An anonymous reader quotes Bloomberg's report on the contractor Equifax first hired to investigate their breach: Equifax and Mandiant got into a dispute just as the hackers were gaining a foothold in the company's network... Mandiant warned Equifax that its unpatched systems and misconfigured security policies could indicate major problems, a person familiar with the perspectives of both sides said. For its part, Equifax believed Mandiant had sent an undertrained team without the expertise it expected from a marquee security company...

That rift, which appears to have squelched a broader look at weaknesses in the company's security posture, looks to have given the intruders room to operate freely within the company's network for months. According to an internal analysis of the attack, the hackers had time to customize their tools to more efficiently exploit Equifax's software, and to query and analyze dozens of databases to decide which held the most valuable data. The trove they collected was so large it had to be broken up into smaller pieces to try to avoid tripping alarms as data slipped from the company's grasp through the summer... By the time they were done, the attackers had accessed dozens of sensitive databases and created more than 30 separate entry points into Equifax's computer systems.
"They may not have immediately grasped the value of their discovery, but, as the attack escalated over the following months, that first group -- known as an entry crew -- handed off to a more sophisticated team of hackers," reports Bloomberg, suggesting that the attack may have been sponsored by a nation-state.

"If you don't place a Capable Engineering crew to oversee a project that involves lives, you're asking for trouble," writes Slashdot reader Neuronwelder. Consumer Reports writes: Congress is moving ahead with plans to let self-driving cars be tested on U.S. roads without having to comply with the same safety rules as regular vehicles... The House passed its version of the legislation earlier this month with little opposition. The Senate is expected to vote on its bill in the coming weeks... "Federal law shouldn't leave consumers as guinea pigs," said William Wallace, policy analyst for Consumers Union. "We were hopeful that this bill would include much stronger measures to protect consumers against known emerging safety risks. Unfortunately, in the bill's current form, it doesn't."

The legislation, which would take effect in 18 months, would allow the deployment of up to 50,000 self-driving vehicles per company in the first year of its application, rising to 100,000 vehicles annually by the third year, exempt from essential federal safety standards... Automakers might be able to go beyond the limits by getting exemptions for more than one model. The bill also creates a means to go beyond 100,000 cars for each company, by allowing automakers to petition the NHTSA after five years for more vehicles.
"The bill pre-empts any state safety standards," argues the group Consumer Watchdog, "but there are none yet in place at the national level."

An anonymous reader quotes the EFF: In the past few years, the sale of pre-configured Kodi boxes, and the availability of a range of plugins providing access to streaming media, has seen the software's popularity balloon -- and made it the latest target of Hollywood's copyright enforcement juggernaut. We've seen this in the appearance of streaming media boxes as an enforcement priority in the U.S. Trade Representative's Special 301 Report, in proposals for new legislation targeting the sale of "illicit" media boxes, and in lawsuits that have been brought on both sides of the Atlantic to address the "problem" that media boxes running Kodi, like any Web browser, can be used to access media streams that were not authorized by the copyright holder...

The difficulty facing the titans of TV is that since neither those who sell Kodi boxes, nor those who write or host add-ons for the software, are engaging in any unauthorized copying by doing so, cases targeting these parties have to rely on other legal theories. So far several legal theories have been used; one in Europe against sellers of Kodi boxes, one in Canada against the owner of the popular Kodi add-on repository TVAddons, and two in the United States against TVAddons and a plugin developer... These lawsuits by big TV incumbents seem to have a few goals: to expand the scope of secondary copyright infringement yet again, to force major Kodi add-on distributors off of the Internet, and to smear and discourage open source, freely configurable media players by focusing on the few bad actors in that ecosystem.
The EFF details the specific lawsuits in each region, and concludes that their courts "should reject these expansions of copyright liability, and TV networks should not target neutral platforms and technologies for abusive lawsuits."

An anonymous reader quotes Recode: Facebook has shared some details about the Russian-operated profiles it discovered on its platform with Google, as the search giant -- with the rest of the tech industry -- continues to probe the extent to which Kremlin-backed misinformation spread through their websites during the 2016 U.S. presidential election. It is unclear if Google has found any suspicious ads or other content after evaluating Facebook's data, an exchange of intel confirmed to Recode today by three sources familiar with the matter. At the very least, Google's investigation appears to be much broader in scope than a similar one by Twitter, which had drawn the ire of Congress for appearing to be incomplete. A Google spokesperson declined to comment for this story, as did a Facebook rep.

For now, though, Google is slated to deliver a private briefing to U.S. lawmakers studying Russia's political tactics in the coming weeks, additional sources told Recode. A date does not appear to have been set. And the search-and-advertising giant has been asked to join Facebook and Twitter at two upcoming hearings in the House and Senate where the industry will face questions -- out in the open -- about its safeguards against Russian political interference in the future.

An anonymous reader quotes Silicon Beat: Apple co-founder Steve Wozniak penned an op-ed on Friday with a former Federal Communications Commission chairman, urging the current FCC to stop its proposed rollback of Obama-era net neutrality regulations. In the op-ed published by USA Today, Wozniak and Michael Copps, who led the FCC from 2001 to 2011, argued the rollback will threaten freedom for internet users and may corrode democracy... "Sometimes there's a nugget of truth to the adage that Washington policymakers are disconnected from the people they purport to represent," they wrote. "It is a stirring example of democracy in action. With the Internet's future as a platform for innovation and democratic discourse on the line, a coalition of grassroots and diverse groups joined with technology firms to insist that the FCC maintain its 2015 open internet (or 'net neutrality') rules."
In the joint letter, Wozniak and Copps write that "We come from different walks of life, but each of us recognizes that the FCC is considering action that could end the internet as we know it -- a dynamic platform for entrepreneurship, jobs, education, and free expression."

"Will consumers and citizens control their online experiences, or will a few gigantic gatekeepers take this dynamic technology down the road of centralized control, toll booths and constantly rising prices for consumers? At stake is the nature of the internet and its capacity to transform our lives even more than it already has."

An dochasac writes: WAPA (680 AM) is a radio station in San Juan, Puerto Rico. After Hurricane Maria took out power, phone lines, cell towers and internet, WAPA was the only Puerto Rican radio station on the air for crucial public emergency communication. But WAPA's signal coverage was significantly cut in March 2017 when the FCC refused to renew the license for synchronous AM booster stations at Arecibo, Mayaguez and Aguadilla in March due to procedural issues with the petition for renewal. This decision limited the coverage, signal strength and signal quality of this station for remote and mountainous parts of Puerto Rico where the need for emergency communications is greatest. The FCC audio division chief who pulled WAPA's synchronous booster license decided to retire a few days ago. The position is open but is focused on legal training rather than technical expertise and experience with emergency communications.

FCC audio division's regulations have done little to stop AM and satellite radio from broadcasting right-wing streams-of-consciousness throughout the lower 48 states. With IoT, cellular, mesh, satellite, social media and cognitive radio, communications technology is changing much faster than the FCC's legal efforts to regulate it. But its arcane regulations leave Puerto Rico as one of the few islands in the Caribbean without a long distance shortwave broadcast station. With line of sight FM stations offline and WAPA's AM station neutered, post-Maria Puerto Ricans have a better chance of getting news and emergency information from Havana, Cuba than from anything under the FCC's increasingly pointless jurisdiction.

An anonymous reader quotes a report from The Next Web: Apple received a record number of national security orders this year, according to its bi-annual report published this week. The company stated it received more than 13,250 national security requests affecting over 9,000 accounts in the first half of 2017. Compared to the same period in 2015, this represents a threefold increase. National Security Requests are subpoenas by the government which oblige companies or individuals to share their data for national security purposes. The requests are usually made in the form of National Security Letters and are demanded only when it's indispensable to an investigation. The reason for this rise in numbers is still unclear. The company also revealed it provided data in 44 non-civil governmental cases, information which hadn't been revealed in its previous reports.

PopeRatzo shares a report from CNN: Trump administration lawyers are demanding the private account information of potentially thousands of Facebook users in three separate search warrants served on the social media giant, according to court documents obtained by CNN. The warrants specifically target the accounts of three Facebook users who are described by their attorneys as "anti-administration activists who have spoken out at organized events, and who are generally very critical of this administration's policies." One of those users, Emmelia Talarico, operated the disruptj20 page where Inauguration Day protests were organized and discussed; the page was visited by an estimated 6,000 users whose identities the government would have access to if Facebook hands over the information sought in the search warrants. In court filings, Talarico says if her account information was given to the government, officials would have access to her "personal passwords, security questions and answers, and credit card information," plus "the private lists of invitees and attendees to multiple political events sponsored by the page."

PolygamousRanchKid shares a report from The Washington Post (Warning: may be paywalled; alternative source): The United States is yanking more than half its diplomatic personnel from its embassy in Havana and warning Americans not to visit Cuba, saying it is for their own safety after a string of mysterious injuries harmed at least 21 Americans stationed there. "We have no reports that private U.S. citizens have been affected, but the attacks are known to have occurred in U.S. diplomatic residences and hotels frequented by U.S. citizens," Secretary of State Rex Tillerson said in a statement. "The Department does not have definitive answers on the cause or source of the attacks and is unable to recommend a means to mitigate exposure." Investigators are looking into the possibility that they were subjected to some sort of "sonic attack," among other theories, though it is not clear why American diplomats and a handful of Canadian envoys would be the only ones to complain of symptoms. Cuba has denied having anything to do with the injuries. Among the possibilities being explored is that agents acting on behalf of a third country may be responsible.

From a report: Catalonia's High Court on Friday ordered Google to delete an application that it said Catalan separatists were using to spread information about a disputed independence vote this Sunday. The court said the "On Votar 1-Oct" application on the Google Play smartphone app store opposed an order in September from Spain's Constitutional Court to suspend the referendum while it determined its legality. The court also ordered Google to block any future applications developed by the gmail address "Onvotar1oct@gmail.com', according to a written ruling. Nobody at Google in Spain was immediately available to comment.

Open internet advocates and Democratic lawmakers are mounting a last-ditch effort to remove Federal Communications Commission chief Ajit Pai over his anti-net neutrality stance, just days before Pai is set to be approved by the Senate for a new term. From a report: Since being elevated by President Trump to lead the FCC in January, Pai has become the bete noire of open internet advocates for a variety of anti-consumer actions, but none more so than his crusade to kill federal rules protecting net neutrality, the principle that all internet content should be equally accessible to consumers. [...] During a blistering floor speech on Thursday, Sen. Ron Wyden, the Oregon Democrat, portrayed Pai, a Republican former Verizon lawyer, as an industry stooge who has worked relentlessly to deliver gift after gift to the nation's largest broadband companies. "Mr. Pai has a long track record of putting big cable before consumers, big corporations above small businesses, and pay-to-play over the free and open internet," Wyden wrote in a blog post accompanying his speech. Free Press, a DC-based public interest group, has also launched a campaign to pressure the Senate to "fire Pai," citing his proposal to kill the FCC's net neutrality policy and other anti-consumer actions. But if reconfirmed, Pai is expected to try to ram through his plan to torpedo the FCC's net neutrality rules before the end of the year. "Rehiring Pai to head the agency that oversees US communications policies would be a boon for the phone and cable companies he eagerly serves," Tim Karr, Free Press Senior Director of Strategy, wrote in a blog post.

The supposedly secure messaging app Telegram has employees in St. Petersburg in the same building as Kremlin-influenced social network VK, news outlet the Outline reported on Friday citing multiple sources. William Turton, reporting for The Outline: Anton Rozenberg, a software developer and former employee of Telegram's parent company, is saying that there are Telegram employees working out of the historic Singer House in St. Petersburg, Russia's former imperial capital, a claim that has since been corroborated by others. That's significant because the Singer House is also home to VK, which is now owned by the oligarch and Putin ally Alisher Usmanov. (It's also the building where in 2012 Durov and coworkers infamously folded 5,000 ruble notes, worth about $150 each, into paper airplanes and threw them out the window, sparking violence in the street below.) The revelation casts doubt on Durov, who denies Telegram has an office in Russia, and continues to style himself as a rebel at odds with the complex Russian power structure that includes the government and oligarchy. It also raises questions about how safe Telegram is from Kremlin interference, given that VK is owned by a Kremlin sympathizer and that the Kremlin has an obvious interest in monitoring and controlling popular social networks. "As a security specialist, I have some questions about how their office isn't physically protected from the offices that surround it," Rozenberg told The Outline. "VK employees, for a long time, have had access to Telegram offices."

From a report: Dan Wasyluk discovered the hard way that trading cryptocurrencies such as bitcoin happens in an online Wild West where sheriffs are largely absent. Wasyluk and his colleagues raised bitcoins for a new tech venture and lodged them in escrow at a company running a cryptocurrency exchange called Moolah. Just months later the exchange collapsed; the man behind it is now awaiting trial in Britain on fraud and money-laundering charges. He has pleaded not guilty. Wasyluk's project lost 750 bitcoins, currently worth about $3 million, and he believes he stands little chance of recovering any money. [...] Cryptocurrencies were supposed to offer a secure, digital way to conduct financial transactions, but they have been dogged by doubts. Concerns have largely focused on their astronomical gains in value and the likelihood of painful price crashes. Equally perilous, though, are the exchanges where virtual currencies are bought, sold and stored. These exchanges, which match buyers and sellers and sometimes hold traders' funds, have become magnets for fraud and mires of technological dysfunction, a Reuters examination shows, posing an underappreciated risk to anyone who trades digital coins. Huge sums are at stake.

future guy shares a report from New Atlas: The UAE government has announced it is building the world's largest space simulation city, and to top it off it will be designed by one of the world's flashiest architects, Bjarke Ingels, whose company is literally called BIG. The project is called the Mars Science City and will cover 1.9 million sq ft (176,516 sq m) at a cost of nearly $140 million dollars. The city will span several domes, including a space for a team to live for up to a year as part of a Mars simulation. Several scientific laboratories will be included, focusing on developing methods for a Mars colony to produce food, energy and water. A museum exhibiting great space achievements will also be incorporated into the city with the walls of the museum being 3D printed using sand from the nearby Emirati desert.

An anonymous reader quotes a report from Bloomberg: AT&T and other broadband providers asked the U.S. Supreme Court to overturn the Obama-era "net neutrality" rule barring internet service providers from slowing or blocking rivals' content. The appeals, filed Thursday, will put new pressure on a rule enacted in 2015 when the Federal Communications Commission was under Democratic control. Filing a separate appeal from AT&T were the United States Telecom Association, a trade group, and broadband service provider CenturyLink. The embattled net neutrality rules bar internet service providers such as AT&T, Verizon and Comcast from blocking or slowing some web traffic in favor of other content -- their own or a paying customer's. "The practical stakes are immense," AT&T said in its appeal of a ruling that backed the FCC. The company pointed to a dissenting opinion that said the regulation "fundamentally transforms the internet" and will have a "staggering" impact on infrastructure investment.

Yesterday, Amazon announced six new hardware products at a surprise event in Seattle. The one that everyone is talking about though is called the Echo Spot -- a little alarm clock with a camera that will probably be pointing directly at your bed. "While all the focus is on what the Echo Spot looks like, it's important to remember that Amazon is using the Spot as a very clever way of making you comfortable with having a camera in your bedroom," reports The Verge. From the report: Amazon launched its Echo Look camera earlier this year to judge your outfits. It's designed to sit in your wardrobe and offer you style advice, and it was Amazon's first Echo device with a camera. Amazon quickly followed it up with the Echo Show, a touchscreen device that sits in your kitchen and lets you watch tutorials or recipes and participate in video calls. Amazon's Look device is still only available exclusively by invitation, and in hindsight it now looks like experimental hardware to gauge the reaction of a camera in the bedroom. A litmus test, if you will. Echo Spot feels like the real push to get cameras inside your smart home. It's more than just an alarm clock, but Amazon is definitely pushing this as a $130 device that will sit next to your bed. Promotional materials show it sitting on nightstands, providing a selection of clock faces and news / weather information. The privacy concerns are obvious: an always-listening (for a keyword) microphone in your bedroom, and a camera pointing at your bed.

According to a security guide published Wednesday, Apple recommends that children under the age of 13 do not use Face ID on the iPhone X due to the probability of a false match being significantly higher for young children. The company said this was because "their distinct facial features may not have fully developed." They also recommend that twins and siblings do not use the new feature. The Guardian reports: In all those situations, the company recommends concerned users disable Face ID and use a passcode instead. With Face ID, Apple has implemented a secondary system that exclusively looks out for attempts to fool the technology. Both the authentication and spoofing defense are based on machine learning, but while the former is trained to identify individuals from their faces, the latter is used to look for telltale signs of cheating. "An additional neural network that's trained to spot and resist spoofing defends against attempts to unlock your phone with photos or masks," the company says. If a completely perfect mask is made, which fools the identification neural network, the defensive system will still notice -- just like a human.

Longtime Slashdot reader Bruce Perens writes: The U.S. Air Force has transferred control of a 10-year-old orbiting satellite to AMSAT, a ham radio organization, which has enabled it for any licensed ham to use on the air, as the satellite's Air Force missions have ended. Falconsat 3's first mission was science: measuring gravity gradient, spectrometry of the plasmasphere, electronic noise in the plasmasphere, and testing three-axis attitude control using microthrusters. Secondarily it was used to train Air Force Institute of Technology students in space operations, with close to 700 cadets obtaining ham licenses in order to operate a number of Air Force satellites using ham frequencies.

Now in its third mission, control of the satellite has been transferred to AMSAT, the Radio Amateur Satellite Corporation, and all government frequencies have been disabled with only ham ones remaining. The satellite will relay APRS (position and status reporting) signals, it will operate a BBS in the sky, and will broadcast telemetry.

FCC Chairman Ajit Pai pushed Apple on Friday to activate the FM radio chips in the iPhone. From a report: In the wake of three major hurricanes that have wiped out communications for millions of people over the past month, Pai issued a statement urging Apple, one of the largest makers of cellphones in the US, to "reconsider its position, given the devastation wrought by Hurricanes Harvey, Irma, and Maria." FM radios that are already included in every phone could be used to access "life-saving information" during disasters, he said. For years the majority of smartphones sold in the US have included FM radios, but most of them have been turned off so that you couldn't use the function. Why? Mobile customers would be a lot less likely to subscribe to streaming music services if they could just listen to traditional, free broadcast radio. This incentive is especially true for Apple, which has a streaming music service. Apple said in a statement: "iPhone 7 and iPhone 8 models do not have FM radio chips in them nor do they have antennas designed to support FM signals, so it is not possible to enable FM reception in these products."

An anonymous reader shares a report: In the past two years, Google, Facebook, Twitter, Microsoft, and Oracle have faced various high-profile lawsuits related to their employment practices. And while those cases generated headlines, workers in almost every sector sue their bosses over emotional abuse, unpaid wages, and discrimination. The ability to sue over wrongful treatment at work is essential to the balance of bargaining power between employer and employee. Unfortunately, more than half of non-union, privately employed Americans -- some 60 million people -- have signed away this right. They are instead beholden to a process known as arbitration. Signing a mandatory arbitration agreement is theoretically voluntary, but refusing to do so can cost a candidate their job offer. Once signed, the agreement strips the employee of the right to take her employer to court for unfairly low pay, termination because of pregnancy, race-based discrimination, loss of paternity or maternity leave, and much more. According to a study published this week by Alexander Colvin of Cornell, more than half (54%) of private, non-unionized workplaces have mandatory arbitration procedures. For larger companies (over 1,000 workers), that jumps to 65%. By contrast, in 2003 Colvin found that just 14% of companies had arbitration agreements.

Moscow is adding facial-recognition technology to its network of 170,000 surveillance cameras across the city in a move to identify criminals and boost security. From a report: Since 2012, CCTV recordings have been held for five days after they're captured, with about 20 million hours of video stored at any one time. "We soon found it impossible to process such volumes of data by police officers alone," said Artem Ermolaev, head of the department of information technology in Moscow. "We needed an artificial intelligence to help find what we are looking for." Moscow says the city's centralized surveillance network is the world's largest of its kind. The U.K. is one of the most notorious for its use of CCTV cameras but precise figures are difficult to obtain. However, a 2013 report by the British Security Industry Association estimated there were as many as 70,000 cameras operated by the government across the nation.

New submitter wierzpio writes: According to Rob Malcolmson, Bell Canada's VP of regulatory affairs, Canada is a safe haven to internet pirates and the only solution is to create a federally mandated blacklist of pirate websites. Unlike the existing blacklist in the U.K., Bell's plan appears to involve no judicial oversight. "Engaging in extrajudicial attempts to block access to sites, I think, raises all kinds of Charter of Rights and Freedoms issues," argues Michael Geist, a University of Ottawa professor and internet law expert. Quebec also wants to block sites. The province recently introduced a provincial law that would force internet providers to block users' access to online gambling sites not approved by the government. It argues the legislation is necessary to ensure internet gambling companies maintain responsible gaming rules.

The Department of Homeland Security plans to expand the files it collects on immigrants, as well as some citizens, by including more online data -- most notably search results and social media information -- about each individual. The plan is set out in the Federal Register, where the government publishes forthcoming regulations. A final version is set to go into effect on Oct. 18. Fortune reports: The plan, reported by BuzzFeed, is notable partly because it permits the government to amass information not only about recent immigrants, but also on green card holders and naturalized Americans as well. The proposal to collect social media data is set out in a part of the draft regulation that describes expanding the content of so-called "Alien Files," which serve as detailed profiles of individual immigrants, and are used by everyone from border agents to judges. Here is the relevant portion: "The Department of Homeland Security, therefore, is updating the [file process] to ... (5) expand the categories of records to include the following: country of nationality; country of residence; the USCIS Online Account Number; social media handles, aliases, associated identifiable information, and search results."

The latest version of Internet Explorer has a bug that leaks the addresses, search terms, or any other text typed into the address bar. The flaw was disclosed Tuesday by security researcher Manual Caballero. Ars Technica reports: The bug allows any currently visited website to view any text entered into the address bar as soon as the user hits enter. The technique can expose sensitive information a user didn't intend to be viewed by remote websites, including the Web address the user is about to visit. The hack can also expose search queries, since IE allows them to be typed into the address bar and then retrieved from Bing or other search services. The proof-of-concept makes it transparent that the attacking website is viewing the entered text. The hack, however can easily be modified to make the information theft completely stealthy. A proof-of-concept site shows the exploit in action.

A company called Sirin Labs is developing an open-source smartphone that runs on a fee-less blockchain. "The Finney -- named in honor of bitcoin pioneer Hal Finney -- will be the only smartphone in the world that's fully secure and safe enough to hold cryptographic coins," reports Engadget. The company is launching a crowdsale event this October (date to be confirmed) to support the phone's development. From the report: According to Sirin, all Finney devices (there's an all-in-one PC coming, too) will form an independent blockchain network powered by IOTA's Tangle technology. The network will operate without centralized backbones or mining centers cluttering up the transaction process, using the SRN token as its default currency (only SRN token holders will be able to purchase the device). And it'll all run on a Sirin operating system specially designed to support blockchain applications such as crypto wallets and secure exchange access. The phone comes with all the bells and whistles you'd expect from a device with a $1,000 price tag, including a 256GB internal memory and 16MP camera, plus a hefty suite of security measures.

An anonymous reader quotes a report from Bloomberg: Facebook Inc. will be shut down in Russia next year if it fails to comply with requirements to store user data locally, according to the head of Russia's state communications watchdog. "The law is mandatory for everyone," Alexander Zharov told reporters Tuesday. Roskomnadzor will be forcing foreign internet companies to comply or shut down in the country. President Vladimir Putin signed a law in 2014 that requires global internet firms to store personal data of Russian clients on local servers. Companies ranging from Alphabet Inc.'s Google to Alibaba Group Holding Ltd complied, while others like Twitter Inc. demanded extra time to evaluate the economic feasibility of doing so.

An anonymous reader quotes a report from CNBC: Richard Smith, CEO and chairman of Equifax, abruptly retired Tuesday following a data breach at the credit-reporting service that affected the personal information of 143 million people. Smith, who was 57 as of the company's proxy statement in March, became CEO and chairman in 2005 after 22 years at General Electric in senior roles in various divisions. He is to appear at a hearing of the Senate Banking Committee on Oct. 4 and is the only person scheduled to testify. He is also scheduled to testify next week at a hearing of the House Energy and Commerce Committee. Smith's salary for 2016 was $1.45 million and his bonus was $3.045 million. In a regulatory filing on Tuesday, the company said Smith will not get a bonus for this year and any other decisions regarding how his departure has been characterized or how much the company owes him will be deferred until the board completes an independent review of the breach and the response to it. In a separate report, CNBC notes that Smith could walk away with at least $18.4 million in pension benefits. The company is looking for a new CEO, naming its Asia-Pacific head to take on the interim CEO role.

An anonymous reader quotes a report from Bloomberg: The U.S. National Security Agency conducted targeted surveillance over the past year against 106,000 foreigners suspected of being involved in terrorism and other crimes, using powers granted in a controversial section of law that's set to expire at the end of this year. The number of foreigners targeted under Section 702 of the Foreign Intelligence Surveillance Act rose from 94,000 in fiscal year 2015, according to U.S. intelligence officials, who asked not to be identified discussing the information. The program lets agencies collect the content of emails and other communications from suspected foreign criminals operating outside the U.S., but it has become a flash point with some lawmakers for potential infringement of Americans' constitutional rights. Congress has to decide by year-end whether to renew the NSA's power under Section 702, a program that came to light when former government contractor Edward Snowden revealed classified government documents in 2013. While the intelligence officials cautioned that changes would limit its effectiveness, lawmakers including Senate Intelligence Committee member Ron Wyden, an Oregon Democrat, have indicated they'll seek adjustments to ensure against abuses.

Yesterday was the season premiere of the first new Star Trek TV series in 12 years. While the first episode aired on the CBS broadcast network Sunday night, the second episode -- and all the rest to come -- was made available exclusively on the CBS All Access streaming service for $6 a month. Naturally, this upset Trekkies and led many of them to find alternative methods to watch the show. EW reports that Star Trek: Discovery "is on the verge of cracking Pirate Bay's Top 10 most illegally downloaded shows in less than 24 hours." From the report: The Discovery pilot is currently at No. 11 on the list (apparently at No. 15 just a few hours ago), the pilot is up there with the likes of HBO's Game of Thrones, Adult Swim's Rick and Morty and, for some reason, TNT's The Last Ship. The show's second episode is at No. 17, which is a tad surprising as that was the one that wasn't free. Ever since the distribution plan was first announced fans have resisted with some vehemence the idea of paying for "yet another streaming service just to watch a single show" (there's more than one show on All Access, CBS is quick to point out, and then a debate over the relative merits of NCIS and MacGyver repeats ensues).

An anonymous reader quotes a report from Digital Trends: Data is the new oil, or so the saying goes. So why are we giving it away for nothing more than ostensibly free email, better movie recommendations, and more accurate search results? It's an important question to ask in a world where the accumulation and scraping of data is worth billions of dollars -- and even a money-losing company with enough data about its users can be worth well into the eight-figure region. The essential bargain that's driven by today's tech giants is the purest form of cognitive capitalism: users feed in their brains -- whether this means solving a CAPTCHA to train AI systems or clicking links on Google to help it learn which websites are more important than others. In exchange for this, we get access to ostensibly "free" services, while simultaneously helping to train new technologies which may one day put large numbers of us out of business.

In an age in which concepts like universal basic income are increasingly widely discussed, one of the most intriguing solutions is one first put forward by virtual reality pioneer Jaron Lanier. In his book Who Owns the Future?, Lanier suggests that users should receive a micropayment every time their data is used to earn a company money. For example, consider the user who signs up to an online dating service. Here, the user provides data that the dating company uses to match them with a potential data. This matching process is, itself, based on algorithms honed by the data coming from previous users. The data resulting from the new user will further perfect the algorithms for later users of the service. In the case that your data somehow matches someone else successfully in a relationship, Lanier says you would be entitled to a micropayment.

Last week, a lawyer for Uber said Waymo was seeking about $2.6 billion from the company for the alleged theft of one of several trade secrets in a lawsuit over self-driving cars. Over the weekend, Waymo filed a document with the court noting that the correct figure was actually $1.859 billion. TechCrunch reports: It's not clear why this seemingly important detail was left uncorrected for nearly a week. The filing also includes some additional clarification around the way in which the damages figure was calculated. Though Waymo is arguing that nine trade secrets were put in jeopardy by Anthony Levandowski, it is seeking a maximum of $1.8 billion in damages. That figure is the value that Waymo is attributing to a single trade secret -- trade secret 25. The other eight secrets are being individually valued at less than $1.8 billion. Consequently, Waymo is capping the damages at the value of its most valuable compromised trade secret. Waymo's attorneys note that the $1.8 billion figure was calculated based on an estimate of "Uber's unjust enrichment from Uber's trade secret misappropriation." Waymo continues that the damages are based on Uber's own profitability forecasts of deploying autonomous vehicles into its ridesharing business.

An anonymous reader quotes a report from The Verge: China has blocked WhatsApp, security experts confirmed today to The New York Times (Warning: source may be paywalled). Over the past few months, WhatsApp has experienced brief disruptions to service, with users unable to send video chats or photos. Now, even text messages are completely blocked, according to Nadim Kobeissi, an applied cryptographer at Symbolic Software, a Paris-based research firm that also monitors digital censorship in China. Kobeissi found that China may have recently upgraded its firewall to detect and block the NoiseSocket protocol that WhatsApp uses to send texts, in addition to already blocking the HTTPS/TLS that WhatsApp uses to send photos and videos. He said, "I think it took time for the Chinese firewall to adapt to this new protocol so that it could also target text messages." His company noticed the app disruptions beginning last Wednesday.

From a report: President Donald Trump will issue a new directive Monday to supercharge the U.S. government's support for science, tech, engineering and mathematics, including coding education, three sources familiar with the White House's thinking told Recode. To start, Trump is set to sign a presidential memorandum at the White House later today that tasks the Department of Education to devote at least $200 million of its grant funds each year to so-called STEM fields, as the administration seeks to train workers for high-demand computer-science jobs of the future. And on Tuesday, Trump's daughter and advisor, Ivanka, is expected to head to Detroit, where she will join business leaders for an event unveiling a series of private-sector commitments -- from Amazon, Facebook, Google, GM, Quicken Loans and others -- meant to boost U.S. coding and computer-science classes and programs, the sources said.

An anonymous reader quotes Newsweek: The American Library Association's yearly Banned Books Week, held this year between Sunday September 24 and Saturday September 30, is both a celebration of freedom and a warning against censorship. Launched in 1982 in response to a sudden surge in the number of challenges to books in schools, bookstores and libraries, the event spotlights the risk of censorship still present... "While books have been and continue to be banned, part of the Banned Books Week celebration is the fact that, in a majority of cases, the books have remained available. This happens only thanks to the efforts of librarians, teachers, students, and community members who stand up and speak out for the freedom to read," the ALA stated.
"This Banned Books Week, we're asking people of all political persuasions to come together and celebrate Our Right to Read," says a coalition supporting the event. The ALA reports that half of the most frequently challenged books were in fact actually banned last year, according to the library group's Office for Intellectual Freedom (OIF), which calculates there were 17% more attempts to censor books in America in 2016. The five most-challenged books all contained LGBT characters, and the most common phrase used to complain about books is "sexually explicit," the OIF told Publisher's Weekly -- perhaps reflecting a change in targets. He believes one reason is that most challenges now are reported not for books in the library but against books in the advanced English curricula of some schools. This change also represents a shift upward in the age of the readers of the most challenged books. "We've moved from helicopter parenting, where people were hovering over their kids, to Velcro parenting," LaRue says. "There's no space at all between the hand of the parent and the head of the child. These are kids who are 16, 17; in one year they're going to be old enough to sign up for the military, get married, or vote, and their parents are still trying to protect them from content that is sexually explicit. I think that's a shift from overprotectiveness to almost suffocating."
Three of the 10 most-challenged books were graphic novels, so the Comic Book Legal Defense Fund is sharing their own list of banned and challenged comics.

Their list includes two Neil Gaiman titles, Sandman and The Graveyard Book , as well two popular Batman titles -- Frank Miller's The Dark Knight Strikes Again and Alan Moore's The Killing Joke -- plus Moore's graphic novel Watchmen, Maus by Art Spiegelman, and even Amazing Spider-Man: Revelations by J. Michael Straczynski and John Romita, Jr.

An anonymous reader quotes the Washington Post: Since it announced a massive data breach earlier this month, Equifax has been hit with dozens of lawsuits from shareholders, consumers and now one filed by a small Wisconsin credit union that represents what could be the first by a financial institution attempting to preemptively recoup losses caused by alleged fraud the hack could cause... In the lawsuit, which seeks class action status, Madison-based Summit Credit Union says that financial institutions will have to bear the cost of canceling and reissuing credit cards as well as absorbing the cost of any fraudulent charges. They will also lose "profits because their members or customers were unwilling or unable to use their credit cards following the breach," according to the lawsuit...

"For financial institutions it is important: They bear the financial responsibility for identity theft," said Summit's attorney Stacey Slaughter of the law firm Robins Kaplan. "All of the components that would allow someone to create a new identity" were exposed in the Equifax hack.
Equifax responded that they can't comment on pending litigation, according to the article, though "Equifax has said it did its best to respond to the breach and alerted consumers as quickly as it could..."

"The company's stock price has fallen 27 percent since it announced the hack September 7."

Cloudflare declared war on a group of lawyers that files patent lawsuits against tech firms, by offering bounties for the discovery of patent-invalidating "prior art." Now an anonymous reader writes: On Thursday, Cloudflare announced it has paid out the first $7,500 to people who discovered documents that could help invalidate Blackbird's patents. The money is part of a $100,000 war chest the company announced this spring... The company said it is ready to launch individual challenges to specific Blackbird patents. The company believes it has enough examples of prior art on US Patent 7,797,448, "GPS-internet Linkage" and US Patent 6,453,335 (the one asserted against Cloudflare) to lodge a challenge.
"We have received more than 230 submissions so far," Cloudflare reports, "and have only just begun to scratch the surface."

schwit1 quotes the AP: Government bodies are increasingly turning the tables on citizens who seek public records that might be embarrassing or legally sensitive. Instead of granting or denying their requests, a growing number of school districts, municipalities and state agencies have filed lawsuits against people making the requests -- taxpayers, government watchdogs and journalists who must then pursue the records in court at their own expense.

The lawsuits generally ask judges to rule that the records being sought do not have to be divulged. They name the requesters as defendants but do not seek damage awards. Still, the recent trend has alarmed freedom-of-information advocates, who say it's becoming a new way for governments to hide information, delay disclosure and intimidate critics. "This practice essentially says to a records requester, 'File a request at your peril,'" said University of Kansas journalism professor Jonathan Peters, who wrote about the issue for the Columbia Journalism Review in 2015, before several more cases were filed. "These lawsuits are an absurd practice and noxious to open government."

Spain's autonomous Catalonia region wants to hold a referendum on independence next weekend. Spain's Constitutional Court insists that that vote is illegal, and has taken control of Catalonia's police force to try to stop the vote. They're deploying thousands of additional police officers and have seized nearly 10 million ballots. And now the Internet Society has gotten involved, according to an announcement shared by Slashdot reader valinor89: Measures restricting free and open access to the Internet related to the independence referendum have been reported in Catalonia. There have been reports that major telecom operators have been asked to monitor and block traffic to political websites, and following a court order, law enforcement has raided the offices of the .cat registry in Barcelona, examining a computer and arresting staff.

We are concerned by reports that this court order would require a top-level domain (TLD) operator such as .cat to begin to block "all domains that may contain any kind of information about the referendum."

An anonymous reader quotes the Register: Faced with growing dissatisfaction about licensing requirements for some of its open-source projects, Facebook said it will move React, Jest, Flow, and Immutable.js under the MIT license next week. "We're relicensing these projects because React is the foundation of a broad ecosystem of open source software for the web, and we don't want to hold back forward progress for nontechnical reasons," said Facebook engineering director Adam Wolff in a blog post on Friday. Wolff said while Facebook continues to believe its BSD + Patents license has benefits, "we acknowledge that we failed to decisively convince this community"... Wolff said the updated licensing scheme will arrive next week with the launch of React 16, a rewrite of the library designed for more efficient operation at scale.
Facebook was facing strong criticism from the Apache Software Foundation and last week Wordpress.com had announced plans to move away from React.

"Wolff said Facebook considered a license change for its other open-source projects, but wasn't ready to commit to anything," the Register adds. "Some projects, he said, will keep the BSD + Patents license."

schwit1 writes about a new mass-market Broadcom chip designed for the next generation of smartphones: It'll know where you are to within 30 centimeters (11.8 inches), rather than five meters. At least that's the claim chip maker Broadcom is making. It says that some of its next-generation smartphone chips will use new global positioning satellite signals to boost accuracy. In a detailed report on the announcement and how the new signals work, IEEE Spectrum says that the new chips, which are expected to appear in some phones as soon as next year, will also use half the power of today's chips and even work in cities where tower blocks often interfere with existing systems. All told, it sounds like a massive change for those who rely on their phones to find their way.

AmiMoJo shares a report from Mac Rumors: Over the last day or two, several Mac users appear to have been locked out of their machines after hackers signed into their iCloud accounts and initiated a remote lock using Find My iPhone. With access to an iCloud user's username and password, Find My iPhone on iCloud.com can be used to "lock" a Mac with a passcode even with two-factor authentication turned on, and that's what's going on here. Affected users who have had their iCloud accounts hacked are receiving messages demanding money for the passcode to unlock a locked Mac device. The usernames and passwords of the iCloud accounts affected by this "hack" were likely found through various site data breaches and have not been acquired through a breach of Apple's servers. Impacted users likely used the same email addresses, account names, and passwords for multiple accounts, allowing people with malicious intent to figure out their iCloud details.

The International Trade Commission has ruled that American companies are being hurt by cheap solar panels from overseas, providing an opportunity for President Donald Trump to tax imports from countries like China. The Verge reports: Today's unanimous decision ruled that the companies SolarWorld Americans and Suniva were struggling financially not because of their own poor management, but because they couldn't compete with cheap panels from countries like China, Mexico, and South Korea. Suniva is now suggesting import duties of 40 cents a watt for solar cells, and a floor price of 78 cents a watt for panels. (Right now, the average floor price, worldwide, for panels is about 32 cents.) The Solar Energy Industries Association warned that implementing these suggestions could end up doubling the price of solar, thus destroying demand and causing Americans to lose their jobs.

An anonymous reader writes from a report via Bleeping Computer: The Project Zero team at Google has created a new tool for testing browser DOM engines and has unleashed it on today's top five browsers, finding most bugs in Apple's Safari. Results showed that Safari had by far the worst DOM engine, with 17 new bugs discovered after Fratric's test. Second was Edge with 6, then IE and Firefox with 4, and last was Chrome with only 2 new issues. The tests were carried out with a new fuzzing tool created by Google engineers named Domato, also open-sourced on GitHub. This is the third fuzzing tool Google creates and releases into open-source after OSS-Fuzz and syzkaller. Researchers focused on testing DOM engines for vulnerabilities because they expect them to be the next target for browser exploitation after Flash reaches end-of-life in 2020.

New submitter Rick Schumann writes: Walmart has a new marketing idea: "Going to the store? No one has time for that anymore," Walmart says. They want to partner with a company called August Home, who makes smart locks, so a delivery service can literally deliver groceries right into your refrigerator -- while you watch remotely on your phone. Great, time-saving idea, or super-creepy invasion of your privacy? You decide. Here's how the company says it would work:
1. Place an order on Walmart.com for groceries or other goods.
2. A driver for Deliv -- a same-day delivery service -- retrieves items when the order is ready, and brings them to the customer's home.
3. If no one answers, the delivery person can use a one-time passcode that's been pre-authorized by the customer to open the home's smart lock.
4. The customer receives a smartphone notification when the delivery is occurring, and can choose to watch it all play out in real-time on home security cameras through a dedicated app.
5. Delivery person leaves packages in the foyer, then brings the groceries to the kitchen, unloads them into the fridge, and leaves.
6. Customer receives notification that the door has locked behind them.

A member of Adobe's Product Security Incident Response Team (PSIRT) accidentally posted the PGP keys for PSIRT's email account -- both the public and the private keys. According to Ars Technica, "the keys have since been taken down, and a new public key has been posted in its stead." From the report: The faux pas was spotted at 1:49pm ET by security researcher Juho Nurminen. Nurminen was able to confirm that the key was associated with the psirt@adobe.com e-mail account. To be fair to Adobe, PGP security is harder than it should be. What obviously happened is that a PSIRT team member exported a text file from PSIRT's shared webmail account using Mailvelope, the Chrome and Firefox browser extension, to add to the team's blog. But instead of clicking on the "public" button, the person responsible clicked on "all" and exported both keys into a text file. Then, without realizing the error, the text file was cut/pasted directly to Adobe's PSIRT blog.

An anonymous reader quotes a report from The Hacker News: Login credentials of more than half a million records belonging to vehicle tracking device company SVR Tracking have leaked online, potentially exposing the personal data and vehicle details of drivers and businesses using its service. Just two days ago, Viacom was found exposing the keys to its kingdom on an unsecured Amazon S3 server, and this data breach is yet another example of storing sensitive data on a misconfigured cloud server. The Kromtech Security Center was first to discover a wide-open, public-facing misconfigured Amazon Web Server (AWS) S3 cloud storage bucket containing a cache belonging to SVR that was left publicly accessible for an unknown period. Stands for Stolen Vehicle Records, the SVR Tracking service allows its customers to track their vehicles in real time by attaching a physical tracking device to vehicles in a discreet location, so their customers can monitor and recover them in case their vehicles are stolen. The leaked cache contained details of roughly 540,000 SVR accounts, including email addresses and passwords, as well as users' vehicle data, like VIN (vehicle identification number), IMEI numbers of GPS devices. The leaked database also exposed 339 logs that contained photographs and data about vehicle status and maintenance records, along with a document with information on the 427 dealerships that use SVR's tracking services.

Red Hat says it has amassed over 2,000 patents and won't enforce them if the technologies they describe are used in properly-licensed open-source software. From a report: The company has made more or less the same offer since 2002, when it first made a "Patent Promise" in order to "discourage patent aggression in free and open source software." Back then the company didn't own many patents and claimed its non-enforcement promise covered 35 per cent of open-source software. The Promise was revised in order to reflect the company's growing patent trove and to spruce up the language it uses to make it more relevant. The revised promise "applies to all software meeting the free software or open source definitions of the Free Software Foundation (FSF) or the Open Source Initiative (OSI)." [...] It's not a blank cheque. Hardware isn't covered and Red Hat is at pains to point out that "Our Promise is not an assurance that Red Hat's patents are enforceable or that practicing Red Hat's patented inventions does not infringe others' patents or other intellectual property." But the company says 99 percent of FOSS software should be covered by the Promise.

Trent Lapinski from Hacker Noon writes an informal letter to Apple, asking "who the hell actually asked for Face ID?" and calling the iPhone X and new face-scanning security measure "Orwellian" and "creepy": For the company that famously used 1984 in its advertising to usher in a new era of personal computing, it is pretty ironic that 30+ years later they would announce technology that has the potential to eliminate global privacy. I've been waiting 10-years since the first iPhone was announced for a full-screen device that is both smaller in my hand but has a larger display and higher capacity battery. However, I do not want these features at the cost of my privacy, and the privacy of those around me. While the ease of use and user experience of Face ID is apparent, I am not questioning that, the privacy concerns are paramount in today's world of consistent security breaches. Given what we know from Wikileaks Vault7 and the CIA / NSA capabilities to hijack any iPhone, including any sensor on the phone, the very thought of handing any government a facial ID system for them to hack into is a gift the world may never be able to return. Face ID will have lasting privacy implications from 2017 moving forward, and I'm pretty sure I am not alone in not wanting to participate.

The fact of the matter is the iPhone X does not need Face ID, Apple could have easily put a Touch ID sensor on the back of the phone for authentication (who doesn't place their finger on the back of their phone?). I mean imagine how cool it would be to put your finger on the Apple logo on the back of your iPhone for Touch ID? It would have been a highly marketable product feature that is equally as effective as Face ID without the escalating Orwellian privacy implications. [...] For Face ID to work, the iPhone X actively has to scan faces looking for its owner when locked. This means anyone within a several foot range of an iPhone X will get their face scanned by other people's phones and that's just creepy.

An anonymous reader writes: Law enforcement use of one tracking tool, the cell-site simulator, to track a suspect's phone without a warrant violates the Constitution, the D.C. Court of Appeals said Thursday in a landmark ruling for privacy and Fourth Amendment rights as they pertain to policing tactics. The ruling could have broad implications for law enforcement's use of cell-site simulators, which local police and federal agencies can use to mimic a cell phone tower to the phone connect to the device instead of its regular network. In a decision that reversed the decision of the Superior Court of the District of Columbia and overturned the conviction of a robbery and sexual assault suspect, the D.C. Court of Appeals determined the use of the cell-site simulator "to locate a person through his or her cellphone invades the person's actual, legitimate and reasonable expectation of privacy in his or her location information and is a search."

According to Julia Reda's blog, the only Pirate in the EU Parliament, the European Commission in 2014 paid the Dutch consulting firm Ecorys 360,000 euros (about $428,000) to research the effect piracy had on sales of copyrighted content. The final report was finished in May 2015, but was never published because the report concluded that piracy isn't harmful. The Next Web reports: The 300-page report seems to suggest that there's no evidence that supports the idea that piracy has a negative effect on sales of copyrighted content (with some exceptions for recently released blockbusters). The report states: "In general, the results do not show robust statistical evidence of displacement of sales by online copyright infringements. That does not necessarily mean that piracy has no effect but only that the statistical analysis does not prove with sufficient reliability that there is an effect. An exception is the displacement of recent top films. The results show a displacement rate of 40 per cent which means that for every ten recent top films watched illegally, four fewer films are consumed legally."

On her blog, Julia Reda says that a report like this is fundamental to discussions about copyright policies -- where the general assumption is usually that piracy has a negative effect on rightsholders' revenues. She also criticizes the Commissions reluctance to publish the report and says it probably wouldn't have released it for several more years if it wasn't for the access to documents request she filed in July. As for why the Commission hadn't published the report earlier, Reda says: "all available evidence suggests that the Commission actively chose to ignore the study except for the part that suited their agenda: In an academic article published in 2016, two European Commission officials reported a link between lost sales for blockbusters and illegal downloads of those films. They failed to disclose, however, that the study this was based on also looked at music, ebooks and games, where it found no such connection. On the contrary, in the case of video games, the study found the opposite link, indicating a positive influence of illegal game downloads on legal sales. That demonstrates that the study wasn't forgotten by the Commission altogether..."