×
Transportation

Boeing Accused of Retaliating Against Two Engineers in 2022 (reuters.com) 51

Reuters reports that America's Federal Aviation Administration "is investigating a union's claims that Boeing retaliated against two employees who in 2022 insisted the planemaker re-evaluate prior engineering work on 777 and 787 jets."

The employees' union "said the two unidentified engineers were representatives of the FAA, which delegates some of its oversight authority and certification process to Boeing workers." The FAA noted on Tuesday that in 2022 it boosted oversight of planemakers by protecting aviation industry employees who perform agency functions from interference by their employers. A December 2021 Senate report found "FAA's certification process suffers from undue pressure on line engineers and production staff."

"Boeing can tell Congress and the media all it wants about how retaliation is strictly prohibited," said SPEEA Director of Strategic Development Rich Plunkett. "But our union is fighting retaliation cases on a regular basis, and, in this specific case, Boeing is trying to hide information that would shed light on what happened...."

Last week, Boeing quality engineer whistleblower Sam Salehpour, who raised questions about Boeing widebody jets, told senators he was told to "shut up" when he flagged safety concerns. He has said he was removed from the 787 program and transferred to the 777 jet due to his questions.

Boeing has "zero tolerance for retaliation," according a statement quoted by Reuters, in which the company says they "encourage our employees to speak up when they see an issue. After an extensive review of documentation and interviewing more than a dozen witnesses, our investigators found no evidence of retaliation or interference. We have determined the allegations are unsubstantiated."

The union's version of the story? "After nearly six months of debate, the two engineers, with backing from the FAA, prevailed. Boeing re-did the required analysis." The two engineers were still Boeing employees, however, and Boeing management was not pleased. When they came up for their next performance reviews, the two engineers received identical negative evaluations... Even after the manager of the two engineers admitted that he had rated them both poorly at the request of the 777 and 787 managers who had been forced to resubmit their work, Boeing refused to change the engineers' performance evaluations.

At this point, one of the engineers left in disgust; the other filed a formal "Speak Up" complaint with Boeing.

Businesses

$5.6 Million in Refunds Sent to Ring Customers, Settling Unauthorized Access and Privacy Violations (apnews.com) 10

America's Federal Trade Commission "is sending more than $5.6 million in refunds to consumers," reports the Associated Press, "as part of a settlement with Amazon-owned Ring, which was charged with failing to protect private video footage from outside access." In a 2023 complaint, the FTC accused the doorbell camera and home security provider of allowing its employees and contractors to access customers' private videos. Ring allegedly used such footage to train algorithms without consent, among other purposes. Ring was also charged with failing to implement key security protections, which enabled hackers to take control of customers' accounts, cameras and videos. This led to "egregious violations of users' privacy," the FTC noted.

The resulting settlement required Ring to delete content that was found to be unlawfully obtained, establish stronger security protections and pay a hefty fine. The FTC says that it's now using much of that money to refund eligible Ring customers.

According to their announcement Tuesday, the FTC is now sending 117,044 PayPal payments to affected consumers...
AI

EyeEm Will License Users' Photos To Train AI If They Don't Delete Them 27

Sarah Perez reports via TechCrunch: EyeEm, the Berlin-based photo-sharing community that exited last year to Spanish company Freepik after going bankrupt, is now licensing its users' photos to train AI models. Earlier this month, the company informed users via email that it was adding a new clause to its Terms & Conditions that would grant it the rights to upload users' content to "train, develop, and improve software, algorithms, and machine-learning models." Users were given 30 days to opt out by removing all their content from EyeEm's platform. Otherwise, they were consenting to this use case for their work.

At the time of its 2023 acquisition, EyeEm's photo library included 160 million images and nearly 150,000 users. The company said it would merge its community with Freepik's over time. Despite its decline, almost 30,000 people are still downloading it each month, according to data from Appfigures. Once thought of as a possible challenger to Instagram -- or at least "Europe's Instagram" -- EyeEm had dwindled to a staff of three before selling to Freepik, TechCrunch's Ingrid Lunden previously reported. Joaquin Cuenca Abela, CEO of Freepik, hinted at the company's possible plans for EyeEm, saying it would explore how to bring more AI into the equation for creators on the platform. As it turns out, that meant selling their work to train AI models. [...]

Of note, the notice says that these deletions from EyeEm market and partner platforms could take up to 180 days. Yes, that's right: Requested deletions take up to 180 days but users only have 30 days to opt out. That means the only option is manually deleting photos one by one. Worse still, the company adds that: "You hereby acknowledge and agree that your authorization for EyeEm to market and license your Content according to sections 8 and 10 will remain valid until the Content is deleted from EyeEm and all partner platforms within the time frame indicated above. All license agreements entered into before complete deletion and the rights of use granted thereby remain unaffected by the request for deletion or the deletion." Section 8 is where licensing rights to train AI are detailed. In Section 10, EyeEm informs users they will forgo their right to any payouts for their work if they delete their account -- something users may think to do to avoid having their data fed to AI models. Gotcha!
Privacy

Ring Customers Get $5.6 Million In Refunds In Privacy Settlement (apnews.com) 9

The FTC is issuing more than $5.6 million in refunds to Ring customers as part of a privacy settlement. The Associated Press reports: In a 2023 complaint, the FTC accused the doorbell camera and home security provider of allowing its employees and contractors to access customers' private videos. Ring allegedly used such footage to train algorithms without consent, among other purposes. Ring was also charged with failing to implement key security protections, which enabled hackers to take control of customers' accounts, cameras and videos. This led to "egregious violations of users' privacy," the FTC noted.

The resulting settlement required Ring to delete content that was found to be unlawfully obtained, establish stronger security protections and pay a hefty fine. The FTC says that it's now using much of that money to refund eligible Ring customers. According to a Tuesday notice, the FTC is sending 117,044 PayPal payments to impacted consumers who had certain types of Ring devices -- including indoor cameras -- during the timeframes that the regulators allege unauthorized access took place. Eligible customers will need to redeem these payments within 30 days, according to the FTC -- which added that consumers can contact this case's refund administrator, Rust Consulting, or visit the FTC's FAQ page on refunds for more information about the process.

The Internet

Court Upholds New York Law That Says ISPs Must Offer $15 Broadband (arstechnica.com) 47

The U.S. Court of Appeals for the 2nd Circuit overturned a prior district court decision, lifting the injunction that blocked New York's law mandating that ISPs offer $15 broadband plans to low-income families. Ars Technica reports: The ruling (PDF) is a loss for six trade groups that represent ISPs, although it isn't clear right now whether the law will be enforced. For consumers who qualify for means-tested government benefits, the state law requires ISPs to offer "broadband at no more than $15 per month for service of 25Mbps, or $20 per month for high-speed service of 200Mbps," the ruling noted. The law allows for price increases every few years and makes exemptions available to ISPs with fewer than 20,000 customers.

"First, the ABA is not field-preempted by the Communications Act of 1934 (as amended by the Telecommunications Act of 1996), because the Act does not establish a framework of rate regulation that is sufficiently comprehensive to imply that Congress intended to exclude the states from entering the field," a panel of appeals court judges stated in a 2-1 opinion. Trade groups claimed the state law is preempted by former Federal Communications Commission Chairman Ajit Pai's repeal of net neutrality rules. Pai's repeal placed ISPs under the more forgiving Title I regulatory framework instead of the common-carrier framework in Title II of the Communications Act.

2nd Circuit judges did not find this argument convincing: "Second, the ABA is not conflict-preempted by the Federal Communications Commission's 2018 order classifying broadband as an information service. That order stripped the agency of its authority to regulate the rates charged for broadband Internet, and a federal agency cannot exclude states from regulating in an area where the agency itself lacks regulatory authority. Accordingly, we REVERSE the judgment of the district court and VACATE the permanent injunction."

The Almighty Buck

IRS Free Tax Filing Pilot Saved Consumers $5.6 Million In Prep Fees (cnbc.com) 37

The free tax filing pilot from the IRS that rolled out in 12 states last month saved filers an estimated $5.6 million in tax preparation fees for federal returns, said IRS Commissioner Danny Werfel. CNBC reports: This season, more than 140,000 taxpayers successfully filed returns using IRS Direct File, a free tax filing pilot from the IRS, according to the U.S. Department of the Treasury and the IRS. Direct File surveyed more than 15,000 users, around 90% of whom rated their experience as "excellent," the agencies reported.

"We have not made a decision about the future of Direct File," Werfel said, noting the agency still needs to analyze data and get feedback from a "wide variety of stakeholders." The IRS plans to release a more detailed report about the Direct File pilot "in the coming days," he added. If Direct File were expanded for the next season, the program could add additional states and tax situations, according to a senior IRS official. The agency expects to decide the future of Direct File later this spring, Werfel said.

Android

Android TVs Can Expose User Email Inboxes (404media.co) 29

Some Android-powered TVs can expose the contents of users' email inboxes if an attacker has physical access to the TV. Google initially told the office of Senator Ron Wyden that the issue, which is a quirk of how software is installed on these TVs, was expected behavior, but after being contacted by 404 Media, Google now says it is addressing the issue. From the report: The attack is an edge case but one that still highlights how the use of Google accounts, even on products that aren't necessarily designed for browsing user data, can expose information in unusual ways, including TVs in businesses or ones that have been resold or given away.

"My office is mid-way through a review of the privacy practices of streaming TV technology providers. As part of that inquiry, my staff discovered an alarming video in which a YouTuber demonstrated how with 15 minutes of unsupervised access to an Android TV set top box, a criminal could get access to private emails of the Gmail user who set up the TV," Senator Ron Wyden told 404 Media in a statement.

AI

US Teacher Charged With Using AI To Frame Principal With Hate Speech Clip 124

Thomas Claburn reports via The Register: Baltimore police have arrested Dazhon Leslie Darien, the former athletic director of Pikesville High School (PHS), for allegedly impersonating the school's principal using AI software to make it seem as if he made racist and antisemitic remarks. Darien, of Baltimore, Maryland, was subsequently charged with witness retaliation, stalking, theft, and disrupting school operations. He was detained late at night trying to board a flight at BWI Thurgood Marshall Airport. Security personnel stopped him because the declared firearm he had with him was improperly packed and an ensuing background check revealed an open warrant for his arrest.

"On January 17, 2024, the Baltimore County Police Department became aware of a voice recording being circulated on social media," said Robert McCullough, Chief of Baltimore County Police, at a streamed press conference today. "It was alleged the voice captured on the audio file belong to Mr Eric Eiswert, the Principal at the Pikesville High School. We now have conclusive evidence that the recording was not authentic. "The Baltimore County Police Department reached that determination after conducting an extensive investigation, which included bringing in a forensic analyst contracted with the FBI to review the recording. The results of the analysis indicated the recording contained traces of AI-generated content." McCullough said a second opinion from a forensic analyst at the University of California, Berkeley, also determined the recording was not authentic. "Based off of those findings and further investigation, it's been determined the recording was generated through the use of artificial intelligence technology," he said.

According to the warrant issued for Darien's arrest, the audio file was shared through social media on January 17 after being sent via email to school teachers. The recording sounded as if Principal Eric Eiswert had made remarks inflammatory enough to prompt a police visit to advise on protective security measures for staff. [...] The clip, according to the warrant, led to the temporary removal of Eiswert from his position and "a wave of hate-filled messages on social media and numerous calls to the school," and significantly disrupted school operations. Police say it led to threats against Eiswert and concerns about his safety. Eiswert told investigators that he believes the audio clip was fake as "he never had the conversations in the recording." And he said he believed Darien was responsible due to his technical familiarity with AI and had a possible motive: Eiswert said there "had been conversations with Darien about his contract not being renewed next semester due to frequent work performance challenges."
"It is clear that we are also entering a new deeply concerning frontier as we continue to embrace emerging technology and its potential for innovation and social good," said John Olszewski, Baltimore County Executive, during a press conference. "We must also remain vigilant against those who would have used it for malicious intent. That will require us to be more aware and more discerning about the audio we hear and the images we see. We will need to be careful in our judgment."
The Internet

FCC Votes To Restore Net Neutrality Rules (nytimes.com) 54

An anonymous reader quotes a report from the New York Times: The Federal Communications Commission voted on Thursday to restore regulations that expand government oversight of broadband providersand aim to protect consumer access to the internet, a move that will reignite a long-running battle over the open internet. Known as net neutrality, the regulations were first put in place nearly a decade ago under the Obama administration and are aimed at preventing internet service providers like Verizon or Comcast from blocking or degrading the delivery of services from competitors like Netflix and YouTube. The rules were repealed under President Donald J. Trump, and have proved to be a contentious partisan issue over the years while pitting tech giants against broadband providers.

In a 3-to-2 vote along party lines, the five-member commission appointed by President Biden revived the rules that declare broadband a utility-like service regulated like phones and water. The rules also give the F.C.C. the ability to demand broadband providers report and respond to outages, as well as expand the agency's oversight of the providers' security issues. Broadband providers are expected to sue to try to overturn the reinstated rules.

The core purpose of the regulations is to prevent internet service providers from controlling the quality of consumers' experience when they visit websites and use services online. When the rules were established, Google, Netflix and other online services warned that broadband providers had the incentive to slow down or block access to their services. Consumer and free speech groups supported this view. There have been few examples of blocking or slowing of sites, which proponents of net neutrality say is largely because of fear that the companies would invite scrutiny if they did so. And opponents say the rules could lead to more and unnecessary government oversight of the industry.

Communications

Net Neutrality is About To Make a Comeback (theverge.com) 38

The Federal Communications Commission is set to vote to restore net neutrality on Thursday in the latest volley of a yearslong game of political ping-pong. From a report: The commission is expected to reclassify internet service providers (ISPs) -- e.g., broadband companies like AT&T and Comcast -- as common carriers under Title II of the Communications Act. That classification would open ISPs up to greater oversight by the FCC. The vote is widely expected to go in favor of reinstating net neutrality since FCC Chair Jessica Rosenworcel, a Democrat, controls the agency's agenda. Rosenworcel moved forward with the measure after a fifth commissioner was sworn in, restoring a Democratic majority on the panel. Net neutrality proponents say that oversight can help ensure fair access to an open internet by upholding principles like no blocking or throttling of internet traffic. Opponents, including industry players, fear it could halt innovation and subject ISPs to onerous price regulations. Update FCC Votes To Restore Net Neutrality.
The Almighty Buck

Airlines Required To Refund Passengers For Canceled, Delayed Flights (go.com) 77

Department of Transportation Secretary Pete Buttigieg announced new rules for the airline industry that will require airlines to automatically give cash refunds to passengers for canceled and significantly delayed flights. They will also require airlines to give cash refunds if your bags are lost and not delivered within 12 hours.

"This is a big day for America's flying public," said Buttigieg at a Wednesday morning news conference. According to Buttigieg, the new rules are the biggest expansion of passenger rights in the department's history. ABC News reports: Airlines can no longer decide how long a delay must be before a refund is issued. Under the new DOT rules, the delays covered would be more than three hours for domestic flights and more than six hours for international flights, the agency said. This includes tickets purchased directly from airlines, travel agents and third-party sites such as Expedia and Travelocity.

The refunds must be issued within seven days, according to the new DOT rules, and must be in cash unless the passenger chooses another form of compensation. Airlines can no longer issue refunds in forms of vouchers or credits when consumers are entitled to receive cash. Airlines will have six months to comply with the new rules.

The DOT said it is also working on rules related to family seating fees, enhancing rights for wheelchair-traveling passengers for safe and dignified travel and mandating compensation and amenities if flights are delayed or canceled by airlines. Buttigieg said the DOT is also protecting airline passengers from being surprised by hidden fees -- a move he estimates will have Americans billions of dollars every year. The DOT rules include that passengers will receive refunds for extra services paid for and not provided, such as Wi-Fi, seat selection or inflight entertainment.

Encryption

Almost Every Chinese Keyboard App Has a Security Flaw That Reveals What Users Type (technologyreview.com) 78

An anonymous reader quotes a report from MIT Technology Review: Almost all keyboard apps used by Chinese people around the world share a security loophole that makes it possible to spy on what users are typing. The vulnerability, which allows the keystroke data that these apps send to the cloud to be intercepted, has existed for years and could have been exploited by cybercriminals and state surveillance groups, according to researchers at the Citizen Lab, a technology and security research lab affiliated with the University of Toronto.

These apps help users type Chinese characters more efficiently and are ubiquitous on devices used by Chinese people. The four most popular apps -- built by major internet companies like Baidu, Tencent, and iFlytek -- basically account for all the typing methods that Chinese people use. Researchers also looked into the keyboard apps that come preinstalled on Android phones sold in China. What they discovered was shocking. Almost every third-party app and every Android phone with preinstalled keyboards failed to protect users by properly encrypting the content they typed. A smartphone made by Huawei was the only device where no such security vulnerability was found.

In August 2023, the same researchers found that Sogou, one of the most popular keyboard apps, did not use Transport Layer Security (TLS) when transmitting keystroke data to its cloud server for better typing predictions. Without TLS, a widely adopted international cryptographic protocol that protects users from a known encryption loophole, keystrokes can be collected and then decrypted by third parties. Even though Sogou fixed the issue after it was made public last year, some Sogou keyboards preinstalled on phones are not updated to the latest version, so they are still subject to eavesdropping. [...] After the researchers got in contact with companies that developed these keyboard apps, the majority of the loopholes were fixed. But a few companies have been unresponsive, and the vulnerability still exists in some apps and phones, including QQ Pinyin and Baidu, as well as in any keyboard app that hasn't been updated to the latest version.

AI

Ex-Amazon Exec Claims She Was Asked To Ignore Copyright Law in Race To AI (theregister.com) 29

A lawsuit is alleging Amazon was so desperate to keep up with the competition in generative AI it was willing to breach its own copyright rules. From a report: The allegation emerges from a complaint accusing the tech and retail mega-corp of demoting, and then dismissing, a former high-flying AI scientist after it discovered she was pregnant. The lawsuit was filed last week in a Los Angeles state court by Dr Viviane Ghaderi, an AI researcher who says she worked successfully in Amazon's Alexa and LLM teams, and achieved a string of promotions, but claims she was later suddenly demoted and fired following her return to work after giving birth. She is alleging discrimination, retaliation, harassment and wrongful termination, among other claims.
Privacy

How GM Tricked Millions of Drivers Into Being Spied On (nytimes.com) 58

General Motors (GM) has been selling data about the driving behavior of millions of people to insurance companies, leading to higher premiums for some drivers, according to a recent investigation. The affected drivers were not informed about the tracking, which was carried out through GM's OnStar connected services plan and the Smart Driver program. The New York Times reporter who broke the story discovered that her own driving data had been shared with data brokers working with the insurance industry, despite not being enrolled in the program. GM has since discontinued the Smart Driver product and stopped sharing data with LexisNexis and Verisk, following customer feedback and federal lawsuits filed by drivers across the country.
Facebook

Meta Opens Quest OS To Third Parties, Including ASUS and Lenovo (engadget.com) 27

In a huge move for the mixed reality industry, Meta announced today that it's opening the Quest's operating system to third-party companies, allowing them to build headsets of their own. From a report: Think of it like moving the Quest's ecosystem from an Apple model, where one company builds both the hardware and software, to more of a hardware free-for-all like Android. The Quest OS is being rebranded to "Meta Horizon OS," and at this point it seems to have found two early adopters. ASUS's Republic of Gamers (ROG) brand is working on a new "performance gaming" headsets, while Lenovo is working on devices for "productivity, learning and entertainment." (Don't forget, Lenovo also built the poorly-received Oculus Rift S.)

As part of the news, Meta says it's also working on a limited-edition Xbox "inspired" Quest headset. (Microsoft and Meta also worked together recently to bring Xbox cloud gaming to the Quest.) Meta is also calling on Google to bring over the Google Play 2D app store to Meta Horizon OS. And, in an effort to bring more content to the Horizon ecosystem, software developed through the Quest App Lab will be featured in the Horizon Store. The company is also developing a new spatial framework to let mobile developers created mixed reality apps.

Microsoft

Ex-White House Cyber Policy Director: Microsoft is a National Security Risk (theregister.com) 124

This week the Register spoke to former senior White House cyber policy director A.J. Grotto — who complained it was hard to get even slight concessions from Microsoft: "If you go back to the SolarWinds episode from a few years ago ... [Microsoft] was essentially up-selling logging capability to federal agencies" instead of making it the default, Grotto said. "As a result, it was really hard for agencies to identify their exposure to the SolarWinds breach." Grotto told us Microsoft had to be "dragged kicking and screaming" to provide logging capabilities to the government by default. [In the interview he calls it "an epic fight" which lasted 18 months."] [G]iven the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best.

That illustrates, Grotto said, that "they [Microsoft] just have a ton of leverage, and they're not afraid to use it." Add to that concerns over an Exchange Online intrusion by Chinese snoops, and another Microsoft security breach by Russian cyber operatives, both of which allowed spies to gain access to US government emails, and Grotto says it's fair to classify Microsoft and its products as a national security concern.

He estimates that Microsoft makes 85% of U.S. government productivity software — and has an even greater share of their operating systems. "Microsoft in many ways has the government locked in, he says in the interview, "and so it's able to transfer a lot of these costs associated with the security breaches over to the federal government."

And about five minutes in, he says, point-blank, that "It's perfectly fair" to consider Microsoft a national security threat, given its dominance "not just within the federal government, but really in sort of the boarder IT marketplace. I think it's fair to say, yeah, that a systemic compromise that affects Microsoft and its products do rise to the level of a national security risk."

He'd like to see the government encourage more competition — to the point where public scrutiny prompts software customers to change their behavior, and creates a true market incentive for better performance...
Crime

Lying to Investors? Co-Founder of Startup 'HeadSpin' Gets 18-Month Prison Sentence for Fraud (sfgate.com) 28

The co-founder of Silicon Valley-based software testing startup HeadSpin was sentenced Friday to 18 months in prison and a $1 million fine, reports SFGate — for defrauding investors. Lachwani pleaded guilty to two counts of wire fraud and a count of securities fraud in April 2023, after federal prosecutors accused him of, for years, lying to investors about HeadSpin's finances to raise more money. HeadSpin, founded in 2015, grew to a $1.1 billion valuation by 2020 with over $115 million in funding from investors including Google Ventures and Iconiq Capital... He had personally altered invoices, lied to the company accountant and sent slide decks with fraudulent information to investors, [according to the government's 2021 criminal complaint]...

Breyer, per the New York Times, rejected Lachwani's lawyer's argument that because HeadSpin investors didn't end up losing money, he should receive a light sentence. The judge, who often oversees tech industry cases, reportedly said: "If you win, there are no serious consequences — that simply can't be the law." Still, the sentencing was far lighter than it could have been. The government's prosecuting attorneys had asked for a five-year prison term.

The New York Times reported in December that HeadSpin's financial statements had "often arrived months late, if at all, investors said in legal declarations," while the company's financial department "consisted of one external accountant who worked mostly from home using QuickBooks." And the comnpany also had no human resources department or organizational chart... After Manish Lachwani founded the Silicon Valley software start-up HeadSpin in 2015, he inflated the company's revenue numbers by nearly fourfold and falsely claimed that firms including Apple and American Express were customers. He showed a profit where there were losses. He used HeadSpin's cash to make risky trades on tech stocks. And he created fake invoices to cover it all up.

What was especially breathtaking was how easily Mr. Lachwani, now 48, pulled all that off... [HeadSpin] had no chief financial officer, had no human resources department and was never audited. Mr. Lachwani used that lack of oversight to paint a rosier picture of HeadSpin's growth. Even though its main investors knew the start-up's financials were not accurate, according to Mr. Lachwani's lawyers, they chose to invest anyway, eventually propelling HeadSpin to a $1.1 billion valuation in 2020. When the investors pushed Mr. Lachwani to add a chief financial officer and share more details about the company's finances, he simply brushed them off. These details emerged this month in filings in U.S. District Court for the Northern District of California after Mr. Lachwani had pleaded guilty to three counts of fraud in April...

The absence of controls at HeadSpin is part of an increasingly noticeable pattern at Silicon Valley start-ups that have run into trouble. Over the past decade, investors in tech start-ups were so eager to back hot companies that many often overlooked reckless behavior and gave up key controls like board seats, all in the service of fast growth and disruption. Then when founders took the ethos of "fake it till you make it" too far, their investors were often unaware or helpless...

Now, amid a start-up shakeout, more frauds have started coming to light. The founder of the college aid company Frank has been charged, the internet connectivity start-up Cloudbrink has been sued, and the social media app IRL has been investigated and sued. Last month, Mike Rothenberg, a Silicon Valley investor, was found guilty on 21 counts of fraud and money laundering. On Monday, Trevor Milton, founder of the electric vehicle company Nikola, was sentenced to four years in prison for lying about Nikola's technological capabilities.

The Times points out that similarly, FTX only had a three-person board "with barely any influence over the company, tracked its finances on QuickBooks and used a small, little-known accounting firm." And that Theranos had no financial audits for six years.
EU

EU: Meta Cannot Rely On 'Pay Or Okay' (europa.eu) 110

The EU's European Data Protection Board oversees its privacy-protecting GDPR policies.

Earlier this week, TechCrunch reported that nearly two dozen civil society groups and nonprofits wrote the Board an open letter "urging it not to endorse a strategy used by Meta that they say is intended to bypass the EU's privacy protections for commercial gain."

Meta's strategy is sometimes called "Pay or Okay," writes long-time Slashdot reader AmiMoJo : Meta offers users a choice: "consent" to tracking, or pay over €250/year to use its sites without invasive monetization of personal data.
Meta prefers the phrase "subsccription for no ads," and told TechCrunch it makes them compliant with EU laws: A raft of complaints have been filed against Meta's implementation of the pay-or-consent tactic since it launched the "no ads" subscription offer last fall. Additionally, in a notable step last month, the European Union opened a formal investigation into Meta's tactic, seeking to find whether it breaches obligations that apply to Facebook and Instagram under the competition-focused Digital Markets Act. That probe remains ongoing.
The letter to the Board called for "robust protections that prioritize data subjects' agency and control over their information." And Wednesday the board issued its first decision:

"[I]n most cases, it will not be possible for [social media services] to comply with the requirements for valid consent, if they confront users only with a choice between consenting to processing of personal data for behavioural advertising purposes and paying a fee." The EDPB considers that offering only a paid alternative to services which involve the processing of personal data for behavioural advertising purposes should not be the default way forward for controllers. When developing alternatives, large online platforms should consider providing individuals with an 'equivalent alternative' that does not entail the payment of a fee. If controllers do opt to charge a fee for access to the 'equivalent alternative', they should give significant consideration to offering an additional alternative. This free alternative should be without behavioural advertising, e.g. with a form of advertising involving the processing of less or no personal data.
EDPB Chair, Anu Talus added: "Controllers should take care at all times to avoid transforming the fundamental right to data protection into a feature that individuals have to pay to enjoy."
United States

Insufficient Redundancy? Light-Pole Installation Cut Fiber Line, Triggered Three-State 911 Outage (apnews.com) 90

"Workers installing a light pole in Missouri cut into a fiber line," reports the Associated Press, knocking out 911 phone service "for emergency agencies in Nebraska, Nevada and South Dakota, an official with the company that operates the line said Thursday." In Kansas City, Missouri, workers installing a light pole for another company Wednesday cut into a Lumen Technologies fiber line, Lumen global issues director Mark Molzen said in an email to The Associated Press. Service was restored within 2 1/2 hours, he said. There were no reports of 911 outages in Kansas City...

The Dundy County Sheriff's Office in Nebraska warned in a social media post Wednesday night that 911 callers would receive a busy signal and urged people to instead call the administrative phone line. About three hours later, officials said mobile and landline 911 services had been restored. In Douglas County, home to Omaha and more than a quarter of Nebraska's residents, officials first learned there was a problem when calls from certain cellphone companies showed up in a system that maps calls but didn't go through over the phone. Operators started calling back anyone whose call didn't go through, and officials reached out to Lumen, which confirmed the outage. Service was restored by 4 a.m.

Kyle Kramer, the technical manager for Douglas County's 911 Center, said the outage highlights the potential problems of having so many calls go over the same network. "As things become more interconnected in our modern world, whether you're on a wireless device or a landline now, those are no longer going over the traditional old copper phone wires that may have different paths in different areas," Kramer said. "Large networks usually have some aggregation point, and those aggregation points can be a high risk."

Kramer said this incident and the two previous 911 outages he has seen in the past year in Omaha make him concerned that communications companies aren't building enough redundancy into their networks.

South Dakota officials called the state-wide outage "unprecedented," with their Department of Public Safety reporting the outage lasted two hours (though texting to 911 still worked in most locations — and of course, people could still call local emergency services using their non-emergency lines.) America's FCC has already begun an investigation.



The article notes that "The outages, ironically, occurred in the midst of National Public Safety Telecommunicators Week."

Thanks to long-time Slashdot reader davidwr for sharing the article.
United States

US Passes Bill Reauthorizing 'FISA' Surveillance for Two More Years (theverge.com) 45

Late Friday night the U.S. Senate "reauthorized the Foreign Intelligence Surveillance Act, a key. U.S. surveillance authority," reports Axios, "shortly after it expired in the early hours Saturday morning." The president then signed the bill into law. The reauthorization came despite bipartisan concerns about Section 702, which allows the government to collect communications from non-U.S. citizens overseas without a warrant. The legislation passed the Senate 60 to 34, with 17 Democrats, Sen. Bernie Sanders (I-Vt.) and 16 Republicans voting "nay." It extends the controversial Section 702 for two more years.
The bill had already passed last week in the U.S. House of Representatives, explains CNN: Under FISA's Section 702, the government hoovers up massive amounts of internet and cell phone data on foreign targets. Hundreds of thousands of Americans' information is incidentally collected during that process and then accessed each year without a warrant — down from millions of such queries the US government ran in past years. Critics refer to these queries as "backdoor" searches...

According to one assessment, it forms the basis of most of the intelligence the president views each morning and it has helped the U.S. keep tabs on Russia's intentions in Ukraine, identify foreign efforts to access US infrastructure, uncover foreign terror networks and thwart terror attacks in the U.S.

An interesting detail from The Verge: Sens. Ron Wyden (D-OR) and Josh Hawley (R-MO) introduced an amendment that would have struck language in the House bill that expanded the definition of "electronic communications service provider." Under the House's new provision, anyone "who has access to equipment that is being or may be used to transmit or store wire or electronic communications." The expansion, Wyden has claimed, would force "ordinary Americans and small businesses to conduct secret, warrantless spying." The Wyden-Hawley amendment failed 34-58, meaning that the next iteration of the FISA surveillance program will be more expansive than before.
Saturday morning the U.S. House of Representatives passed a bill banning TikTok if its Chinese owner doesn't sell the app.

Slashdot Top Deals