×
Privacy

Proton Acquires Standard Notes (zdnet.com) 10

Privacy startup Proton already offers an email app, a VPN tool, cloud storage, a password manager, and a calendar app. In April 2022, Proton acquired SimpleLogin, an open-source product that generates email aliases to protect inboxes from spam and phishing. Today, Proton acquired Standard Notes, advancing its already strong commitment to the open-source community. From a report: Standard Notes is an open-source note-taking app, available on both mobile and desktop platforms, with a user base of over 300,000. [...] Proton founder and CEO Andy Yen makes a point of stating that Standard Notes will remain open-source, will continue to undergo independent audits, will continue to develop new features and updates, and that prices for the app/service will not change. Standard Notes has three tiers: Free, which includes 100MB of storage, offline access, and unlimited device sync; Productivity for $90 per year, which includes features like markdown, spreadsheets with advanced formulas, Daily Notebooks, and two-factor authentication; and Professional for $120 per year, which includes 100GB of cloud storage, sharing for up to five accounts, no file limit size, and more.
The Courts

Cox Plans To Take Piracy Liability Battle To the Supreme Court (torrentfreak.com) 70

An anonymous reader quotes a report from TorrentFreak: Cox Communications doesn't believe that ISPs should be held liable for the activities of their pirating subscribers. After a disappointing verdict from a Virginia jury and an unsatisfactory outcome at the Court of Appeals, the internet provider now intends to escalate the matter to the Supreme Court. If the present verdict stands, innocent people risk losing their Internet access, the ISP notes. [...] That's notable, as it would be the first time that a "repeat infringer" case ends up at the highest court United States. Cox asked the court of appeals to also stay its mandate pending its Supreme Court application, as this could steer the legal battle in yet another direction.

According to Cox, the Supreme Court has substantial reasons to take on the case. For one, there are currently conflicting court of appeals rulings on the "material contribution" aspect of copyright infringement. The Supreme Court could give more clarity on when a service, with a myriad of lawful uses, can be held liable for infringers. In addition, Cox also cites the recent 'Twitter vs. Taamneh' Supreme Court ruling, which held that social media platforms aren't liable for terrorists who use their network. While that's not a copyright case, it's relevant for the secondary liability question, the ISP argues. "Though Twitter was not a copyright case, it confronted a directly analogous theory of secondary liability: that social-media platforms, including Twitter and YouTube, could be liable for continuing to provide services to those they knew were using them for illegal purposes," Cox writes.

Finally, Cox notes that the Supreme Court should hear the case because it deals with an issue that's 'exceptionally important' to ISPs as well as the public. If the present verdict stands, Internet providers may be much more likely to terminate Internet access, even if the subscriber is innocent. "This Court's material-contribution standard provides powerful incentives for ISPs of all stripes to swiftly terminate internet services that have been used to infringe -- no matter the universe of lawful uses to which those services are put, or the consequences to innocent, non-infringing people who also use those services. "That is why a chorus of amici urged this Court not to adopt this standard at the panel and en banc stages, and will likely urge the Supreme Court to grant review as well," Cox adds, referring to the support it received from third-parties previously.
"Cox hasn't filed a writ of certiorari yet and still has time, as it's due June 17, 2024," notes TorrentFreak. "The intention to go to the Supreme Court would be another reason to halt the new damages trial, according to Cox, but the court of appeals rejected the request."

"This means that the new damages trial can start, even if the case is still pending at the Supreme Court. However, it's clear that this legal battle is far from over yet."
United States

A Breakthrough Online Privacy Proposal Hits Congress (wired.com) 27

An anonymous reader quotes a report from Wired: Congress may be closer than ever to passing a comprehensive data privacy framework after key House and Senate committee leaders released a new proposal on Sunday. The bipartisan proposal, titled the American Privacy Rights Act, or APRA, would limit the types of consumer data that companies can collect, retain, and use, allowing solely what they'd need to operate their services. Users would also be allowed to opt out of targeted advertising, and have the ability to view, correct, delete, and download their data from online services. The proposal would also create a national registry of data brokers, and force those companies to allow users to opt out of having their data sold. [...] In an interview with The Spokesman Review on Sunday, [Cathy McMorris Rodgers, House Energy and Commerce Committee chair] claimed that the draft's language is stronger than any active laws, seemingly as an attempt to assuage the concerns of Democrats who have long fought attempts to preempt preexisting state-level protections. APRA does allow states to pass their own privacy laws related to civil rights and consumer protections, among other exceptions.

In the previous session of Congress, the leaders of the House Energy and Commerce Committees brokered a deal with Roger Wicker, the top Republican on the Senate Commerce Committee, on a bill that would preempt state laws with the exception of the California Consumer Privacy Act and the Biometric Information Privacy Act of Illinois. That measure, titled the American Data Privacy and Protection Act, also created a weaker private right of action than most Democrats were willing to support. Maria Cantwell, Senate Commerce Committee chair, refused to support the measure, instead circulating her own draft legislation. The ADPPA hasn't been reintroduced, but APRA was designed as a compromise. "I think we have threaded a very important needle here," Cantwell told The Spokesman Review. "We are preserving those standards that California and Illinois and Washington have."

APRA includes language from California's landmark privacy law allowing people to sue companies when they are harmed by a data breach. It also provides the Federal Trade Commission, state attorneys general, and private citizens the authority to sue companies when they violate the law. The categories of data that would be impacted by APRA include certain categories of "information that identifies or is linked or reasonably linkable to an individual or device," according to a Senate Commerce Committee summary of the legislation. Small businesses -- those with $40 million or less in annual revenue and limited data collection -- would be exempt under APRA, with enforcement focused on businesses with $250 million or more in yearly revenue. Governments and "entities working on behalf of governments" are excluded under the bill, as are the National Center for Missing and Exploited Children and, apart from certain cybersecurity provisions, "fraud-fighting" nonprofits. Frank Pallone, the top Democrat on the House Energy and Commerce Committee, called the draft "very strong" in a Sunday statement, but said he wanted to "strengthen" it with tighter child safety provisions.

Businesses

Insurers Are Spying on Your Home From the Sky (wsj.com) 104

Across the U.S., insurance companies are using aerial images of homes as a tool to ditch properties seen as higher risk [non-paywalled link]. From a report: Nearly every building in the country is being photographed, often without the owner's knowledge. Companies are deploying drones, manned airplanes and high-altitude balloons to take images of properties. No place is shielded: The industry-funded Geospatial Insurance Consortium has an airplane imagery program it says covers 99% of the U.S. population. The array of photos is being sorted by computer models to spy out underwriting no-nos, such as damaged roof shingles, yard debris, overhanging tree branches and undeclared swimming pools or trampolines. The red-flagged images are providing insurers with ammunition for nonrenewal notices nationwide.
Your Rights Online

Crypto Scam Criminal Trial Tests 'Code Is Law' Claim by Trader (bloomberg.com) 87

A jailed trader accused of stealing $110 million on the Mango Markets exchange faces a criminal trial this week that will test the reach of a US crackdown on cryptocurrencies. From a report: Prosecutors charged Avraham Eisenberg with manipulating Mango Markets futures contracts on Oct. 11, 2022, to boost the price of swaps by 1,300% in 20 minutes. He then "borrowed" from the exchange against the inflated value of those contracts, a move the government claims was a theft. Jury selection begins Monday in New York federal court, where groundbreaking crypto cases have played out. FTX co-founder Sam Bankman-Fried was sentenced there last month to 25 years in prison for orchestrating a multibillion-dollar scheme, while Terraform Labs Pte. and co-founder Do Kwon were found liable Friday for fraud in civil trial over the firm's 2022 collapse, which wiped out $40 billion in investor assets.

Eisenberg, a self-described "applied game theorist," claims his actions weren't theft at all. Rather, he says, he legally exploited a weakness in the decentralized finance application. The trial will apparently be the first time a US criminal jury will weigh what type of "DeFi" transactions are legal. In the crypto world, where digital blockchains govern who owns what, the virtual ecosystem is built around the notion that "code is law." It means that if something isn't explicitly forbidden by terms of a crypto platform, then government can't intercede. But prosecutors say those rules can't protect traders against possible criminal charges for market manipulation or fraud.

Security

NIST Blames 'Growing Backlog of Vulnerabilities' Requiring Analysis on Lack of Support (infosecurity-magazine.com) 22

It's the world's most widely used vulnerability database, reports SC Magazine, offering standards-based data on CVSS severity scores, impacted software and platforms, contributing weaknesses, and links to patches and additional resources.

But "there is a growing backlog of vulnerabilities" submitted to America's National Vulnerability Database and "requiring analysis", according to a new announcement from the U.S. Commerce Department's National Institute of Standards. "This is based on a variety of factors, including an increase in software and, therefore, vulnerabilities, as well as a change in interagency support." From SC Magazine: According to NIST's website, the institute analyzed only 199 of 3370 CVEs it received last month. [And this month another 677 came in — of which 24 have been analyzed.]

Other than a short notice advising it was working to establish a new consortium to improve the NVD, NIST had not provided a public explanation for the problems prior to a statement published [April 2]... "Currently, we are prioritizing analysis of the most significant vulnerabilities. In addition, we are working with our agency partners to bring on more support for analyzing vulnerabilities and have reassigned additional NIST staff to this task as well."

NIST, which had its budget cut by almost 12% this year by lawmakers, said it was committed to continuing to support and manage the NVD, which it described as "a key piece of the nation's cybersecurity infrastructure... We are also looking into longer-term solutions to this challenge, including the establishment of a consortium of industry, government and other stakeholder organizations that can collaborate on research to improve the NVD," the statement said. "We will provide more information as these plans develop..."

A group of cybersecurity professionals have signed an open letter to Congress and Commerce Secretary Gina Raimondo in which they say the enrichment issue is the result of a recent 20% cut in NVD funding.

The article also cites remarks from NVD program manager Tanya Brewer (reported by Infosecurity Magazine) from last week's VulnCon conference on plans to establish a NVD consortium. "We're not going to shut down the NVD; we're in the process of fixing the current problem. And then, we're going to make the NVD robust again and we'll make it grow."

Thanks to Slashdot reader spatwei for sharing the article.
United States

US Energy Department Announces 'Blueprint' for Slashing Emissions From Buildings and Reducing Energy Use (energy.gov) 76

This week America's Department of Energy announced "a comprehensive plan to reduce greenhouse-gas emissions from buildings by 65% by 2035 and 90% by 2050." The U.S. Department of Energy (DOE) led the Blueprint's development in collaboration with the Department of Housing and Urban Development, the Environmental Protection Agency, and other federal agencies. The Blueprint is the first sector-wide strategy for building decarbonization developed by the federal government... "America's building sector accounts for more than a third of the harmful emissions jeopardizing our air and health..." said U.S. Secretary of Energy Jennifer M. Granholm. "As part of a whole-of-government approach, the Department of Energy is outlining for the first time ever a comprehensive federal plan to reduce energy in our homes, schools, and workplaces — lowering utility bills and creating healthier communities while combating the climate crisis."

Buildings account for more than one third of domestic climate pollution and $370 billion in annual energy costs... The Blueprint projects reductions of 90% of total greenhouse gas emissions from the buildings sector, which will save consumers more than $100 billion in annual energy costs and avoid $17 billion in annual health costs.

Just for example, the Department of Energy's Affordable Home Energy Shot program "aims to reduce the upfront cost of upgrading a home by at least 50% and reduce energy bills by 20% within a decade." (Meanwhile, the federal government's role in making more change happen faster includes financing, funding R&D on lower-cost technologies, expanding markets, and "supporting the development and implementation of emissions-reducing building codes and appliance standards.")

Besides the national blueprint, the Department also announced an expansion of its Better Buildings Commercial Building Heat Pump Accelerator initiative. In this program, "manufacturers will produce higher efficiency and life cycle cost-effective heat pump rooftop units and commercial organizations will evaluate and adopt next-generation heat pump technology."

U.S. Secretary of Energy Jennifer M. Granholm said the program "builds on more than a decade of public-private partnerships to get cutting edge clean technologies from lab to market, helping to slash harmful carbon emissions throughout our economy." On average, between 20% and 30% of the nation's energy is wasted, presenting a significant opportunity to increase energy efficiency. Through the Better Buildings Initiative, DOE partners with public and private sector stakeholders to pursue ambitious portfolio-wide energy, waste, water, and/or emissions reduction goals and publicly share solutions. By improving building design, materials, equipment, and operations, energy efficiency gains can be achieved across broad segments of the nation's economy.

The Accelerator initiative was developed with commercial end users like Amazon, IKEA, and Target, and already includes manufacturers AAON, Carrier Global Corp., Lennox International, Rheem Manufacturing Co., Trane Technologies, and York International Corp. The Accelerator aims to bring more efficient, affordable next-generation heat pump rooftop units to market as soon as 2027 — which will slash both emissions and energy costs in half compared to natural gas-fueled heat pumps. If deployed at scale, they could save American businesses and commercial entities $5 billion on utility bills every year.

AI

In America, A Complex Patchwork of State AI Regulations Has Already Arrived (cio.com) 13

While the European Parliament passed a wide-ranging "AI Act" in March, "Leaders from Microsoft, Google, and OpenAI have all called for AI regulations in the U.S.," writes CIO magazine. Even the Chamber of Commerce, "often opposed to business regulation, has called on Congress to protect human rights and national security as AI use expands," according to the article, while the White House has released a blueprint for an AI bill of rights.

But even though the U.S. Congress hasn't passed AI legislation — 16 different U.S. states have, "and state legislatures have already introduced more than 400 AI bills across the U.S. this year, six times the number introduced in 2023." Many of the bills are targeted both at the developers of AI technologies and the organizations putting AI tools to use, says Goli Mahdavi, a lawyer with global law firm BCLP, which has established an AI working group. And with populous states such as California, New York, Texas, and Florida either passing or considering AI legislation, companies doing business across the US won't be able to avoid the regulations. Enterprises developing and using AI should be ready to answer questions about how their AI tools work, even when deploying automated tools as simple as spam filtering, Mahdavi says. "Those questions will come from consumers, and they will come from regulators," she adds. "There's obviously going to be heightened scrutiny here across the board."
There's sector-specific bills, and bills that demand transparency (of both development and output), according to the article. "The third category of AI bills covers broad AI bills, often focused on transparency, preventing bias, requiring impact assessment, providing for consumer opt-outs, and other issues."

One example the article notes is Senate Bill 1047, introduced in the California State Legislature in February, "would require safety testing of AI products before they're released, and would require AI developers to prevent others from creating derivative models of their products that are used to cause critical harms."

Adrienne Fischer, a lawyer with Basecamp Legal, a Denver law firm monitoring state AI bills, tells CIO that many of the bills promote best practices in privacy and data security, but said the fragmented regulatory environment "underscores the call for national standards or laws to provide a coherent framework for AI usage."

Thanks to Slashdot reader snydeq for sharing the article.
Privacy

Four Baseball Teams Now Let Ticket-Holders Enter Using AI-Powered 'Facial Authentication' (sfgate.com) 42

"The San Francisco Giants are one of four teams in Major League Baseball this season offering fans a free shortcut through the gates into the ballpark," writes SFGate.

"The cost? Signing up for the league's 'facial authentication' software through its ticketing app." The Giants are using MLB's new Go-Ahead Entry program, which intends to cut down on wait times for fans entering games. The pitch is simple: Take a selfie through the MLB Ballpark app (which already has your tickets on it), upload the selfie and, once you're approved, breeze through the ticketing lines and into the ballpark. Fans will barely have to slow down at the entrance gate on their way to their seats...

The Philadelphia Phillies were MLB's test team for the technology in 2023. They're joined by the Giants, Nationals and Astros in 2024...

[Major League Baseball] says it won't be saving or storing pictures of faces in a database — and it clearly would really like you to not call this technology facial recognition. "This is not the type of facial recognition that's scanning a crowd and specifically looking for certain kinds of people," Karri Zaremba, a senior vice president at MLB, told ESPN. "It's facial authentication. ... That's the only way in which it's being utilized."

Privacy advocates "have pointed out that the creep of facial recognition technology may be something to be wary of," the article acknowledges. But it adds that using the technology is still completely optional.

And they also spoke to the San Francisco Giants' senior vice president of ticket sales, who gushed about the possibility of app users "walking into the ballpark without taking your phone out, or all four of us taking our phones out."
United States

US Invests $20 Billion More to Finance Clean-Energy Projects (msn.com) 86

Thursday America's Environmental Protection Agency "awarded $20 billion to help finance clean-energy projects across the country," reports the Washington Post. The money comes from the Greenhouse Gas Reduction Fund established by President Biden's signature climate law, the Inflation Reduction Act. The fund seeks to leverage public and private dollars to invest in clean-energy technologies such as solar panels, heat pumps and more.

The program is potentially one of the most consequential — yet least understood — parts of the climate law...

Simply put, the program allows people to access low-interest loans for clean-energy projects that they might not otherwise have received. Imagine a community group that wants to install electric vehicle charging stations at its neighborhood recreation center but can't get a loan from a bank or a lender. As is often the case, potential lenders say they're hesitant to support a novel green technology or a business without a track record of success. Low-income and minority communities have long encountered such obstacles in trying to attract private capital. The program aims to overcome this problem by providing a huge influx of federal cash — $27 billion in total — for nonprofit organizations to dole out to clean-energy projects nationwide. Each nonprofit will serve as a "green bank" that offers more favorable lending rates than commercial banks. "It's just really hard to get banks to bring capital into low-income communities, especially for these new projects that they're not used to financing," said Adrian Deveny, the founder of the firm Climate Vision and the former director of energy and environmental policy for Senate Majority Leader Charles E. Schumer (D-N.Y.), a key architect of the Inflation Reduction Act....

The EPA is awarding money to eight nonprofits, which have committed to leverage nearly $7 in private capital for every $1 of federal investment. The nonprofits have also pledged to ensure that at least 70 percent of the funds will benefit disadvantaged communities, and that the financed projects will reduce up to 40 million metric tons of carbon dioxide a year — equivalent to the annual emissions of nearly 9 million gasoline-powered cars... [The nonprofit] Coalition for Green Capital, will use a $5 billion award to establish a "national green bank," co-founder and CEO Reed Hundt said. "We're going to be able to cause about $100 billion of total additional investment over a seven-year time period with that number, because we can leverage it," Hundt said.

United States

Is The US About To Pass a Landmark Online Privacy Bill? (msn.com) 35

Leaders from two key committees in the U.S. Congress "are nearing an agreement on a national framework aimed at protecting Americans' personal data online," reports the Washington Post.

They call the move "a significant milestone that could put lawmakers closer than ever to passing legislation that has eluded them for decades, according to a person familiar with the matter, who spoke on the condition of anonymity to discuss the talks." The tentative deal is expected to broker a compromise between congressional Democrats and Republicans by preempting state data protection laws and creating a mechanism to let individuals sue companies that violate their privacy, the person said. Rep. Cathy McMorris Rodgers (R-Wash.) and Sen. Maria Cantwell (D-Wash.), the chairs of the House Energy and Commerce Committee and the Senate Commerce Committee, respectively, are expected to announce the deal next week...

Lawmakers have tried to pass a comprehensive federal privacy law for more than two decades, but negotiations in both chambers have repeatedly broken down amid partisan disputes over the scope of the protections. Those divides have created a vacuum that states have increasingly looked to fill, with more than a dozen passing their own privacy laws... [T]heir expected deal would mark the first time the heads of the two powerful commerce committees, which oversee a broad swath of internet policy, have come to terms on a major consumer privacy bill...

The federal government already has laws safeguarding people's health and financial data, in addition to protections for children's personal data, but there's no overarching standard to regulate the vast majority of the collection, use and sale of data that companies engage in online.

Space

Biden Takes Aim At SpaceX's Tax-Free Ride In American Airspace (nytimes.com) 222

Whenever a rocket launch occurs, air traffic controllers ensure the safety of commercial flights by managing airspace closures and monitoring rocket debris, without receiving compensation from commercial space companies like SpaceX for these services. The Biden administration's budget proposal aims to change this by suggesting that for-profit space companies begin paying for their use of government air traffic control resources. The New York Times reports: Commercial space companies are exempt from aviation excise taxes that fill the coffers of the Airport and Airway Trust Fund, which pays for the F.A.A.'s work and will get roughly $18 billion in tax revenues for the current fiscal year. The taxes are paid primarily by commercial airlines, which are charged 7.5 percent of each ticket price and an additional fee of about $5 to $20 per passenger, depending on the destination of each flight. Mr. Biden's budget proposal vows to work with Congress to overhaul the tax structure and split the cost of operating the nation's air traffic control system. His promise is based in part on an independent safety review report commissioned by the F.A.A., which advises that the federal government update the excise taxes to charge commercial space companies.

Mr. Biden's call for revising the decades-old excise tax structure is part of his push to make richer Americans and wealthy corporations "pay their fair share." In his State of the Union speech last month, Mr. Biden also called for raising taxes on private and corporate jet users, including increasing the tax that they pay on jet fuel to $1.06 per gallon from 21.8 cents per gallon over five years. That tax on fuel currently makes up around 3 percent of the annual revenue of the trust fund, which depends heavily on what commercial airlines and its passengers pay. Yet commercial space companies do not contribute to that fund or share any of the cost that the public bears when rockets are launched, said William J. McGee, a former F.A.A.-licensed aircraft dispatcher and a senior fellow at the American Economic Liberties Project, a consumer advocacy group. "This is a question of fundamental fairness," Mr. McGee said. "It would be the equivalent of having a toll system on a highway and waving through certain users and not others."

Printer

Trudeau Pushes 3D-Printed Homes To Solve Canada Housing Crisis (dailyhive.com) 174

An anonymous reader quotes a report from the Daily Hive: It is now the third consecutive day a major housing funding announcement has been made by Prime Minister Justin Trudeau. Friday's announcement entails over $600 million in investments targeted to help lower the construction cost of homes and speed up building timelines, with a new focus on creating new building innovation technologies. This includes a new $50 million Homebuilding Technology and Innovation Fund, which the federal government aims to leverage an additional $150 million from the private sector and other levels of government. Another $50 million will be invested in ideas and technology such as prefabricated housing factories, mass timber production, panelization, 3D printing, and pre-approved home design catalogues -- specifically projects already funded.

As well, $11.6 million will go towards the federal government's previously announced Housing Design Catalogue to create a standardized home structure design for simplicity as well as construction and cost efficiencies. The vast majority of today's announced funding will go into the federal Apartment Construction Loan Program, which provides low-cost financing to support new rental housing projects using innovative construction techniques from prefabricated and modular housing manufacturers as well as other homebuilders.
Prime Minister Justin Trudeau said in a statement: "We're changing the way we build homes in Canada. In Budget 2024, we're supporting a new approach to construction, with a focus on innovation and technology. This will make it easier and more cost-effective to build more homes, faster. You should be able to live in the community you love, at a price you can afford."
Privacy

Academics Probe Apple's Privacy Settings and Get Lost and Confused (theregister.com) 24

Matthew Connatser reports via The Register: A study has concluded that Apple's privacy practices aren't particularly effective, because default apps on the iPhone and Mac have limited privacy settings and confusing configuration options. The research was conducted by Amel Bourdoucen and Janne Lindqvist of Aalto University in Finland. The pair noted that while many studies had examined privacy issues with third-party apps for Apple devices, very little literature investigates the issue in first-party apps -- like Safari and Siri. The aims of the study [PDF] were to investigate how much data Apple's own apps collect and where it's sent, and to see if users could figure out how to navigate the landscape of Apple's privacy settings.

The lengths to which Apple goes to secure its ecosystem -- as described in its Platform Security Guide [PDF] -- has earned it kudos from the information security world. Cupertino uses its hard-earned reputation as a selling point and as a bludgeon against Google. Bourdoucen and Janne Lindqvist don't dispute Apple's technical prowess, but argue that it is undermined by confusing user interfaces. "Our work shows that users may disable default apps, only to discover later that the settings do not match their initial preference," the paper states. "Our results demonstrate users are not correctly able to configure the desired privacy settings of default apps. In addition, we discovered that some default app configurations can even reduce trust in family relationships."

The researchers criticize data collection by Apple apps like Safari and Siri, where that data is sent, how users can (and can't) disable that data tracking, and how Apple presents privacy options to users. The paper illustrates these issues in a discussion of Apple's Siri voice assistant. While users can ostensibly choose not to enable Siri in the initial setup on macOS-powered devices, it still collects data from other apps to provide suggestions. To fully disable Siri, Apple users must find privacy-related options across five different submenus in the Settings app. Apple's own documentation for how its privacy settings work isn't good either. It doesn't mention every privacy option, explain what is done with user data, or highlight whether settings are enabled or disabled. Also, it's written in legalese, which almost guarantees no normal user will ever read it. "We discovered that the features are not clearly documented," the paper concludes. "Specifically, we discovered that steps required to disable features of default apps are largely undocumented and the data handling practices are not completely disclosed."

Bitcoin

Terraform Labs and Founder Do Kwon Found Liable In US Civil Fraud Trial (reuters.com) 12

Terraform Labs and its founder Do Kwon have been found liable on civil fraud charges on Friday by a jury in Manhattan. The jury agreed with the SEC that the two misled investors before their stablecoin's 2022 collapse shocked crypto markets around the world. Reuters reports: The SEC accused the company and Kwon of misleading investors in 2021 about the stability of TerraUSD, a stablecoin designed to maintain a value of $1. The regulator also accused them of falsely claiming Terraform's blockchain was used in a popular Korean mobile payment app. SEC attorney Laura Meehan said during closing arguments that the platform's success story was "built on lies." "If you swing big and you miss, and you don't tell people that you came up short, that is fraud," Meehan said.

Louis Pellegrino, an attorney for Terraform, told the jury on Friday the SEC's case relied on statements taken out of context and that Terraform and Kwon had been truthful about their products and how they worked, even when they failed. "Terraform is still out there, trying to rebuild and make purchasers whole," he said. The regulator is seeking civil financial penalties and orders barring Kwon and Terraform from the securities industry. Kwon, who was arrested in Montenegro in March 2023, did not attend the trial, which began March 25. Both the U.S. and South Korea, where Kwon is a citizen, have sought his extradition on criminal charges.

Privacy

Commercial Bank of Ethiopia Names and Shames Customers Over Bank Glitch Money (bbc.com) 26

An Ethiopian bank has put up posters shaming customers it says have not returned money they gained during a technical glitch. From a report: Notices bearing their names and photos could be seen outside branches of the Commercial Bank of Ethiopia (CBE) on Friday. The bank says it has recovered almost three-quarters of the $14m it lost, its head said last week. He warned that those keeping money that is not theirs will be prosecuted. Last month, an hours-long glitch allowed customers at the CBE, Ethiopia's largest commercial bank, to withdraw or transfer more than they had in their accounts.
Advertising

Roku's New HDMI Tech Could Show Ads When You Pause Your Game (kotaku.com) 119

An anonymous reader quotes a report from Kotaku: A new patent recently filed by TV and streaming device manufacturer Roku hints toward a possible future where televisions could display ads when you pause a movie or game. For Roku, the time in which the TV is on but users aren't doing anything is valuable. The company has started leasing out ad space in its popular Roku City screensaver -- which appears when your TV is idle -- to companies like McDonald's and movies like Barbie. As tech newsletter Lowpass points out, Roku finds this idle time and its screensaver so valuable that it forbids app developers from overriding the screensaver with their own. But, if you plug in an Xbox or DVD player into the HDMI port on a Roku TV, you bypass the company's screensaver and other ads. And so, Roku has been figuring out a way to not let that happen.

As reported by Lowpass on April 4, Roku recently filed a patent for a technology that would let it inject ads into third-party content -- like an Xbox game or Netflix movie -- using an HDMI connection. The patent describes a situation where you are playing a video game and hit pause to go check your phone or grab some food. At this point, Roku would identify that you have paused the content and display a relevant ad until you unpaused the game. Roku's tech isn't designed to randomly inject ads as you are playing a game or watching a movie, it knows that would be going too far and anger people. Instead, the patent suggests several ways that Roku could spot when your TV is paused, like comparing frames, to make sure the user has actually paused the content. Roku might also use the HDMI's audio feed to search for extended moments of silence. The company also proposes using HDMI CEC -- a protocol designed to help devices communicate better -- to figure out when you pause and unpause content. Similarly, Roku's patent explains that it will use various methods to detect what people are playing or watching and try to display relevant ads. So if it sees you have an Xbox plugged in, it might try to serve you ads that it thinks an Xbox owner would be interested in.

Piracy

Plex Asks GitHub to Take Down 'Reshare' Repository Over Piracy Fears (torrentfreak.com) 60

Plex is a multi-functional streaming platform that allows users to watch, organize, and curate their favorite media entertainment. Sharing Plex libraries is also an option; one that comes with piracy concerns. In an effort to "avoid the growth of piracy," Plex asked GitHub to remove a repository that allows people to reshare libraries that were not originally theirs. TorrentFreak reports: The Swiss company, which is headquartered in the U.S., asked GitHub to remove a "Plex Reshare" repository, alleging that it may contribute to its piracy problem. "Plex Reshare" doesn't host any copyright-infringing material and, as far as we've seen, it doesn't reference any either. Its main purpose is to allow Plex users to make shared Plex directories browsable on the web, which allows people to "reshare" them without being the original owner. "The reason behind this project is to make available your PLEX shares to other friends unrelated to the person who owns the original library," Plex Reshare developer Peter explains.

While the repository doesn't host or link to copyright-infringing material, Plex argues that it can be used to 'grow' piracy. "We have found infringing material in your website which indeed is OTHER 'Plex Server'. The material that is claimed to be infringing is to be removed or access to which is to be disabled immediately and avoid the growth of piracy," the takedown notice reads. The first part of the sentence is somewhat confusing. Plex-reshare is not a Plex server but the company may use "OTHER Plex Server" as an internal classification category. In any case, Plex alleges that the repository can contribute to the growth of piracy on its platform.

Citing the Online Copyright Infringement Liability Limitation Act, Plex urges GitHub to take immediate action, or else it may be held liable. It's not clear what this liability claim rests on, as there are no actual copyright infringements mentioned in the takedown notice. Despite the broad nature of this claim, GitHub has indeed taken the repository offline, replacing it with a DMCA takedown reference. This likely wasn't a straightforward decision as GitHub is known to put developers first with these types of issues. In this case, it took more than three weeks before GitHub took action, which is much longer than usual. This suggests that GitHub allowed the developer to respond and may have sought legal advice from in-house lawyers, to ensure that the rights of all parties are properly considered.
The report notes that the Plex-reshare code is listed on Docker Hub as well, which means it may face a similar fate.
Cellphones

Feds Finally Decide To Do Something About Years-Old SS7 Spy Holes In Phone Networks 32

Jessica Lyons reports via The Register: The FCC appears to finally be stepping up efforts to secure decades-old flaws in American telephone networks that are allegedly being used by foreign governments and surveillance outfits to remotely spy on and monitor wireless devices. At issue are the Signaling System Number 7 (SS7) and Diameter protocols, which are used by fixed and mobile network operators to enable interconnection between networks. They are part of the glue that holds today's telecommunications together. According to the US watchdog and some lawmakers, both protocols include security weaknesses that leave folks vulnerable to unwanted snooping. SS7's problems have been known about for years and years, as far back as at least 2008, and we wrote about them in 2010 and 2014, for instance. Little has been done to address these exploitable shortcomings.

SS7, which was developed in the mid-1970s, can be potentially abused to track people's phones' locations; redirect calls and text messages so that info can be intercepted; and spy on users. The Diameter protocol was developed in the late-1990s and includes support for network access and IP mobility in local and roaming calls and messages. It does not, however, encrypt originating IP addresses during transport, which makes it easier for miscreants to carry out network spoofing attacks. "As coverage expands, and more networks and participants are introduced, the opportunity for a bad actor to exploit SS7 and Diameter has increased," according to the FCC [PDF].

On March 27 the commission asked telecommunications providers to weigh in and detail what they are doing to prevent SS7 and Diameter vulnerabilities from being misused to track consumers' locations. The FCC has also asked carriers to detail any exploits of the protocols since 2018. The regulator wants to know the date(s) of the incident(s), what happened, which vulnerabilities were exploited and with which techniques, where the location tracking occurred, and -- if known -- the attacker's identity. This time frame is significant because in 2018, the Communications Security, Reliability, and Interoperability Council (CSRIC), a federal advisory committee to the FCC, issued several security best practices to prevent network intrusions and unauthorized location tracking. Interested parties have until April 26 to submit comments, and then the FCC has a month to respond.
AI

George Carlin Estate Forces 'AI Carlin' Off the Internet For Good (arstechnica.com) 31

An anonymous reader quotes a report from Ars Technica: The George Carlin estate has settled its lawsuit with Dudesy, the podcast that purportedly used a "comedy AI" to produce an hour-long stand-up special in the style and voice of the late comedian. Dudesy's "George Carlin: Dead and Loving It" special, which was first uploaded in early January, gained hundreds of thousands of views and plenty of media attention for its presentation as a creation of an AI that had "listened to all of George Carlin's material... to imitate his voice, cadence and attitude as well as the subject matter I think would have interested him today." But even before the Carlin estate lawsuit was filed, there were numerous signs that the special was not actually written by an AI, as Ars laid out in detail in a feature report.

Shortly after the Carlin estate filed its lawsuit against Dudesy in late January, a representative for Dudesy host Will Sasso told The New York Times that the special had actually been "completely written by [Dudesy co-host] Chad Kultgen." Regardless of the special's actual authorship, though, the lawsuit also took Dudesy to task for "capitaliz[ing] on the name, reputation, and likeness of George Carlin in creating, promoting, and distributing the Dudesy Special and using generated images of Carlin, Carlin's voice, and images designed to evoke Carlin's presence on a stage." The resulting "association" between the real Carlin and this ersatz version put Dudesy in potential legal jeopardy, even if the contentious and unsettled copyright issues regarding AI training and authorship weren't in play.

Court documents note that shortly after the lawsuit was filed, Dudesy had already "taken reasonable steps" to remove the special and any mention of Carlin from all of Dudesy's online accounts. The settlement restrains the Dudesy podcast (and those associated with it) from re-uploading the special anywhere and from "using George Carlin's image, voice, or likeness" in any content posted anywhere on the Internet. Archived copies of the special are still available on the Internet if you know where to look. While the settlement notes that those reposts are also in "violat[ion] of this order," Dudesy will not be held liable for any reuploads made by unrelated third parties.

Slashdot Top Deals