 210

An anonymous reader writes: Taxi owners in New York have filed a lawsuit against cab-hailing app giant Uber, citing damaged revenues and a hefty fall in value of NYC's 'medallion' business. The case against the city and its Taxi and Limousine Commission claims that the regulators have unfairly permitted Uber to steal away business from the regulated cab industry. Getting away without regulation has enabled Uber drivers to compete directly, and drown out official taxi companies. A further lawsuit case hovering over Uber this week, is its request to immediately appeal an order approving class certification filed by its own drivers. The appeal was denied by a U.S. court yesterday.
The Courts

Facebook Can Block Content Without Explanation, Says US Court ( 147

An anonymous reader writes: A U.S. court has ruled that Facebook can block any content posted to its site without explanation, after a Sikh group legally challenged the company for taking its page offline. U.S. Northern District of California Judge Lucy Koh ruled that the U.S. based rights group's encouragement of religious discrimination is illegal under the Communications Decency Act, which protects 'interactive computer services' providers by preventing courts from treating them as the publishers of the speech created by their users.

How Cisco Is Trying To Prove It Can Keep NSA Spies Out of Its Gear ( 130

itwbennett writes: A now infamous photo [leaked by Edward Snowden] showed NSA employees around a box labeled Cisco during a so-called 'interdiction' operation, one of the spy agency's most productive programs,' writes Jeremy Kirk. 'Once that genie is out of the bottle, it's a hell of job to put it back in,' said Steve Durbin, managing director of the Information Security Forum in London. Yet that's just what Cisco is trying to do, and early next year, the company plans to open a facility in the Research Triangle Park in North Carolina where customers can test and inspect source code in a secure environment. But, considering that a Cisco router might have 30 million lines of code, proving a product hasn't been tampered with by spy agencies is like trying 'to prove the non-existence of god,' says Joe Skorupa, a networking and communications analyst with Gartner.
The Internet

US Rep. Joe Barton Has a Plan To Stop Terrorists: Shut Down Websites ( 275

Earthquake Retrofit writes: In an FCC oversight hearing, U.S. Representative Joe Barton (R-TX) asked Chairman Tom Wheeler if it's possible to shut down websites used by ISIS and other terrorist groups. He said, "Isn't there something we can do under existing law to shut those Internet sites down, and I know they pop up like weeds, but once they do pop up, shut them down and then turn those Internet addresses over to the appropriate law enforcement agencies to try to track them down? I would think that even in an open society, when there is a clear threat, they've declared war against us, our way of life, they've threatened to attack this very city our capital is in, that we could do something about the Internet and social media side of the equation." Wheeler pointed out that the legal definition of "lawful intercept" did not support such actions, but added that Congress could expand the law to validate the concept. Meanwhile, the Senate Intelligence Committee is exploring the idea of using the recent terror attacks in France as ammunition to force tech companies away from end-to-end encryption. "Lawmakers said it was time to intensify discussions over what technology companies such as Apple and Google could do to help unscramble key information on devices such as iPhones and apps like WhatsApp, where suspected terrorists have communicated."
The Courts

Terrorism Case Challenges FISA Spying ( 108

An anonymous reader writes: As we've come to terms with revelations of U.S. surveillance over the past couple years, we've started to see lawsuits spring up challenging the constitutionality of the spying. Unfortunately, it's slow; one of the difficulties is that it's hard to gain standing in court if you haven't been demonstrably harmed. A case before the 9th Circuit Appeals Court is now testing the Foreign Intelligence and Surveillance Act in a big way, and whatever the outcome, it's likely to head to the Supreme Court. The case itself is long and complicated; it centers on a teenager who joined a plot to detonate a huge bomb in Portland, Oregon in 2010, but his co-conspirators turned out to be undercover FBI agents.

The case history is worth a read, and raises questions about entrapment and impressionable kids. However, the issue now being argued in court is simpler: the defendant was a U.S. citizen, and the FBI used FISA powers to access his communications without a warrant. Crucially, they failed to notify the defendant of this before trial — something they're legally required to do. This gives him and his lawyers standing to challenge the constitutionality of the law in the first place. It's a difficult puzzle, with no clear answer, but oral arguments could begin as soon as January for one of the most significant cases yet to challenge the U.S. government's surveillance of its own citizens.


DoJ Going After Makers of Dietary Supplement ( 161

schwit1 writes: Several federal agencies, including the U.S. Department of Justice, have announced criminal and civil actions related to unlawful advertising and sale of dietary supplements. "Six executives with USPlabs LLC and a related company, S.K. Laboratories, face criminal charges related to the sale of unlawful dietary supplements. Four were arrested on Tuesday and two are expected to surrender, the Justice department said. The indictment says that USPlabs used a synthetic stimulant manufactured in China to make Jack3d and OxyElite Pro but told retailers that the supplements were made from plant extracts." The FTC is working on this as well, and their press release has more details. The DoJ's case involves "more than 100 makers and marketers" of these supplements. It's about time.