An anonymous reader quotes a report from The Register: The world got a first glimpse into the US government's far-reaching surveillance of American citizens' communications -- namely, their Verizon telephone calls -- 10 years ago this week when Edward Snowden's initial leaks hit the press. [...] In the decade since then, "reformers have made real progress advancing the bipartisan notion that Americans' liberty and security are not mutually exclusive," [US Senator Ron Wyden (D-OR)] said. "That has delivered tangible results: in 2015 Congress ended bulk collection of Americans' phone records by passing the USA Freedom Act." This bill sought to end the daily snooping into American's phone calls by forcing telcos to collect the records and make the Feds apply for the information.

That same month, a federal appeals court unanimously ruled that the NSA's phone-records surveillance program was unlawful. The American Civil Liberties Union (ACLU) and the New York Civil Liberties Union sued to end the secret phone spying program, which had been approved by the Foreign Intelligence Surveillance Court, just days after Snowden disclosed its existence. "Once it was pushed out into open court, and the court was able to hear from two sides and not just one, the court held that the program was illegal," Ben Wizner, director of the ACLU Speech, Privacy and Technology project, told The Register. The Freedom Act also required the federal government to declassify and release "significant" opinions of the Foreign Intelligence Surveillance Court (FISC), and authorized the appointment of independent amici -- friends of the court intended to provide an outside perspective. The FISC was established in 1978 under the FISA -- the legislative instrument that allows warrantless snooping. And prior to the Freedom Act, this top-secret court only heard the government's perspective on things, like why the FBI and NSA should be allowed to scoop up private communications.

"To its credit, the government has engaged in reforms, and there's more transparency now that, on the one hand, has helped build back some trust that was lost, but also has made it easier to shine a light on surveillance misconduct that has happened since then," Jake Laperruque, deputy director of the Center for Democracy and Technology's Security and Surveillance Project, told The Register. Wyden also pointed to the sunsetting of the "deeply flawed surveillance law," Section 215 of the Patriot Act, as another win for privacy and civil liberties. That law expired in March 2020 after Congress did not reauthorize it. "For years, the government relied on Section 215 of the USA Patriot Act to conduct a dragnet surveillance program that collected billions of phone records (Call Detail Records or CDR) documenting who a person called and for how long they called them -- more than enough information for analysts to infer very personal details about a person, including who they have relationships with, and the private nature of those relationships," Electronic Frontier Foundation's Matthew Guariglia, Cindy Cohn and Andrew Crocker said. James Clapper, the former US Director of National Intelligence, "stated publicly that the Snowden disclosures accelerated by seven years the adoption of commercial encryption," Wizner said. "At the individual level, and at the corporate level, we are more secure."

"And at the corporate level, what the Snowden revelations taught big tech was that even as the government was knocking on the front door, with legal orders to turn over customer data, it was breaking in the backdoor," Wizner added. "Government was hacking those companies, finding the few points in their global networks where data passed unencrypted, and siphoning it off." "If you ask the government -- if you caught them in a room, and they were talking off the record -- they would say the biggest impact for us from the Snowden disclosures is that it made big tech companies less cooperative," he continued. "I regard that as a feature, not a bug."

The real issue that the Snowden leaks revealed is that America's "ordinary system of checks and balances doesn't work very well for secret national security programs," Wizner said. "Ten years have gone by," since the first Snowden disclosures, "and we don't know what other kinds of rights-violating activities have been taking place in secret, and I don't trust our traditional oversight systems, courts and the Congress, to ferret those out," Wizner said. "When you're dealing with secret programs in a democracy, it almost always requires insiders who are willing to risk their livelihoods and their freedom to bring the information to the public."

Researchers at the California Institute of Technology (Caltech) have successfully demonstrated the capability of steering power in a microwave beam from a satellite to targets in space, as well as transmitting some of that power to a detector on Earth. Science Magazine reports: The Caltech mission, funded by the Donald Bren Foundation and Northrop Grumman Corporation, aimed to go a step further with lightweight, inexpensive, and flexible components. The microwave transmitter was an array of 32 flat antennas packed onto a surface slightly larger than a dinner plate. By varying the timing of signals sent to the different antennas, the researchers could steer the array's beam. They pointed it at a pair of microwave receivers about a forearm's distance away and switched the beam from one receiver to the other at will, lighting up an LED on each.

The transmitted power was small, just 200 milliwatts, less than that of a cellphone camera light. But the team was still able to steer the beam toward Earth and detect it with a receiver at Caltech. "It was a proof of concept," says Caltech electrical engineer Ali Hajimiri. "It indicates what an overall system can do."

The Caltech spacecraft still has two more planned experiments. One is now testing 32 different varieties of solar cell to see which best survives the rigors of space. The second is a folded piece of ultralight composite material that will unfurl into a sail-like structure 2 meters across. Although the sail will not hold any solar cells, it is meant to test the kind of thin, flexible, and large deployments required for a future power station.

An anonymous reader quotes a report from CBS News: A biotechnology company selling a $949 blood test that it bills as a "first of its kind" to detect cancer said it incorrectly informed about 400 customers that they might have the disease. The Menlo Park, California, company, called Grail, said it sent a form letter to some customers who had bought its Galleri test, which detects a marker for more than 50 types of cancer, "stating incorrectly that a cancer signal was detected," a company spokeswoman told CBS MoneyWatch in a statement. The company blamed a vendor, PWN Health, for the error, citing a "software configuration issue."

In a statement, PWN Health said it said the problem was due to "a misconfiguration of our patient engagement platform used to send templated communications to individuals." It added that it has added processes to make sure such a mistake doesn't occur again, and started contacting the people who received the erroneous letters within 36 hours. The error comes amid an increased demand for health care screening tests, especially for chronic diseases such as cancer.

Grail is billing its service as a complement to routine single-cancer tests for diseases such as colon or breast cancer, and said that the blood test can detect forms of the disease that aren't routinely screened for, such as in the gallbladder and pancreas. Grail said it hasn't received reports of patient harm or "adverse events" due to the erroneous letters. "After being notified of the incident, Grail immediately began outreach by phone or email to all individuals who received the PWNHealth letter, and we continued our efforts until we confirmed we successfully reached each individual via phone, email or letter," the spokeswoman said. "The issue was in no way related to or caused by an incorrect Galleri laboratory test result."

More than half the erroneous letters were sent to customers who hadn't had their blood drawn yet for the Galleri test, the spokeswoman added.

On Monday, Illumina filed an appeal against a FTC order, "demanding that it divest cancer diagnostic test maker Grail over competition concerns in the U.S. market for cancer tests," reports Reuters. According to the filing, Illumina is arguing that the FTC "violated due process by depriving Illumina and Grail of a fair proceeding before an impartial tribunal."

This week the Linux Foundation announced the publication of The Open Source Opportunity for Microgrids: Five Ways to Drive Innovation and Overcome Market Barriers for Energy Resilience. "The research informs readers about microgrids — groups of distributed energy resources designed to improve energy resiliency, with the ability to operate as part of a larger electrical grid, or separately as an island."

The report highlights the current state of the microgrid market and explores the potential for open source technology to accelerate the adoption of microgrids worldwide... The report concludes that microgrids are an essential tool to improve energy resilience and advance decarbonization, and that the market faces a range of challenges that the open source ecosystem is well positioned to address.
Among other things, the report "examines how participation in relevant open source programs and activities can help address gaps and challenges," according to the announcement, "and accelerate the learning, development, and governance of microgrid initiatives." One focus of the report is "enabling market innovation toward energy resilience at scale, supporting the Energy sector to adopt proven open source-enabled business models, security benefits, and cost reductions demonstrated in the IT and Telecom industries."

And according to the foundation's senior vice president of research and communications, the report also "describes the opportunities for open source to accelerate the proliferation of microgrids as a mechanism for clean energy production and consumption."

The Pentagon has announced that it will purchase Starlink satellite internet terminals from SpaceX to provide communication capabilities to Ukraine as it defends itself against a full-scale Russian invasion. "We continue to work with a range of global partners to ensure Ukraine has the satellite and communication capabilities they need. Satellite communications constitute a vital layer in Ukraine's overall communications network and the department contracts with Starlink for services of this type," the Pentagon said in a statement to CNBC. "For operational security reasons and due to the critical nature of these systems -- we do not have additional information regarding specific capabilities, contracts or partners to provide at this time," the statement added. From the report: The first Starlink terminals in Ukraine arrived four days after Russian troops poured over the nation's border in what became the largest air, land and sea assault in Europe since World War II. Ukraine digital minister Mykhailo Fedorov, who had previously asked Musk for the capability on Twitter, posted that Starlink was "here" in Ukraine -- with a photo showing more than two dozen boxes in the back of a truck. Musk said in October that SpaceX wouldn't be able to continue funding use of Starlink terminals in the country out of its own coffers "indefinitely," after a report from CNN said the company had asked the Pentagon to cover the cost.

Western officials have previously hailed Musk's decision to equip Ukraine with Starlink internet, citing the colossal and indiscriminate Russian shelling on civilian infrastructure that has left large swaths of the country without communications. Musk reportedly told the Pentagon in October he would no longer finance the Starlink terminals in Ukraine as the country prepared to fight through the harsh winter months. However, the billionaire reversed course and did continue to fund the service.

An anonymous reader quotes a report from Reuters: The U.S. Supreme Court on Tuesday declined to hear a bid by child pornography victims to overcome a legal shield for internet companies in a case involving a lawsuit accusing Reddit Inc of violating federal law by failing to rid the discussion website of this illegal content. The justices turned away the appeal of a lower court's decision to dismiss the proposed class action lawsuit on the grounds that Reddit was shielded by a U.S. statute called Section 230, which safeguards internet companies from lawsuits for content posted by users but has an exception for claims involving child sex trafficking. The Supreme Court on May 19 sidestepped an opportunity to narrow the scope of Section 230 immunity in a separate case.

Section 230 of the Communications Decency Act of 1996 protects "interactive computer services" by ensuring they cannot be treated as the "publisher or speaker" of information provided by users. The Reddit case explored the scope of a 2018 amendment to Section 230 called the Fight Online Sex Trafficking Act (FOSTA), which allows lawsuits against internet companies if the underlying claim involves child sex trafficking. Reddit allows users to post content that is moderated by other users in forums called subreddits. The case centers on sexually explicit images and videos of children posted to such forums by users. The plaintiffs -- the parents of minors and a former minor who were the subjects of the images -- sued Reddit in 2021 in federal court in California, seeking monetary damages. The plaintiffs accused Reddit of doing too little to remove or prevent child pornography and of financially benefiting from the illegal posts through advertising in violation of a federal child sex trafficking law.

The San Francisco-based 9th U.S. Circuit Court of Appeals in 2022 concluded that in order for the exception under FOSTA to apply, plaintiffs must show that an internet company "knowingly benefited" from the sex trafficking through its own conduct. Instead, the 9th Circuit concluded, the allegations "suggest only that Reddit 'turned a blind eye' to the unlawful content posted on its platform, not that it actively participated in sex trafficking." Reddit said in court papers that it works hard to find and prevent the sharing of child sexual exploitation materials on its platform, giving all users the ability to flag posts and using dedicated teams to remove illegal content.

The Mars helicopter 'Ingenuity' recently completed its 47th, 48th, and 49th flight, NASA reports on the blog for its Mars rover 'Perseverance'. That rover is making a "long ascent" up the delta in Mars' Jezero crater, "an area where scientists surmise that, billions of years ago, a river once flowed into a lake.

On its 47th flight, Ingenuity attempted "tactical and scientific scouting" for the rover, but "just narrowly missing the main area of interest." But then... Ingenuity's 48th flight produced a treasure trove of aerial images showing the exact area of interest at a resolution several orders of magnitude better than anything prior. All of these images were downlinked to Earth and provided to rover planners and scientists a full two weeks before the rover would reach this area... [T]he team chose to send the helicopter farther up the delta rather than perform additional scouting flights in the region... The Guidance Navigation and Control team once again managed to push the flight envelope with a 16-meter vertical popup at the end of the flight. At the peak, Ingenuity snapped the highest suborbital picture taken of the Martian surface since landing...

That downlink was the last time the team would hear from the helicopter for an agonizingly long time. Eager to continue up the delta, the team tried and failed to uplink the instructions for Flight 50 several times. Sol after sol, the helicopter remained elusive. Each time, the downlinked telemetry from the Helicopter Base Station (HBS) on the rover would come back showing no radio sign of the helicopter... When the rover emerged from the communications shadow on its way to Foel Drygarn and the helicopter was still nowhere to be found, the situation began to generate some unease... In more than 700 sols operating the helicopter on Mars, not once had we ever experienced a total radio blackout. Even in the worst communications environments, we had always seen some indication of activity...

Finally, on Sol 761, nearly a week after our first missed check-in, our communications team observed a single, lonely radio ACK (radio acknowledgement) at 9:44 LMST (Local Mean Solar Time), exactly the time when we'd expect to see the helicopter wakeup. Another single ACK at the same time on Sol 762 confirmed that the helicopter was indeed alive, which came as a welcome relief for the team. Ultimately, this first-of-its-kind communications blackout was a result of two factors. First, the topology between the rover and the helicopter was very challenging for the radio used by Ingenuity. In addition to the aforementioned communications shadow, a moderate ridge located just to the southeast of the Flight 49 landing site separated the helicopter from the rover's operational area. The impact of this ridge would only abate once the rover had gotten uncomfortably close to the helicopter. Second, the HBS antenna is located on the right side of the rover, low enough to the deck to see significant occlusion effects from various part of the rover...

Relying on the helicopter's onboard preflight checks to ensure vehicle safety and banking on solid communications from the rover's imminent proximity, the team uplinked the flight plan. As commanded, Ingenuity woke up and executed its 50th flight on the red planet, covering over 300 meters and setting a new altitude record of 18 m.

The rover had closed to a mere 80 meters by the time the helicopter lifted off in the Martian afternoon Sun.
And Flight 51 happened 9 days later...

CNN reports: Some Amazon corporate workers have announced plans to walk off the job next week over frustrations with the company's return-to-work policies, among other issues, in a sign of heightened tensions inside the e-commerce giant after multiple rounds of layoffs.

The work stoppage is being jointly organized by an internal climate justice worker group and a remote work advocacy group, according to an email from organizers and public social media posts. Workers participating have two main demands: asking the e-commerce giant to put climate impact at the forefront of its decision making, and to provide greater flexibility for how and where employees work.

The lunchtime walkout is scheduled for May 31, beginning at noon. Organizers have said in an internal pledge that they are only going to go through with the walkout if at least 1,000 workers agree to participate, according to an email from organizers.
The event comes a month after Amazon's return-to-office mandate took effect, reports the Seattle Times — with one software engineer saying they wanted to show Amazon's leadership that "employees need a say in the decisions that affect our lives." In response, an Amazon spokesperson said, "We respect our employees' rights to express their opinions." Drew Herdener, senior vice president for communications at Amazon, said there has been a good energy on the company's South Lake Union campus and other urban centers where Amazon has a significant presence. "We've had a great few weeks with more employees in the office," he said. "As it pertains to the specific topics this group of employees is raising, we've explained our thinking in different forums over the past few months and will continue to do so...."

[Since January], Amazon announced another 9,000 job cuts companywide, but has not notified Washington's unemployment office of the local impact. At the same time Amazon was re-evaluating its teams and workforce, the company announced it would require workers to return to the office at least three times a week beginning May 1. That was a change from Amazon's prior policy, put in place in the second half of 2021, that allowed leaders to decide for their teams where they should work. Announcing the mandate in February, CEO Andy Jassy told employees that senior leaders had observed that it's easier to "learn, model, practice and strengthen our culture when we're in the office together most of the time and surrounded by our colleagues." Boosters for downtown Seattle, where Amazon's headquarters campus is located, cheered the mandate and hoped that thousands of returning workers would enliven the neighborhood.

In response to the return-to-office mandate, more than 20,000 workers signed a petition urging Amazon to reconsider.

Long-time Slashdot reader SonicSpike shared this report from CBS News: Amid growing concerns of security risks to members of Congress, over 50 senators have been issued satellite phones for emergency communication, people familiar with the measures told CBS News... [Senate Sergeant at Arms] Gibson said satellite communication is being deployed "to ensure a redundant and secure means of communication during a disruptive event." Gibson said the phones are a security backstop in the case of an emergency that "takes out communications" in part of America.

Microsoft has issued a warning that Chinese state-sponsored hackers, known as "Volt Typhoon," have compromised "critical" U.S. cyber infrastructure across various industries with a focus on gathering intelligence. CNBC reports: The Chinese hacking group, codenamed "Volt Typhoon," has operated since mid-2021, Microsoft said in an advisory. The organization is apparently working to disrupt "critical communications infrastructure between the United States and Asia," Microsoft said, to stymie efforts during "future crises." The National Security Agency put out a bulletin (PDF) on Wednesday, detailing how the hack works and how cybersecurity teams should respond.

The attack is apparently ongoing. In an advisory, Microsoft urged impacted customers to "close or change credentials for all compromised accounts." U.S. intelligence agencies became aware of the incursion in February, around the same time that a Chinese spy balloon was downed, the New York Times reported. The infiltration was focused on communications infrastructure in Guam and other parts of the U.S., the Times reported, and was particularly alarming to U.S. intelligence because Guam sits at the heart of an American military response in case of a Taiwanese invasion.

Volt Typhoon is able to infiltrate organizations using a unnamed vulnerability in a popular cybersecurity suite called FortiGuard, Microsoft said. Once the hacking group has gained access to a corporate system, it steals user credentials from the security suite and uses them to try to gain access to other corporate systems. The state-sponsored hackers aren't looking to create disruption yet, Microsoft said. Rather, "the threat actor intends to perform espionage and maintain access without being detected for as long as possible." Infrastructure in nearly every critical sector has been impacted, Microsoft said, including the communications, transport, and maritime industries. Government organizations were also targeted.

Ford is reversing course on AM radio. From a report: In a tweet today, CEO Jim Farley announced the company was backing off its decision to release new vehicles without AM radio broadcast capabilities. Instead, all 2024 Ford and Lincoln models will be able to tune in to AM radio. And for the two electric vehicles released without AM radio capabilities, a software update would be pushed to restore it. The announcement came after Farley said he spoke with policy leaders on the "importance of AM broadcast radio as a part of the emergency alert system." A bipartisan group of lawmakers introduced legislation in Washington last week that would require automakers to keep AM radio in all their vehicles. The bill was proposed in response to an increasing number of vehicles coming out without the first-generation radio broadcast technology.

The FBI misused surveillance powers granted by Section 702 of the Foreign Intelligence Surveillance Act (FISA) over 278,000 times between 2020 and early 2021 to conduct warrantless searches on George Floyd protesters, January 6 Capitol rioters, and donors to a congressional campaign, according to a newly unclassified court opinion. The Register reports: On Friday, the US Foreign Intelligence Surveillance Court made public a heavily redacted April 2022 opinion [PDF] that details hundreds of thousands of violations of Section 702 of the Foreign Intelligence Surveillance Act (FISA) -- the legislative instrument that allows warrantless snooping. The Feds were found to have abused the spy law in a "persistent and widespread" manner, according to the court, repeatedly failing to adequately justify the need to go through US citizens' communications using a law aimed at foreigners.

The court opinion details FBI queries run on thousands of individuals between 2020 and early 2021. This includes 133 people arrested during the George Floyd protests and more than 19,000 donors to a congressional campaign. In the latter, "the analyst who ran the query advised that the campaign was a target of foreign influence, but NSD determined that only eight identifiers used in the query had sufficient ties to foreign influence activities to comply with the querying standard," the opinion says, referring to the Justice Department's National Security Division (NSD). In other words, there wasn't a strong enough foreign link to fully justify the communications search.

For the Black Lives Matter protests, the division determined that the FBI queries "were not reasonably likely to retrieve foreign intelligence information or evidence of a crime." Again, an overreach of foreign surveillance powers. Additional "significant violations of the querying standard" occurred in searched related to the January 6, 2021 breach of the US Capitol, domestic drug and gang investigations, and domestic terrorism probes, according to the court. It's said that more than 23,000 queries were run on people suspected of storming the Capitol.

An anonymous reader quotes a report from Wired: Spain has advocated banning encryption for hundreds of millions of people within the European Union, according to a leaked document obtained by WIRED that reveals strong support among EU member states for proposals to scan private messages for illegal content. The document, a European Council survey of member countries' views on encryption regulation, offered officials' behind-the-scenes opinions on how to craft a highly controversial law to stop the spread of child sexual abuse material (CSAM) in Europe. The proposed law would require tech companies to scan their platforms, including users' private messages, to find illegal material. However, the proposal from Ylva Johansson, the EU commissioner in charge of home affairs, has drawn ire from cryptographers, technologists, and privacy advocates for its potential impact on end-to-end encryption.

For years, EU states have debated whether end-to-end encrypted communication platforms, such as WhatsApp and Signal, should be protected as a way for Europeans to exercise a fundamental right to privacy -- or weakened to keep criminals from being able to communicate outside the reach of law enforcement. Experts who reviewed the document at WIRED's request say it provides important insight into which EU countries plan to support a proposal that threatens to reshape encryption and the future of online privacy. Of the 20 EU countries represented in the document leaked to WIRED, the majority said they are in favor of some form of scanning of encrypted messages, with Spain's position emerging as the most extreme. "Ideally, in our view, it would be desirable to legislatively prevent EU-based service providers from implementing end-to-end encryption," Spanish representatives said in the document. The source of the document declined to comment and requested anonymity because they were not authorized to share it.

In its response, Spain said it is "imperative that we have access to the data" and suggests that it should be possible for encrypted communications to be decrypted. Spain's interior minister, Fernando Grande-Marlaska, has been outspoken about what he considers the threat posted by encryption. When reached for comment about the leaked document, Daniel Campos de Diego, a spokesperson for Spain's Ministry of Interior, says the country's position on this matter is widely known and has been publicly disseminated on several occasions. Edging close to Spain, Poland advocated in the leaked document for mechanisms through which encryption could be lifted by court order and for parents to have the power to decrypt children's communications. Several other countries say they would give law enforcement access to people's encrypted messages and communications. "Cyprus, Hungary, and Spain very clearly see this law as their opportunity to get inside encryption to undermine encrypted communications, and that to me is huge," says Ella Jakubowska, a senior policy advisor at European Digital Rights (EDRI) who reviewed the document. "They are seeing this law is going far beyond what DG home is claiming that it's there for."

President Joe Biden moved to lock in his first Democratic majority at the Federal Communications Commission, naming veteran government lawyer Anna Gomez to an open seat and proposing to extend the service of two current commissioners. From a report: The appointments poise the FCC, after more than two years of partisan deadlock under a Democratic chairwoman, to act on the party's priorities, including restoring net neutrality regulations. Such rules bar broadband providers from interfering with web traffic and were gutted by Republicans during the administration of President Donald Trump.

All three nominees, announced by the White House on Monday, need Senate confirmation. In addition to Gomez, Biden proposed a second five-year term for Democrat Geoffrey Starks, who otherwise would need to leave the agency at the end of the year. Biden also proposed another term for Republican Brendan Carr, who has been on the commission since 2017. Gomez's arrival would bring the agency to its full strength of five commissioners for the first time since January 2021, when Trump's Republican chairman departed, leaving the 2-to-2 split. An earlier Biden nominee withdrew amid opposition from Senate Republicans. FCC commissioners serve staggered five-year terms, and no more than three can be members of the president's party.

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission sided with Starlink in a battle against Dish Network today, rejecting a Dish proposal that could have degraded Internet service for Starlink satellite users. In a 4-0 vote, the FCC decided not to authorize high-powered terrestrial mobile service in the 12.2-12.7 GHz band that is already used by Starlink customer terminals for downloads. The vote "ensure[s] the present and future of satellite services in the 12.2-12.7 GHz band. We recognize that millions of people rely on services in this band -- and we want to see that continue," FCC Chair Jessica Rosenworcel said at today's meeting. The band is also used for satellite TV.

In its announcement of the vote, the FCC said it "declin[ed] to authorize two-way, high-powered terrestrial mobile use due to a significant risk of harmful interference to existing and emergent services, particularly in the growing satellite broadband market." Dish already uses spectrum from the 12.2-12.7 GHz band for satellite TV and wants to use the band for cellular service as well. While the FCC rejected the mobile proposal, it said it would investigate the potential to expand terrestrial fixed use or permit unlicensed use in that spectrum. Specifically, the FCC will seek comment on allowing point-to-point fixed links in 12.2-12.7 GHz at higher power levels than the current rules allow and on "adding indoor-only underlay and unlicensed use." The agency also teed up a plan that could eventually allow mobile broadband in the adjacent 12.7-13.25 GHz band. "Thank you to the 100K+ Starlink customers who spoke up, the FCC voted to protect high-speed satellite Internet users from harmful interference," Starlink wrote on Twitter today.

President Joe Biden intends to select veteran government lawyer Anna Gomez to serve on the Federal Communications Commission and give the agency its first Democratic majority of his presidency, Bloomberg reported Thursday, citing a person briefed on the matter. From the report: Gomez's arrival would poise the FCC, after more than two years of partisan deadlock, to act on matters including restoring net neutrality rules that bar broadband providers from interfering with web traffic. Gomez's selection may be announced soon, said the person briefed on the matter, who declined to be identified because the matter hasn't been made public. The FCC has been split 2-to-2 along party lines since Biden's inauguration in 2021. An earlier nominee withdrew amid opposition from Senate Republicans. Gomez, with a long resume of Washington jobs including private law practice and work at two agencies, needs to win confirmation from the Senate where Democrats wield a narrow majority. Democrats including FCC Chairwoman Jessica Rosenworcel have said they support restoring net neutrality rules that bar broadband providers from unfairly manipulating web traffic. The FCC under Republican leadership in 2017 gutted rules adopted earlier by the agency.

An anonymous reader quotes a report from Ars Technica: Researchers on Tuesday unveiled a major discovery -- malicious firmware that can wrangle a wide range of residential and small office routers into a network that stealthily relays traffic to command-and-control servers maintained by Chinese state-sponsored hackers. A firmware implant, revealed in a write-up from Check Point Research, contains a full-featured backdoor that allows attackers to establish communications and file transfers with infected devices, remotely issue commands, and upload, download, and delete files. The implant came in the form of firmware images for TP-Link routers. The well-written C++ code, however, took pains to implement its functionality in a "firmware-agnostic" manner, meaning it would be trivial to modify it to run on other router models.

The main purpose of the malware appears to relay traffic between an infected target and the attackers' command and control servers in a way that obscures the origins and destinations of the communication. With further analysis, Check Point Research eventually discovered that the control infrastructure was operated by hackers tied to Mustang Panda, an advanced persistent threat actor that both the Avast and ESET security firms say works on behalf of the Chinese government.

The researchers discovered the implant while investigating a series of targeted attacks against European foreign affairs entities. The chief component is a backdoor with the internal name Horse Shell. The three main functions of Horse Shell are: a remote shell for executing commands on the infected device; file transfer for uploading and downloading files to and from the infected device; and the exchange of data between two devices using SOCKS5, a protocol for proxying TCP connections to an arbitrary IP address and providing a means for UDP packets to be forwarded. The SOCKS5 functionality seems to be the ultimate purpose of the implant. By creating a chain of infected devices that establish encrypted connections with only the closest two nodes (one in each direction), it's difficult for anyone who stumbles upon one of them to learn the origin or ultimate destination or the true purpose of the infection. As Check Point researchers wrote: "Learning from history, router implants are often installed on arbitrary devices with no particular interest, with the aim to create a chain of nodes between the main infections and real command and control," Check Point researchers wrote in a shorter write-up. "In other words, infecting a home router does not mean that the homeowner was specifically targeted, but rather that they are only a means to a goal."

An anonymous reader quotes a report from KrebsOnSecurity: Countless smartphones seized in arrests and searches by police forces across the United States are being auctioned online without first having the data on them erased, a practice that can lead to crime victims being re-victimized, a new study found (PDF). In response, the largest online marketplace for items seized in U.S. law enforcement investigations says it now ensures that all phones sold through its platform will be data-wiped prior to auction.

Researchers at the University of Maryland last year purchased 228 smartphones sold "as-is" from PropertyRoom.com, which bills itself as the largest auction house for police departments in the United States. Of phones they won at auction (at an average of $18 per phone), the researchers found 49 had no PIN or passcode; they were able to guess an additional 11 of the PINs by using the top-40 most popular PIN or swipe patterns. Phones may end up in police custody for any number of reasons -- such as its owner was involved in identity theft -- and in these cases the phone itself was used as a tool to commit the crime. "We initially expected that police would never auction these phones, as they would enable the buyer to recommit the same crimes as the previous owner," the researchers explained in a paper released this month. "Unfortunately, that expectation has proven false in practice."

Beyond what you would expect from unwiped second hand phones -- every text message, picture, email, browser history, location history, etc. -- the 61 phones they were able to access also contained significant amounts of data pertaining to crime -- including victims' data -- the researchers found. [...] Also, the researchers found that many of the phones clearly had personal information on them regarding previous or intended targets of crime: A dozen of the phones had photographs of government-issued IDs. Three of those were on phones that apparently belonged to sex workers; their phones contained communications with clients. "We informed [PropertyRoom] of our research in October 2022, and they responded that they would review our findings internally," said Dave Levin, an assistant professor of computer science at University of Maryland. "They stopped selling them for a while, but then it slowly came back, and then we made sure we won every auction. And all of the ones we got from that were indeed wiped, except there were four devices that had external SD [storage] cards in them that weren't wiped."

"Deep in a pine forest in Wilcox County, Alabama, three workers dangled from the top of a 350-foot cellular tower," reports the New York Times. "They were there to rip out and replace Chinese equipment from the local wireless network..." As the United States and China battle for geopolitical and technological primacy, the fallout has reached rural Alabama and small wireless carriers in dozens of states. They are on the receiving end of the Biden administration's sweeping policies to suppress China's rise, which include trade restrictions, a $52 billion package to bolster domestic semiconductor manufacturing against China and the divestiture of the video app TikTok from its Chinese owner. What the wireless carriers must do, under a program known as "rip and replace," has become the starkest physical manifestation of the tech Cold War between the two superpowers. The program, which took effect in 2020, mandates that American companies tear out telecom equipment made by the Chinese companies Huawei and ZTE. U.S. officials have warned that gear from those companies could be used by Beijing for espionage and to steal commercial secrets.

Instead, U.S. carriers have to use equipment from non-Chinese companies. The Federal Communications Commission, which oversees the program, would then reimburse the carriers from a pot of $1.9 billion intended to cover their costs. Similar rip-and-replace efforts are taking place elsewhere. In Europe, where Huawei products have been a key part of telecom networks, carriers in Belgium, Britain, Denmark, the Netherlands and Sweden have also been swapping out the Chinese equipment because of security concerns, according to Strand Consult, a research firm that tracks the telecom industry. "Rip-and-replace was the first front in a bigger story about the U.S. and China's decoupling, and that story will continue into the next decade with a global race for A.I. and other technologies," said Blair Levin, a former F.C.C. chief of staff and a fellow at the Brookings Institution.

But cleansing U.S. networks of Chinese tech has not been easy. The costs have already ballooned above $5 billion, according to the F.C.C., more than double what Congress appropriated for reimbursements. Many carriers also face long supply chain delays for new equipment. The program's burden has fallen disproportionately on smaller carriers, which relied more on the cheaper gear from the Chinese firms than large companies like AT&T and Verizon. Given rip-and-replace's difficulties, some smaller wireless companies now say they may not be able to upgrade their networks and continue serving their communities, where they are often the only internet providers. "For many rural communities, they are faced with the disastrous choice of having to continue to use insecure networks that are ripe for surveillance or having to cut off their services," said Geoffrey Starks, a Democratic commissioner at the F.C.C.

Last month, Senator Deb Fischer, a Republican of Nebraska, introduced a bill to close the gap in rip-and-replace funding for carriers... In January, the F.C.C. said it had received 126 applications seeking funding beyond what it could reimburse. Lawmakers had underestimated the costs of shredding Huawei and ZTE equipment, and new equipment and labor costs have risen. The F.C.C. said it could cover only about 40 percent of the expenses. Some wireless carriers immediately paused their replacement efforts. "Until we have assurance of total project funding, this project will continue to be delayed as we await the necessary funding required to build and pay for the new network equipment," United Wireless of Dodge City, Kansas, wrote in a regulatory filing to the F.C.C. in January.

ZDNet reports that Jim Zemlin, executive director at the Linux Foundation, recently noted rounds of tech-industry layoffs "in the name of cost-cutting." But then Zemlin added that "open source is countercyclical to these trends. The Linux Foundation itself, for instance, had its best first quarter ever."

As Hilary Carter, SVP of research and communications at the Linux Foundation, said in her keynote speech at Open Source Summit North America in Vancouver, Canada: "In spite of what the headlines are saying, the facts are 57% of organizations are adding workers this year." Carter was quoting figures from the Linux Foundation's latest job survey, which was released at the event.

Other research also points to brighter signs in tech employment trends. CompTIA's recent analysis of the latest Bureau of Labor Statistics (BLS) data suggests the tech unemployment rate climbed by just 2.3% in April. In fact, more organizations plan to increase their technical staff levels rather than decrease.

The demand for skilled tech talent remains strong, particularly in fast-developing areas, such as cloud and containers, cybersecurity, and artificial intelligence and machine learning. So, what do these all areas of technology have in common? The answer is they're all heavily dependent on open source and Linux technologies.
While layoffs are happening at Microsoft, Amazon, Google, IBM, and even Red Hat, "the Linux Foundation found senior technical roles are seeing the biggest cuts," the article points out. "New hiring is focused on developers and IT managers." And companies are also spending more on training for existing technical staff, "driven by the fact that there aren't enough experts in hot technologies, such as Kubernetes and generative AI, to go around." Interestingly, a college degree is no longer seen as such a huge benefit. Businesses responding to the Linux Foundation's research felt upskilling (91%) and certifications (77%) are more important than a university education (58%) when it comes to addressing technology needs.