The Electronic Frontier Foundation's Peter Eckersley writes: Yesterday, The New York Times reported that there is widespread unrest amongst Google's employees about the company's work on a U.S. military project called "Project Maven." Google has claimed that its work on Maven is for "non-offensive uses only," but it seems that the company is building computer vision systems to flag objects and people seen by military drones for human review. This may in some cases lead to subsequent targeting by missile strikes. EFF has been mulling the ethical implications of such contracts, and we have some advice for Google and other tech companies that are considering building military AI systems.
The EFF lists several "starting points" any company, or any worker, considering whether to work with the military on a project with potentially dangerous or risk AI applications should be asking:

1. Is it possible to create strong and binding international institutions or agreements that define acceptable military uses and limitations in the use of AI? While this is not an easy task, the current lack of such structures is troubling. There are serious and potentially destabilizing impacts from deploying AI in any military setting not clearly governed by settled rules of war. The use of AI in potential target identification processes is one clear category of uses that must be governed by law.
2.Is there a robust process for studying and mitigating the safety and geopolitical stability problems that could result from the deployment of military AI? Does this process apply before work commences, along the development pathway and after deployment? Could it incorporate the sufficient expertise to address subtle and complex technical problems? And would those leading the process have sufficient independence and authority to ensure that it can check companies' and military agencies' decisions?
3.Are the contracting agencies willing to commit to not using AI for autonomous offensive weapons? Or to ensuring that any defensive autonomous systems are carefully engineered to avoid risks of accidental harm or conflict escalation? Are present testing and formal verification methods adequate for that task?
4.Can there be transparent, accountable oversight from an independently constituted ethics board or similar entity with both the power to veto aspects of the program and the power to bring public transparency to issues where necessary or appropriate? For example, while Alphabet's AI-focused subsidiary DeepMind has committed to independent ethics review, we are not aware of similar commitments from Google itself. Given this letter, we are concerned that the internal transparency, review, and discussion of Project Maven inside Google was inadequate. Any project review process must be transparent, informed, and independent. While it remains difficult to ensure that that is the case, without such independent oversight, a project runs real risk of harm.

bumblebaetuna writes from a report via Motherboard: On the eve of the net neutrality repeal, just as tensions and public debate over the issue were reaching a fever pitch, someone in the FCC decided it would be a good idea to have chair Ajit Pai ridicule legitimate concerns of internet users with a video featuring an outdated meme and a pizzagate conspiracy theorist. Now, citing the infamous b5 FOIA exemption, the Federal Communications Commission is refusing to release emails related to the planning of the video. The b5 exemption is supposed to protect "inter-agency or intra-agency memorandum or letters which would be privileged in civil litigation," but each agency interprets that meaning differently.

Brian Krebs reports of a new scheme where new debit cards are intercepted in the mail and the chips on the cards are replaced with chips from old cards. Thieves can then start draining funds from the account as soon as the modified card is activated. The warning comes from the U.S. Secret Service. Krebs on Security reports: The reason the crooks don't just use the debit cards when intercepting them via the mail is that they need the cards to be activated first, and presumably they lack the privileged information needed to do that. So, they change out the chip and send the card on to the legitimate account holder and then wait for it to be activated. The Secret Service memo doesn't specify at what point in the mail process the crooks are intercepting the cards. It could well involve U.S. Postal Service employees (or another delivery service), or perhaps the thieves are somehow gaining access to company mailboxes directly. Either way, this alert shows the extent to which some thieves will go to target high-value customers.

Both the United Kingdom and Australia said Thursday that they have opened formal investigations into Facebook amid allegations that their citizens' data was improperly shared with Cambridge Analytica. ABC News reports: The Information Commissioner's Office in the U.K. is "looking at how data was collected from a third party app on Facebook and shared with Cambridge Analytica. We are also conducting a broader investigation into how social media platforms were used in political campaigning," according to Commissioner Elizabeth Denham. The office will investigate Facebook, along with 29 other organizations that have not been named.

Earlier Thursday, Australia said it had opened a formal investigation into the tech giant amid allegations that Australian users' data was improperly shared with Cambridge Analytica. "Today I have opened a formal investigation into Facebook, following confirmation from Facebook that the information of over 300,000 Australian users may have been acquired and used without authorization," Angelene Falk, Australia's acting information commissioner and acting privacy commissioner, said. According to Falk, Australia will work with international regulatory agencies to investigate whether Facebook violated the country's privacy act. Under Australian law, the commissioner has the power to issue fines of up to $1.6 million to organizations that fail to comply with the act, according to the Australian Broadcasting Corporation. Australia and the U.K. joined the United States and Israel in investigating Facebook's breach of privacy.

Intel has decided that instead of fixing three security bugs affecting the Intel Remote Keyboard Android app, it would be easier to discontinue the application altogether. BleepingComputer: The company announced its decision on Tuesday, following the discovery of three security bugs that affect all versions of the Intel Remote Keyboard. This is an Android application that Intel launched in 2015 to allow users to wirelessly control Intel NUC and Intel Compute Stick single-board computers. The bugs, discovered by three different researchers, when exploited, allow a nearby network attacker to inject keystrokes into remote keyboard sessions, and also execute malicious code on the user's Android device.

A video game industry lobby group is joining the lawsuit that seeks to reinstate net neutrality rules in the US, saying that the net neutrality repeal could harm multiplayer online games that require robust Internet connections. From a report: The Entertainment Software Association (ESA) yesterday filed a motion for leave to intervene so that it can support the case against the Federal Communications Commission. The lawsuit, filed by a mix of Democratic state attorneys general, tech companies such as Mozilla, and consumer advocacy groups, seeks to reverse the FCC's December 2017 vote to eliminate net neutrality rules. The ESA said its members will be harmed by the repeal "because the FCC's Order permits ISPs to take actions that could jeopardize the fast, reliable, and low-latency connections that are critical to the video game industry."

Facebook was in talks with top hospitals and other medical groups as recently as last month about a proposal to share data about the social networks of their most vulnerable patients, CNBC reported on Thursday. From the story: Facebook was intending to match it up with user data it had collected, and help the hospitals figure out which patients might need special care or treatment. The proposal never went past the planning phases and has been put on pause after the Cambridge Analytica data leak scandal raised public concerns over how Facebook and others collect and use detailed information about Facebook users. "This work has not progressed past the planning phase, and we have not received, shared, or analyzed anyone's data," a Facebook spokesperson told CNBC. But as recently as last month, the company was talking to several health organizations, including Stanford Medical School and American College of Cardiology, about signing the data-sharing agreement.

Microsoft outlined a new intellectual-property policy on Thursday for co-developed technology that embraces open source and seeks to assure customers it won't run off with their innovations. From a report: The shared innovation principles build on its Azure IP Advantage program for helping customers combat patent trolls. The new principles for co-developed innovation cover ownership of existing technology, customer ownership of new patents, support for open source, licensing new IP back to Microsoft, software portability, transparency, and learning. Microsoft president Brad Smith says the principles aim to assuage customers' fears that Microsoft may end up using co-developed technology to rival them.

[...] In return, Microsoft gets to license back any of the patents in the new technology but promises to limit their use to improving its own platform technologies, such as Azure, Azure AI services, Office 365, Windows, Xbox, and HoloLens. It also reserves the right to use "code and tools developed by or on behalf of Microsoft that are intended to provide technical assistance to customers in their respective businesses."

An anonymous reader quotes a report from ZDNet: Cloudflare's new speed and privacy enhancing domain name system (DNS) servers, launched on Sunday, are also part of an experiment being conducted in partnership with the Asia Pacific Network Information Center (APNIC). The experiment aims to understand how DNS can be improved in terms of performance, security, and privacy. "We are now critically reliant on the integrity of the DNS, yet the details of the way it operates still remains largely opaque," wrote APNIC's chief scientist Geoff Huston in a blog post. "We are aware that the DNS has been used to generate malicious denial of service attacks, and we are keen to understand if there are simple and widely deployable measures that can be taken to mitigate such attacks. The DNS relies on caching to operate efficiently and quickly, but we are still unsure as to how well caching actually performs. We are also unclear how much of the DNS is related to end user or application requirements for name resolution, and how much is related to the DNS chattering to itself."

The Cloudflare-APNIC experiment uses two IPv4 address ranges, 1.1.1/24 and 1.0.0/24, which have been reserved for research use. Cloudflare's new DNS uses two addresses within those ranges, 1.1.1.1 and 1.0.0.1. These address ranges were originally configured as "dark traffic addresses", and some years ago APNIC partnered with Google to analyze the unsolicited traffic directed at them. There was a lot of it. "Our initial work with it certainly showed it to be an unusually strong attractor for bad traffic. At the time we stopped doing it with Google, it was over 50 gigabits per second. Quite frankly, few folk can handle that much noise," Huston told ZDNet on Wednesday. By putting Cloudflare's DNS on these research addresses, APNIC gets to see the noise as well as the DNS traffic -- or at least "a certain factored amount" of it -- for research purposes.