California Becomes 18th State To Consider Right To Repair Legislation ( 96

Jason Koebler shares a report from Motherboard: The right to repair battle has come to Silicon Valley's home state: Wednesday, a state assembly member announced that California would become the 18th state in the country to consider legislation that would make it easier to repair your electronics. "The Right to Repair Act will provide consumers with the freedom to have their electronic products and appliances fixed by a repair shop or service provider of their choice, a practice that was taken for granted a generation ago but is now becoming increasingly rare in a world of planned obsolescence," Susan Talamantes Engman, a Democrat from Stockton who introduced the bill, said in a statement. The announcement had been rumored for about a week but became official Wednesday. The bill would require electronics manufacturers to make repair guides and repair parts available to the public and independent repair professionals and would also would make diagnostic software and tools that are available to authorized and first-party repair technicians available to independent companies.

FBI Again Calls For Magical Solution To Break Into Encrypted Phones ( 232

An anonymous reader quotes a report from Ars Technica: FBI Director Christopher Wray again has called for a solution to what the bureau calls the "Going Dark" problem, the idea that the prevalence of default strong encryption on digital devices makes it more difficult for law enforcement to extract data during an investigation. However, in a Wednesday speech at Boston College, Wray again did not outline any specific piece of legislation or technical solution that would provide both strong encryption and allow the government to access encrypted devices when it has a warrant. A key escrow system, with which the FBI or another entity would be able to unlock a device given a certain set of circumstances, is by definition weaker than what cryptographers would traditionally call "strong encryption." There's also the problem of how to compel device and software makers to impose such a system on their customers -- similar efforts were attempted during the Clinton administration, but they failed. A consensus of technical experts has said that what the FBI has asked for is impossible. "I recognize this entails varying degrees of innovation by the industry to ensure lawful access is available," Wray said Wednesday. "But I just don't buy the claim that it's impossible. Let me be clear: the FBI supports information security measures, including strong encryption. Actually, the FBI is on the front line fighting cyber crime and economic espionage. But information security programs need to be thoughtfully designed so they don't undermine the lawful tools we need to keep the American people safe."

Leaked Files Show How the NSA Tracks Other Countries' Hackers ( 66

An analysis of leaked tools believed to have been developed by the U.S. National Security Agency (NSA) gives us a glimpse into the methods used by the organization to detect the presence of other state-sponsored actors on hacked devices, and it could also help the cybersecurity community discover previously unknown threats. The Intercept: When the mysterious entity known as the "Shadow Brokers" released a tranche of stolen NSA hacking tools to the internet a year ago, most experts who studied the material honed in on the most potent tools, so-called zero-day exploits that could be used to install malware and take over machines. But a group of Hungarian security researchers spotted something else in the data, a collection of scripts and scanning tools the National Security Agency uses to detect other nation-state hackers on the machines it infects. It turns out those scripts and tools are just as interesting as the exploits. They show that in 2013 -- the year the NSA tools were believed to have been stolen by the Shadow Brokers -- the agency was tracking at least 45 different nation-state operations, known in the security community as Advanced Persistent Threats, or APTs. Some of these appear to be operations known by the broader security community -- but some may be threat actors and operations currently unknown to researchers.

The scripts and scanning tools dumped by Shadow Brokers and studied by the Hungarians were created by an NSA team known as Territorial Dispute, or TeDi. Intelligence sources told The Intercept the NSA established the team after hackers, believed to be from China, stole designs for the military's Joint Strike Fighter plane, along with other sensitive data, from U.S. defense contractors in 2007; the team was supposed to detect and counter sophisticated nation-state attackers more quickly, when they first began to emerge online. "As opposed to the U.S. only finding out in five years that everything was stolen, their goal was to try to figure out when it was being stolen in real time," one intelligence source told The Intercept. But their mission evolved to also provide situational awareness for NSA hackers to help them know when other nation-state actors are in machines they're trying to hack.


Facebook's VPN Service Onavo Protect Collects Personal Data -- Even When It's Switched Off ( 67

Security researcher Will Strafach took a look at Onavo Protect, a newly released VPN service from Facebook: I found that Onavo Protect uses a Packet Tunnel Provider app extension, which should consistently run for as long as the VPN is connected, in order to periodically send the following data to Facebook ( as the user goes about their day:
When user's mobile device screen is turned on and turned off.
Total daily Wi-Fi data usage in bytes (Even when VPN is turned off).
Total daily cellular data usage in bytes (Even when VPN is turned off).
Periodic beacon containing an "uptime" to indicate how long the VPN has been connected.


Sri Lanka Blocks Facebook, Instagram To Prevent Spread of Hate Speech ( 123

Sri Lanka has blocked social media websites Facebook, Instagram and WhatsApp to avoid the spread of hate speech in the country, local media reported on Wednesday. From the report: Even though there is no official confirmation from the authorities, the Cabinet Spokesman Minister Rajitha Senaratne on Wednesday said the government has decided to block access to certain social media. Telecom Regulatory Commission (TRC) has started to monitor all social media platforms to curb hate speech related to communal riots escalated in Kandy district. Telecommunication service providers (ISPs) have also restricted internet access in Kandy district on the instructions of the TRC.
United States

US Calls Broadcom's Bid For Qualcomm a National Security Risk ( 91

An anonymous reader quotes a report from The New York Times (Warning: source may be paywalled; alternative source): The United States government said Broadcom's proposed acquisition of rival chipmaker Qualcomm could pose a national security risk and called for a full investigation into the hostile bid. The move complicates an already contentious deal and increases the likelihood that Broadcom, which is based in Singapore, will end its pursuit of Qualcomm. Such an investigation is often a death knell for a corporate acquisition. A government panel, the Committee on Foreign Investment in the United States, or Cfius, noted, in part, that the potential risk was related to Broadcom's relationships with foreign entities, according to a letter from a United States Treasury official. It also said that the deal could weaken "Qualcomm's technological leadership," giving an edge to Chinese companies like Huawei. "China would likely compete robustly to fill any void left by Qualcomm as a result of this hostile takeover," the official said in the letter. The letter and the public call for an investigation reflects a newly aggressive stance by Cfius. In most cases, the panel operates in secret and weighs in after a deal is announced. In this instance, Cfius, which is made up of representatives from multiple federal agencies, is taking a proactive role and investigating before an acquisition agreement has even been signed.

FBI Paid Geek Squad Repair Staff As Informants ( 205

According to newly released documents by the Electronic Frontier Foundation, federal agents would pay Geek Squad employees to flag illegal materials on devices sent in by customers for repairs. "The relationship goes back at least ten years, according to documents released as a result of the lawsuit [filed last year]," reports ZDNet. "The agency's Louisville division aim was to maintain a 'close liaison' with Geek Squad management to 'glean case initiations and to support the division's Computer Intrusion and Cyber Crime programs.'" From the report: According to the EFF's analysis of the documents, FBI agents would "show up, review the images or video and determine whether they believe they are illegal content" and seize the device so an additional analysis could be carried out at a local FBI field office. That's when, in some cases, agents would try to obtain a search warrant to justify the access. The EFF's lawsuit was filed in response to a report that a Geek Squad employee was used as an informant by the FBI in the prosecution of child pornography case. The documents show that the FBI would regularly use Geek Squad employees as confidential human sources -- the agency's term for informants -- by taking calls from employees when they found something suspect.

BlackBerry Files Patent Infringement Lawsuit Against Facebook, WhatsApp and Instagram ( 87

BlackBerry on Tuesday filed patent infringement lawsuit against Facebook, Whatsapp and Instagram in Los Angeles Federal court. In a statement, BlackBerry said: We have a lot of respect for Facebook and the value they've placed on messaging capabilities, some of which were invented by BlackBerry. As a cybersecurity and embedded software leader, BlackBerry's view is that Facebook, Instagram, and WhatsApp could make great partners in our drive toward a securely connected future, and we continue to hold this door open to them. However, we have a strong claim that Facebook has infringed on our intellectual property, and after several years of dialogue, we also have an obligation to our shareholders to pursue appropriate legal remedies.

Google Is Helping the Pentagon Build AI for Drones ( 95

Google has partnered with the United States Department of Defense to help the agency develop artificial intelligence for analyzing drone footage, a move that set off a firestorm among employees of the technology giant when they learned of Google's involvement, Gizmodo reported on Tuesday. From the report: Google's pilot project with the Defense Department's Project Maven, an effort to identify objects in drone footage, has not been previously reported, but it was discussed widely within the company last week when information about the project was shared on an internal mailing list, according to sources who asked not to be named because they were not authorized to speak publicly about the project. Some Google employees were outraged that the company would offer resources to the military for surveillance technology involved in drone operations, sources said, while others argued that the project raised important ethical questions about the development and use of machine learning.

The Slow Death of the Internet Cookie ( 97

Sara Fischer, writing for Axios: Over 60% of marketers believe they will no longer need to rely on tracking cookies, a 20-year-old desktop-based technology, for the majority of their digital marketing within the next two years, according to data from Viant Technology, an advertising cloud. Why it matters: Advertising and web-based services that were cookie-dependent are slowly being phased out of our mobile-first world, where more personalized data targeting is done without using cookies. Marketers are moving away from using cookies to track user data on the web to target ads now that people are moving away from desktop. 90% of marketers say they see improved performance from people-based marketing, compared with cookie-based campaigns.

MoviePass CEO Proudly Says App Tracks Your Location Before, After Movies ( 166

MoviePass CEO Mitch Lowe told an audience at a Hollywood event last Friday that the app tracks moviegoers' locations before and after each show they watch. "We get an enormous amount of information," Lowe said. "We watch how you drive from home to the movies. We watch where you go afterwards." His talk at the Entertainment Finance Forum was entitled "Data is the New Oil: How will MoviePass Monetize It?" TechCrunch reports: It's no secret that MoviePass is planning on making hay out of the data collected through its service. But what I imagined, and what I think most people imagined, was that it would be interesting next-generation data about ticket sales, movie browsing, A/B testing on promotions in the app and so on. I didn't imagine that the app would be tracking your location before you even left your home, and then follow you while you drive back or head out for a drink afterwards. Did you? It sure isn't in the company's privacy policy, which in relation to location tracking discloses only a "single request" when selecting a theater, which will "only be used as a means to develop, improve, and personalize the service." Which part of development requires them to track you before and after you see the movie? A MoviePass representative said in a statement to TechCrunch: "We are exploring utilizing location-based marketing as a way to help enhance the overall experience by creating more opportunities for our subscribers to enjoy all the various elements of a good movie night. We will not be selling the data that we gather. Rather, we will use it to better inform how to market potential customer benefits including discounts on transportation, coupons for nearby restaurants, and other similar opportunities."

Spotify Is Cracking Down On Users Pirating Premium-Like Service ( 83

People who access Spotify using hacked apps that remove some of the restrictions placed on free accounts are receiving warning emails from the company. Noting that "abnormal activity" has been observed from the user's software, Spotify warns that future breaches could result in suspension or even termination of a user's account. TorrentFreak reports: "We detected abnormal activity on the app you are using so we have disabled it. Don't worry -- your Spotify account is safe," the email from Spotify reads. "To access your Spotify account, simply uninstall any unauthorized or modified version of Spotify and download and install the Spotify app from the official Google Play Store. If you need more help, please see our support article on Reinstalling Spotify." While the email signs off with a note thanking the recipient for being a Spotify user, there is also a warning. "If we detect repeated use of unauthorized apps in violation of our terms, we reserve all rights, including suspending or terminating your account," Spotify writes.

Rhode Island Bill Would Impose Fee For Accessing Online Porn ( 503

If a recently introduced bill passes the General Assembly this session, Rhode Island residents will have to pay a $20 fee to access sexually explicit content online. The bill, introduced by Sen. Frank Ciccone (D-Providence) and Sen. Hanna Gallo (D-Cranston), would require internet providers to digitally block "sexual content and patently offensive material." Consumers could then deactivate that block for a fee of $20. The Providence Journal reports: Each quarter the internet providers would give the money made from the deactivation fees to the state's general treasurer, who would forward the money to the attorney general to fund the operations of the Council on Human Trafficking, according to the bill's language. If online distributors of sexual content do not comply with the filter, the attorney general or a consumer could file a civil suit of up to $500 for each piece of content reported, but not blocked, according to the bill.

Six Tech Companies Filing Net Neutrality Lawsuit ( 31

An anonymous reader quotes a report from The Hill: Six technology companies, including Kickstarter, Foursquare and Etsy, have launched a lawsuit against the Federal Communications Commission (FCC) in an effort to preserve net neutrality rules. The companies, which also include Shutterstock, Expa and Automattic, on Monday filed their petition with the U.S. Court of Appeals for the District of Columbia Circuit. The companies join Vimeo and Mozilla, as well as several state attorneys general who have also filed lawsuits against the FCC in support of the net neutrality rules. Like the other lawsuits, their new case hinges on the Administrative Procedure Act, which they argue prevents the FCC from "arbitrary and capricious" redactions to already existing policy. "Already, over 30,000 Etsy sellers participated in the FCC's public comment process, and tens of thousands more reached out to Congress in support of net neutrality. Now we're bringing their stories and experiences to the courts," said Althea Erickson, head of advocacy and impact at Etsy.

Microsoft To Offer Governments Local Version of Azure Cloud Service ( 28

Microsoft on Monday said it will soon make it possible for government clients to run its cloud technology on their own servers as part of a concerted effort to make Azure more appealing to local and federal agencies. From a report: The pairing of Azure Stack, Microsoft's localized cloud product, and Azure Government, the government-tailored version of Microsoft's cloud, comes as competition against Inc for major clients in the public sector ramps up. The new offering, which will be made available in mid-2018, is designed to appeal to governments and agencies with needs for on-premise servers, such as in a military operation or in an embassy abroad, said Tom Keane, Microsoft Azure's head of global infrastructure.

Thieves Steal 600 Powerful Bitcoin-Mining Computers In Iceland ( 88

The Associated Press reports of a Bitcoin heist in Iceland where thieves stole some 600 computers used to "mine" bitcoin and other virtual currencies. "Some 11 people were arrested, including a security guard, in what Icelandic media have dubbed the 'Big Bitcoin Heist,'" reports the Associated Press. From the report: The powerful computers, which have not yet been found, are worth almost $2 million. But if the stolen equipment is used for its original purpose -- to create new bitcoins -- the thieves could turn a massive profit in an untraceable currency without ever selling the items. Three of four burglaries took place in December and a fourth took place in January, but authorities did not make the news public earlier in hopes of tracking down the thieves. Police tracking the stolen computers are monitoring electric consumption across the country in hopes the thieves will show their hand, according to an industry source who spoke on condition of anonymity because he is not allowed to speak to the media. Unusually high energy usage might reveal the whereabouts of the illegal bitcoin mine. Authorities this week called on local internet providers, electricians and storage space units to report any unusual requests for power.

New LTE Attacks Can Snoop On Messages, Track Locations, and Spoof Emergency Alerts ( 28

An anonymous reader quotes a report from ZDNet: A slew of newly discovered vulnerabilities can wreak havoc on 4G LTE network users by eavesdropping on phone calls and text messages, knocking devices offline, and even spoofing emergency alerts. Ten attacks detailed in a new paper by researchers at Purdue University and the University of Iowa expose weaknesses in three critical protocol operations of the cellular network, such as securely attaching a device to the network and maintaining a connection to receive calls and messages. Those flaws can allow authentication relay attacks that can allow an adversary to connect to a 4G LTE network by impersonating an existing user -- such as a phone number. Although authentication relay attacks aren't new, this latest research shows that they can be used to intercept message, track a user's location, and stop a phone from connecting to the network. By using common software-defined radio devices and open source 4G LTE protocol software, anyone can build the tool to carry out attacks for as little as $1,300 to $3,900, making the cost low enough for most adversaries. The researchers aren't releasing the proof-of-concept code until the flaws are fixed, however.

Australia Considers Making It Illegal For ISPs To Advertise Inflated Speeds ( 70

The Australian government is currently considering a bill that would make it illegal for internet service providers to exaggerate speeds, or else face a fine of up to $1 million. "One constituent says he's being charged for a 25 megabit per second download speed and a five megabit per second upload and he's actually getting less than one tenth of that," said Andrew Wilkie, the Member of Parliament who introduced the bill. "In other words, people are getting worse than dial-up speed when they've been promised a whizz-bang, super-fast connection." Motherboard reports: Internet speeds can vary based on how many people are on the network and even the hardware you use, but while we can't expect ISPs to deliver maximum speed 100 percent of the time, previous probes into their performance have shown many ISPs in the U.S. aren't delivering even the minimum advertised speeds a majority of the time for the average user. Under the proposed Australian law, ISPs are simply required to be more transparent about what consumers can expect with a specific plan. Rather than advertising only the maximum speeds, they would have to include typical speeds for the average user, indicate busy periods, and clearly list any other factors that might impact service. The bill was only introduced this week, so it's yet to be seen if it will gain traction.
The Courts

Playboy Drops Its Copyright Case Against Boing Boing ( 18

An anonymous reader quotes the EFF: Playboy Entertainment has given up on its lawsuit against Happy Mutants, LLC, the company behind Boing Boing. Earlier this month, a federal court dismissed Playboy's claims but gave Playboy permission to try again with a new complaint, if it could dig up some new facts. The deadline for filing that new complaint passed this week, and today Playboy released a statement suggesting that it is standing down...

It's hard to understand why Playboy brought this case in the first place, turning its legal firepower on a small news and commentary website that hadn't uploaded or hosted any infringing content. We're also a little perplexed as to why Playboy seems so unhappy that the Boing Boing post is still up when the links they complain about have been dead for almost two years.


Equifax Identifies Additional 2.4 Million Customers Hit By Data Breach ( 15

Credit score giant Equifax said on Thursday it had identified another 2.4 million U.S. consumers whose names and driver's license information were stolen in a data breach last year that affected half the U.S. population. From a report: The company said it was able confirm the identities of U.S. consumers whose driver's license information was taken by referencing other information in proprietary company records that the attackers did not steal. "Equifax will notify these newly identified U.S. consumers directly, and will offer identity theft protection and credit file monitoring services at no cost to them," the company said.

YouTube's New Moderators Mistakenly Pull Right-Wing Channels ( 277

In December, said it would assign more than 10,000 people to moderate content in an attempt to curb its child exploitation problem. Today, Bloomberg reports that those new moderators mistakenly removed several videos and some channels from right-wing, pro-gun video producers and outlets in the midst of a nationwide debate on gun control. From the report: Some YouTube channels recently complained about their accounts being pulled entirely. On Wednesday, the Outline highlighted accounts, including Titus Frost, that were banned from the video site. Frost tweeted on Wednesday that a survivor of the shooting, David Hogg, is an actor. Jerome Corsi of right-wing conspiracy website Infowars said on Tuesday that YouTube had taken down one of his videos and disabled his live stream. Shutting entire channels would have marked a sweeping policy change for YouTube, which typically only removes channels in extreme circumstances and focuses most disciplinary action on specific videos. But YouTube said some content was taken down by mistake. The site didn't address specific cases and it's unclear if it meant to take action on the accounts of Frost and Corsi. "As we work to hire rapidly and ramp up our policy enforcement teams throughout 2018, newer members may misapply some of our policies resulting in mistaken removals," a YouTube spokeswoman wrote in an email. "We're continuing to enforce our existing policies regarding harmful and dangerous content, they have not changed. We'll reinstate any videos that were removed in error."

Germany Says Government Network Was Breached ( 30

An anonymous reader shares a report from The Wall Street Journal (Warning: source may be paywalled; alternative source): German authorities said on Wednesday they were investigating a security breach of the government's highly protected computer network. The country's intelligence agencies were examining attacks on more than one government ministry, the interior ministry said, adding that the affected departments had been informed and that the attack had been isolated and brought under control. Earlier on Wednesday, the German news agency DPA reported that German security services had discovered a breach of the government's IT network in December and traced it back to state-sponsored Russian hackers. German companies have been the target of sustained attacks by state-sponsored hackers, mainly believed to be Chinese. In 2015, the Bundestag, parliament's lower house, suffered a extensive breach, leading to the theft of several gigabytes of data by what German security officials believe were Russian cyberthieves. Hackers believed to be part of the Russia-linked APT28 group sought to infiltrate the computer systems of several German political parties in 2016, Germany's domestic intelligence agency said in 2016.

US Response 'Hasn't Changed The Calculus' Of Russian Interference, NSA Chief Says ( 126

An anonymous reader shares an NPR report: The admiral in charge of both the nation's top electronic spying agency and the Pentagon's cybersecurity operations would seem a logical point man for countering Russia's digital intrusions in U.S. election campaigns. But National Security Agency and U.S. Cyber Command chief Adm. Michael Rogers told the Senate Armed Services Committee on Tuesday there is only so much he can do. That is because, according to Rogers, President Trump has not ordered him to go after the Russian attacks at their origin. Sen. Jack Reed of Rhode Island, the committee's ranking Democrat, asked Rogers, "Have you been directed to do so, given this strategic threat that faces the United States and the significant consequences you recognize already?" "No, I have not," Rogers replied. But the spy chief pushed back on suggestions that he should seek a presidential signoff. "I am not going to tell the president what he should or should not do," Rogers said when Connecticut Democrat Richard Blumenthal pressed him on whether Trump should approve that authority.

"I'm an operational commander, not a policymaker," he added. "That's the challenge for me as a military commander." Rogers agreed with Blumenthal's estimation that Russian cyber operatives continue to attack the U.S. with impunity and that Washington's response has fallen short. "It hasn't changed the calculus, is my sense," the spy chief told Blumenthal. "It certainly hasn't generated the change in behavior that I think we all know we need."


China Bans Letter N From Internet as Xi Jinping Extends Grip on Power ( 196

Speaking of things the Chinese government has been censoring in the country, The Guardian reports: It is the 14th letter in the English alphabet and, in Scrabble, the springboard for more than 600 8-letter words. But for the Communist party of China it is also a subversive and intolerable character that was this week banished from the internet as Chinese censors battled to silence criticism of Xi Jinping's bid to set himself up as ruler for life. The contravening consonant was perhaps the most unusual victim of a crackdown targeting words, phrases and even solitary letters censors feared might be used to attack Beijing's controversial decision to abolish constitutional term limits for China's president. The Communist party has painted the move -- which experts say paves the way for Xi to become a dictator for life -- as an expression of overwhelming popular support for China's strongman leader. However, there has been widespread online push-back in China since it was announced on Sunday on the eve of an annual political congress in Beijing.

China Censors Social Media Responses To Proposal To Abolish Presidential Terms ( 163

An anonymous reader quotes a report from The Verge: Negative social media reactions in China toward the government's interest in abolishing presidential term limits have sparked a crackdown on memes since Sunday evening. China's constitution currently restricts the president and vice-president to 10 years of leadership, meaning that President Xi Jinping would have been out of power by 2023. The Party's Central Committee proposed removing a phrase in the constitution that stated the two leaders would "serve no more than two consecutive terms," according to the state-run Xinhua News Agency. Authorities will vote on the proposal in March. Many took to social media platforms like WeChat and Weibo with Winnie the Pooh memes, as the animated bear resembles President Xi Jinping to some degree. Winnie the Pooh has been associated with Xi for years and this week, he donned a crown and sat on a throne, enjoying his honey pot. These memes and social media posts were then taken down, hours after the Committee's announcement, signaling that the public's reaction was more unfavorable than authorities predicted. An assortment of phrases have been filtered out by new censors, including "constitution amendment," "re-elected," "proclaim oneself as emperor," and "two term limit." The lag time between the censorship and the initial proposal indicates authorities expected the public to react less critically.
The Internet

US House Passes Bill To Penalize Websites For Sex Trafficking ( 190

An anonymous reader quotes a report from Thomson Reuters Foundation News: The U.S. House of Representatives on Tuesday overwhelmingly passed legislation to make it easier to penalize operators of websites that facilitate online sex trafficking, chipping away at a bedrock legal shield for the technology industry. The bill's passage marks one of the most concrete actions in recent years from the U.S. Congress to tighten regulation of internet firms, which have drawn heavy scrutiny from lawmakers in both parties over the past year due to an array of concerns regarding the size and influence of their platforms. The House passed the measure 388-25. It still needs to pass the U.S. Senate, where similar legislation has already gained substantial support, and then be signed by President Donald Trump before it can become law.

Several major internet companies, including Alphabet Inc's Google and Facebook Inc, had been reluctant to support any congressional effort to dent what is known as Section 230 of the Communications Decency Act, a decades-old law that protects them from liability for the activities of their users. But facing political pressure, the internet industry slowly warmed to a proposal that gained traction in the Senate last year, and eventually endorsed it after it gained sizable bipartisan support. The legislation is a result of years of law-enforcement lobbying for a crackdown on the online classified site, which is used for sex advertising. It would make it easier for states and sex-trafficking victims to sue social media networks, advertisers and others that fail to keep exploitative material off their platforms.


Facebook Silently Enables Facial Recognition Abilities For Users Outside EU, Canada ( 70

Facebook is now informing users around the world that it's rolling out facial recognition features. Users in the European Union and Canada will not be notified because laws restrict this type of activity in those areas. Neowin reports: With the new tools, you'll be able to find photos that you're in but haven't been tagged in; they'll help you protect yourself against strangers using your photo; and Facebook will be able to tell people with visual impairments who's in their photos and videos. By default, Facebook warns that this feature is enabled but can be switched off at any time; additionally, the firm says it may add new capabilities at any time. In its initial statement, Facebook said the following about the impersonation protections it was introducing: "We want people to feel confident when they post pictures of themselves on Facebook so we'll soon begin using face recognition technology to let people know when someone else uploads a photo of them as their profile picture. We're doing this to prevent people from impersonating others on Facebook."

New Apple Patent Imagines an OLED Screen As a Keyboard For MacBooks ( 119

An anonymous reader quotes a report from The Verge: The United States Patent and Trademark Office has granted Apple a patent titled "dual display equipment with enhanced visibility and suppressed reflections." The documentation for what is patent number 9,904,502 outlines a device that would use a second display as a dynamic keyboard. Two implementations of this design are described in the patent application, according to Patently Apple. The first utilizes a permanent hinge, while the second allows the screen to be removed and used separately, along the lines of Microsoft's Surface Pro range and other two-in-one computers. The patent documentation makes it clear that the implementation is not intended as an accessory that would allow two iPads to be paired together, with one serving as the keyboard. Additionally, illustrations associated with the application explicitly state that one screen is an OLED display, while the other is an LCD. A double-display set-up could provide easy access to a different keyboard layout language, context-sensitive controls, or even a large sketching surface to use in conjunction with something like an Apple Pencil. However, that flexibility would come at the cost of the traditional typing experience offered by a mechanical keyboard.

Google Releases Info On 2.4 Million 'Right To Be Forgotten' Requests ( 69

According to Google's latest transparency report, the company has received 2.4 million "right to be forgotten" requests since 2014, most of which came from private individuals. Engadget reports: Europe's biggest court passed the right to be forgotten law in 2014, compelling the tech titan to remove personal info from its search engine upon request. In the report, Google has revealed that it complied with 43.3 percent of all the requests it's gotten and has also detailed the nature of those takedown pleas. France, Germany and the UK apparently generated 51 percent of all the URL delisting appeals. Overall, 89 percent of the takedown pleas came from private individuals: Non-government figures such as celebrities submitted 41,213 of the URLs in Google's pile, while politicians and government officials submitted 33,937. As Gizmodo noted, though, there's a small group of law firms and reputation management services submitting numerous pleas, suggesting the rise of reputation-fixing business in the region.

Out of those 2.4 million requests, 19.1 percent are directory URLs, while news websites and social networks only make up 17.6 and 11.6 percent of them. Majority of the URLs submitted for removal are random online destinations that don't fall under any of the previous categories. As for the takedown's reasons, it looks 18.1 percent of the submissions want their professional info scrubbed, 7.7 percent want info they previously posted online themselves to be removed and 6.1 percent want their crimes hidden from search.


Net Neutrality Repeal Will Get a Senate Vote In the Spring, Democrats Say ( 127

Congressional Democrats today introduced legislation that would prevent the repeal of net neutrality rules, but they still need more support from Republicans in order to pass the measure. According to Sen. Ed Markey (D-Mass.), they will force a vote on the Senate version of the resolution sometime this spring. Ars Technica reports: Democrats have been promising to introduce a Congressional Review Act (CRA) resolution ever since the Federal Communications Commission voted to repeal its net neutrality rules in December. But lawmakers had to wait for the FCC's repeal order to be published in the Federal Register, which only happened last week. The CRA resolution would nullify the FCC's repeal order, allowing net neutrality rules that were passed in 2015 to remain in place. The resolution has public support from 50 out of 100 senators (all Democrats, all Independents, and one Republican), putting it one vote shy of passage in the Senate.

"The grassroots movement to reinstate net neutrality is growing by the day, and we will get that one more vote needed to pass my CRA resolution," Markey said. "I urge my Republican colleagues to join the overwhelming majority of Americans who support a free and open Internet. The Internet is for all -- the students, teachers, innovators, hard-working families, small businesses, and activists, not just Verizon, Charter, AT&T, and Comcast and corporate interests."


Bill Gates: Cryptocurrency Is 'Rare Technology That Has Caused Deaths In a Fairly Direct Way' ( 161

An anonymous reader quotes a report from CNBC: During a recent "Ask Me Anything" session on Reddit, the Microsoft co-founder said that the main feature of cryptocurrencies is the anonymity they provide to buyers, and Gates thinks that can actually be harmful. "The government's ability to find money laundering and tax evasion and terrorist funding is a good thing," he wrote. "Right now, cryptocurrencies are used for buying fentanyl and other drugs, so it is a rare technology that has caused deaths in a fairly direct way." When a Reddit user pointed out that plain cash can also be used for illicit activities, Gates said that crypto stands out because it can be easier to use. "Yes -- anonymous cash is used for these kinds of things, but you have to be physically present to transfer it, which makes things like kidnapping payments more difficult," he wrote. Gates also warned that the wave of speculation surrounding cryptocurrencies is "super risky for those who go long."

Supreme Court Wrestles With Microsoft Data Privacy Fight ( 163

Supreme Court justices on Tuesday wrestled with Microsoft's dispute with the U.S. Justice Department over whether prosecutors can force technology companies to hand over data stored overseas, with some signaling support for the government and others urging Congress to pass a law to resolve the issue. From a report: Chief Justice John Roberts and Justice Samuel Alito, both conservatives, hinted during an hour-long argument in the case at support for the Justice Department's stance that because Microsoft is based in the United States it was obligated to turn over data sought by prosecutors in a U.S. warrant. As the nine justices grappled with the technological complexities of email data storage, liberals Ruth Bader Ginsburg and Sonia Sotomayor questioned whether the court needed to act in the data privacy case in light of Congress now considering bipartisan legislation that would resolve the legal issue. A ruling is due by the end of June.

China To Crack Down on Cryptocurrency Trading Loophole ( 41

China is opening a new front in its battle against cryptocurrencies, targeting platforms that allow the nation's investors to trade digital assets on overseas exchanges, Bloomberg reported Tuesday citing people familiar with the matter said. From a report: Regulators are planning to scrutinize the Chinese bank and online-payment accounts of businesses and individuals suspected of facilitating trades on offshore cryptocurrency venues, the people said, asking not to be identified because the information is private. The accounts' owners could have their assets frozen or be blocked from the domestic financial system, the people said. The measures are designed to cut off one of the few remaining avenues for Chinese citizens to buy digital assets. While the country was once home to the world's most active cryptocurrency exchanges, authorities banned the venues last year and have since moved to block access to platforms that offer exchange-like services.

Coinbase: We Will Send Data On 13,000 Users To IRS ( 133

Coinbase has formally notified its customers that it will be complying with a court order and handing over the user data for about 13,000 of its customers to the Internal Revenue Service. Ars Technica reports: The case began back in November 2016 when the IRS went to a federal judge in San Francisco to enforce an initial order that would have required the company to hand over the data of all users who transacted on the site between 2013 and 2015 as part of a tax evasion investigation. Coinbase resisted the IRS' request in court. But by November 2017, after a hearing, U.S. Magistrate Judge Jacqueline Scott Corley narrowed the request to only cover 13,000 particular individuals. The San Francisco-based startup is now required to provide "taxpayer ID, name, birth date, address, and historical transaction records for certain higher-transacting customers during the 2013-2015 period." Coinbase reminded its users that it is "unable to provide legal or tax advice." The company also noted, "If you have concerns about this, we encourage you to seek legal advice from an attorney promptly. Coinbase expects to produce the information covered by the court's order within 21 days."
The Courts

Volkswagen Settles Diesel Emissions Lawsuit Right Before Trial Set To Begin ( 74

Volkswagen settled a major diesel emissions class action lawsuit brought by hundreds of vehicle owners right before the case was set to go to trial. "The German auto giant's U.S. division settled the lawsuit brought by a North Carolina man and over 300 other owners of diesel cars who allege fraud and unfair trade practices," reports The Verge. From the report: The trial could have featured testimony from current and former VW executives and would likely have caused a spate of bad press for the automaker regarding the Dieselgate scandal. Since it first broke in 2015, the controversy has led to the resignation of VW's CEO, seen a handful of executives sentenced to jail, and resulted in billions of dollars in fines and settlements. VW is being sued by some consumers after it admitted to using software to cheat on diesel emissions tests, sparking the biggest scandal to hit the auto industry in decades. David Doar, the North Carolina man along with more than 300 other U.S. VW diesel owners, rejected settlement offers from a 2016 class action that would have reimbursed them for the value of their vehicles. Nearly all U.S. owners of affected VW vehicles agreed to take part in a $25 billion settlement in 2016, which included buyback offers and additional compensation for about 500,000 owners. But according to Reuters, some 2,000 owners have opted out, and most are pursuing separate claims seeking additional compensation.

Pop-Up Cameras Could Soon Be a Mobile Trend ( 58

An anonymous reader quotes a report from TechCrunch: There's an interesting concept making its way around Mobile World Congress. Two gadgets offer cameras hidden until activated, which offer a fresh take on design and additional privacy. Vivo built a camera into a smartphone concept that's on a little sliding tray and Huawei will soon offer a MacBook Pro clone that features a camera hidden under a door above the keyboard. This could be a glimpse of the future of mobile design. Cameras have long been embedded in laptops and smartphones much to the chagrin of privacy experts. Some users cover up these cameras with tape or slim gadgets to ensure nefarious players do not remotely activate the cameras. Others, like HP, have started to build in shutters to give the user more control. Both DIY and built-in options require substantial screen bezels, which the industry is quickly racing to eliminate.

With shrinking bezels, gadget makers have to look for new solutions like the iPhone X notch. Others still, like Vivo and Huawei, are look at more elegant solutions than carving out a bit of the screen. For Huawei, this means using a false key within the keyboard to house a hidden camera. Press the key and it pops up like a trapdoor. We tried it out and though the housing is clever, the placement makes for awkward photos -- just make sure you trim those nose hairs before starting your conference call. Vivo has a similar take to Huawei though the camera is embedded on a sliding tray that pops-up out of the top of the phone.


'Satoshi' Craig Wright Is Being Sued For $10 Billion For Stealing His Partner's Bitcoin ( 92

Craig Wright, the nChain chief scientist who previously claimed to be the pseudonymous bitcoin creator Satoshi Nakamoto, is being sued for a whopping $10 billion for stealing $5 billion in bitcoin from a former business partner. CoinDesk reports: The lawsuit is being brought by Ira Kleiman on behalf of the estate of his brother, Dave, who has been linked to the earliest days of bitcoin. Kleiman, a forensic computer investigator and author, passed away in 2013 following a battle with MRSA. At the heart of the new lawsuit, according to a complaint filed in the U.S. District Court for the Southern District of Florida on Feb. 14, is an alleged hoard of more than 1.1 million bitcoins, which Ira Kleiman's lawyers say is worth in excess of $10 billion. He is being represented by Boies Schiller Flexner LLP.

Wright, court records show, has been accused of allegedly conducting "a scheme against Dave's estate to seize Dave's bitcoins and his rights to certain intellectual property associated with the Bitcoin technology." "As part of this plan, Craig forged a series of contracts that purported to transfer Dave's assets to Craig and/or companies controlled by him. Craig backdated these contracts and forged Dave's signature on them," attorneys for the plaintiff wrote. Included alongside the complaint are a number of additional filings, including the business registration for a firm called W&K Info Defense Research LLC, in which Kleiman and Wright were business partners. In addition to the roughly 1.1 million bitcoins, Ira Kleiman is also seeking compensation for the intellectual property his lawyers claim arose from the partnership between his deceased brother and Wright.


Israel-Based Vendor Cellebrite Can Unlock Every iPhone, including the Current-Gen iPhone X, That's On the Market: Forbes ( 146

Cellebrite, an Israel-based company, knows of ways to unlock every iPhone that's on the market, right up to the iPhone X, Forbes reported on Monday, citing sources. From the report: Cellebrite, a Petah Tikva, Israel-based vendor that's become the U.S. government's company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the security of devices running iOS 11 . That includes the iPhone X, a model that Forbes has learned was successfully raided for data by the Department for Homeland Security back in November 2017, most likely with Cellebrite technology.

The Israeli firm, a subsidiary of Japan's Sun Corporation, hasn't made any major public announcement about its new iOS capabilities. But Forbes was told by sources (who asked to remain anonymous as they weren't authorized to talk on the matter) that in the last few months the company has developed undisclosed techniques to get into iOS 11 and is advertising them to law enforcement and private forensics folk across the globe. Indeed, the company's literature for its Advanced Unlocking and Extraction Services offering now notes the company can break the security of "Apple iOS devices and operating systems, including iPhone, iPad, iPad mini, iPad Pro and iPod touch, running iOS 5 to iOS 11." Separately, a source in the police forensics community told Forbes he'd been told by Cellebrite it could unlock the iPhone 8. He believed the same was most probably true for the iPhone X, as security across both of Apple's newest devices worked in much the same way.


FCC Will Auction 5G-ready 3.7-4.2GHz and mmWave Spectrum ( 64

Jeremy Horwitz, writing for VentureBeat: Speaking at the Mobile World Congress today in Barcelona, Spain, U.S. FCC chairman Ajit Pai today announced that the commission is prepared to quickly make 5G-ready wireless spectrum available in two critically important ranges: Mid-frequency, including both 3.5GHz and 3.7-4.2GHz ranges, and high-frequency, including 24GHz and 28GHz millimeter wave (mmWave) ranges. Pai suggested that the FCC is ready to auction the spectrum in the near future, but requires Congressional cooperation by May 13 to make the 24GHz and 28GHz allocations happen.

We Will Regulate Bitcoin if Risks Are Not Tackled, EU Finance Head Says ( 143

The European Union has warned that it will regulate cryptocurrencies if the risks exposed by the meteoric rise of bitcoin and its ilk are not addressed. The Guardian: The boom and bust of cryptocurrencies has seen some investors make millions where others have suffered heavy losses. Bitcoin, which now trades around $9,000 a token but recently dropped to less than $6,000, leads the pack rising nearly 2,000% to just under $20,000 in 2017, fuelling a global investment craze. "This is a global phenomenon and it's important there is an international follow-up at the global level," Valdis Dombrovskis, the EU's financial chief, said on Monday. "We do not exclude the possibility to move ahead (by regulating cryptocurrencies) at the EU level if we see, for example, risks emerging but no clear international response emerging."

Trump Administration Cracks Down On H-1B Visa Abuse ( 252

An anonymous reader quotes a report from CNN Money: The Trump administration is cracking down on companies that get visas for foreign workers and farm them out to employers. Some staffing agencies seek hard-to-get H-1B visas for high-skilled workers, only to contract them out to other companies. There's nothing inherently illegal about contracting out visa recipients, but the workers are supposed to maintain a relationship with their employers, among other requirements. In some cases, outsourcing firms flood the system with applicants. The U.S. Citizenship and Immigration Services agency said in a new policy memo released Thursday it will require more information about H-1B workers' employment to ensure the workers are doing what they were hired for. Companies will have to provide specific work assignments, including dates and locations, to verify the "employer-employee" relationship between the company applying for an H-1B and its visa recipient.

H-1B visas are valid for three years and can be renewed for another three years. The USCIS says it may limit the length of the visa to shorter than three years based the information an employer provides. For example, if an employer can't prove the H-1B holder is "more likely than not" needed for the full three years, the government might issue the visa for fewer than three years. The memo also says the administration wants to prevent employee "benching." That's when firms bring on H-1B visa holders but don't give them work and don't pay them the required wages while they wait for jobs.


Researchers From MIT and Harvard University Present a Paper Describing a New System, Dubbed Veil, That Makes Private Browsing More Private ( 20

From a blog post on MIT News Office: Veil would provide added protections to people using shared computers in offices, hotel business centers, or university computing centers, and it can be used in conjunction with existing private-browsing systems and with anonymity networks such as Tor, which was designed to protect the identity of web users living under repressive regimes. "Veil was motivated by all this research that was done previously in the security community that said, 'Private-browsing modes are leaky -- Here are 10 different ways that they leak,'" says Frank Wang, an MIT graduate student in electrical engineering and computer science and first author on the paper. "We asked, 'What is the fundamental problem?' And the fundamental problem is that [the browser] collects this information, and then the browser does its best effort to fix it. But at the end of the day, no matter what the browser's best effort is, it still collects it. We might as well not collect that information in the first place."

Apple Moves To Store iCloud Keys in China, Raising Human Rights Fears ( 33

Apple will begin hosting Chinese users' iCloud accounts in a new Chinese data center at the end of this month to comply with new laws there. The move would give Chinese authorities far easier access to text messages, email and other data stored in the cloud. From a report: That's because of a change to how the company handles the cryptographic keys needed to unlock an iCloud account. Until now, such keys have always been stored in the United States, meaning that any government or law enforcement authority seeking access to a Chinese iCloud account needed to go through the U.S. legal system. Now, according to Apple , for the first time the company will store the keys for Chinese iCloud accounts in China itself. That means Chinese authorities will no longer have to use the U.S. courts to seek information on iCloud users and can instead use their own legal system to ask Apple to hand over iCloud data for Chinese users, legal experts said.

New Tech Industry Lobbying Group Argues 'Right to Repair' Laws Endanger Consumers ( 146

chicksdaddy brings this report from Security Ledger: The Security Innovation Center, with backing of powerful tech industry groups, is arguing that letting consumers fix their own devices will empower hackers. The group released a survey last week warning of possible privacy and security risks should consumers have the right to repair their own devices. It counts powerful electronics and software industry organizations like CompTIA, CTIA, TechNet and the Consumer Technology Association as members... In an interview with The Security Ledger, Josh Zecher, the Executive Director of The Security Innovation Center, acknowledged that Security Innovation Center's main purpose is to push back on efforts to pass right to repair laws in the states.

He said the group thinks such measures are dangerous, citing the "power of connected products and devices" and the fact that they are often connected to each other and to the Internet via wireless networks. Zecher said that allowing device owners or independent repair professionals to service smart home devices and connected appliances could expose consumer data to hackers or identity thieves... Asked whether Security Innovation Center was opposed to consumers having the right to repair devices they purchased and owned, Zecher said the group did oppose that right on the grounds of security, privacy and safety... "People say 'It's just my washing machine. Why can't I fix it on my own?' But we saw the Mirai botnet attack last year... Those kinds of products in the wrong hands can be used to do bad things."


Google's 'Bro Culture' Led To Harassment, Argues New Lawsuit By Software Engineer ( 290

An anonymous reader quotes the Mercury News: As a young, female software engineer at male-dominated Google, Loretta Lee was slapped, groped and even had a co-worker pop up from beneath her desk one night and tell her she'd never know what he'd been doing under there, according to a lawsuit filed against the Mountain View tech giant... Lee's lawsuit -- filed in Santa Clara County Superior Court -- alleges the company failed to to protect her, saying, "Google's bro-culture contributed to (Lee's) suffering frequent sexual harassment and gender discrimination, for which Google failed to take corrective action."

She was fired in February 2016 for poor performance, according to the suit... Lee started at the company in 2008 in Los Angeles and later switched to the firm's Mountain View campus, according to the suit, which asserts that she "was considered a talented and rising star" who received consistently "excellent" performance reviews. Lee claims that the "severe and pervasive" sexual harassment she experienced included daily abuse and egregious incidents. In addition to making lewd comments to her and ogling her "constantly," Lee's male co-workers spiked her drinks with whiskey and laughed about it; and shot Nerf balls and darts at her "almost every day," the suit alleges. One male colleague sent her a text message asking if she wanted a "horizontal hug," while another showed up at her apartment with a bottle of liquor, offering to help her fix a problem with one of her devices, refusing to leave when she asked him to, she alleges. At a holiday party, Lee "was slapped in the face by an intoxicated male co-worker for no apparent reason," according to the suit.

Lee resisted reporting an employee who had grabbed her lanyard and grazed her breasts -- and was then written up for being uncooperative. But after filing a report, "HR found her claims 'unsubstantiated,' according to the suit. 'This emboldened her colleagues to continue their inappropriate behavior,' the suit says.

"Her fear of being ostracized was realized, she claims, with co-workers refusing to approve her code in spite of her diligent work on it. Not getting her code approved led to her being 'labeled as a poor performer,' the suit says."

Signal, WhatsApp Co-Founder Launch 'Open Source Privacy Technology' Nonprofit ( 45

An anonymous reader quotes The Next Web:One of the first messaging services to offer end-to-end encryption for truly private conversations, Signal has largely been developed by a team that's never grown larger than three full-time developers over the years it's been around. Now, it's getting a shot in the arm from the co-founder of a rival app. Brian Acton, who built WhatsApp with Jan Koum into a $19 billion business and sold it to Facebook, is pouring $50 million into an initiative to support the ongoing development of Signal. Having left WhatsApp last fall, he's now free to explore projects whose ideals he agrees with, and that includes creating truly private online services.
"Starting with an initial $50,000,000 in funding, we can now increase the size of our team, our capacity, and our ambitions," wrote Signal founder Moxie Marlinspike (a former Twitter executive).

Acton will now also serve as the executive chairman of the newly-formed Signal Foundation, which according to its web site will "develop open source privacy technology that protects free expression and enables secure global communication."

Two More 'SWAT' Calls in California -- One Involving a 12-Year-Old Gamer ( 178

In January an online gamer in California was arrested after at leat 20 fake emergency calls to police, one leading to a fatal shooting in Kansas. But this week in California there's been at least two more fake calls:
  • A 12-year-old gamer heard a knock at his door Sunday -- which turned out to be "teams of Los Angeles police officers and other rescue personnel who believed two people had just hung themselves." The Los Angeles Police Department "said there's no way to initially discern swatting calls from actually emergencies, so they handle every scenario as if someone's life is in danger," according to the Los Angeles Times. The seventh-grader described it as "the most terrifying thing in my life."
  • 36-year-old David Pearce has been arrested for falsely reporting an emergency at a Beverly Hills hotel involving "men with guns" holding him hostage. A local police captain later said that the people in the room had not made the call and in fact might have been asleep through much of the emergency. The Los Angeles Times reports that there's roughly 400 'SWATting' cases each year, according to FBI estimates, adding that "Some experts have said police agencies need to take the phenomenon more seriously and provide formal training to dispatchers and others to better recognize hoax callers."

Meanwhile, in the wake of a fatal shooting in Wichita, Kansas lawmakers have passed a new bipartisan bill increasing the penalties for SWAT calls. If a fake call results in a fatality -- and the caller intentionally masks their identity -- it's the equivalent of second-degree murder. "The caller must be held accountable," one lawmaker told the Topeka Capital-Journal.

The Courts

BuzzFeed Unmasks Mastermind Who Urged Peter Thiel To Destroy Gawker ( 156

One day in 2011 a 26-year-old approached Peter Thiel and said "Look, I think if we datamined Gawker's history, we could find weak points that we could exploit in the court of law," according to the author of a new book. An anonymous reader quotes BuzzFeed News: Peter Thiel's campaign to ruin Gawker Media was conceived and orchestrated by a previously unknown associate who served as a middleman, allowing the billionaire to conceal his involvement in the bankrolling of lawsuits that eventually drove the New York media outlet into bankruptcy. BuzzFeed News has confirmed the identity of that mystery conspirator, known in Thiel's inner circle as "Mr. A," with multiple sources who said that he provided the venture capitalist and Facebook board member with a blueprint to covertly attack Gawker in court. That man, an Oxford-educated Australian citizen named Aron D'Souza, has few known connections to Thiel, but approached him in 2011 with an elaborate proposal to use a legal strategy to wipe out the media organization. That plot ultimately succeeded... D'Souza was aware of Thiel's public comments likening Valleywag to al-Qaeda, and presented a brazen idea: Pay someone or create a company to hire lawyers to go after Gawker.
TechCrunch reported earlier this month that Gawker's old posts "will be captured and saved by the non-profit Freedom of the Press Foundation," which was co-founded in 2012 by the late John Perry Barlow. But in addition, the Gawker estate "continues to threaten possible legal action against Thiel, and hopes to begin discovery to examine the billionaire's motivations for secretly funding his legal war," the article concludes. If a New York bankruptcy court approves, and if the process "unearths anything of meaning, the estate may have grounds to sue Thiel on the grounds of tortious interference, the use of legal means to purposely disrupt a business.

"To head that off, Thiel bid for the remaining Gawker assets -- including the flapship domain, its archive, and outstanding legal claims, like those against himself -- though Holden has made it known that he may block any sale to Thiel, no matter how much the venture capitalist is willing to bid."

Slashdot Top Deals