Google

Google Stadia's Salvaged Future as a Back-end Cloud Service is Here (arstechnica.com) 11

Posted by msmash from the how-about-that dept.
Quick Google Stadia recap: Things have not been great. From a report: Google's AAA cloud gaming service launched in 2019 to middling reviews and since then has severely undershot Google's sales and usage estimates by hundreds of thousands of users. The company shut down its first-party studio, "Stadia Games & Entertainment (SG&E)," before it could ever develop a game, and it did so one week after lead executive Phil Harrison gave the division a positive progress report. Several key executives have left the struggling division, like Assassin's Creed co-creator and SG&E leader Jade Raymond, Stadia's VP and head of product, John Justice, and Engineering Lead Justin Uberti.

When Google killed the game division at the beginning of the year, an accompanying blog post hinted that big changes were coming to Google's strategy: "In 2021, we're expanding our efforts to help game developers and publishers take advantage of our platform technology and deliver games directly to their players." Rather than continuing to push Stadia as a consumer-facing, branded service, Google seems to want to pivot the service to what would essentially be "Google Cloud Gaming Platform." This would be a back-end, white-label service that could power other companies' products, just like a million other Google Cloud products, like database hosting and push messaging. Google said it believes a back-end service "is the best path to building Stadia into a long-term, sustainable business." This all brings us to this Batman game presented by AT&T Wireless.
Security

Hacker Steals Government ID Database for Argentina's Entire Population (therecord.media) 41

Posted by msmash from the security-woes dept.
A hacker has breached the Argentinian government's IT network and stolen ID card details for the country's entire population, data that is now being sold in private circles. The hack, which took place last month, targeted RENAPER, which stands for Registro Nacional de las Personas, translated as National Registry of Persons. From a report: The agency is a crucial cog inside the Argentinian Interior Ministry, where it is tasked with issuing national ID cards to all citizens, data that it also stores in digital format as a database accessible to other government agencies, acting as a backbone for most government queries for citizen's personal information.
Microsoft

Security Threat Analyst Accuses Microsoft of Hosting Malware on Office365's OneDrive (itwire.com) 52

Posted by EditorDavid from the dark-clouds dept.
Slashdot reader juul_advocate quotes ITWire: A British tech researcher, who quit working as a security threat analyst with Microsoft a few months back, has called on his former employer to act speedily to remove links to ransomware on its Office365 platform. In a tweet sent on Friday, Beaumont said: "Microsoft cannot advertise themselves as the security leader with 8,000 security employees and trillions of signals if they cannot prevent their own Office365 platform being directly used to launch Conti ransomware. OneDrive abuse has been going on for years. Fix it...."

An overwhelming majority of ransomware attacks only Windows, with an analysis by staff of the Google-owned VirusTotal database last Thursday showing that 95% of 80 million samples analysed — all the way back to January 2020 — were aimed at Windows... Beaumont, who has a well-earned reputation as a researcher who is quick to admit faults in his own industry, acknowledged that other technology companies also played a big role in hosting malware. Quoting a tweet from a Swiss researcher [given below], he said: "And yes, it's not just Microsoft. Tech companies have got to do better."
IT

A Newspaper Informed Missouri About a Website Flaw. The Governor Accused it of 'Hacking' (washingtonpost.com) 120

Posted by msmash from the stranger-things dept.
On Thursday, Gov. Michael Parson (R) called a news conference to warn his state's citizens about a nefarious plot against a teachers' database by a reporter from the St. Louis Post-Dispatch. From a report: "Through a multistep process," Parson said with great solemnity, "an individual took the records of at least three educators, decoded the HTML source code and viewed the Social Security number of those specific educators."

[...] The Post-Dispatch report explains what their reporter, Josh Renaud, did to view the Social Security numbers of Missouri teachers on a website run by the state education department. (The website has been taken down; you can view an old version of it at the Internet Archive.) "Though no private information was clearly visible nor searchable on any of the web pages," the Post-Dispatch's report stated, "the newspaper found that teachers' Social Security numbers were contained in the HTML source code of the pages involved." In other words, it seems, a search tool for teacher credentials responded to searches by including a bunch of information, some of which was embedded in the source code of the page but not visible when just reading the page.
The Internet

All Linux and Mac Computers Get Their Time Zones From the Same Database (medium.com) 128

Posted by EditorDavid from the it's-about-time dept.
"All Linux and Mac-based computers pull their time zones from a massively important database — the time zone database," explains Medium's tech site OneZero. And this vastly crucial project is ultimately overseen by one man who Medium calls "The Time Zone King." The process of defining time zones is centralized. This is actually quite a big deal in its own right because people tend to grossly underestimate how pivotal Linux is to ... the entire internet and technology as we know it...

The time zone database — which is sometimes called the Olson data or zoneinfo database — has a fascinating history... Not only are time zones apparently a longstanding menace for computer developers, but the time zone maintenance community is currently, it seems, mired among some procedural dispute regarding how this essential database should best be maintained. Of course that's an interesting fact in its own right: there is a world time zone data community. In fact, The Register recently described them as being no less than " up in arms " about the direction the project was proceeding down... A difference of vision among time zone enthusiasts might be the neatest summary anybody can advance....

Not only can't the time zone titans currently agree on the best way to carry the timezone database forward, it seems. But the entire process of codifying and standardizing time zones is also decidedly contentious political business with a long and tumultuous history to go with it. Those who enter the fray need to be therefore not only technical heavyweights but also prepared to have the occasional audacity to stand up to countries like the Hashemite Republic of Jordan and tell them that their attempt to prematurely end DST is unacceptable and will not be promulgated in the database... Weary time zone mavericks are bursting to the seams with horror stories of African states who made rash time zone decisions on only four days' notice... Time zone data insiders say that every single one of these high stakes deliberations represents a near Y2K disaster that must be averted...

At the helm of this project is one individual. One guy. Paul Eggert, a computer scientist who teaches at the Department of Computer Science at the University of California's LA Campus... This is a man, after all, whose codebase helps hundreds of millions of users know what time zone they're in and who — for the past ten years — has gone to bed knowing that hundreds of millions of computers are using his code to know what time zone they're in. He's lived under that pressure for over a decade. And by all accounts thrived... Untold millions have been made by startups announcing dubious advents upon existing technologies heralded with the breathless fanaticism of companies announcing that they have found a way to turn air water into oil. Many of these will vanish into oblivion within a few short years. The time zone database won't. Because it can't. And those at the very bottom of the tech stack — those tirelessly and thanklessly maintaining open source projects upon which so much of the world's computing derives — languish in comparable obscurity...

In recent years, the project has fallen under the purview of ICANN [through its Internet Assigned Numbers Authority]. Its code reads like a cross between a JSON file and a historical novel. And while I'm sure the project has many noteworthy contributors, there's ultimately one guy who's responsible for maintaining it.

The Time Zone King. His name is Paul Eggert. And he's a computer scientist based out of UCLA. We probably all owe him a 'thank you'.
Cellphones

FCC Plans To Rein In 'Gateway' Carriers That Bring Foreign Robocalls To US (arstechnica.com) 63

Posted by BeauHD from the close-the-loopholes dept.
An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission hopes to reduce the number of illegal robocalls from overseas with an expansion of rules that require phone companies to implement Caller ID authentication technology and block illegal calls. [T]he FCC is proposing new requirements on domestic gateway providers that accept calls from outside the US. A Notice of Proposed Rulemaking (NPRM) adopted (PDF) Thursday and released on Friday proposes requiring those gateway phone companies to implement STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted Information Using toKENs) protocols, which verify the accuracy of Caller ID by using digital certificates based on public-key cryptography. "This proposal would subject foreign-originated calls, once they enter the United States, to requirements similar to those of domestic-originated calls, by placing additional obligations on gateway providers in light of the large number of illegal robocalls that originate abroad and the risk such calls present to Americans," the NPRM said. Gateway providers would be required to "apply STIR/SHAKEN caller ID authentication to, and perform robocall mitigation on, all foreign-originated calls with US numbers," the FCC said (PDF).

STIR/SHAKEN is already widely deployed in the US on IP networks due to separate requirements that apply to large phone providers. Another newly implemented rule prohibits phone companies from accepting calls from providers that haven't met requirements to deploy STIR/SHAKEN or other robocall-mitigation methods. But the STIR/SHAKEN requirements don't apply to all carriers yet. "We don't want international calling to become a loophole for our policies," FCC Acting Chairwoman Jessica Rosenworcel said on Thursday at a commission meeting. "So today we are proposing that gateway providers in the United States -- the companies that bring in calls from overseas -- take action to stop this stuff from coming in from abroad. That means they need to use STIR/SHAKEN technology, register in our Robocall Mitigation Database, and comply with traceback requests to figure out where these junk calls are originating from overseas."

The FCC said those traceback requests "are used to help block illegal robocalls and inform FCC enforcement investigations." The NPRM also proposes a new call-blocking requirement. When the FCC notifies a gateway provider about an ongoing robocall campaign, the provider would have to conduct "a prompt investigation to determine whether the traffic identified in the Enforcement Bureau's notice is illegal" and "promptly block all traffic associated with the traffic pattern identified in that notice." The NPRM seeks public comment on these proposed rules. Deadlines for initial comments will be 30 days after the NPRM is published in the Federal Register and 60 days after publication for reply comments. The docket is located here.
Android

Google Releases Android 12 To AOSP, But No Pixel Launch Today (9to5google.com) 14

Posted by BeauHD from the slight-change-of-plans dept.
In a significant departure from previous years, Google today rolled out Android 12 to AOSP but did not launch any devices, including Pixel phones. "Today we're pushing the source to the Android Open Source Project (AOSP) and officially releasing the latest version of Android," [said Dave Burke, VP of Engineering, in a blog post. "Keep an eye out for Android 12 coming to a device near you starting with Pixel in the next few weeks and Samsung Galaxy, OnePlus, Oppo, Realme, Tecno, Vivo, and Xiaomi devices later this year." 9to5Google reports: Traditionally, the AOSP launch of the next version of Android coincides with day one availability for Google phones. That is not the case this year, with Google only revealing that Pixel phones can expect an update in the "next few weeks." Google says over 225,000 people tested Android 12 over the course of the developer previews and betas. [...] Google officially highlights four Android 12 tentpoles for developers as part of today's AOSP availability. This starts with a "new UI for Android" that incorporates Material You (referred to today as "Material Design 3"), redesigned widgets, Notification UI updates, and App launch splash screens.

In terms of "Performance," Google says it has "reduced the CPU time used by core system services by 22% and the use of big cores by 15%." We've also improved app startup times and optimized I/O for faster app loading, and for database queries we've improved CursorWindow by as much as 49x for large windows. "More responsive notifications" are achieved by restricting notification trampolines, with Google Photos launching 34% faster after this change. Other changes include Optimized foreground services, Performance classes for devices, and Faster machine learning. "Privacy" is led by the new Settings Dashboard, the ability to only grant apps Approximate location, and a new Nearby devices permission for setting up wearables and other smart home accessories without granting location access. There are also the microphone and camera indicators/toggles. Developers can take advantage of "Better user experience tools" like new APIs to better support rounded screen corners, rich content insertion, AVIF images, enhanced haptics, and new camera/sensor effects. There's also Compatible media transcoding, better debugging, and an Android 12 for Games push.
AI

Clearview AI Has New Tools To Identify People in Photos (wired.com) 24

Posted by msmash from the closer-look dept.
Clearview AI has stoked controversy by scraping the web for photos and applying facial recognition to give police and others an unprecedented ability to peer into our lives. Now the company's CEO wants to use artificial intelligence to make Clearview's surveillance tool even more powerful. From a report: It may make it more dangerous and error-prone as well. Clearview has collected billions of photos from across websites that include Facebook, Instagram, and Twitter and uses AI to identify a particular person in images. Police and government agents have used the company's face database to help identify suspects in photos by tying them to online profiles. The company's cofounder and CEO, Hoan Ton-That, tells WIRED that Clearview has now collected more than 10 billion images from across the web -- more than three times as many as has been previously reported. Ton-That says the larger pool of photos means users, most often law enforcement, are more likely to find a match when searching for someone. He also claims the larger data set makes the company's tool more accurate.

Clearview combined web-crawling techniques, advances in machine learning that have improved facial recognition, and a disregard for personal privacy to create a surprisingly powerful tool. Ton-That demonstrated the technology through a smartphone app by taking a photo of the reporter. The app produced dozens of images from numerous US and international websites, each showing the correct person in images captured over more than a decade. The allure of such a tool is obvious, but so is the potential for it to be misused. Clearview's actions sparked public outrage and a broader debate over expectations of privacy in an era of smartphones, social media, and AI. [...] The pushback has not deterred Ton-That. He says he believes most people accept or support the idea of using facial recognition to solve crimes. "The people who are worried about it, they are very vocal, and that's a good thing, because I think over time we can address more and more of their concerns," he says.

Some of Clearview's new technologies may spark further debate. Ton-That says it is developing new ways for police to find a person, including "deblur" and "mask removal" tools. The first takes a blurred image and sharpens it using machine learning to envision what a clearer picture would look like; the second tries to envision the covered part of a person's face using machine learning models that fill in missing details of an image using a best guess based on statistical patterns found in other images. These capabilities could make Clearview's technology more attractive but also more problematic. It remains unclear how accurately the new techniques work, but experts say they could increase the risk that a person is wrongly identified and could exacerbate biases inherent to the system.
Security

Anonymous: We've Leaked Disk Images Stolen From Web Host Epik (theregister.com) 107

Posted by msmash from the tussle-continues dept.
slack_justyb writes: As previously reported the web host Epik was hacked by a group identifying themselves with the group Anonymous. However, in the most recent leaks from this group the scale of data that was stolen is becoming apparent, and signs point to a wholesale theft of data with no stone left unturned.

We're told the dump is a 70GB archive of files and "several bootable disk images of assorted systems" that represent Epik's server infrastructure. Journalist Steve Monacelli, who broke the news of the first data release, said the latest leak expands to 300GB. "This leak appears to be fully bootable disk images of Epik servers, including a wide range of passwords and API tokens," he added.

WhiskeyNeon, a Texas-based hacker and cybersecurity expert who reviewed the file structure of the leak, told the Daily Dot how the disk images represented Epik's entire server infrastructure. "Files are one thing, but a virtual machine disk image allows you to boot up the company's entire server on your own," he said. "We usually see breaches with database dumps, documents, configuration files, etc. In this case, we are talking about the entire server image, with all the programs and files required to host the application it is serving."

Daily Dot brings some word on Epik CEO Rob Monster response to the latest news:

Epik CEO Rob Monster, who did not respond to requests for comment from the Daily Dot, would go on to hold a more than four hour long live video conference online to address the initial hack. The meeting would see Monster break out into prayer numerous times, make attempts to vanquish demons, and warn viewers that their hard drives could burst into flames due to "curses" placed on the hacked data.
Communications

Phone Companies Must Now Block Carriers That Didn't Meet FCC Robocall Deadline (arstechnica.com) 49

Posted by msmash from the moving-forward dept.
In a new milestone for the US government's anti-robocall efforts, phone companies are now prohibited from accepting calls from providers that did not comply with a Federal Communications Commission deadline that passed this week. From a report: "Beginning today, if a voice service provider's certification and other required information does not appear in the FCC's Robocall Mitigation Database, intermediate providers and voice service providers will be prohibited from directly accepting that provider's traffic," the FCC said yesterday. Specifically, phone companies must block traffic from other "voice service providers that have neither certified to implementation of STIR/SHAKEN caller ID authentication standards nor filed a detailed robocall mitigation plan with the FCC." As we've written, the STIR (Secure Telephone Identity Revisited) and SHAKEN (Signature-based Handling of Asserted Information Using toKENs) protocols verify the accuracy of Caller ID by using digital certificates based on public-key cryptography.

STIR/SHAKEN is now widely deployed on IP networks because large phone companies were required to implement it by June 30 this year, but it isn't a cure-all. Because of technology limitations, there was no requirement to implement STIR/SHAKEN on older TDM-based networks used with copper landlines, for instance. The FCC has said that "providers using older forms of network technology [must] either upgrade their networks to IP or actively work to develop a caller ID authentication solution that is operational on non-IP networks." The FCC also gave carriers with 100,000 or fewer customers until June 30, 2023, to comply with the STIR/SHAKEN requirement, though the commission is seeking comment on a plan to make that deadline June 30, 2022, instead because "evidence demonstrates that a subset of small voice service providers appear to be originating a high number of calls relative to their subscriber base and are also generating a high and increasing share of illegal robocalls compared to larger providers."
Earth

Meat Accounts For Nearly 60% of All Greenhouse Gases From Food Production, Study Finds (theguardian.com) 252

Posted by BeauHD from the time-to-go-vegetarian dept.
An anonymous reader quotes a report from The Guardian: The global production of food is responsible for a third of all planet-heating gases emitted by human activity, with the use of animals for meat causing twice the pollution of producing plant-based foods, a major new study has found. The entire system of food production, such as the use of farming machinery, spraying of fertilizer and transportation of products, causes 17.3 billion metric tons of greenhouse gases a year, according to the research. This enormous release of gases that fuel the climate crisis is more than double the entire emissions of the US and represents 35% of all global emissions, researchers said.

The use of cows, pigs and other animals for food, as well as livestock feed, is responsible for 57% of all food production emissions, the research found, with 29% coming from the cultivation of plant-based foods. The rest comes from other uses of land, such as for cotton or rubber. Beef alone accounts for a quarter of emissions produced by raising and growing food. Grazing animals require a lot of land, which is often cleared through the felling of forests, as well as vast tracts of additional land to grow their feed. The paper calculates that the majority of all the world's cropland is used to feed livestock, rather than people. Livestock also produce large quantities of methane, a powerful greenhouse gas. [...] The difference in emissions between meat and plant production is stark – to produce 1kg of wheat, 2.5kg of greenhouse gases are emitted. A single kilo of beef, meanwhile, creates 70kg of emissions. The researchers said that societies should be aware of this significant discrepancy when addressing the climate crisis.

The researchers built a database that provided a consistent emissions profile of 171 crops and 16 animal products, drawing data from more than 200 countries. They found that South America is the region with the largest share of animal-based food emissions, followed by south and south-east Asia and then China. Food-related emissions have grown rapidly in China and India as increasing wealth and cultural changes have led more younger people in these countries to adopt meat-based diets. The paper's calculations of the climate impact of meat is higher than previous estimates -- the UN's Food and Agricultural Organization has said about 14% of all emissions come from meat and diary production. The study has been published in Nature Food.
Businesses

The IT Talent Gap is Still Growing (venturebeat.com) 109

Posted by msmash from the closer-look dept.
IT executives see the talent shortage as the most significant adoption barrier to 64% of emerging technologies, according to a new Gartner survey. From a report: Across compute infrastructure and platform services, network, security, digital workplace, IT automation, and storage and database, respondents cited a lack of qualified candidates as a leading factor impeding tech deployment at their companies. "The ongoing push toward remote work and the acceleration of hiring plans in 2021 has exacerbated IT talent scarcity, especially for sourcing skills that enable cloud and edge, automation, and continuous delivery," Gartner research VP Yinuo Geng said in a press release.

"As one example, of all the IT automation technologies profiled in the survey, only 20% of them have moved ahead in the adoption cycle since 2020. The issue of talent is to blame here." The talent gaps are particularly acute for IT automation and digital workplace solutions, according to the executives surveyed -- a reflection of the demand for these technologies. According to McKinsey, nearly half of executives say their embrace of automation has accelerated, while digital and technology adoption is taking place about 25 times faster than before the pandemic. For example, Brain Corp reported that the use of robots to clean retail stores in the U.S. rose 24% in Q2 2020 year-over-year, and IBM has seen a surge in new users of its AI-driven customer service platform Watson Assistant.
United States

LAPD Officers Told To Collect Social Media Data on Every Civilian They Stop (theguardian.com) 195

Posted by msmash from the closer-look dept.
The Los Angeles police department (LAPD) has directed its officers to collect the social media information of every civilian they interview, including individuals who are not arrested or accused of a crime, according to records shared with the Guardian. From a report: Copies of the "field interview cards" that police complete when they question civilians reveal that LAPD officers are instructed to record a civilian's Facebook, Instagram, Twitter and other social media accounts, alongside basic biographical information. An internal memo further shows that the police chief, Michel Moore, told employees that it was critical to collect the data for use in "investigations, arrests, and prosecutions," and warned that supervisors would review cards to ensure they were complete.

The documents, which were obtained by the not-for-profit organization the Brennan Center for Justice, have raised concerns about civil liberties and the potential for mass surveillance of civilians without justification. "There are real dangers about police having all of this social media identifying information at their fingertips," said Rachel Levinson-Waldman, a deputy director at the Brennan Center, noting that the information was probably stored in a database that could be used for a wide range of purposes. The Brennan Center conducted a review of 40 other police agencies in the US and was unable to find another department that required social media collection on interview cards (though many have not publicly disclosed copies of the cards). The organization also obtained records about the LAPD's social media surveillance technologies, which have raised questions about the monitoring of activist groups including Black Lives Matter.
Security

McDonald's Leaks Password For Monopoly VIP Database To Winners (bleepingcomputer.com) 33

Posted by BeauHD from the I'm-lovin-it dept.
A bug in the McDonald's Monopoly VIP game in the United Kingdom caused the login names and passwords for the game's database to be sent to all winners. BleepingComputer reports: After skipping a year due to COVID-19, McDonald's UK launched their popular Monopoly VIP game on August 25th, where customers can enter codes found on purchase food items for a chance to win a prize. These prizes include 100,000 pounds in cash, an Ibiza villa or UK getaway holiday, Lay-Z Spa hot tubs, and more. Unfortunately, the game hit a snag over the weekend after a bug caused the user name and passwords for both the production and staging database servers to be in prize redemption emails sent to prize winners.

An unredacted screenshot of the email sent to prize winners was shared with BleepingComputer by Troy Hunt that shows an exception error, including sensitive information for the web application. This information included hostnames for Azure SQL databases and the databases' login names and passwords, as displayed in the redacted email below sent to a Monopoly VIP winner. The prize winner who shared the email with Troy Hunt said that the production server was firewalled off but that they could access the staging server using the included credentials. As these databases may have contained winning prize codes, it could have allowed an unscrupulous person to download unused game codes to claim the prizes. Luckily for McDonald's, the person responsibly disclosed the issue with McDonald's, and while they did not receive a response, they later found that the staging server's password was soon changed.
Microsoft

Microsoft Warns Thousands of Cloud Customers of Exposed Databases (reuters.com) 43

Posted by msmash from the security-woes dept.
Microsoft has warned thousands of its cloud computing customers, including some of the world's largest companies, that intruders could have the ability to read, change or even delete their main databases, according to a copy of the email and a cyber security researcher. From a report: The vulnerability is in Microsoft Azure's flagship Cosmos database. A research team at security company Wiz discovered it was able to access keys that control access to databases held by thousands of companies. Wiz Chief Technology Officer Ami Luttwak is a former chief technology officer at Microsoft's Cloud Security Group. Because Microsoft cannot change those keys by itself, it emailed the customers Thursday telling them to create new ones. Microsoft agreed to pay Wiz $40,000 for finding the flaw and reporting it, according to an email it sent to Wiz. Microsoft's email to customers said it has fixed the vulnerability and that there was no evidence the flaw had been exploited. "We have no indication that external entities outside the researcher (Wiz) had access to the primary read-write key," according to a copy of the email seen by Reuters.
AI

Clearview AI Offered Free Facial Recognition Trials To Police Around the World (buzzfeednews.com) 14

Posted by BeauHD from the global-reach dept.
An anonymous reader quotes a report from BuzzFeed News: Law enforcement agencies and government organizations from 24 countries outside the United States used a controversial facial recognition technology called Clearview AI, according to internal company data reviewed by BuzzFeed News. That data, which runs up until February 2020, shows that police departments, prosecutors' offices, universities, and interior ministries from around the world ran nearly 14,000 searches with Clearview AI's software. At many law enforcement agencies from Canada to Finland, officers used the software without their higher-ups' knowledge or permission. After receiving questions from BuzzFeed News, some organizations admitted that the technology had been used without leadership oversight.

In March, a BuzzFeed News investigation based on Clearview AI's own internal data showed how the New York -- based startup distributed its facial recognition tool, by marketing free trials for its mobile app or desktop software, to thousands of officers and employees at more than 1,800 US taxpayer-funded entities. Clearview claims its software is more accurate than other facial recognition technologies because it is trained on a database of more than 3 billion images scraped from websites and social media platforms, including Facebook, Instagram, LinkedIn, and Twitter. Law enforcement officers using Clearview can take a photo of a suspect or person of interest, run it through the software, and receive possible matches for that individual within seconds. Clearview has claimed that its app is 100% accurate in documents provided to law enforcement officials, but BuzzFeed News has seen the software misidentify people, highlighting a larger concern with facial recognition technologies.

Based on new reporting and data reviewed by BuzzFeed News, Clearview AI took its controversial US marketing playbook around the world, offering free trials to employees at law enforcement agencies in countries including Australia, Brazil, and the United Kingdom. To accompany this story, BuzzFeed News has created a searchable table of 88 international government-affiliated and taxpayer-funded agencies and organizations listed in Clearview's data as having employees who used or tested the company's facial recognition service before February 2020, according to Clearview's data. Some of those entities were in countries where the use of Clearview has since been deemed "unlawful." Clearview CEO Hoan Ton-That insists the company's key market is the U.S., saying: "While there has been tremendous demand for our service from around the world, Clearview AI is primarily focused on providing our service to law enforcement and government agencies in the United States. Other countries have expressed a dire need for our technology because they know it can help investigate crimes, such as, money laundering, financial fraud, romance scams, human trafficking, and crimes against children, which know no borders."

Ton-That alleged there are "inaccuracies contained in BuzzFeed's assertions," but declined to explain what those might be and didn't answer any follow-up questions.
Software

Little-Known Federal Software Can Trigger Revocation of Citizenship (theintercept.com) 141

Posted by msmash from the closer-look dept.
An anonymous reader writes: Software used by the Department of Homeland Security to scan the records of millions of immigrants can automatically flag naturalized Americans to potentially have their citizenship revoked based on secret criteria, according to documents reviewed by The Intercept. The software, known as ATLAS, takes information from immigrants' case files and runs it though various federal databases. ATLAS looks for indicators that someone is dangerous or dishonest and is ostensibly designed to detect fraud among people who come into contact with the U.S. immigration system. But advocates for immigrants believe that the real purpose of the computer program is to create a pretext to strip people of citizenship. Whatever the motivation, ATLAS's intended outcome is ultimately deportation, judging from the documents, which originate within DHS and were obtained by the Open Society Justice Initiative and Muslim Advocates through Freedom of Information Act lawsuits.

ATLAS helps DHS investigate immigrants' personal relationships and backgrounds, examining biometric information like fingerprints and, in certain circumstances, considering an immigrant's race, ethnicity, and national origin. It draws information from a variety of unknown sources, plus two that have been criticized as being poorly managed: the FBI's Terrorist Screening Database, also known as the terrorist watchlist, and the National Crime Information Center. Powered by servers at tech giant Amazon, the system in 2019 alone conducted 16.5 million screenings and flagged more than 120,000 cases of potential fraud or threats to national security and public safety. Ultimately, humans at DHS are involved in determining how to handle immigrants flagged by ATLAS. But the software threatens to amplify the harm caused by bureaucratic mistakes within the immigration system, mistakes that already drive many denaturalization and deportation cases. "ATLAS should be considered as suspect until it is shown not to generate unfair, arbitrary, and discriminatory results," said Laura Bingham, a lawyer with the Open Society Justice Initiative. "From what we are able to scrutinize in terms of the end results -- like the disparate impact of denaturalization based on national origin -- there is ample reason to consider ATLAS a threat to naturalized citizens."
Communications

FCC Asks $5 Million Fine For Activists' Election Robocalls (axios.com) 80

Posted by msmash from the how-about-that dept.
The Federal Communications Commission has proposed a $5 million fine against right-wing activists Jacob Wohl and Jack Burkman for allegedly making illegal robocalls discouraging mail voting ahead of the 2020 election. From a report: The record-setting penalty from the FCC comes as the pair faces criminal charges of voter suppression in Michigan and a federal lawsuit in New York accusing them of making 85,000 robocalls to Black Americans in an attempt to keep them from voting. The FCC says Wohl and Burkman made over 1,000 pre-recorded calls to wireless phones without receiving consent for those calls, in violation of the Telephone Consumer Protection Act. The messages said if the voters cast their ballot by mail, their "personal information will be part of a public database that will be used by police departments to track down old warrants and be used by credit card companies to collect outstanding debts," according to an FCC news release.
AI

AI-Powered Tech Put a 65-Year-Old in Jail For Almost a Year Despite 'Insufficient Evidence' (apnews.com) 98

Posted by EditorDavid from the innocence-doesn't-pay dept.
"ShotSpotter" is an AI-powered tool that claims it can detect the sound of gunshots. To install it can cost up to $95,000 per square mile — every year — reports the Associated Press.

There's just one problem. "The algorithm that analyzes sounds to distinguish gunshots from other noises has never been peer reviewed by outside academics or experts." "The concern about ShotSpotter being used as direct evidence is that there are simply no studies out there to establish the validity or the reliability of the technology. Nothing," said Tania Brief, a staff attorney at The Innocence Project, a nonprofit that seeks to reverse wrongful convictions.

A 2011 study commissioned by the company found that dumpsters, trucks, motorcycles, helicopters, fireworks, construction, trash pickup and church bells have all triggered false positive alerts, mistaking these sounds for gunshots. ShotSpotter CEO Ralph Clark said the company is constantly improving its audio classifications, but the system still logs a small percentage of false positives. In the past, these false alerts — and lack of alerts — have prompted cities from Charlotte, North Carolina, to San Antonio, Texas, to end their ShotSpotter contracts, the AP found.
And the potential for problems isn't just hypothetical. Just ask 65-year-old Michael Williams: Williams was jailed last August, accused of killing a young man from the neighborhood who asked him for a ride during a night of unrest over police brutality in May... "I kept trying to figure out, how can they get away with using the technology like that against me?" said Williams, speaking publicly for the first time about his ordeal. "That's not fair." Williams sat behind bars for nearly a year before a judge dismissed the case against him last month at the request of prosecutors, who said they had insufficient evidence.

Williams' experience highlights the real-world impacts of society's growing reliance on algorithms to help make consequential decisions about many aspects of public life... ShotSpotter evidence has increasingly been admitted in court cases around the country, now totaling some 200. ShotSpotter's website says it's "a leader in precision policing technology solutions" that helps stop gun violence by using "sensors, algorithms and artificial intelligence" to classify 14 million sounds in its proprietary database as gunshots or something else. But an Associated Press investigation, based on a review of thousands of internal documents, emails, presentations and confidential contracts, along with interviews with dozens of public defenders in communities where ShotSpotter has been deployed, has identified a number of serious flaws in using ShotSpotter as evidentiary support for prosecutors. AP's investigation found the system can miss live gunfire right under its microphones, or misclassify the sounds of fireworks or cars backfiring as gunshots.

Forensic reports prepared by ShotSpotter's employees have been used in court to improperly claim that a defendant shot at police, or provide questionable counts of the number of shots allegedly fired by defendants. Judges in a number of cases have thrown out the evidence... The company's methods for identifying gunshots aren't always guided solely by the technology. ShotSpotter employees can, and often do, change the source of sounds picked up by its sensors after listening to audio recordings, introducing the possibility of human bias into the gunshot detection algorithm. Employees can and do modify the location or number of shots fired at the request of police, according to court records. And in the past, city dispatchers or police themselves could also make some of these changes.
Three more eye-popping details from the AP's 4,000-word exposé
  • "One study published in April in the peer-reviewed Journal of Urban Health examined ShotSpotter in 68 large, metropolitan counties from 1999 to 2016, the largest review to date. It found that the technology didn't reduce gun violence or increase community safety..."
  • "Forensic tools such as DNA and ballistics evidence used by prosecutors have had their methodologies examined in painstaking detail for decades, but ShotSpotter claims its software is proprietary, and won't release its algorithm..."
  • "In 2018, it acquired a predictive policing company called HunchLab, which integrates its AI models with ShotSpotter's gunshot detection data to purportedly predict crime before it happens."
Google

Google Says Geofence Warrants Make Up One-Quarter Of All US Demands (techcrunch.com) 55

Posted by BeauHD from the controversial-warrants dept.
For the first time, Google has published the number of geofence warrants it's historically received from U.S. authorities, providing a rare glimpse into how frequently these controversial warrants are issued. ZDNet's Zack Whittaker reports: The figures, published Thursday, reveal that Google has received thousands of geofence warrants each quarter since 2018, and at times accounted for about one-quarter of all U.S. warrants that Google receives. The data shows that the vast majority of geofence warrants are obtained by local and state authorities, with federal law enforcement accounting for just 4% of all geofence warrants served on the technology giant. According to the data, Google received 982 geofence warrants in 2018, 8,396 in 2019 and 11,554 in 2020. But the figures only provide a small glimpse into the volume of warrants received and did not break down how often it pushes back on overly broad requests.

Geofence warrants are also known as "reverse-location" warrants, since they seek to identify people of interest who were in the near vicinity at the time a crime was committed. Police do this by asking a court to order Google, which stores vast amounts of location data to drive its advertising business, to turn over details of who was in a geographic area, such as a radius of a few hundred feet at a certain point in time, to help identify potential suspects. Google has long shied away from providing these figures, in part because geofence warrants are largely thought to be unique to Google. Law enforcement has long known that Google stores vast troves of location data on its users in a database called Sensorvault, first revealed by The New York Times in 2019. Google spokesperson Alex Krasov said in a statement: "We vigorously protect the privacy of our users while supporting the important work of law enforcement. We developed a process specifically for these requests that is designed to honor our legal obligations while narrowing the scope of data disclosed."

Slashdot Top Deals