On Wednesday, Magic: The Gathering publisher Wizards of the Coast took unprecedented measures to remove racist cards from its game. Seven cards in all, dating back to 1994, are now banned from play. Their images will also being removed from the game's official online database. Polygon reports: "The events of the past weeks and the ongoing conversation about how we can better support people of color have caused us to examine ourselves, our actions, and our inactions," Wizards said in a statement. "We appreciate everyone helping us to recognize when we fall short. We should have been better, we can be better, and we will be better." The list of now-banned cards is: Invoke Prejudice, Cleanse, Stone-Throwing Devils, Pradesh Gypsies, Jihad, Imprison, and Crusade.

One card in particular, Invoke Prejudice, was singled out. It shows a hooded executioner with a black axe. "If opponent casts a Summon spell that does not match the color of one of the creatures under your control, that spell is countered," says the card. It effectively kills off creatures that don't look like the creatures already on the table. Gatherer, the official online database of every Magic card ever published, displays the card at a web URL ending in "1488," numbers that are synonymous with white supremacy. All cards will be replaced online with a note that calls out their racist depictions, text, or a combination thereof.

Sen. Edward Markey has raised concerns that police and law enforcement agencies have access to controversial facial recognition app Clearview AI in cities where people are protesting the killing of George Floyd, an unarmed black man who died two weeks ago while in the custody of Minneapolis police. CNET reports: Markey, a Democratic senator from Massachusetts and a member of the Commerce, Science, and Transportation Committee, said Tuesday the technology could be used to identify and arrest protestors. "As demonstrators across the country exercise their First Amendment rights by protesting racial injustice, it is important that law enforcement does not use technological tools to stifle free speech or endanger the public," Markey said in a letter to Clearview AI CEO and co-founder Hoan Ton-That. The threat of surveillance could also deter people from "speaking out against injustice for fear of being permanently included in law enforcement databases," he said.

Markey, who has previously hammered Clearview AI over its sales to foreign governments, use by domestic law enforcement and use in the COVID-19 pandemic, is now asking the company for a list of law enforcement agencies that have signed new contracts since May 25, 2020. It's also being asked if search traffic on its database has increased during the past two weeks; whether it considers a law enforcement agency's "history of unlawful or discriminatory policing practices" before selling the technology to them; what process it takes to give away free trials; and whether it will prohibit its technology from being used to identify peaceful protestors. Ton-That said he will respond to the letter from Markey. "Clearview AI's technology is intended only for after-the-crime investigations, and not as a surveillance tool relating to protests or under any other circumstances," he said in an emailed statement.

A study that analyzed the top 54 open source projects found that security vulnerabilities in these tools doubled in 2019, going from 421 bugs reported in 2018 to 968 last year. From a report: According to RiskSense's "The Dark Reality of Open Source" report, released today, the company found 2,694 bugs reported in popular open source projects between 2015 and March 2020. The report didn't include projects like Linux, WordPress, Drupal, and other super-popular free tools, since these projects are often monitored, and security bugs make the news, ensuring most of these security issues get patched fairly quickly. Instead, RiskSense looked at other popular open source projects that aren't as well known but broadly adopted by the tech and software community. This included tools like Jenkins, MongoDB, Elasticsearch, Chef, GitLab, Spark, Puppet, and others. RiskSense says that one of the main problems they found during their study was that a large number of the security bugs they analyzed had been reported to the National Vulnerability Database (NVD) many weeks after they've been publicly disclosed. The company said it usually took on average around 54 days for bugs found in these 54 projects to be reported to the NVD, with PostgreSQL seeing reporting delays that amounted to eight months.

Last month Techcrunch reported that Mozilla had gone "full incubator" by holding a startup lab called Fix the Internet, followed by "a formal program dangling $75,000 investments in front of early-stage companies..."

Fix the Internet had many key themes, including collaboration and decentralization (as well as user-controlled data and privacy-protecting social networks). That event "drew the interest of some 1,500 people in 520 projects, and 25 were chosen to receive the full package and stipend during the development of their minimum viable product (MVP). Below that, as far as pecuniary commitment goes, is the 'MVP Lab,' similar to the spring program but offering a total of $16,000 per team."

And one of those MVP Lab teams is Meething, a new video conferencing and collaboration platform from the innovation lab ERA. Meething "aims to be more secure than existing video conferencing tools and run on a decentralized database engine and leverage peer-to-peer networking" according to ZDNet.

In their video interview with CEO Mark Nadal, he outlined the following selling points:

• Browser based video conferencing gives customers better options for security as well as branding.
• Open source architecture is a win and the peer-to-peer networking is more efficient on compute costs.
• Meething doesn't require downloads or apps that increase the security attack surface.
  
  The total addressable market for video conferencing is large and can support multiple players.

Their press release quotes Mark Mayo, a former Chief Product Officer at Mozilla who served as Meething's mentor, arguing that video conferencing on the web "has long promised to enable a whole new world of online collaboration. Frankly, it hasn't delivered. It's been way too hard to build cool products with video and Meething aims to be the zero-barrier-to-entry platform that realizes this future. Soon, video conferencing won't suck!"

Slack is partnering with Amazon in a multi-year agreement that means all Amazon employees will start to use Slack. The Verge reports: The deal comes just as Slack faces increased competition from Microsoft Teams, and it will also see Slack migrate its voice and video calling features over to Amazon's Chime platform alongside a broader adoption of Amazon Web Services (AWS). Amazon's roll out of Slack to all of its employees is a big part of the deal, thanks to an enterprise-wide agreement. It's not immediately clear how many of Amazon's 840,000 employees will be using Slack, though. Up until today, Slack's biggest customer has been IBM, which is rolling out Slack to its 350,000 employees.

While Slack has long used AWS to power parts of its chat app, it's now committing to using Amazon's cloud services as its preferred partner for storage, compute, database, security, analytics, machine learning, and future collaboration features. The deal means it's unlikely we'll see Slack turn to Microsoft's Azure cloud services or Google Cloud to power parts of its service in the foreseeable future. [...] Slack and Amazon are also promising better product integration and interoperability for features like AWS Chatbot, a service that pushes out Slack channel alerts for AWS instances. In the coming months, Slack and AWS will improve its Amazon AppFlow integration to support bi-directional transfer of data between AWS services and Slack channels.

AmiMoJo shares a report from The Guardian The World Health Organization and a number of national governments have changed their Covid-19 policies and treatments on the basis of flawed data from a little-known U.S. healthcare analytics company, also calling into question the integrity of key studies published in some of the world's most prestigious medical journals. Surgisphere, whose employees appear to include a sci-fi writer and adult content model, provided the database behind Lancet and New England Journal of Medicine hydroxychloroquine studies. Data it claims to have legitimately obtained from more than a thousand hospitals worldwide formed the basis of scientific articles that have led to changes in Covid-19 treatment policies in Latin American counties. It was also behind a decision by the WHO and research institutes around the world to halt trials of the controversial drug hydroxychloroquine. Late on Tuesday, the Lancet released an "expression of concern" about its published study. The New England Journal of Medicine has also issued a similar notice. According to an independent audit by authors not affiliated with Surgisphere, the article includes a list of "concerns that have been raised about the reliability of the database." Some of the main points include: Surgisphere's employees have little or no data or scientific background; While Surgisphere claims to run one of the largest and fastest growing hospital databases in the world, it has almost no online presence; and The firm's chief executive, Sapan Desai, has been named in three medical malpractice suits.

An anonymous reader quotes a report from the BBC: As the United States deals with widespread civil unrest across dozens of cities, "hacktivist" group Anonymous has returned from the shadows. The hacker collective was once a regular fixture in the news, targeting those it accused of injustice with cyber-attacks. After years of relative quiet, it appears to have re-emerged in the wake of violent protests in Minneapolis over the death of George Floyd, promising to expose the "many crimes" of the city's police to the world. However, it's not easy to pin down what, if anything, is genuinely the mysterious group's work.

Various forms of cyber-attack are being attributed to Anonymous in relation to the George Floyd protests. First, the Minneapolis police department website was temporarily taken offline over the weekend in a suspected Distributed Denial of Service (DDoS) attack. This is an unsophisticated but effective form of cyber-attack that floods a server with data until it can't keep up and stops working -- in the same way that shopping websites can go offline when too many people flood it to snap up high-demand products. A database of email addresses and passwords claiming to be hacked from the police department's system is also in circulation, and being linked to Anonymous. However, there is no evidence that the police servers have been hacked and one researcher, Troy Hunt, says the credentials are likely to have been compiled from older data breaches.

A page on the website of a minor United Nations agency has been turned into a memorial for Mr Floyd, replacing its contents with the message "Rest in Power, George Floyd", along with an Anonymous logo. On Twitter, unverified posts have also gone viral, apparently showing police radios playing music and preventing communication. However, experts suggest it is unlikely to be a hack, and could instead be the result of a stolen piece of hardware being commandeered by protesters on the scene -- if the videos are genuine in the first place. Anonymous activists are also circulating years-old accusations against President Trump, taken from documents in a civil court case that was voluntarily dismissed by the accuser before it went to trial.

The American Civil Liberties Union on Thursday sued the facial recognition start-up Clearview AI (alternative source), which claims to have helped hundreds of law enforcement agencies use online photos to solve crimes, accusing the company of "unlawful, privacy-destroying surveillance activities." The New York Times reports: In a suit filed in Illinois, the A.C.L.U. said that Clearview violated a state law that forbids companies from using a resident's fingerprints or face scans without consent. Under the law, residents have the right to sue companies for up to $5,000 per privacy violation. "The bottom line is that, if left unchecked, Clearview's product is going to end privacy as we know it," said Nathan Freed Wessler, a lawyer at the A.C.L.U., "and we're taking the company to court to prevent that from happening."

The suit, filed in the Circuit Court of Cook County, adds to the growing backlash against Clearview since January, when The New York Times reported that the company had amassed a database of more than three billion photos across the internet, including from Facebook, YouTube, Twitter and Venmo. This trove of photos enables anyone with the Clearview app to match a person to their online photos and find links back to the sites where the images originated. People in New York and Vermont have also filed suits in against the company in recent months, and the state attorneys general of Vermont and New Jersey have ordered Clearview to stop collecting residents' photos. According to the A.C.L.U. suit, "Clearview has set out to do what many companies have intentionally avoided out of ethical concerns: create a mass database of billions of face prints of people, including millions of Illinoisans, entirely unbeknownst to those people, and offer paid access to that database to private and governmental actors worldwide." The company's business model, the complaint said, "appears to embody the nightmare scenario" of a "private company capturing untold quantities of biometric data for purposes of surveillance and tracking without notice to the individuals affected, much less their consent."

Thailand's largest cell network AIS has pulled a database offline that was spilling billions of real-time internet records on millions of Thai internet users. From a report: Security researcher Justin Paine said in a blog post that he found the database, containing DNS queries and Netflow data, on the internet without a password. With access to this database, Paine said that anyone could "quickly paint a picture" about what an internet user (or their household) does in real-time. Paine alerted AIS to the open database on May 13. But after not hearing back for a week, Paine reported the apparent security lapse to Thailand's national computer emergency response team, known as ThaiCERT, which contacted AIS about the open database. The database was inaccessible a short time later. AIS spokesperson Sudaporn Watcharanisakorn confirmed AIS owned the data, and apologized for the security lapse.

The State of Software Security (SOSS): Open Source Edition "analyzed the component open source libraries across the Veracode platform database of 85,000 applications which includes 351,000 unique external libraries," reports TechRepublic. "Chris Eng, chief research officer at Veracode, said open source software has a surprising variety of flaws." "An application's attack surface is not limited to its own code and the code of explicitly included libraries, because those libraries have their own dependencies," he said. The study found that 70% of applications have a security flaw in an open source library on an initial scan.
Other findings from the report:

• The most commonly included libraries are present in over 75% of applications for each language.

• 47% of those flawed libraries in applications are transitive.

• More than 61% of flawed libraries in JavaScript contain vulnerabilities without corresponding common vulnerabilities and exposures (CVEs).

• Fixing most library-introduced flaws can be done with a minor version upgrade.

• Using any given PHP library has a greater than 50% chance of bringing a security flaw along with it.

sciencehabit shares a report from Science Magazine: When the Soviet Union launched Sputnik into orbit in 1957, the United States responded with its own spy satellites. The espionage program, known as Corona, sought to locate Soviet missile sites, but its Google Earth-like photography captured something unintended: snapshots of animals and their habitats frozen in time. Now, by comparing these images with modern data, scientists have found a way to track the decline of biodiversity in regions that lack historic records.

The researchers tested the approach on bobak marmot (Marmota bobak) populations in the grassland region of northern Kazakhstan. There, Soviets converted millions of hectares of natural habitat into cropland in the 1960s. The scientists searched the satellites' black and white film images on a U.S. Geological Survey database for signs of the squirrel-like animal's burrows. They identified more than 5,000 historic marmot homes and compared them with contemporary digital images of the region, mapping more than 12,000 marmot burrows in all. About eight generations of marmots occupied the same burrows in the study area over more than 50 years, even when their habitats underwent major changes, the team reports in the Proceedings of the Royal Society B. Overall, the researchers estimate the number of marmot burrows dropped by 14% since the '60s. But the number of burrows in some of the oldest fields -- those persistently disturbed by humans plowing grassland to plant wheat -- plunged by much more -- about 60%.

Apple and Google announced today that they have rolled out a COVID-19 exposure notification system, "essentially a unified programming interface that will allow public health departments to create their own contact tracing applications," reports ABC News. "Apple and Google are not building contact tracing apps." From the report: "Starting today, our Exposure Notifications technology is available to public health agencies on both iOS and Android," Apple and Google said in a statement. "Today, this technology is in the hands of public health agencies across the world who will take the lead and we will continue to support their efforts."

After an individual downloads and enables a contact tracing application on his phone, he would subsequently receive an alert if he is exposed to anyone who is diagnosed with or likely to have COVID-19. Of course, that assumes that the COVID-19-positive individual also has the application enabled on his phone. The companies said that digital contact tracing is meant to argument traditional human-to-human tracing, not replace it. Digital contact tracing is faster than traditional tracing, requires fewer resources and since it doesn't rely on human memory, can make it easier to track exposure in crowded spaces, or contact with strangers. On the other hand, for such applications to be effective, they require users to download and enable the applications on their phones, and it's not yet clear that Americans will be willing to do so en masse. "Once they download the app, users will have to consent to make their information available to the health authorities and can turn it on and off when they choose to," the report adds. "Data collection will be kept private and only used by health authorities for COVID-19 exposure, not stored in a central database."

The companies said that they will not monetize the data that comes out of the system.

According to CEO Kyle Wiens, teardown and repair website iFixit has just posted "the most comprehensive online resource for medical repair professionals." The Verge reports: The new database contains dedicated sections for clinical, laboratory, and medical support equipment, in addition to numerous other categories of devices. It also provides more than 13,000 manuals from hundreds of medical device manufacturers. Wiens says the effort began with a crowdsourcing campaign to collect repair information for hospital equipment, with a focus on "ventilator documentation, anesthesia systems, and respiratory analyzers -- devices widely used to support COVID-19 patients." But the effort grew from there, spanning more than two months as iFixit added dozens more staff members to the project; began talking to more biomedical technicians, doctors, and nurses about their day-to-day needs; and started collecting and cataloging information from libraries and other sources.

The medical repair database is split up into nine categories, with each containing countless subcategories for basically any type of device you'd find in a medical setting. For instance, the clinical equipment category contains 53 subcategories for everything from anesthesia systems and Bilevel Positive Airway Pressure (BiPAP) machines to respiratory analyzers and ventilators. The database also has medical training manuals, information on medical furniture like decontamination systems and hospital beds, and an exhaustive section on surgical equipment repair and maintenance. Wiens explains in iFixit's announcement post that some medical device manufacturers make this information more easily available online than others. "But for their day-to-day work, biomeds have long relied on a rag-tag set of web resources to get the job done. Among the most popular is Frank's Hospital Workshop, a Tanzania-based site that hosts hundreds of medical device manuals -- it's the unofficial biomed bible," Wiens writes. The goal was not to outdo that website or try to overtake it in popularity, but to add new documents and manuals that weren't available before to a database including existing resources. Another bonus: the website will not make money on this project. "We are providing hosting and curation free of charge, and free of advertising, to the medical community," Wiens says.

Long-time Slashdot reader bbsguru shares a story from the alternative newsweekly the Arkansas Times. "A computer programmer applying for unemployment on Arkansas's Pandemic Unemployment Assistance program discovered a vulnerability in the system that exposed the Social Security numbers, bank account and routing numbers and other sensitive information of some 30,000 applicants.

"Anyone with basic computer knowledge could have accessed personal information for malicious purposes." Alarmed, the computer programmer called the Arkansas Division of Workforce Services Friday morning and was told by an operator that there was no one available who could talk to him. He then tried someone at the Arkansas State Police Criminal Investigation Division, who told the programmer he would find the person he needed to talk with to fix the situation. The programmer later called the Arkansas Times for advice on whom to call. The Times alerted the Division of Workforce Services to the issue at 4:30 p.m. Soon after a message appeared on the website that said, "The site is currently under maintenance...."

In exploring the website, the computer programmer determined that by simply removing part of the site's URL, he could access the administrative portal of the site, where he had the option of editing the personal information of applicants, including bank account numbers. From the admin portal, he viewed the page's source code and saw that the site was using an API (application programming interface) to connect with a database. That API was also left unencrypted, and he could access all of the applicants' raw data, included Social Security numbers and banking information...

The computer programmer said he thought he could have programmed a script that would gather all of the information from the API in under an hour.

An anonymous reader quotes a report from 9to5Mac: A massive data breach dubbed db8151dd has exposed the records of 22M people -- including addresses, phone numbers, and social media links. But the source of the data is a mystery. I got an email alert this morning from the haveibeenpwned.com site telling me that my details were included. The exposed data appears extensive: "Email addresses, Job titles, Names, Phone numbers, Physical addresses, Social media profiles." However, Troy Hunt, who runs the site, said that nobody has been able to identify where the information came from.

That 'interesting' data appears to come from customer relationship management (CRM) systems, including things like: "Recommended by Andie [redacted last name]. Arranged for carpenter apprentice Devon [redacted last name] to replace bathroom vanity top at [redacted street address], Vancouver, on 02 October 2007." Best guess is it's some kind of aggregated data from a number of sources, but as neither Hunt nor other information security professionals have been able to identify any of them despite attempts lasting almost three months, it appears the details of the privacy breach may remain a mystery. Hunt says there's almost 90GB of personal information in the open database.

"Back in Feb, Dehashed reached out to me with a massive trove of data that had been left exposed on a major cloud provider via a publicly accessible Elasticsearch instance. It contained 103,150,616 rows in total," writes Hunt. "The global unique identifier beginning with 'db8151dd' features heavily on these first lines hence the name I've given the breach. I've had to give it this name because frankly, I've absolutely no idea where it came from, nor does anyone else I've worked on with this."

White supremacists have reportedly built a website that names, shames, and effectively promotes violence against interracial couples and families -- "and it's been circulated in some of the darkest corners of the internet, including in neo-Nazi Discord servers and accelerationist Telegram channels," reports VICE News. An anonymous reader shares the report: The website was created in April but was taken offline after their initial hosting provider cut ties with them. They then found a home with one of Russia's largest domain registrars, R01. VICE News contacted R01 on Tuesday to ask whether the site violated their policies. An hour later, the site was taken offline, but as of Wednesday morning it was back up. Tatiana Agafonova, a spokesperson for R01, wrote in an email that the company would "diligently render its services to customers" unless a court rules otherwise or they're contacted by law enforcement. The owner of the website shields their identity and location through Cloudflare, a U.S.-based security company that protects customers from DDoS attacks (attempts to crash a website by overwhelming it with data). VICE News contacted Cloudflare to ask how this particular website squared with their policies. They declined to comment on individual websites but directed us to their blog from February 2019, where they "address complaints about content." Their bottom line was that Cloudflare is a security company, and content moderation isn't really their responsibility.

[O]ther online extremists have gotten very good at evading tech crackdowns by employing an ever-evolving shared language of memes and euphemisms used to signpost for the same racist views. The website in question uses the same strategy, which seems to be carefully crafted in an effort to shield the owner from liability. The owner even explicitly states on the site that they do not encourage violence -- all they're doing is listing names and social media accounts as part of a database of "white women who have an interest in black men." One section is titled "toll paid," and it lists women who have been in interracial relationships, and had something horrible happen to them, like death or injury. [...]

The owner of the website claims that the "toll paid" section is intended to catalog incidents where white women are victims of black violence, and isn't an incitement. But "all the disclaimers in the world" may not be enough to protect them from a lawsuit some day, especially if someone is harassed or harmed as a result, says Subodh Chandra, a former federal prosecutor who has handled high-profile civil rights cases, including a recent case against the Daily Stormer.

CAM4, a popular adult platform that advertises "free live sex cams," misconfigured an ElasticSearch production database so that it was easy to find and view heaps of personally identifiable information, as well as corporate details like fraud and spam detection logs. According to Wired, the database exposed 7 terabytes of names, sexual orientations, payment logs, and email and chat transcripts -- 10.88 billions records in all. From the report: First of all, very important distinction here: There's no evidence that CAM4 was hacked, or that the database was accessed by malicious actors. That doesn't mean it wasn't, but this is not an Ashley Madison-style meltdown. It's the difference between leaving the bank vault door wide open (bad) and robbers actually stealing the money (much worse). [...] The list of data that CAM4 leaked is alarmingly comprehensive. The production logs Safety Detectives found date back to March 16 of this year; in addition to the categories of information mentioned above, they also included country of origin, sign-up dates, device information, language preferences, user names, hashed passwords, and email correspondence between users and the company.

Out of the 10.88 billion records the researchers found, 11 million contained email addresses, while another 26,392,701 had password hashes for both CAM4 users and website systems. A few hundred of the entries included full names, credit card types, and payment amounts. Who's Affected? It's hard to say exactly, but the Safety Detectives analysis suggests that roughly 6.6 million US users of CAM4 were part of the leak, along with 5.4 million in Brazil, 4.9 million in Italy, and 4.2 million in France. It's unclear to what extent the leak impacted both performers and customers. The report says CAM4's parent company, Granity Entertainment, took the server offline within a half hour of being contacted by the researchers.

Three female employees at Oracle scored a major victory in court, gaining the right to represent thousands of others in a gender-discrimination lawsuit over pay, a legal milestone that has eluded women at other tech titans. From a report: A California state judge certified the class action Thursday, allowing the lawsuit to advance on behalf of more than 4,000 women who claim the database giant pays men more for doing the same job. "Whether the jobs at issue in this case are substantially equal or similar is a question of fact for a jury," California Superior Court Judge V. Raymond Swope in Redwood City said in the 25-page ruling, rejecting Oracle's claim that each is an individual case because people in the same job code don't perform substantially similar work. The ruling gives the women critical leverage in pursuing the case under the state's Equal Pay Act.

The British Museum has revamped its online collections database, making over 1.9 million photos of its collection available for free online under a Creative Commons license. ianVisits reports: Under the new agreement the majority of the 1.9 million images are being made available for anyone to use for free under a Creative Commons 4.0 license. Users no longer need to register to use these photographs, and can now download them directly from the British Museum. Under the terms of the Creative Commons license, you are free to share and adapt the images for non-commercial use, but must include a credit to the British Museum. The relaunch also sees 280,000 new object photographs and 85,000 new object records published for the very first time, many of them acquisitions the Museum has made in recent years, including 73 portraits by Damian Hirst, a previously lost watercolour by Rossetti, and a stunning 3,000-year-old Bronze age pendant. You can view the whole online collection here.

An anonymous reader quotes a report from The Verge: On Friday, Apple and Google revised their ambitious automatic contact-tracing proposal, just two weeks after the system was first announced. An Apple representative said the changes were the result of feedback both companies had received about the specifications and how they might be improved. The companies also released a "Frequently Asked Questions" page, which rehashes much of the information already made public. On a call accompanying the announcement, representatives from each company pledged for the first time to disable the service after the outbreak had been sufficiently contained. Such a decision would have to be made on a region-by-region basis, and it's unclear how public health authorities would reach such a determination. However, the engineers stated definitively that the APIs were not intended to be maintained indefinitely.

Under the new encryption specification, daily tracing keys will now be randomly generated rather than mathematically derived from a user's private key. Crucially, the daily tracing key is shared with the central database if a user decides to report their positive diagnosis. As part of the change, the daily key is now referred to as the "temporary tracing key," and the long-term tracing key included in the original specification is no longer present. The new encryption specification also establishes specific protections around the metadata associated with the system's Bluetooth transmissions. Along with the random codes, devices will also broadcast their base power level (used in calculating proximity) and which version of the tool they are running. The companies are also changing the language they use to describe the project. The protocols were initially announced as a contact-tracing system, it is now referred to as an "exposure notification" system. The companies say the name change reflects that the new system should be "in service of broader contact tracing efforts by public health authorities."