A special commission within Poland's Senate concluded that the government's use of spyware, like the one made by NSO Group, is illegal. From a report: The commission announced on Thursday the conclusion of its 18-month-long investigation into allegations that the Polish government used NSO's spyware, known as Pegasus, to spy on an opposition politician and other politicians around the time of the country's 2019 elections. "Pegasus cannot be used under Polish law," the report read, according to a machine translation. "This is because the Polish legal system does not allow the use of programs in which acquired operational data is transferred through transmission channels uncontrolled by the relevant services, as this creates the risk of violating its integrity and does not ensure its confidentiality, as required by law."

In other words, NSO's spyware is not designed in a way that respects Polish law, collects too much information, and cannot guarantee that that information is secured properly, according to the report. The commission also concluded that the Polish government used Pegasus to retaliate against opposition figures, and that these surveillance operations negatively influenced the 2019 elections in the country. The commission compared these abuses with Russian government hackers activities in the 2016 elections in the United States.

An anonymous reader quotes a report from Wired: For years, some cybersecurity defenders and advocates have called for a kind of Geneva Convention for cyberwar, new international laws that would create clear consequences for anyone hacking civilian critical infrastructure, like power grids, banks, and hospitals. Now the lead prosecutor of the International Criminal Court at the Hague has made it clear that he intends to enforce those consequences -- no new Geneva Convention required. Instead, he has explicitly stated for the first time that the Hague will investigate and prosecute any hacking crimes that violate existing international law, just as it does for war crimes committed in the physical world.

In a little-noticed article released last month in the quarterly publication Foreign Policy Analytics, the International Criminal Court's lead prosecutor, Karim Khan, spelled out that new commitment: His office will investigate cybercrimes that potentially violate the Rome Statute, the treaty that defines the court's authority to prosecute illegal acts, including war crimes, crimes against humanity, and genocide. "Cyber warfare does not play out in the abstract. Rather, it can have a profound impact on people's lives," Khan writes. "Attempts to impact critical infrastructure such as medical facilities or control systems for power generation may result in immediate consequences for many, particularly the most vulnerable. Consequently, as part of its investigations, my Office will collect and review evidence of such conduct."

When WIRED reached out to the International Criminal Court, a spokesperson for the office of the prosecutor confirmed that this is now the office's official stance. "The Office considers that, in appropriate circumstances, conduct in cyberspace may potentially amount to war crimes, crimes against humanity, genocide, and/or the crime of aggression," the spokesperson writes, "and that such conduct may potentially be prosecuted before the Court where the case is sufficiently grave." Neither Khan's article nor his office's statement to WIRED mention Russia or Ukraine. But the new statement of the ICC prosecutor's intent to investigate and prosecute hacking crimes comes in the midst of growing international focus on Russia's cyberattacks targeting Ukraine both before and after its full-blown invasion of its neighbor in early 2022.

Ryan Salame, a top FTX executive who played a key role in the exchange's political fundraising operations, will forfeit $1.5 billion after pleading guilty on Thursday to federal criminal charges tied to the exchange. CoinDesk reports: Salame, who was co-CEO of FTX's Bahamas entity FTX Digital Markets, pleaded guilty to conspiracy to make unlawful contributions and defraud the Federal Election Commission and conspiracy to operate an unlicensed money transferring business. "I made political contributions in my name that were funded by transfers from an Alameda subsidiary," Salame told Judge Lewis Kaplan, who is also overseeing Bankman-Fried's trial, as he entered his guilty plea. The transfers were "categorized as loans," Salame said, but "it was understood that the would not be repaid." The donations, according to Salame, "were for the benefit of initiatives introduced by others but supported by Sam Bankman-Fried."

As part of his plea agreement with the government, Salame has been ordered to forfeit more than $1.5 billion dollars. He agreed to forfeit $6 million before his sentencing, expected in March of next year. To help cover this amount, Salame has already agreed to give the government a "2021 Porsche automobile" and multiple properties, including two Massachusetts homes and ownership of the East Rood Farm Corporation, an entity Salame owns. Additionally, Salame was ordered to pay more than $5.5 million in restitution to FTX debtors. According to a DOJ document (PDF), the $1.5 billion Salame will forfeit represents "property involved in" the unlicensed money transmitter charge.

An anonymous reader quotes a report from Gizmodo: Google's Privacy Sandbox, a controversial set of tools and settings meant to replace third-party cookies, is now on almost every single Chrome browser, according to a company blog post published Thursday. Google says Privacy Sandbox is now available to around 97% of Chrome users, and that number will reach 100% in the next few months. The news comes on the heels of the browser's 15th anniversary, which Google is celebrating by redesigning Chrome to make it look and feel more closely aligned with the design paradigm of Android and the rest of the Google suite. The final step in this process comes in 2024, when Google will disable third-party cookies in Chrome for good, marking the end of their decades-long reign of privacy-violating terror.

Back in 2019, Google said the cookie era was coming to a close. In place of third-party cookies, Privacy Sandbox will implement a long list of new tools for the ad industry. Google, after all, makes all of its money by spying on you and turning the insights into ads, so it's not about to put itself out of business. In fairness, this new system is really more private, though it's private on Google's terms. The biggest change is "Ad Topics," a.k.a. the Topics API if you're a huge nerd who's been following this stuff for years. With Topics, Chrome will keep track of all the websites you're looking at and sort you into a variety of categories. This tracking happens in your browser and the data stays on your device. Neither Google nor anyone else gets to see your browsing history or learn anything about you as an individual throughout this process. Websites and advertising companies will know there's a person interested in a certain Topic, but they won't be able to tell who you are specifically.

There's also an extremely complicated technique websites can use to tag you with subjects they want you to see ads about, called "Site Suggested Ads." Google is also rolling out a tool called "Ad Measurement," which helps companies keep track of how well their ads are working through metrics such as the time of day you saw an ad and whether you clicked on it. Google gives users some control over how these tools are implemented. With the rollout of Privacy Sandbox comes new settings listed as "Ad privacy controls," which you can adjust in Chrome's preferences. Further reading: Chrome is About To Look a Bit Different

Microsoft says it will defend buyers of its artificial intelligence products from copyright infringement lawsuits, an effort by the software giant to ease concerns customers might have about using its AI "Copilots" to generate content based on existing work. From a report: The Microsoft Copilot Copyright Commitment will protect customers as long as they've "used the guardrails and content filters we have built into our products" Hossein Nowbar, General Counsel, Corporate Legal Affairs and Corporate Secretary at Microsoft, said in a blog post Thursday. Microsoft also pledged to pay related fines or settlements and said it has taken steps to ensure its Copilots respect copyright.

"We believe in standing behind our customers when they use our products," Nowbar said. "We are charging our commercial customers for our Copilots, and if their use creates legal issues, we should make this our problem rather than our customers' problem." Generative AI applications scoop up existing content such as art, articles and programming code and use it to generate new material that can simplify or automate a range of tasks. Microsoft is baking the technology, developed with partner OpenAI, into many of its biggest products, including Office and Windows, potentially putting customers in legal jeopardy.

According to Mozilla's *Privacy Not Included project, every major car brand fails to adhere to the most basic privacy and security standards in new internet-connected models, and all 25 of the brands Mozilla examined flunked the organization's test. Gizmodo reports: Mozilla found brands including BMW, Ford, Toyota, Tesla, and Subaru collect data about drivers including race, facial expressions, weight, health information, and where you drive. Some of the cars tested collected data you wouldn't expect your car to know about, including details about sexual activity, race, and immigration status, according to Mozilla. [...] The worst offender was Nissan, Mozilla said. The carmaker's privacy policy suggests the manufacturer collects information including sexual activity, health diagnosis data, and genetic data, though there's no details about how exactly that data is gathered. Nissan reserves the right to share and sell "preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes" to data brokers, law enforcement, and other third parties.

Other brands didn't fare much better. Volkswagen, for example, collects your driving behaviors such as your seatbelt and braking habits and pairs that with details such as age and gender for targeted advertising. Kia's privacy policy reserves the right to monitor your "sex life," and Mercedes-Benz ships cars with TikTok pre-installed on the infotainment system, an app that has its own thicket of privacy problems. The privacy and security problems extend beyond the nature of the data car companies siphon off about you. Mozilla said it was unable to determine whether the brands encrypt any of the data they collect, and only Mercedes-Benz responded to the organization's questions.

Mozilla also found that many car brands engage in "privacy washing," or presenting consumers with information that suggests they don't have to worry about privacy issues when the exact opposite is true. Many leading manufacturers are signatories to the Alliance for Automotive Innovation's "Consumer Privacy Protection Principles (PDF)." According to Mozilla, these are a non-binding set of vague promises organized by the car manufacturers themselves. Questions around consent are essentially a joke as well. Subaru, for example, says that by being a passenger in the car, you are considered a "user" who has given the company consent to harvest information about you. Mozilla said a number of car brands say it's the drivers responsibility to let passengers know about their car's privacy policies -- as if the privacy policies are comprehensible to drivers in the first place. Toyota, for example, has a constellation of 12 different privacy policies for your reading pleasure.

The UK government will concede it will not use controversial powers in the online safety bill to scan messaging apps for harmful content until it is "technically feasible" to do so, postponing measures that critics say threaten users' privacy. Financial Times: A planned statement to the House of Lords on Wednesday afternoon will mark an eleventh-hour bid by ministers to end a stand-off with tech companies, including WhatsApp, that have threatened to pull their services from the UK over what they claimed was an intolerable threat to millions of users' security. The statement is set to outline that Ofcom, the tech regulator, will only require companies to scan their networks when a technology is developed that is capable of doing so, according to people briefed on the plan. Many security experts believe it could be years before any such technology is developed, if ever.

"A notice can only be issued where technically feasible and where technology has been accredited as meeting minimum standards of accuracy in detecting only child sexual abuse and exploitation content," the statement will say. The online safety bill, which has been in development for several years and is now in its final stages in parliament, is one of the toughest attempts by any government to make Big Tech companies responsible for the content that is shared on their networks.

The British Conservative government has eased planning rules and lifted restrictions that had effectively prohibited the construction of new onshore wind farms in England. The Independent reports: Rules introduced in 2015 by then-Prime Minister David Cameron, who also led a Conservative administration, allowed a single objection to a wind turbine application to block its development. The regulations led to a dramatic decline in the number of new turbines granted planning permission. Some Conservatives pressured the current government to overturn the rules. Lawmaker Alok Sharma, who was president of the 2021 U.N. climate change conference and led the lobbying campaign, called them "outdated" and "not a sensible way for a planning system to operate."

Authorities said Tuesday that the eased restrictions mean that onshore wind projects supported by local residents will get approved more quickly. They said elected local officials will have the ability to make final decisions based on the prevailing view of their communities, not just a small number of objectors. Communities that back wind turbines in their areas will also benefit from cheaper electricity, officials said, adding that the way such energy discounts work would be considered later.

An anonymous reader quotes a report from The Daily Beast: A Florida marathoner is facing federal charges after the U.S. Coast Guard spotted him 70 nautical miles off Tybee Island, Georgia on Aug. 26, in a homemade Hydro Pod, as Hurricane Franklin bore down on the Eastern Seaboard. Reza Baluchi claimed he was headed to London in the human-powered vessel, a hamster wheel-like contraption which a newly filed criminal complaint describes as being "afloat as a result of wiring and buoys." When Coast Guard officers told Baluchi they were cutting short his "manifestly unsafe" voyage, Baluchi threatened to kill himself with a 12-inch knife if anyone tried to apprehend him, and claimed to have a bomb aboard, which turned out to be fake, according to the complaint. Three days later, Baluchi -- who authorities have intercepted in his Hydro Pod at least three times previously -- finally surrendered, the complaint states. Baluchi made national news for a 2021 attempt to get from Florida to New York in the Hydro Pod, but washed ashore 25 miles later.

Long-time Slashdot reader Mr_Blank shares a report from Axios: AI experts at leading universities favor creating a federal "Department of AI" or a global regulator to govern artificial intelligence over leaving that to Congress, the White House or the private sector. That's the top-level finding of the new Axios-Generation Lab-Syracuse University AI Experts Survey of computer science professors from top U.S. research universities. The survey includes responses from 213 professors of computer science at 65 of the top 100 U.S. computer science programs, as defined by SCImago Journal rankings.

The survey found experts split over when or if AI will escape human control -- but unified in a view that the emerging technologies must be regulated. "Regulation" was the top response when asked what action would move AI in a positive direction. Just 1 in 6 said AI shouldn't or can't be regulated. Only a handful trust the private sector to self-regulate. About 1 in 5 predicted AI will "definitely" stay in human control. The rest were split between those saying AI will "probably" or "definitely" get out of human control and those saying "probably not." "No one individual is highly trusted to deal with AI issues," adds Axios. "President Biden took the top spot, with 9% of respondents -- slightly higher than Sundar Pichai, Elon Musk or Sam Altman. Mark Zuckerberg and Donald Trump drew 2% and 1%, respectively."

Slash_Account_Dot writes: Customs and Border Protection (CBP) has told airports it plans to increase its targets for scanning passengers with facial recognition as they leave the U.S., according to an internal airport email obtained by 404 Media. The new goal will be to scan 75 percent of all passengers, the email adds. The news signals CBP's increasing focus on biometric, and in particular facial recognition, systems at airports. Although it is unclear if related to the shift in goals, one traveler was also recently told by airline industry staff "CBP said everyone has to do it" when they asked to opt-out of facial recognition while boarding for an international flight last month.

When it comes to US government employee satisfaction with IT services, one agency finds itself continually at the bottom of the heap: The rather crucial Department of Defense. From a report: Results from the General Services Administration's (GSA) Mission-Support Customer Satisfaction Survey published on Wednesday found the DoD was trailing the other 23 US federal government agencies included in the research. Of the seven technology user areas surveyed, the DoD came dead last in user satisfaction for IT support, equipment, function, and communication/collaboration.

The DoD didn't fare much better in the three areas it wasn't scraping the bottom, either. For strategic IT partnerships and development, modernizations and enhancement the Defense Department ranked twentieth (out of 24), and for operations and maintenance satisfaction it beat the US Department of Agriculture - barely - on the seven-point scale used by the GSA. Despite its abysmal ranking among its fellow federal agencies, the DoD's users were still generally okay with their IT service, with 65 percent of respondents saying they were at least somewhat satisfied with IT support, and 64.5 percent expressing some degree of satisfaction with their IT equipment. Only development, modernization and enhancement failed to net 50 percent satisfaction among DoD respondents.

As a growing number of hackers target companies, organisations and industries with debilitating attacks, more skilled cyber security workers are urgently needed to combat the threat.ÂFrom a report: ISC2, the world's largest association of cyber professionals, estimates that the cyber security workforce in 2022 stood at about 4.7mn people globally. But a further 3.4mn roles remain unfilled. "The gap is massive," says Clar Rosso, ISC2's chief executive. "This shortfall is felt more acutely in countries such as India where digitisation is rapid. But even in the US, only 69 per cent of cyber roles are filled, according to Cyberseek, a website that provides data about the cyber security job market."

Beyond a talent shortfall, existing workers are underskilled. A UK government report this year found that 50 per cent of UK businesses -- some 739,000 in total -- have a basic cyber skills gap, meaning that those in charge of cyber security lack the confidence to carry out the technical measures that protect against the most common digital attacks. Previously, it was thought that a company's IT team could take care of all cyber security concerns. But "over time, it became clear that this needed specialised attention," Rosso says, adding that, after some high-profile ransomware attacks over the past couple of years, "business executives are now paying attention."

Here's how the Washington Post tells the story of 34-year-old marketer (and former model) Madison Conradis, who discovered nude behind-the-scenes photos from 10 years earlier had leaked after a series of photographer web sites were breached: Now the photos along with her name and contact information were on 4chan, a lawless website that allows users to post anonymously about topics as varied as music and white supremacy... Facebook users registered under fake names such as "Joe Bummer" sent her direct messages demanding that she send new, explicit photos, or else they would further spread the already leaked photos. Some pictures landed in her father's Instagram messages, while marketing clients told her about the nude images that came their way. Madison was at a friend's party when she got a panicked call from the manager of a hotel restaurant where she had worked: The photos had made their way to his inbox. After two years, hoping a new Florida law against cyberharassment would finally end the torture, Madison walked into her local Melbourne police station and shared everything. But she was told that what she was experiencing was not criminal.

What Madison still did not know was that other women were in the clutches of the same man on the internet — and all faced similar reactions from their local authorities. Without help from the police, they would have to pursue justice on their own.
Some cybersleuthing revealed the four women all had one follower in common on Facebook: Christopher Buonocore. (They were his ex-girlfriend, his ex-fiance, his relative, and a childhood friend.) Eventually Madison's sister Christine — who had recently passed the bar exam — "prepared a 59-page document mapping the entire case with evidence and relevant statutes in each of the victims' jurisdictions. She sent the document to all the women involved, and each showed up at her respective law enforcement offices, dropped the packet in front of investigators and demanded a criminal investigation." The sheriff in Florida's Manatee County, Christine's locality, passed the case up to federal investigators. And in July 2019, the FBI took over on behalf of all six women on the basis of the evidence of interstate cyberstalking that Christine had compiled...

The U.S. attorney for the Middle District of Florida took action at the end of December 2020, but without a federal law criminalizing the nonconsensual distribution of intimate images, she charged Buonocore with six counts of cyberstalking instead, which can apply to some cases involving interstate communication done with the intent to kill, injure, intimidate, harass or surveil someone. He pleaded guilty to all counts the following January...

U.S. District Judge Thomas Barber sentenced Buonocore to 15 years in federal prison — almost four years more than the prosecutor had requested.

An anonymous reader shares The Hill's report from earlier this month. Apparently America's tax-collecting Internal Revenue Service "cannot locate thousands of microfilm cartridges containing millions of sensitive individual and business tax account records, according to a watchdog report." The Treasury Inspector General for Tax Administration said in a report released August 8 that the IRS cannot account for microfilm cartridges — which contain backups of tax records as required under federal law — from fiscal 2010 that were originally stored at a processing center in Fresno, California... The watchdog also found seven empty boxes, which could hold up to 168 cartridges total, at the Ogden Tax Processing Center in Utah. Ogden personnel did not know where the missing cartridges were.

More than 4,000 cartridges containing business tax account information from fiscal 2018 and 4,500 cartridges containing individual tax account information from fiscal 2019 also could not be accounted for at the Kansas City facility, according to the report.

"The personal taxpayer and tax information included on these backup cartridges is key information that can be used to commit tax refund fraud identity theft," the report noted.

Kotaku reports that last week 29-year old Darin Harris "allegedly stole dozens of copies of the game from a warehouse and started selling them online," prompting lots of pre-release leaks for the game.

"One Reddit user immediately reported the leaks to Bethesda and Memphis police," adds Kotaku. "And he's now been banned from the r/GamingLeaksAndRumours subreddit after posting about it." I know this because the commenter in question, Jasper Adkins, emailed Kotaku to inform us it had happened. "It seems to me that the subreddit is running on 'bread and circuses' mode mixed with bystander syndrome," he wrote in his initial email. "They're perfectly willing to ignore a crime that hurts a developer they claim to support, in exchange for a few minutes of shaky gameplay filmed from a phone...."

Despite the criminal charges against him, Harris has become something of a folk hero within the community of fans hungry for Starfield leaks. As the Commercial Appeal reported, memes hail him as "Lord Tyrone" (his middle name) and one player even vowed to name their Starfield ship "Memphian" in his honor...

[Adkins] was banned from r/GamingLeaksAndRumours on August 24 shortly after posting about how he tried to help get Harris arrested. "An officer at the station told me so himself when I called him about it," he wrote in the middle of a long comment thread. Adkins soon received a notification that he had violated the subreddit's rules. He protested, but the r/GamingLeaksAndRumours admins weren't having it. "Just not interested in having someone here who takes action against the community like that," they wrote back.

I reached out to one of the subreddit's admins to confirm what had happened and the thinking behind the ban. "If he just did it I wouldn't think badly of him but to come on the sub and brag about calling the cops on the dude just rubbed me the wrong way," one of them told Kotaku in a DM. "Might unban him at some point but for now he's behind the bars of the internet."

The U.S. Department of Defense has launched a website collecting publicly available, declassified information on unidentified anomalous phenomena (UAPs). "For now, the general public will be able to read through the posted information," reports CNET. "Soon, US government employees, contractors, and service members with knowledge of US programs can report their own sightings, and later, others will be able to submit reports." From the report: "This website will provide information, including photos and videos, on resolved UAP cases as they are declassified and approved for public release," the department said in a release posted on Thursday. "The website's other content includes reporting trends and a frequently asked questions section as well as links to official reports, transcripts, press releases, and other resources that the public may find useful, such as applicable statutes and aircraft, balloon and satellite tracking sites."

For now, one of the most interesting parts of the site is its trends section. Apparently, most reported UAPs are round, either white, silver or translucent, spotted at around 10,000 to 30,000 feet, 1-4 meters in size, and do not emit thermal exhaust. Hotspots for sightings include both the US East and West coasts. There's also a small section of videos with names such as "DVIDS Video - Unresolved Case: Navy 2021 Flyby," and "UAP Video: Middle East Object." Readers are able to leave comments on the videos. Of the "Middle East Object" video, one person writes,"Noticed I never saw it cast a shadow. But other objects have shadows."

"The NYC police department intends to use drones to monitor Labor Day backyard parties, raising privacy concerns," writes Slashdot reader jjslash. "Drone usage by U.S. police departments is increasing, with some operating them beyond visual line of sight. TechSpot reports: "If a caller states there's a large crowd, a large party in a backyard, we're going to be utilizing our assets to go up and go check on the party," said assistant NYPD Commissioner Kaz Daughtry at a recent press conference. Naturally, the admission attracted the attention of privacy and civil liberties advocates who questioned if the department's plans violate existing laws governing surveillance in the area.

In its unmanned aircraft systems (UAS): Impact and use policy from 2021, the NYC police department said drones would not be used in areas where there is a reasonable expectation of privacy without a search warrant, except in exigent circumstances (PDF). Are backyard parties really all that pressing? "Deploying drones in this way is a sci-fi inspired scenario," said Daniel Schwarz, a technology and privacy strategist with the New York Civil Liberties Union. Schwarz added that it is at variance with the Public Oversight of Surveillance Technology (POST) Act, which "requires the reporting and evaluation of surveillance technologies used by the NYPD."

Microsoft has patented an AI-powered backpack design featuring a plethora of sensors that may include cameras, microphones, GPS, and a compass. Tom's Hardware reports: Additionally, Microsoft thinks it may be useful to add in LEDs and speakers, as well as a haptic actuator, into the straps. Some real-time processing is deemed necessary to the smart wearable. Thus, various recognition modules are proposed to provide image, text, speech, facial, and cognitive recognition. As well as real-time monitors feeding data to the built-in processing power for AI smarts, the system housed in the backpack also will boast a recording device (using on-board storage), wireless connectivity, battery power / charging and more.

With all the above sensing and processing on your person, in the backpack, it is envisioned that wearers will benefit from AI enhanced object identification and analysis, nearby device interaction, and be able to gain contextual insights. A flow chart shows how the backpack and its data feed might work alongside personal computers and cloud servers. Other illustrations show the wandering backpack wearer navigating a ski resort, and checking out supermarket prices, as well as considering booking concert tickets. Sometimes the user may interact with the backpack's on-board AI via speech, e.g. "Hey Backpack, add this poster to my calendar." Alternatively some AI actions or contextual tasks may be instigated by interacting with sensors on the straps. You can view the patent application here.

Robinhood announced it has purchased more than 55 million shares of the firm previously held by former FTX CEO Sam Bankman-Fried, which were seized in January by the U.S. Department of Justice as part of the criminal case against FTX and its executives. CoinTelegraph reports: The purchase had been expected. Robinhood's board of directors announced the approval of the deal in the company's Q4 2022 report, and an Aug. 30 SEC filing said the U.S. District Court for the Southern District of New York had approved the purchase "free and clear of any claims, interests, liens and encumbrances." Robinhood made the repurchase agreement with the U.S. Marshals Service. "We are happy to have completed the purchase of these shares and look forward to executing on our growth plans on behalf of our customers and shareholders," said Robinhood chief financial officer Jason Warnick.