Government

Democrat Senators Introduce National Data Breach Notification Law (cyberscoop.com) 162

New submitter unarmed8 shares a report from CyberScoop: Three Democratic senators introduced legislation on Thursday requiring companies to notify customers of data breaches within thirty days of their discovery and imposing a five year prison sentence on organizations caught concealing data breaches. The new bill, called the Data Security and Breach Notification Act, was introduced in the wake of reports that Uber paid $100,000 to cover up a 2016 data breach that affected 57 million users. The scope of what kind of data breach falls under this is limited. For instance, if only a last name, address or phone number is breached, the law would not apply. If an organization "reasonably concludes that there is no reasonable risk of identity theft, fraud, or other unlawful conduct," the incident is considered exempt from the legislation.

"We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers," Sen. Bill Nelson, D-Fla., said in a statement. "Congress can either take action now to pass this long overdue bill or continue to kowtow to special interests who stand in the way of this commonsense proposal. When it comes to doing what's best for consumers, the choice is clear."

Intel

System76 Will Disable Intel Management Engine On Its Linux Laptops (liliputing.com) 149

System76 is rolling out a firmware update for its recent laptops that will disable the Intel Management Engine altogether. The decision comes after a major security vulnerability was discovered that would allow an attacker with local access to execute arbitrary code. Liliputing reports: What's noteworthy in the System76 announcement is that the PC maker isn't just planning to disable Intel ME in computers that ship from now on. The company will send out an update that disables it on existing computers with 6th, 7th, or 8th-gen Intel Core processors. System76 also notes that Intel ME "provides no functionality for System76 laptop customers and is safe to disable." Right now the firmware update will only be available for computers running Ubuntu 16.04 or later or a related operating system with the System76 driver. But the company says it's working on developing a command line tool that should work on laptops running other GNU/Linux-based operating systems. System76 says it will also release an update for its desktop computers... but on those machines the update will patch the security vulnerability rather than disabling Intel ME altogether.
Communications

Australian Man Uses Snack Bags As Faraday Cage To Block Tracking By Employer (arstechnica.com) 193

An anonymous reader quotes a report from Ars Technica: A 60-year-old electrician in Perth, Western Australia had his termination upheld by a labor grievance commission when it was determined he had been abusing his position and technical knowledge to squeeze in some recreation during working hours. Tom Colella used mylar snack bags to block GPS tracking via his employer-assigned personal digital assistant to go out to play a round of golf -- more than 140 times -- while he reported he was offsite performing repairs.

In his finding against Colella, Australia Fair Work Commissioner Bernie Riordan wrote: "I have taken into account that Mr Colella openly stored his PDA device in an empty foil 'Twisties' bag. As an experienced electrician, Mr Colella knew that this bag would work as a faraday cage, thereby preventing the PDA from working properly -- especially the provision of regular GPS co-ordinate updates Mr. Colella went out of his way to hide his whereabouts. He was concerned about Aroona tracking him when the Company introduced the PDA into the workplace. He protested about Aroona having this information at that time. Mr Colella then went out of his way to inhibit the functionality of the PDA by placing it in a foil bag to create a faraday cage."

Facebook

Facebook Judge Frowns on Bid To Toss Biometric Face Print Suit (bloomberg.com) 39

Facebook faced a skeptical judge over its second request to get out of a lawsuit alleging its photo scanning technology flouts users' privacy rights. From a report: "The right to say no is a valuable commodity," U.S. District Judge James Donato said Thursday during a hearing in San Francisco. The case concerns the "most personal aspects of your life: your face, your fingers, who you are to the world." The owner of the world's largest social network faces claims that it violated the privacy of millions of users by gathering and storing biometric data without their consent. Alphabet's Google is fighting similar claims in federal court in Chicago.
Medicine

An Unconscious Patient With a 'DO NOT RESUSCITATE' Tattoo (nejm.org) 454

A real-life case study, published on New England Journal of Medicine, documents the ethical dilemma that a Florida hospital faced after a 70-year-old unresponsive patient arrived at the hospital. The medical staff, the journal notes, was taken aback when it discovered the words "DO NOT RESUSCITATE" tattooed onto the man's chest. Furthermore, the word "NOT" was underlined with his signature beneath it. The patient had a history of chronic obstructive pulmonary disease, diabetes mellitus, and atrial fibrillation. Confused and alarmed, the medical staff chose to ignore the apparent DNR request -- but not without alerting the hospital's ethics team, which had a different take on the matter. From the report: We initially decided not to honor the tattoo, invoking the principle of not choosing an irreversible path when faced with uncertainty. This decision left us conflicted owing to the patient's extraordinary effort to make his presumed advance directive known; therefore, an ethics consultation was requested. He was placed on empirical antibiotics, received intravenous fluid resuscitation and vasopressors, and was treated with bilevel positive airway pressure. After reviewing the patient's case, the ethics consultants advised us to honor the patient's do not resuscitate (DNR) tattoo. They suggested that it was most reasonable to infer that the tattoo expressed an authentic preference, that what might be seen as caution could also be seen as standing on ceremony, and that the law is sometimes not nimble enough to support patient-centered care and respect for patients' best interests. A DNR order was written. Subsequently, the social work department obtained a copy of his Florida Department of Health "out-of-hospital" DNR order, which was consistent with the tattoo. The patient's clinical status deteriorated throughout the night, and he died without undergoing cardiopulmonary respiration or advanced airway management.
Google

Google Faces Lawsuit For Gathering Personal Data From Millions of iPhone Users (betanews.com) 35

Mark Wilson writes: A group going by the name Google You Owe Us is taking Google to court in the UK, complaining that the company harvested personal data from 5.4 million iPhone users. The group is led by Richard Lloyd, director of consumer group Which?, and it alleges that Google bypassed privacy settings on iPhones between June 2011 and February 2012. The lawsuit seeks compensation for those affected by what is described as a "violation of trust." Google is accused of breaching UK data protection laws, and Lloyd says that this is "one of the biggest fights of my life." Even if the case is successful, the people represented by Google You Owe Us are not expected to receive more than a few hundred pounds each, and this is not an amount that would make much of an impact on Google's coffers.
Bitcoin

Coinbase Ordered To Report 14,355 Users To the IRS (theverge.com) 141

Nearly a year after the case was initially filed, Coinbase has been ordered to turn over identifying records for all users who have bought, sold, sent, or received more than $20,000 through their accounts in a single year. The digital asset broker estimates that 14,355 users meet the government's requirements. The Verge reports: For each account, the company has been asked to provide the IRS with the user's name, birth date, address, and taxpayer ID, along with records of all account activity and any associated account statements. The result is both a definitive link to the user's identity and a comprehensive record of everything they've done with their Coinbase account, including other accounts to which they've sent money. The order is significantly narrower than the IRS's initial request, which asked for records on every single Coinbase user over the same period. That request would also have required all communications between Coinbase and the user, a measure the judge ultimately found unnecessarily comprehensive. The government made no claim of suspicion against individual users, but instead argued that the order was justified based on the discrepancy between Coinbase users and U.S. citizens reporting Bitcoin gains to the IRS.
Power

EPA Confirms Tesla's Model 3 Has a Range of 310 Miles (theverge.com) 283

Tesla's Model 3 has a confirmed range of 310 miles, according to the Environmental Protection Agency. "That figure applies to the long-range version of the Model 3, and echoes the vehicle specs released by Tesla back in July," reports The Verge. "It also makes the Model 3 one of the most efficient passenger electric vehicles on the market." From the report: The EPA's range is used as the advertised figure for electric vehicles that are sold in the US. The 310-mile range is an estimate of the number of miles the vehicle should be able to travel in combined city and highway driving from a full charge. That's 131 miles per gallon gasoline equivalent (MPGe) for city driving, 120 MPGe on the highway, and 126 MPGe combined. You'll have to pay more to get that extended range, though. Tesla said it would be selling a standard version of the Model 3, with just 220 miles of range, for $35,000. The long-range version will start at $44,000, the automaker says. Production on the standard version isn't expected to begin until 2018.
Facebook

Facebook's New Captcha Test: 'Upload A Clear Photo of Your Face' (wired.com) 302

An anonymous reader shares a report: Facebook may soon ask you to "upload a photo of yourself that clearly shows your face," to prove you're not a bot. The company is using a new kind of captcha to verify whether a user is a real person. According to a screenshot of the identity test shared on Twitter on Tuesday and verified by Facebook, the prompt says: "Please upload a photo of yourself that clearly shows your face. We'll check it and then permanently delete it from our servers." The process is automated, including identifying suspicious activity and checking the photo. To determine if the account is authentic, Facebook looks at whether the photo is unique.
Communications

FCC Chairman Keeps Up Assault on Social Media (axios.com) 193

Republican FCC Chairman Ajit Pai is doubling down on his critique of tech companies, asking whether social media is "a net benefit to American society" in remarks at the Media Institute on Wednesday. "Now, I will tell you upfront that I don't have an answer." From a report: What he said: Pai made the case that social media has been key to the politicization of many aspects of American life. "Everything nowadays is political. Everything. ... This view that politics-is-all is often made worse by social media," he said, per his prepared remarks.
Privacy

Sensitive Personal Information of 246,000 DHS Employees Found on Home Computer (usatoday.com) 59

The sensitive personal information of 246,000 Department of Homeland Security employees was found on the home computer server of a DHS employee in May, according to documents obtained by USA TODAY. From the report: Also discovered on the server was a copy of 159,000 case files from the inspector general's investigative case management system, which suspects in an ongoing criminal investigation intended to market and sell, according to a report sent by DHS Inspector General John Roth on Nov. 24 to key members of Congress. The information included names, Social Security numbers and dates of birth, the report said. The inspector general's acting chief information security officer reported the breach to DHS officials on May 11, while IG agents reviewed the details. Acting DHS Secretary Elaine Duke decided on Aug. 21 to notify affected employees who were employed at the department through the end of 2014 about the breach.
Privacy

This Impenetrable Program Is Transforming How Courts Treat DNA Evidence (wired.com) 186

mirandakatz writes: Probabilistic genotyping is a type of DNA testing that's becoming increasingly popular in courtrooms: It uses complex mathematical formulas to examine the statistical likelihood that a certain genotype comes from one individual over another, and it can work with the subtlest traces of DNA. At Backchannel, Jessica Pishko looks at one company that's caught criminal justice advocates' attention: Cybergenetics, which sells a probabilistic genotyping program called TrueAllele -- and that refuses to reveal its source code. As Pishko notes, some legal experts are arguing that Trueallele revealing its source code 'is necessary in order to properly evaluate the technology. In fact, they say, justice from an unknown algorithm is no justice at all.'
Businesses

Apple Accuses Qualcomm of Patent Infringement in Countersuit (reuters.com) 34

From a report: Apple on Wednesday filed a countersuit against Qualcomm, alleging that Qualcomm's Snapdragon mobile phone chips that power a wide variety of Android-based devices infringe on Apple's patents, the latest development in a long-running dispute. Qualcomm in July accused Apple of infringing several patents related to helping mobile phones get better battery life. Apple has denied the claims that it violated Qualcomm's battery life patents and alleged that Qualcomm's patents were invalid, a common move in such cases. But on Wednesday, in a filing in U.S. District Court in San Diego, Apple revised its answer to Qualcomm's complaint with accusations of its own. Apple alleges it owns at least eight battery life patents that Qualcomm has violated.
Software

Three Quarters of Android Apps Track Users With Third Party Tools, Says Study (theguardian.com) 46

A study by French research organization Exodus Privacy and Yale University's Privacy Lab analyzed the mobile apps for the signatures of 25 known trackers and found that more than three in four Android apps contain at least one third-party "tracker." The Guardian reports: Among the apps found to be using some sort of tracking plugin were some of the most popular apps on the Google Play Store, including Tinder, Spotify, Uber and OKCupid. All four apps use a service owned by Google, called Crashlytics, that primarily tracks app crash reports, but can also provide the ability to "get insight into your users, what they're doing, and inject live social content to delight them." Other less widely-used trackers can go much further. One cited by Yale is FidZup, a French tracking provider with technology that can "detect the presence of mobile phones and therefore their owners" using ultrasonic tones. FidZup says it no-longer uses that technology, however, since tracking users through simple wifi networks works just as well.
Privacy

A Supreme Court Case This Week Could Change US Digital Privacy Standards 74

On November 29th, the U.S. Supreme Court will hear oral arguments in Carpenter v. US, a case essentially asking whether or not authorities need a warrant based on probable cause and signed by a judge to see your cellphone location data. For now, they do not. Given the fact that about 95% of Americans have cellphones, this case has major implications. Quartz reports: Mobile-service providers collect "cell site location information" (CSLI) for all phones, ostensibly to use for things like improving their networks. The U.S. government considers these data "routinely collected business records" rather than private information. That means it can demand the records without proving probable cause. That's what happened in the criminal case of Timothy Carpenter, accused of a series of Detroit, Michigan robberies. At Carpenter's trial, prosecutors presented evidence collected by private companies, obtained by the law without probable cause. They used 127 days-worth of cellphone-location data, amounting to almost 13,000 data points, to tell a circumstantial story of Carpenter comings and goings.

In its brief to the high court, filed in September, the justice department argued that when Carpenter signed onto his cell-phone provider's service, he agreed that his call records weren't private information belonging to him, but rather business records belonging to the company. Therefore, he should have "no reasonable expectation of privacy" when it comes to these records, government attorneys wrote. Carpenter argues that the location evidence was obtained illegally. The Sixth Circuit Court of Appeals denied that claim last year, basing their decision on Supreme Court cases from the 1970s: Smith v. Maryland and US v. Miller . The appeals court concluded that, under what's called the "third-party doctrine," Americans don't have a reasonable expectation of privacy in things like check deposit slips, similar banking records, and dialed telephone numbers.
Bug

MacOS High Sierra Bug Allows Login As Root With No Password (theregister.co.uk) 237

An anonymous reader quotes a report from The Register: A trivial-to-exploit flaw in macOS High Sierra, aka macOS 10.13, allows users to gain admin rights, or log in as root, without a password. The security bug is triggered via the authentication dialog box in Apple's operating system, which prompts you for an administrator's username and password when you need to do stuff like configure privacy and network settings. If you type in "root" as the username, leave the password box blank, hit "enter" and then click on unlock a few times, the prompt disappears and, congrats, you now have admin rights. You can do this from the user login screen. The vulnerability effectively allows someone with physical access to the machine to log in, cause extra mischief, install malware, and so on. You should not leave your vulnerable Mac unattended until you can fix the problem. And while obviously this situation is not the end of the world -- it's certainly far from a remote hole or a disk decryption technique -- it's just really, really sad to see megabucks Apple drop the ball like this. Developer Lemi Orhan Ergan was the first to alert the world to the flaw. The Register notes: "If you have a root account enabled and a password for it set, the black password trick will not work. So, keep the account enabled and set a root password right now..."
Businesses

Uber Trained Employees on How To 'Impede, Obstruct or Influence' Ongoing Legal Investigations, Ex-employee Says (cnbc.com) 62

From a report on CNBC: Uber faced fresh allegations on Tuesday that it deliberately took steps to keep " unlawful schemes from seeing the light of day." Hours of testimony on Tuesday centered around a letter from a former Uber security analyst's attorney to an Uber lawyer. The former analyst, Richard Jacobs, said in the letter there was a directive for Uber employees to use disappearing chat apps like Wickr, and that Uber sent employees to Pittsburgh (where it's developing its autonomous vehicles) to "educate" them on how to prevent "Uber's unlawful schemes from seeing the light of day." He reportedly made other bombshell allegations in the letter, including that employees at Uber were trained to "impede" ongoing investigations, multiple media outlets reported.
Security

New NSA Leak Exposes Red Disk, the Army's Failed Intelligence System (zdnet.com) 67

Zack Whittaker, reporting for ZDNet: The contents of a highly sensitive hard drive belonging to a division of the National Security Agency have been left online. The virtual disk image contains over 100 gigabytes of data from an Army intelligence project, codenamed "Red Disk." The disk image belongs to the US Army's Intelligence and Security Command, known as INSCOM, a division of both the Army and the NSA. The disk image was left on an unlisted but public Amazon Web Services storage server, without a password, open for anyone to download. Unprotected storage buckets have become a recurring theme in recent data leaks and exposures. In the past year alone, Accenture, Verizon, and Viacom, and several government departments, were all dinged by unsecured data.
HP

HP Quietly Installs System-Slowing Spyware On Its PCs, Users Say (computerworld.com) 127

It hasn't been long since Lenovo settled a massive $3.5 million fine for preinstalling adware on laptops without users' consent, and it appears HP is on to the same route already. According to numerous reports gathered by news outlet Computer World, the brand is deploying a telemetry client on customer computers without asking permission. The software, called "HP Touchpoint Analytics Service", appears to replace the self-managed HP Touchpoint Manager solution. To make matter worse, the suite seems to be slowing down PCs, users say. From the report: Dubbed "HP Touchpoint Analytics Service," HP says it "harvests telemetry information that is used by HP Touchpoint's analytical services." Apparently, it's HP Touchpoint Analytics Client version 4.0.2.1435. There are dozens of reports of this new, ahem, service scattered all over the internet. According to Gunter Born, reports of the infection go all the way back to Nov. 15, when poster MML on BleepingComputer said: "After the latest batch of Windows updates, about a half hour after installing the last, I noticed that this had been installed on my computer because it showed up in the notes of my Kaspersky, and that it opened the Windows Dump File verifier and ran a disk check and battery test." According to Gartner, HP was the largest PC vendor in the quarter that ended in September this year.
Privacy

Researchers Identify 44 Trackers in More Than 300 Android Apps (bleepingcomputer.com) 87

Catalin Cimpanu, reporting for BleepingComputer: A collaborative effort between the Yale Privacy Lab and Exodus Privacy has shed light on dozens of invasive trackers that are embedded within Android apps and record user activity, sometimes without user consent. The results of this study come to show that the practice of collecting user data via third-party tracking code has become rampant among Android app developers and is now on par with what's happening on most of today's popular websites. The two investigative teams found tracking scripts not only in lesser known Android applications, where one might expect app developers to use such practices to monetize their small userbases, but also inside highly popular apps -- such as Uber, Twitter, Tinder, Soundcloud, or Spotify. The Yale and Exodus investigation resulted in the creation of a dedicated website that now lists all apps using tracking code and a list of trackers, used by these apps. In total, researchers said they identified 44 trackers embedded in over 300 Android apps.
Cellphones

White House Weighs Personal Mobile Phone Ban For Staff (bloomberg.com) 113

The White House is considering banning its employees from using personal mobile phones while at work. While President Trump has been vocal about press leaks since taking office, one official said the potential change is driven by cybersecurity concerns. Bloomberg reports: One official said that there are too many devices connected to the campus wireless network and that personal phones aren't as secure as those issued by the federal government. White House Chief of Staff John Kelly -- whose personal phone was found to be compromised by hackers earlier this year -- is leading the push for a ban, another official said. The White House already takes precautions with personal wireless devices, including by requiring officials to leave phones in cubbies outside of meeting rooms where sensitive or classified information is discussed. Top officials haven't yet decided whether or when to impose the ban, and if it would apply to all staff in the executive office of the president. While some lower-level officials support a ban, others worry it could result in a series of disruptive unintended consequences.
The Internet

Comcast Hints At Plan For Paid Fast Lanes After Net Neutrality Repeal (arstechnica.com) 308

An anonymous reader quotes a report from Ars Technica: For years, Comcast has been promising that it won't violate the principles of net neutrality, regardless of whether the government imposes any net neutrality rules. That meant that Comcast wouldn't block or throttle lawful Internet traffic and that it wouldn't create fast lanes in order to collect tolls from Web companies that want priority access over the Comcast network. This was one of the ways in which Comcast argued that the Federal Communications Commission should not reclassify broadband providers as common carriers, a designation that forces ISPs to treat customers fairly in other ways. The Title II common carrier classification that makes net neutrality rules enforceable isn't necessary because ISPs won't violate net neutrality principles anyway, Comcast and other ISPs have claimed.

But with Republican Ajit Pai now in charge at the Federal Communications Commission, Comcast's stance has changed. While the company still says it won't block or throttle Internet content, it has dropped its promise about not instituting paid prioritization. Instead, Comcast now vaguely says that it won't "discriminate against lawful content" or impose "anti-competitive paid prioritization." The change in wording suggests that Comcast may offer paid fast lanes to websites or other online services, such as video streaming providers, after Pai's FCC eliminates the net neutrality rules next month.

Businesses

Reddit, Twitter, and 200 Others Say Ending Net Neutrality Could Ruin Cyber Monday (theverge.com) 88

An anonymous reader shares a report: More than 200 businesses and trade organizations have signed a letter to the FCC asking that the agency reconsider its plan to end net neutrality. The letter is signed by an array of big and recognizable tech and web companies: that includes Airbnb, Automattic (which owns WordPress), Etsy, Foursquare, GitHub, Pinterest, Reddit, Shutterstock, Sonos, Square, Squarespace, Tumblr (certainly to the displeasure of its owner, Verizon), Twitter, and Vimeo, among quite a few others. The letter is being released on Cyber Monday and speaks directly to the internet's constantly growing role in the US economy. "The internet is increasingly where commerce happens," the letter says. It cites figures saying that $3.5 billion in online sales happed last year on Cyber Monday and $3 billion on Black Friday. Throughout all of last year, online purchases accounted for $400 billion in sales.
United States

Justices Ponder Need For Warrant For Cellphone Tower Data (apnews.com) 200

An anonymous reader shares a report: Like almost everyone else in America, thieves tend to carry their cellphones with them to work. When they use their phones on the job, police find it easier to do their jobs. They can get cellphone tower records that help place suspects in the vicinity of crimes, and they do so thousands of times a year. Activists across the political spectrum, media organizations and technology experts are among those arguing that it is altogether too easy for authorities to learn revealing details of Americans' lives merely by examining records kept by Verizon, T-Mobile and other cellphone service companies. On Wednesday, the Supreme Court hears its latest case about privacy in the digital age. At issue is whether police generally need a warrant to review the records. Justices on the left and right have recognized that technology has altered privacy concerns. The court will hear arguments in an appeal by federal prison inmate Timothy Carpenter. He is serving a 116-year sentence after a jury convicted him of armed robberies in the Detroit area and northwestern Ohio.
Businesses

Tim Wu: Why the Courts Will Have to Save Net Neutrality (nytimes.com) 251

Tim Wu, a law professor at Columbia who first coined the term "net neutrality," writes for the New York Times: Allowing such censorship is anathema to the internet's (and America's) founding spirit. And by going this far, the F.C.C. may also have overplayed its legal hand. So drastic is the reversal of policy (if, as expected, the commission approves Mr. Pai's proposal next month), and so weak is the evidence to support the change, that it seems destined to be struck down in court. The problem for Mr. Pai is that government agencies are not free to abruptly reverse longstanding rules on which many have relied without a good reason (Editor's note: the link could be paywalled), such as a change in factual circumstances. A mere change in F.C.C. ideology isn't enough. As the Supreme Court has said, a federal agency must "examine the relevant data and articulate a satisfactory explanation for its action." Given that net neutrality rules have been a huge success by most measures, the justification for killing them would have to be very strong. It isn't. In fact, it's very weak. From what we know so far, Mr. Pai's rationale for eliminating the rules is that cable and phone companies, despite years of healthy profit, need to earn even more money than they already do -- that is, that the current rates of return do not yield adequate investment incentives. More specifically, Mr. Pai claims that industry investments have gone down since 2015, the year the Obama administration last strengthened the net neutrality rules.
United States

Petition Calls for Ouster of FCC Chairman Pai (whitehouse.gov) 174

Long-time Slashdot reader speedplane writes: Yes, we've all heard that net neutrality is on its way out, and it seems NPR was able to snag one of the few (the only?) interview's of Ajit Pai on its effect. Sadly, NPR's Rachel Martin stuck to very broad and basic questions, and failed to press Pai on the change of policy. That said, it's worth a listen.
Pai insists that "We saw companies like Facebook, and Amazon and Google become global powerhouses precisely because we had light-touch rules that applied to this Internet. The Internet wasn't broken in 2015 when these heavy-handed regulations were adopted, and once we remove them, I think we'll continue to see the infrastructure investment that will benefit digital consumers and entrepreneurs alike... I've talked to a lot of companies that say, look, we want to be able to invest in these networks, especially in rural and low-income urban areas, but the more heavy-handed the regulations are, the less likely we can build a business case for doing it."

But New York's Attorney General Eric Schneiderman says he's spent six months investigating "a massive scheme to corrupt the FCC's notice and comment process" for net neutrality, adding that "the FCC has refused multiple requests for crucial evidence." (Nine requests over five months were ignored.) And now over 65,000 people have signed a new online petition at WhiteHouse.gov calling for the immediate removal of Ajit Pai as the FCC's chairman, calling him "a threat to our freedoms."

Meanwhile, The Verge has compiled "a list of the lawmakers who voted to betray you," with each listing also including "how much money they received from the telecom industry in their most recent election cycle."
Businesses

Big Tobacco Loses 11-Year Fight, Forced To Broadcast 'Dangers of Smoking' Ads (nbcnews.com) 274

An anonymous reader quotes NBC News: Smoking kills 1,200 people a day. The tobacco companies worked to make them as addictive as possible. There is no such thing as a safer cigarette. Ads with these statements hit the major television networks and newspapers this weekend, but they are not being placed by the American Cancer Society or other health groups. They're being placed by major tobacco companies, under the orders of the federal courts. "The ads will finally run after 11 years of appeals by the tobacco companies aimed at delaying and weakening them," the American Cancer Society, American Heart Association, American Lung Association, Americans for Nonsmokers' Rights, National African American Tobacco Prevention Network and the Tobacco-Free Kids Action Fund said in a joint statement.

"It's a pretty significant moment," the American Cancer Society's Cliff Douglas said. "This is the first time they have had to âfess up and tell the whole truth." The Justice Department started its racketeering lawsuit against the tobacco companies in 1999, seeking to force them to make up for decades of deception. Federal district judge Gladys Kessler ruled in 2006 that they'd have to pay for and place the ads, but the companies kept tying things up with appeals. "Employing the highest paid lawyers in America, the tobacco companies used every tool at their disposal to delay and complicate this litigation to avoid their day of reckoning," Douglas added.

The ads will inform Americans TV viewers that "More people die every year from smoking than from murder, AIDS, suicide, drugs, car crashes, and alcohol, combined," according to one of the ads." Besides $170 billion every year in medical costs -- plus another $156 billion in lost productivity -- roughly one in five deaths in America are smoking-related, according to the Centers for Disease Control and Prevention, with cigarettes killing 480,000 Americans every year.
Government

FBI Failed To Notify 70+ US Officials Targeted By Russian Hackers (apnews.com) 94

An anonymous reader quotes the AP: The FBI failed to notify scores of U.S. officials that Russian hackers were trying to break into their personal Gmail accounts despite having evidence for at least a year that the targets were in the Kremlin's crosshairs, The Associated Press has found. Nearly 80 interviews with Americans targeted by Fancy Bear, a Russian government-aligned cyberespionage group, turned up only two cases in which the FBI had provided a heads-up. Even senior policymakers discovered they were targets only when the AP told them, a situation some described as bizarre and dispiriting.

"It's utterly confounding," said Philip Reiner, a former senior director at the National Security Council, who was notified by the AP that he was targeted in 2015. "You've got to tell your people. You've got to protect your people." The FBI declined to answer most questions from AP about how it had responded to the spying campaign... A senior FBI official, who was not authorized to publicly discuss the hacking operation because of its sensitivity, declined to comment on timing but said that the bureau was overwhelmed by the sheer number of attempted hacks... A few more were contacted by the FBI after their emails were published in the torrent of leaks that coursed through last year's electoral contest. But to this day, some leak victims have not heard from the bureau at all.

Here's an interesting statistic from the AP's analysis. "Out of 312 U.S. military and government figures targeted by Fancy Bear, 131 clicked the links sent to them."
Government

Russia and The US Fight Over Who Gets To Extradite A Hacker (cnn.com) 98

An anonymous reader quotes CNN: A young Russian alleged to have masterminded a massive hacking of social networks including LinkedIn and Dropbox is now at the center of an extradition struggle between the United States and Russia. Yevgeniy Nikulin was detained in October 2016, in the Czech Republic capital of Prague, after US authorities issued an international arrest warrant for him. He was on vacation there with his girlfriend. A grand jury indictment filed in 2016 in California charges him with computer intrusion and aggravated identity theft, among other offenses. Nikulin denies all the charges. If convicted of all charges, he could face a maximum sentence of more than 50 years in prison and more than $2 million in fines.

But soon after his arrest, Russian authorities also sought his extradition. The Russian charge referred to the alleged theft from an online money transfer company back in 2009. The amount involved was $3,450... The Foreign Ministry in Moscow said soon afterward it was "actively working with the Czech authorities to prevent the extradition of a Russian citizen to the United States."

Patents

Patent Trolls Are Losing More. Will America's Supreme Court Change That? (nytimes.com) 127

jespada writes: New York Times has an article warning that the Patent Appeal and Trial Board is being challenged on the basis that patents represent real property and that a government agency is not empowered to take real property.
Here's a quotes from the Times article. (Non-paywalled version here): In the five years since it began its work -- a result of the America Invents Act of 2011 -- the Patent Trial and Appeal Board has saved companies more than $2 billion in legal fees alone, according to Joshua Landau, patent counsel at the Computer and Communications Industry Association, offering an expeditious and relatively cheap avenue to challenge patents of doubtful validity. The benefits of stopping bad patents from snaking their way through the economy have been even greater. Companies no longer have to pay ransom so the threat of lawsuits over dubious royalty payments -- filed by aggressive litigants known as trolls -- will go away... But for all the benefits of culling faulty intellectual-property rights, the board is under existential threat. Next week, the Supreme Court will hear a challenge that the patent office's new procedure is unconstitutional...
The Internet

Taking The Profit Out Of Killing 'Net Neutrality' (cringely.com) 257

Robert Cringely has a plan to ensure that internet providers will never profit from the end of net neutrality: We are being depended upon to act like sheep -- Internet browsing sheep, if such exist -- and without a plan that's exactly what we'll be. The key to my plan is that this is a rare instance where consumers are not alone. There are just as many or more huge companies that would prefer to keep Net Neutrality as those that oppose it... Those companies in favor of Net Neutrality obviously include the big streamers like Amazon, Hulu, Netflix, YouTube and a bunch of others. They also includes nearly every big Internet concern including Google, Facebook, Apple, and Microsoft. Those are some pretty big friends to have on your side -- our side...

So I suggest we all join ZeroTier (ZT), a thriving networking startup operating in Irvine, California. There are other companies like it but I just think ZeroTier is presently the best. ZeroTier is a very sophisticated Virtual Private Network (VPN) company that has created a Software Defined Network that goes beyond what normal VPNs are capable of. To your computer or almost any other networked device (even your smart phone), ZT looks like an Ethernet port, whether your device has Ethernet or not. Through that virtual Ethernet port you connect to a virtual IPv6 Local Area Network that's as big as the Internet itself, though the only users on this overlay network are ZT members.

The trick is to get all those big companies that are pro-Net Neutrality to join ZT. The most it will cost even Netflix is $750 per month, which is probably less than the company spends on salad bars in their Los Gatos HQ. Embracing ZT doesn't mean rejecting the regular Internet. Netflix can still be reached the old fashion way. I just want them to add a presence on ZT, too... What the ISPs won't like about this plan is that ZT traffic can't be read to determine what rules or pricing to apply. They could throttle it all down, but throttling that much traffic isn't really practical.

Security

Should Brokers Use 'Voice Prints' For Stock Transactions? (cnbc.com) 64

Fidelity and Charles Schwab now allow traders to use "voice prints" to authorize stock transactions. But there's more to the story, argues long-time Slashdot reader maiden_taiwan: Fidelity Investments is touting its new security feature, MyVoice, which allows a customer to access his/her financial accounts by telephone without a password. "When you call Fidelity, you'll no longer have to enter PINs or passwords because Fidelity MyVoice helps you interact with us securely and more conveniently. Through natural conversation, MyVoice will detect and verify your voiceprint in the first few moments of the call... Fidelity MyVoice performs even if you have a cold, allergies, or a sore throat."

Based on my own experience, Fidelity now enables MyVoice automatically for its customers who call in for other reasons. Apparently, their conversation with Fidelity customer service provides enough data for MyVoice to recognize them. (Customers are informed afterward that MyVoice has been enabled, and they can opt out, although they aren't told that opting out is possible.)

It's not clear whether Fidelity is creating voice profiles of their customers without asking first. (Fidelity's site says only that their representatives will "offer" to enroll you the next time you call.) But the original submission ends with two more questions. "In an era where Apple's face recognition is easily defeated by family members, is voice recognition any more secure?"

And "Is a 'voiceprint' even possible?"
Government

Bloomberg Op-Ed: The Internet 'Already Lost Its Neutrality' (japantimes.co.jp) 171

An anonymous reader quotes a new Bloomberg opinion piece on net neutrality: The internet will be filled today with denunciations of this move, threats of a dark future in which our access to content will be controlled by a few powerful companies. And sure, that may happen. But in fact, it may already have happened, led not by ISPs, but by the very companies that were fighting so hard for net neutrality... Our experience of the internet is increasingly controlled by a handful of firms, most especially Google and Facebook. The argument for regulating these companies as public utilities is arguably at least as strong as the argument for thus regulating ISPs, and very possibly much stronger; while cable monopolies may have local dominance, none of them has the ability that Google and Facebook have to unilaterally shape what Americans see, hear and read.

In other words, we already live in the walled garden that activists worry about, and the walls are getting higher every day... The fact that these firms were able to cement their power at the moment when regulators were most focused on keeping the internet open tells you just how difficult it is to get that sort of regulation right; while you are looking hard at one danger, an equally large one may be creeping up just outside the range of your peripheral vision.

Robotics

Is Sharp's Robot Vacuum Cleaner Vulnerable To Remote Take-over? (jvn.jp) 42

Slashdot reader AmiMoJo reports: Sharp's COCOROBO (heart-bot) vacuum cleaners can not just clean your house. They have cameras that can be viewed from a smart phone, and automatically take pictures of things they find under your sofa. They have microphones and voice recognition, and are able to ask how your day was when you get home from work. You can even activate their speakers and talk to your pets from the office. Unfortunately, so can anyone else if you don't install critical firmware updates.
JPCERT's warning says that the attacker must be on the same LAN to impersonate you, though "as a result, there is a possibility that an arbitrary operation may be conducted."
United States

Bipartisan US Election Group Issues Security Tips (reuters.com) 103

An anonymous reader quotes Reuters: A bipartisan Harvard University project aimed at protecting elections from hacking and propaganda will release its first set of recommendations today on how U.S. elections can be defended from hacking attacks. The 27-page guidebook calls for campaign leaders to emphasize security from the start and insist on practices such as two-factor authentication for access to email and documents and fully encrypted messaging via services including Signal and Wickr. The guidelines are intended to reduce risks in low-budget local races as well as the high-stakes Congressional midterm contests next year.

Though most of the suggestions cost little or nothing to implement and will strike security professionals as common sense, notorious attacks including the leak of the emails of Hillary Clinton's campaign chair, John Podesta, have succeeded because basic security practices were not followed... "We heard from campaigns that there is nothing like this that exists," said Debora Plunkett, a 31-year veteran of the National Security Agency who joined the Belfer Center this year. "We had security experts who understood security and election experts who understood campaigns, and both sides were eager to learn how the other part worked."

The group includes "top security experts" from both Google and Facebook.
Privacy

Imgur Confirms Email Addresses, Passwords Stolen In 2014 Hack (zdnet.com) 38

An anonymous reader quotes a report from ZDNet: Imgur, one of the world's most visited websites, has confirmed a hack dating back to 2014. The company confirmed to ZDNet that hackers stole 1.7 million email addresses and passwords, scrambled with the SHA-256 algorithm, which has been passed over in recent years in favor of stronger password scramblers. Imgur said the breach didn't include personal information because the site has "never asked" for real names, addresses, or phone numbers. The stolen accounts represent a fraction of Imgur's 150 million monthly users. The hack went unnoticed for four years until the stolen data was sent to Troy Hunt, who runs data breach notification service Have I Been Pwned. Hunt informed the company on Thursday, a US national holiday observing Thanksgiving, when most businesses are closed. A day later, the company started resetting the passwords of affected accounts, and published a public disclosure alerting users of the breach.
Communications

More Than a Million Pro-Repeal Net Neutrality Comments Were Likely Faked (hackernoon.com) 177

Jeff Kao from Hacker Noon used natural language processing techniques to analyze net neutrality comments submitted to the FCC from April-October 2017 and found that at least 1.3 million pro-repeal net neutrality comments were faked. From the report: NY Attorney General Schneiderman estimated that hundreds of thousands of Americans' identities were stolen and used in spam campaigns that support repealing net neutrality. My research found at least 1.3 million fake pro-repeal comments, with suspicions about many more. In fact, the sum of fake pro-repeal comments in the proceeding may number in the millions. In this post, I will point out one particularly egregious spambot submission, make the case that there are likely many more pro-repeal spambots yet to be confirmed, and estimate the public position on net neutrality in the "organic" public submissions. [The key findings include:]

1. One pro-repeal spam campaign used mail-merge to disguise 1.3 million comments as unique grassroots submissions.
2. There were likely multiple other campaigns aimed at injecting what may total several million pro-repeal comments into the system.
3. It's highly likely that more than 99% of the truly unique comments were in favor of keeping net neutrality.

The Courts

AT&T, Comcast Lawsuit Has Nullified a City's Broadband Competition Law (arstechnica.com) 74

An anonymous reader quotes a report from Ars Technica: AT&T and Comcast have convinced a federal judge to nullify an ordinance that was designed to bring more broadband competition to Nashville, Tennessee. The Nashville Metro Council last year passed a "One Touch Make Ready" rule that gives Google Fiber or other new ISPs faster access to utility poles. The ordinance lets a single company make all of the necessary wire adjustments on utility poles itself, instead of having to wait for incumbent providers like AT&T and Comcast to send work crews to move their own wires. AT&T and Comcast sued the metro government in U.S. District Court in Nashville, claiming that federal and local laws preempt the One Touch Make Ready rule. Judge Victoria Roberts agreed with AT&T and Comcast in a ruling issued Tuesday. Google Fiber is offering service in Nashville despite saying last year that it was waiting for access to thousands of utility poles. "We're reviewing [the] court ruling to understand its potential impact on our build in Nashville," a Google spokesperson said this week, according to The Tennessean. "We have made significant progress with new innovative deployment techniques in some areas of the city, but access to poles remains an important issue where underground deployment is not a possibility."
Star Wars Prequels

Legislators Take Aim At Star Wars Battlefront II, EA Over 'Gambling In Games' (polygon.com) 72

dryriver writes: A number of pay-to-win microtransaction FPS games, including Dirty Bomb and the $60 Star Wars Battlefront II, have drawn the ire of legislators in countries like Belgium and the United States. Not only are advanced characters like Luke Skywalker and Darth Vader and various weapons and abilities in these games "locked" -- you pay for them in hard cash, or play for them for dozens and dozens of tedious hours -- the games also feature so called "Loot Boxes," which are boxes that contain a random item, weapon, character or ability. So like playing slot machines in Vegas, each time you can get something good, something mediocre or something totally crap. You cannot determine with any certainty what you will get for your real-world dollars or in-game achievements. Angry Reddit users recently downvoted a blundering statement by EA on the topic with a whopping 249,000 downvotes -- an all time downvote record on Reddit, shocking EA into retreating from its pay-to-win model and announcing unspecified "changes" now being made to Star Wars Battlefront II. Legislators in a number of countries have also sharply criticized "Loot Boxes" and "microtransactions" in games, with one legislator in Belgium vowing to have the sale of such games banned completely in the EU, because children are essentially being forced to "gamble with real money" in these games. Forbes has written a great piece about how EA is now essentially stuck with a $60 Star Wars game that cost a lot to make but probably cannot be monetized any further, because there is considerable risk of all games with loot boxes, microtransactions and "pay to win" monetization models being completely banned from sale in a number of different countries now. The morale of the story? Maybe people should not pay a game developer any more than the $40-60 they paid when they thought they "bought" the game in the first place.
United Kingdom

Pornhub Owner May Become the UK's Gatekeeper of Online Porn (yahoo.com) 95

An anonymous reader quotes a report from Yahoo News: Mindgeek may be the most powerful company that you've never heard of, or at least, a company you'll claim never to have heard about in polite company. It's the conglomerate that owns some of the world's most visited porn sites, including Pornhub, RedTube and YouPorn. Far from simply being a popular and free way for people to consume adult content, it may soon have a powerful political role in the UK that will ensure its dominance for decades to come. That's because, within the next year, Mindgeek may become the principal gatekeeper between the country's internet users and their porn. In April, the UK passed the Digital Economy Act 2017, legislation that mandated that any website showing adult content must verify the ages of its visitors. It was pushed through in response to concerns that children were being corrupted by easy access to and exposure to adult content at an early age. Section 15(1) of the bill requires that "pornographic material" not be published online, on a "commercial basis," unless it is "not normally accessible by those under 18." The bill has several flaws, not least the number of vague proposals it contains, and the ad hoc definition of what pornography actually is. Section 17 of the same act outlined the creation of an "age-verification regulator," the digital equivalent of a bouncer standing between you and your porn. This gatekeeper will have the right, and duty, to demand you show proof of age, or else refuse you access. In addition, the body will be able to impose fines and enforcement notices on those who either neglect or circumvent the policy. [...] The Open Rights Group believes that the BBFC will then hand over the actual mechanisms of the age verification platform to a third party in the private sector. Mindgeek has had several conversations with officials and is currently pushing its own age verification platform, AgeID. If selected, this platform could become the principal wall between Britons and their pornography -- giving Mindgeek enormous power in the market.
Security

Data Breach Hits Australia's Department of Social Services Credit Card System (theguardian.com) 32

Paul Karp, reporting for The Guardian: The Department of Social Services has written to 8,500 current and former employees warning them their personal data held by a contractor has been breached. In letters sent in early November the department alerted the employees to "a data compromise relating to staff profiles within the department's credit card management system prior to 2016." Compromised data includes credit card information, employees' names, user names, work phone numbers, work emails, system passwords, Australian government services number, public service classification and organisation unit. The department failed to warn staff how long the data was exposed for but a DSS spokesman told Guardian Australia that the contractor, Business Information Services, had advised that the data was open from June 2016 until October 2017. The data related to the period 2004 to 2015.
Google

Regulators Question Google Over Location Data (cnn.com) 19

Sherisse Pham and Taehoon Lee, writing for CNN Tech: Google is facing scrutiny for reportedly collecting data about the location of smartphone users without their knowledge. Regulators in South Korea summoned Google representatives this week to question them about a report that claimed the company was collecting data from Android devices even when location services were disabled. The Korea Communications Commission (KCC) "is carrying out an inquiry into the claims that Google collected users' Cell ID data without consent even when their smartphone's location service was inactive," Chun Ji-hyun, head of KCC's privacy infringement division, told CNNMoney on Friday. U.K. data protection officials are also looking into the matter. "Organizations are required by law to be transparent with consumers about what they are doing with personal information," said a spokesperson for the Information Commissioner's Office. "We are aware of the reports about the tracking system and are in contact with Google."
Piracy

Google and Apple Order Telegram To Nuke Channel Over Taylor Swift Piracy (torrentfreak.com) 37

An anonymous reader writes: Instant messaging client Telegram has for the first time blocked access to an entire channel following pressure from Google and Apple. A channel, called Any Suitable Pop, was found distributing copyright infringed copies of songs from Taylor Swift's new album 'Reputation'. It's understood that following complaints from Universal Music, Google and Apple ordered Telegram to take action.
Privacy

There's Now a Dark Web Version of Wikipedia (vice.com) 20

An anonymous reader shares a report: In many parts of the world, like North America, using Wikipedia is taken for granted; hell, there are even Twitter accounts to track government employees editing the internet's free encyclopedia while on the clock. But in other places, like Turkey or Syria, using Wikipedia can be difficult, and even dangerous. To make using Wikipedia safer for at-risk users, former Facebook security engineer Alec Muffett has started an experimental dark net Wikipedia service that gives visitors some strong privacy protections. The project is unofficial; for now, Wikipedia isn't involved. So it's a bit janky. The service uses self-signed certificates that may trigger a security warning in Tor, so you have to manually white-list the addresses, which takes a couple minutes.
EU

EU Lawmakers Back Exports Control on Spying Technology (reuters.com) 35

An anonymous reader shares a report: EU lawmakers overwhelmingly backed plans on Thursday to control exports of devices to intercept mobile phone calls, hack computers or circumvent passwords that could be used by foreign states to suppress political opponents or activists. Members of the European Parliament's trade committee voted by 34 votes to one in favor of a planned update to export controls on "dual use" products or technologies. The EU has had export controls since 2009 on such dual use products including toxins, laser and technology for navigation or nuclear power, which can have a civilian or military applications but also be used to make weapons of mass destruction. The EU has felt that spyware or malware and telecom of Internet surveillance technologies are increasingly threatening security and human rights and proposed a modernization of its export control system to cover cyber-surveillance.
The Internet

Ajit Pai and the FCC Want It To Be Legal for Comcast To Block BitTorrent (theverge.com) 553

Nilay Patel, reporting for The Verge: FCC Chairman Ajit Pai released his proposal to kill net neutrality this week, and while there's a lot to be unhappy with, it's hard not to be taken with the brazenness of his argument. Pai thinks it was a mistake for the FCC to try and stop Comcast from blocking BitTorrent in 2008, thinks all of the regulatory actions the FCC took after that to give itself the authority to prevent blocking were wrong, and wants to go back to the legal framework that allowed Comcast to block BitTorrent.
The Internet

'We Are Disappointed': Tech Companies Speak Up Against the FCC's Plan To Kill Net Neutrality (businessinsider.com) 183

An anonymous reader shares a report from Business Insider: The FCC is planning to kill net neutrality -- and some tech companies are starting to speak out. Pro-net neutrality activists, who argue the principle creates a level playing-field online, are up in arms about the plan. And some tech companies are now speaking out in support of net neutrality as well, from Facebook to Netflix. Business Insider reached out to some of the biggest tech firms in America today to ask for their reaction to the FCC's plan. Their initial responses are below, and we will continue to update this post as more come in.
Google

Google Wipes 786 Pirate Sites From Search Results (torrentfreak.com) 83

Google and several leading Russian search engines have completely wiped 786 "pirate" sites from their search results. That's according to telecoms watch Rozcomnadzor, which reports that the search providers delisted the sites after ISPs were ordered by a Moscow court to permanently block them. TorrentFreak reports: Late July, President Vladimir Putin signed a new law which requires local telecoms watchdog Rozcomnadzor to maintain a list of banned domains while identifying sites, services, and software that provide access to them. [...] Nevertheless, on October 1 the new law ("On Information, Information Technologies and Information Protection") came into effect and it appears that Russia's major search engines have been very busy in its wake. According to a report from Rozcomnadzor, search providers Google, Yandex, Mail.ru, Rambler, and Sputnik have stopped presenting information in results for sites that have been permanently blocked by ISPs following a decision by the Moscow City Court. "To date, search engines have stopped access to 786 pirate sites listed in the register of Internet resources which contain content distributed in violation of intellectual property rights," the watchdog reports. The domains aren't being named by Rozcomnadzor or the search engines but are almost definitely those sites that have had complaints filed against them at the City Court on multiple occasions but have failed to take remedial action. Also included will be mirror and proxy sites which either replicate or facilitate access to these blocked and apparently defiant domains.
Bitcoin

We'll Never Legalize Bitcoin, Says Russian Minister (siliconangle.com) 55

An anonymous reader shares a report: In yet another backflip worthy of the Moscow Circus, a Russian minister has said that the country will never legalize bitcoin, just seven months after another government minister said it was considering making it legal. Minister of Communications and Mass Media Nikolai Nikiforov made the statement this week, saying that "bitcoin is a foreign project for using blockchain technology, the Russian law will never consider bitcoin as a legal entity in the jurisdiction of the Russian Federation." Recognizing that blockchain technology is separate to bitcoin, Nikiforov went on to say that "I think that it is quite possible to use blockchain technology and the use of various digital tokens." Those tokens may constitute a Russian-issued cryptocurrency. TASS reported that "Russia's Communication Ministry has submitted to the government the document containing technical details related to cryptocurrencies adoption."
Privacy

Uber Is Under Investigation By Multiple States Over a 2016 Data Breach (recode.net) 25

Yesterday, it was reported that Uber concealed a massive cyberattack that exposed 57 million people's data. Recode reports that at least five states -- Illinois, Massachusetts, Missouri, New York and Connecticut -- would investigate the matter. From the report: Meanwhile, Uber must contend with the possible threat of a new probe at the Federal Trade Commission. The agency, which acts as the U.S. government's top privacy and security watchdog, penalized Uber for its privacy and security practices just this August. But it may not have known that Uber had suffered a major security breach in 2016, even as they investigated the company at the same time for other, unrelated security missteps. For now, the agency merely said it's "closely evaluating the serious issues raised." And some affected customers are similarly taking action. On Wednesday -- hours after the breach became public -- an Uber user filed a lawsuit accusing the company of negligence and deceptive business practices. The plaintiff, Alejandro Flores, is seeking to represent a class of affected riders and drivers alike.

For one thing, 48 states maintain some version of a law that requires companies that suffer a data breach to communicate what happened to consumers. In most cases, companies must disclose a security incident if hackers steal very sensitive customer data -- such as driver's license numbers, which happened with Uber in late 2016. To that end, the attorneys general in Illinois, Connecticut and New York have said they are probing the breach at Uber -- perhaps with an eye on whether the company skirted state laws. The top prosecutors in other major states, like Pennsylvania and Florida, did not immediately respond to emails on Wednesday seeking comment. California's AG declined to comment.

Slashdot Top Deals