"Russian hackers [...] broke into supposedly secure, "air-gapped" or isolated networks owned by utilities (Warning: source may be paywalled; alternative source) with relative easy by first penetrating the networks of key vendors who had trusted relationships with the power companies," reports The Wall Street Journal, citing officials at the Department of Homeland Security. "They got to the point where they could have thrown switches" and disrupted power flows, said Jonathan Homer, chief of industrial-control-system analysis for DHS. The hacking campaign started last year and likely is continuing. From the report: DHS has been warning utility executives with security clearances about the Russian group's threat to critical infrastructure since 2014. But the briefing on Monday was the first time that DHS has given out information in an unclassified setting with as much detail. It continues to withhold the names of victims but now says there were hundreds of victims, not a few dozen as had been said previously. It also said some companies still may not know they have been compromised, because the attacks used credentials of actual employees to get inside utility networks, potentially making the intrusions more difficult to detect.

The attackers began by using conventional tools -- spear-phishing emails and watering-hole attacks, which trick victims into entering their passwords on spoofed websites -- to compromise the corporate networks of suppliers, many of whom were smaller companies without big budgets for cybersecurity. Once inside the vendor networks, they pivoted to their real focus: the utilities. It was a relatively easy process, in many cases, for them to steal credentials from vendors and gain direct access to utility networks. Then they began stealing confidential information. For example, the hackers vacuumed up information showing how utility networks were configured, what equipment was in use and how it was controlled. They also familiarized themselves with how the facilities were supposed to work, because attackers "have to learn how to take the normal and make it abnormal" to cause disruptions, said Mr. Homer. Their goal, he said: to disguise themselves as "the people who touch these systems on a daily basis."

An anonymous reader quotes a report from Ars Technica: Nintendo's attitude toward ROM releases -- either original games' files or fan-made edits -- has often erred on the side of litigiousness. But in most cases, the game producer has settled on cease-and-desist orders or DMCA claims to protect its IP. This week saw the company grow bolder with its legal action, as Nintendo of America filed a lawsuit (PDF) on Thursday seeking millions in damages over classic games' files being served via websites. The Arizona suit, as reported by TorrentFreak, alleges "brazen and mass-scale infringement of Nintendo's intellectual property rights" by the sites LoveROMs and LoveRetro. These sites combine ROM downloads and in-browser emulators to deliver one-stop gaming access, and the lawsuit includes screenshots and interface explanations to demonstrate exactly how the sites' users can gain access to "thousands of [Nintendo] video games, related copyrighted works, and images." The biggest amount of money Nintendo is seeking comes from "$150,000 for the infringement of each Nintendo copyrighted work and up to $2,000,000 for the infringement of each Nintendo trademark." The company has also requested full disclosure of the operators' "receipts and disbursements, profit and loss statements, advertising revenue, donations and cryptocurrency revenue, and other financial materials."

LoveROMs has since removed all Nintendo-affiliated links, including ROMs and emulators, and the site announced on its social media channels that "all Nintendo titles have been removed from our site." Meanwhile, LoveRetro.co now redirects visitors to a page that reads: "Loveretro has effectively been shut down until further notice."

A report from AccessNow has asked Australia to change its course and lead the way in serving as a champion for human rights instead of against. From a report: Global human rights, public policy, and advocacy group AccessNow has called out Australia for its lack of focus on human rights as it adapts to the challenges of the digital era, with a report from the non-profit saying the country should instead be leading the way in serving as a champion for human rights. "Australia should be a global leader in serving as a champion for human rights, such as the right to privacy and rights to freedoms of expression and association," AccessNow said. "Unfortunately, Australia has taken actions that indicate the nation is willing to undermine human rights as it adapts to the challenges of the digital era."

In Human Rights in the Digital Era: An International Perspective on Australia [PDF], AccessNow says that as the digital world continues to develop, and technology increasingly becomes an "intimate part" of daily lives, Australians are facing a choice. "The country can either continue to be a testing ground for policies that undermine privacy and security in the digital era, or it can be a champion for human rights in the digital age, leveraging its relationships in the world to raise the standards for the next generation," the report says.

An anonymous reader shares a report: The Endangered Species Act, which for 45 years has safeguarded fragile wildlife while blocking ranching, logging and oil drilling on protected habitats, is coming under attack from lawmakers, the White House and industry on a scale not seen in decades, driven partly by fears that the Republicans will lose ground in November's midterm elections. In the past two weeks, more than two dozen pieces of legislation, policy initiatives and amendments designed to weaken the law have been either introduced or voted on in Congress or proposed by the Trump administration.

The actions included a bill to strip protections from the gray wolf in Wyoming and along the western Great Lakes; a plan to keep the sage grouse, a chicken-size bird that inhabits millions of oil-rich acres in the West, from being listed as endangered for the next decade; and a measure to remove from the endangered list the American burying beetle, an orange-flecked insect that has long been the bane of oil companies that would like to drill on the land where it lives. [...] The new push to undo the wildlife protection law comes as Republicans control the White House and both chambers of Congress, and is led by a president who has made deregulation -- the loosening of not only environmental protections but banking rules, car fuel efficiency standards and fair housing enforcement -- a centerpiece of his administration.

Nearly a half-billion Internet of Things devices are vulnerable to cyberattacks at businesses worldwide because of a 10-year-old security flaw, according to a new report from a security software vendor. From a report: The report was published Friday by Armis, a provider of Internet of Things security software for enterprises that focuses on detecting threats in IoT devices at workplaces. The Palo Alto, Calif.-based company has previously made security disclosures, including the BlueBorne malware attack that impacted 5 billion IoT devices.

The proliferation of digital tools that make text and email messages vanish may be welcome to Americans seeking to guard their privacy. But open government advocates fear they are being misused by public officials to conduct business in secret and evade transparency laws. From a report: Whether communications on those platforms should be part of the public record is a growing but unsettled debate in states across the country. Updates to transparency laws lag behind rapid technological advances, and the public and private personas of state officials overlap on private smartphones and social media accounts. "Those kind of technologies literally undermine, through the technology itself, state open government laws and policies," said Daniel Bevarly, executive director of the National Freedom of Information Coalition. "And they come on top of the misuse of other technologies, like people using their own private email and cellphones to conduct business." Some government officials have argued that public employees should be free to communicate on private, non-governmental cellphones and social media platforms without triggering open records requirements.

Since Venmo's transactions are "public" by default and broadcast on Venmo's API, a Python programmer decided to publicize a few of them, reports the Mercury News: The creator of the bot named "Who's buying drugs on Venmo" under the Twitter handle @venmodrugs says he wanted users to consider their privacy settings before using Venmo. The bot finds Venmo transactions that include words such as heroin, marijuana, cocaine, meth, speed or emojis that denote drugs and tweets the transaction with the names of the sender and receiver and the sender's photo, if there is one... "I wanted to demonstrate how much data Venmo was making publicly available with their open API and their public by default settings and encourage people to consider their privacy settings," Joel Guerra, the creator of the bot, told Motherboard, a technology news outlet run by Vice.
He shut the bot after 24 hours, according to a Medium essay titled "Why I blasted your 'drug' deals on Twitter": I chose drugs, sex and alcohol keywords as the trigger for the bot because because they were funny and shocking. I removed the last names of users because I didn't want to actually contribute to the problem of lack of privacy... I braced myself for backlash but the response was overwhelmingly positive. People understood my point and I had sparked a lot of discussion about online privacy and the need for users to do a better job of understanding the terms of software they were using -- and a lot of discussion about how companies need to do a better job of informing customers how their data was being used...

After about 24 hours of tweeting everyone's drug laden Venmo transactions I shut down the bot (Python script!!) and deleted all the tweets. I had successfully made my point and gotten more attention than I had imagined possible. Thousands of people were reading tweets and articles about the bot and discussing data privacy. I saw no further value in tweeting out anyone's personal transactions anymore. However, all I ever did was format the data and automate a Twitter account -- the data is still readily available.
His closure of the bot drew some interesting reactions on Twitter.

"booooooooo. I was so entertained by this."

"I remember I had a dealer take my phone and set venmo to private lol."

"we're looking to add a Python developer to our team and I think you'd be a good fit."

Lauren Weinstein tipped us off to this story from Mashable: Hundreds of Uber and Lyft rides have been broadcast live on Twitch by driver Jason Gargac this year, St. Louis Post-Dispatch reported Saturday, all of them without the passengers' permission. Gargac, who goes by the name JustSmurf on Twitch, regularly records the interior of his car while working for Uber and Lyft with a camera in the front of the car, allowing viewers to see the faces of his passengers, illuminated by his (usually) purple lights, and hear everything they say. At no point does Gargac make passengers aware that they are being filmed or livestreamed.

Due to Missouri's "one-party consent" law, in which only one party needs to agree to be recorded for it to be legal (in this case, Gargac is the consenting one), what Gargac is doing is perfectly legal. That doesn't mean it's not 100 percent creepy. Sometimes, to confirm who they are for their driver, the passengers say their full names. Not only that, Gargac has another video that shows the view out the front of his car so that people can see where he's driving, giving away the locations of some passengers' homes.

All the while, viewers on Twitch are commenting about things like the quality of neighborhoods, what the passengers are talking about, and of course, women's looks. Gargac himself is openly judgmental about the women he picks up, commenting to his viewers about their appearances before they get in his car and making remarks after he drops them off. He also regularly talks about wanting to get more "content," meaning interesting people, and is open about the fact that he doesn't want passengers to know they are on camera.
"I feel violated. I'm embarrassed," one passenger told the St. Louis Post-Dispatch. "We got in an Uber at 2 a.m. to be safe, and then I find out that because of that, everything I said in that car is online and people are watching me. It makes me sick."

The offending driver announced today on Twitter that he's at least "getting rid of the stored vids." He calls this move "step #1 of trying to calm everyone down." Hours ago his Twitch feed was made inaccessible.

Lyft and Twitch have not yet responded to Mashable's request for a comment. But Uber said they've (temporarily?) banned Gargac from accessing their app "while we evaluate his partnership with Uber."

An anonymous reader quotes CyberScoop: Amazon and Google face sharp questions from a bipartisan pair of U.S. senators over the tech giants' decisions to ban domain fronting, a technique used to circumvent censorship and surveillance around the world. Sen. Ron Wyden, D-Ore., and Sen. Marco Rubio, R-Fla., sent a letter on Tuesday to Google CEO Larry Page and Amazon CEO Jeff Bezos over decisions by both companies in April to ban domain fronting.

Amazon then warned the developers of encrypted messaging app Signal that the organization would be banned from Amazon's cloud services if the service didn't stop using Amazon's cloud as cover. "We respectfully urge you to reconsider your decision to prohibit domain fronting given the harm it will do to global internet freedom and the risk it will impose upon human rights activists, journalists, and others who rely on the internet freedom tools," the senators wrote.

An anonymous reader writes: Several commentators are calling for a law that requires bots to admit they are not human. There is a bill in California that would do just that. A new paper argues that these laws may look Constitutional but actually raise First Amendment issues.
The New York Times reports: Bots are easy to make and widely employed, and social media companies are under no legal obligation to get rid of them. A law that discourages their use could help, but experts aren't sure how the one [state senator Robert] Hertzberg is trying to push through, in California, might work. For starters, would bots be forced to identify themselves in every Facebook post? In their Instagram bios? In their Twitter handles? The measure, SB-1001, a version of which has already left the senate floor and is working its way through the state's Assembly, also doesn't mandate that tech companies enforce the regulation. And it's unclear how a bill that is specific only to California would apply to a global internet...

All parties agree that the bill illustrates the difficulty that lawmakers have in crafting legislation that effectively addresses the problems constituents confront online. As the pace of technological development has raced ahead of government, the laws that exist on the books -- not to mention some lawmakers' understandings of technology -- have remained comparatively stagnant.
The Times seems to question whether the law should be targeted at the creators of bots instead of the platforms that host them, pointing out that tech companies like Twitter "have the power to change dynamics on their platforms directly and at the scale that those problems require."

A new report from Oxford University found that manipulation of public opinion over social media platforms is growing at a large scale, despite efforts to combat it. "Around the world, government agencies and political parties are exploiting social media platforms to spread junk news and disinformation, exercise censorship and control, and undermine trust in media, public institutions and science," reports Phys.Org. From the report: "The number of countries where formally organized social media manipulation occurs has greatly increased, from 28 to 48 countries globally," says Samantha Bradshaw, co-author of the report. "The majority of growth comes from political parties who spread disinformation and junk news around election periods. There are more political parties learning from the strategies deployed during Brexit and the U.S. 2016 Presidential election: more campaigns are using bots, junk news, and disinformation to polarize and manipulate voters."

This is despite efforts by governments in many democracies introducing new legislation designed to combat fake news on the internet. "The problem with this is that these 'task forces' to combat fake news are being used as a new tool to legitimize censorship in authoritarian regimes," says Professor Phil Howard, co-author and lead researcher on the OII's Computational Propaganda project. "At best, these types of task forces are creating counter-narratives and building tools for citizen awareness and fact-checking." Another challenge is the evolution of the mediums individuals use to share news and information. "There is evidence that disinformation campaigns are moving on to chat applications and alternative platforms," says Bradshaw. "This is becoming increasingly common in the Global South, where large public groups on chat applications are more popular."

Now is your chance to voice your opinion on the $26 billion merger of T-Mobile and Sprint. The FCC is now accepting comments as well as formal petitions to deny the merger until August 27th. The companies and supporters of the deal can then file oppositions to those petitions by September 17th, while a final round of replies has a deadline of October 9th. Engadget reports: Anyone can file petitions to deny, and you might expect to see some from consumer advocacy groups and industry experts who may be concerned over the reduction in the number of national carriers from four to three. The FCC has laid out a 180-day review timeline to determine whether the merger is in the public interest, but that's more of a guideline and there's no required deadline for the agency to issue a decision.

A crowdfunded project, known as "PeerTube," has blown through its initial goal with 53,100 euros collected in forty-two days. The project aims to be "a fully decentralized version of YouTube, whose computer code is freely accessible and editable, and where videos are shared between users without relying on a central system." The goal is PeerTube to officially launch by October. Quariety reports: PeerTube relies on a decentralized and federative system. In other words, there is no higher authority that manages, broadcasts and moderates the content offered, as is the case with YouTube, but a network of "instances." Created by one or more administrators, these communities are governed according to principles specific to each of them. Anyone can freely watch the videos without registering, but to upload a video, you must choose from the list of existing instances, or create your own if you have the necessary technical knowledge. At the moment, 141 instances are proposed. Most do not have specifics, but one can find communities centered on a theme or open to a particular region of the world. In all, more than 4,000 people are currently registered on PeerTube, for a total of 338,000 views for 11,000 videos. The project does not display ads, unlike YouTube. "In terms of monetization, we wanted to make a neutral tool," says Pouhiou, communication officer for Framasoft, the origin of PeerTube. The site will rely on a "support" button at the start, but "people will be able to code their own monetization system" in the future.

An anonymous reader quotes a report from Ars Technica: New York City's largest taxi driver advocacy group is hailing a legal decision by the New York State Unemployment Insurance Appeal Board, which ruled last Friday that three out-of-work Uber drivers can be considered employees for the purpose of unemployment benefits. The decision was first reported Thursday by Politico. In other words, three men -- and possibly other "similarly situated" Uber drivers who had quit over low pay or who were deactivated from the Uber platform -- can get paid. "The decision means that New York Uber drivers can file for unemployment insurance and likely receive it," Veena Dubal, a labor law professor at the University of California Hastings College of the Law in San Francisco, emailed Ars. "Uber may appeal the decision to state court, but for now, it's good law."

Venmo, the mobile payments app, won't say why it exposes users' data to the world whenever they make a transaction. ZDNet: Hang Do Thi Duc, a Berlin-based privacy researcher found that every time someone sent or received money using the PayPal-owned mobile app (which had over seven million users in 2017), the transaction was "public" by default and was broadcast on Venmo's API. In other words, everyone can see your transactions -- even without the app. The company did not respond to ZDNet's queries, but in a blanket statement said it takes privacy of users seriously.

Further reading: People Are Using Venmo To Spy On Cheating Spouses.

Zorro shares a report from Defense One: Four days before U.S. and Russian leaders met in Helsinki, hackers from China launched a wave of brute-force attacks on internet-connected devices in Finland, seeking to gain control of gear that could collect audio or visual intelligence, a new report says. Traffic aimed at remote command-and-control features for Finnish internet-connected devices began to spike July 12, according to a July 19 report by Seattle-based cybersecurity company F5.

China generally originates the largest chunk of such attacks; in May, Chinese attacks accounted for 29 percent of the total. But as attacks began to spike on July 12, China's share rose to 34 percent, the report said. Attacks jumped 2,800 percent. The China-based hackers' primary target was SSH (or Secure Shell) Port 22 -- not a physical destination but a specific set of instructions for routing a message to the right destination when the message hits the server. "SSH brute force attacks are commonly used to exploit systems and [internet of things, or IOT] devices online," the report says. "SSH is often used by IoT devices for 'secure' remote administration." The report notes that attack traffic came from the U.S., France, and Italy as well, but the U.S. and French traffic kept with its averages. "Russian attack traffic dropped considerably from third, its usual spot, to fifth," reports Defense One. "German attack traffic jumped."

FCC commissioners unanimously voted on a Hearing Designation Order (HDO) to send the proposed sale of Tribune Media properties to Sinclair to a judge, where the merger is expected to cease. Engadget reports: Earlier this week, FCC chairman Ajit Pai raised "serious concerns" about Sinclair's selloff of 21 stations it had proposed in order to remain under station ownership limits post-merger. Had Sinclair declined to sell off some stations, its 173 broadcast stations in 81 markets, combined with Tribune's 42 stations in 33 markets would reach 72 percent of U.S. TV households. The FCC's National TV Ownership rule "does not limit the number of TV stations a single entity may own nationwide so long as the station group collectively reaches no more than 39 percent of all U.S. TV households." But the rule is more flexible for stations that broadcast using UHF frequencies. Pai, who has been accused of aiding the merger by relaxing the ownership regulations, said Monday that Sinclair's plan would allow the company "to control those stations in practice, even if not in name, in violation of the law." He noted that, "When the FCC confronts disputed issues like these, the Communications Act does not allow it to approve a transaction."

An anonymous reader shares a report: FBI Director Christopher Wray said Wednesday that unless the U.S. government and private industry are able to come to a compromise on the issue of default encryption on consumer devices, legislation may be how the debate is ultimately decided. "I think there should be [room for compromise]," Wray said Wednesday night at a national security conference in Aspen, Colorado. "I don't want to characterize private conversations we're having with people in the industry. We're not there yet for sure. And if we can't get there, there may be other remedies, like legislation, that would have to come to bear." Wray described the issue of "Going Dark" because of encryption as a "significant" and "growing" problem for federal, state and local law enforcement as well as foreign law enforcement and intelligence agencies. He claims strong encryption on mobile phones keeps law enforcement from gaining access to key evidence as it relates to active criminal investigations. "People are less safe as a result of it," he said.

Senators in Hawaii and South Dakota have introduced a bill, called the "Reliable Emergency Alert Distribution Improvement (READI) act, that would "explore" broadcasting alerts to "online streaming services, such as Netflix and Spotify," amongst other changes to the Emergency Alert System. TechCrunch reports: Some of the other things the bill touches on:
- Users on many phones can currently disable federal alerts; they want to get rid of that option
- Building a better system for reporting false alarms and figuring out what happened
- Updating the system to better prevent false alarms, and to better retract them when they do happen

An anonymous reader shares a report: Microsoft detected and helped block hacking attempts against three congressional candidates this year, a company executive said Thursday, marking the first known example of cyber interference in the midterm elections. "Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks," said Tom Burt, Microsoft's vice president for security and trust, at the Aspen Security Forum. "And we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for election in the midterm elections."

Burt declined to name the targets but said they were "people who, because of their positions, might have been interesting targets from an espionage standpoint as well as an election disruption standpoint." Microsoft took down the fake domain and worked with the federal government to block the phishing messages.

An anonymous reader quotes a report from Ars Technica: The U.S. Food and Drug Administration seems to have soured on nondairy milk-alternative products that use the term "milk" in their marketing and labeling -- like popular soy and almond milk products. In a talk hosted by Politico, FDA Commissioner Scott Gottlieb announced Tuesday that the FDA will soon issue a new guidance on the use of the term. But he added that products aren't abiding by FDA policies as they stand now. He referenced a so-called "standard of identity" policy that regulates how milk is defined and should be identified. "If you look at our standard of identity -- there is a reference somewhere in the standard of identity to a lactating animal," he said. "And, you know, an almond doesn't lactate, I will confess."

He went on to explain that the issue is that the agency hasn't been enforcing its own policy or putting the squeeze on product makers -- and that it's time to get abreast of the labeling language. But, he admitted, curtailing the wording of non-moo juice labeling isn't an easy task because it means that the agency has to change its "regulatory posture." "I can't just do it unilaterally," Gottlieb said. Hence, the agency is putting together a new guidance for manufacturers to help skim the fat from the market. Gottlieb said the agency will soon tap the public for comments on the terminology and hopes to wring out a new policy within a year.

An anonymous reader quotes a report from Popular Mechanics: A salvage company has located the remains of a Russian warship lost during the the Russo-Japanese War. The battle-damaged cruiser Dmitrii Donskoi was scuttled off the coast of Korea in 1905, reportedly carrying a cargo of gold worth an estimated $130 billion in today's dollars. An international consortium of companies plans to salvage the gold.

According to the Telegraph, the Donskoi was found less than a mile off the coast of Ulleung island, at a depth of 1,423 feet in the Sea of Japan. A submersible descended to the wreck and captured an image of the ship's name on the stern in the Cyrillic alphabet. The South Korean Shinil Group, which discovered the wreck, plans to recover the gold sometime later this year with help from companies in China, Canada, and the U.K. At the time of her sinking Donskoi was reportedly carrying 5,500 boxes of gold bars and 200 tons of gold coins with a street value today of $130 billion. That's more than twice Russia's 2017 defense budget, which was $61 billion. If the treasure does materialize, the Russian government will receive half of the recovered amount. The money that's not going to Russia will reportedly be invested in a railroad line linking North Korea, South Korea, and Russia. A small percentage (10%) will also be invested in tourism projects on Ulleungdo Island, including a museum dedicated to the vessel.

Facebook has repeatedly referenced to lawmakers a "threshold" that must be reached before the platform decides to ban a particular page for violating the site's policies, but it hasn't discussed its guidelines publicly. Motherboard has obtained internal Facebook documents laying out what this threshold is for multiple types of different content, including some instances of hate speech. From the report: One Facebook moderator training document for hate speech says that for Pages -- Facebook's feature for sections dedicated to, say, a band, organization, public figure, or business -- the Page admin has to receive 5 "strikes" within 90 days for the Page itself to be deleted. Alternatively, Facebook moderators are told to remove a Page if at least 30 percent of the content posted by other people within 90 days violates Facebook's community standards. A similar 30 percent-or-over policy exists for Facebook Groups, according to the document.

In a similar vein, another hate speech document says that a profile should be taken down if there are 5 or more pieces of content from the user which indicate hate propaganda, photos of the user present with another identifiable leader, or other related violations. Although the documents obtained by Motherboard were created recently, Facebook's policies change regularly, so whether these exact parameters remain in force is unclear. Of course this still depends on moderators identifying and labeling posts as violating to reach that threshold. [...] Another document focused on sexual content says moderators should unpublish Pages and Groups under the basis of sexual solicitation if there are over 2 "elements," such as the Page description, title, photo, or pinned post, that include either explicit solicitation of nude imagery, or, if the page is more subtle, includes either a method of contact or a location. This slide again reiterates the over 30 percent and 5 admin posts rules found in the hate speech document.

An anonymous reader quotes a report from Engadget: Yesterday, during the Joint Conference on Artificial Intelligence, the Future of Life Institute announced that more than 2,400 individuals and 160 companies and organizations have signed a pledge, declaring that they will "neither participate in nor support the development, manufacture, trade or use of lethal autonomous weapons." The signatories, representing 90 countries, also call on governments to pass laws against such weapons. Google DeepMind and the Xprize Foundation are among the groups who've signed on while Elon Musk and DeepMind co-founders Demis Hassabis, Shane Legg and Mustafa Suleyman have made the pledge as well.

"Thousands of AI researchers agree that by removing the risk, attributability and difficulty of taking human lives, lethal autonomous weapons could become powerful instruments of violence and oppression, especially when linked to surveillance and data systems," says the pledge. It adds that those who sign agree that "the decision to take a human life should never be delegated to a machine." "I'm excited to see AI leaders shifting from talk to action, implementing a policy that politicians have thus far failed to put into effect," Future of Life Institute President Max Tegmark said in a statement. "AI has huge potential to help the world -- if we stigmatize and prevent its abuse. AI weapons that autonomously decide to kill people are as disgusting and destabilizing as bioweapons, and should be dealt with in the same way."

On Monday, IBM asked a jury to award the company $167 million in a lawsuit against deals site Groupon for using patented technology without authorization. The patents involve e-commerce technology that had already been licensed to Amazon, Facebook, and Alphabet for between $20 million and $50 million per company. "Most big companies have taken licenses to these patents," IBM's lawyer, John Desmarais, said. "Groupon has not. The new kid on the block refuses to take responsibility for using these inventions." Reuters reports: Groupon lawyer J. David Hadden argued that IBM was overreading the scope of its patents and claiming ownership of building blocks of the internet. "A key question for you in this case is whether these patents cover the world wide web," Hadden told jurors. "They do not and that is because IBM did not invent the world wide web."

An IBM executive is expected to testify during the two-week trial about licensing deals with technology companies like Amazon and Google, providing a rare glimpse into IBM's efforts to derive revenue from its large patent portfolio. The Armonk, New York-based company invests heavily in research and development and has secured more U.S. patents than any other company for the past 25 years.

Hackers account for 90% of of e-commerce sites' global login traffic, according to a report by cyber security firm Shape Security. They reportedly use programs to apply stolen data acquired on the dark web -- all in an effort to login to websites and grab something of value like cash, airline points, or merchandise. Quartz reports: These attacks are successful as often as 3% of the time, and the costs quickly add up for businesses, Shape says. This type of fraud costs the e-commerce sector about $6 billion a year, while the consumer banking industry loses out on about $1.7 billion annually. The hotel and airline businesses are also major targets -- the theft of loyalty points is a thing -- costing a combined $700 million every year.

The process starts when hackers break into databases and steal login information. Some of the best known "data spills" took place at Equifax and Yahoo, but they happen fairly regularly -- there were 51 reported breaches last year, compromising 2.3 billion credentials, according to Shape. Taking over bank accounts is one way to monetize stolen login information -- in the US, community banks are attacked far more than any other industry group. According to Shape's data, that sector is attacked more than 200 million times each day. Shape says the number of reported credential breaches was roughly stable at 51 last year, compared with 52 in 2016. The best way consumers can minimize these attacks is by changing their passwords.

An anonymous reader shares a report: RoboCent, a Virginia Beach-based political robocall firm, has exposed the personal details of hundreds of thousands of US voters, according to the findings of a security researcher who stumbled upon the company's database online. The researcher, Bob Diachenko of Kromtech Security, says he discovered the data using a recently launched online service called GrayhatWarfare that allows users to search publicly exposed Amazon Web Services data storage buckets. Such buckets should never be left exposed to public access, as they could hold sensitive data.

Six months ago Apple caused controversy by announcing its intentions to move Chinese users' iCloud keys out of the US and into China, in order to comply with Chinese law. From a report: Now, that data, which includes emails, text messages and pictures, is being looked after by government-owned mobile operator China Telecom. And users and human rights activists alike have big concerns. The move has unsurprisingly been praised by state media, with Chinese consumers being told they can now expect faster speeds and greater connectivity. But as comments on Weibo (China's equivalent of Twitter) reveal, users have major privacy worries, claiming the government -- known for its extreme citizen surveillance methods -- will now be able to check personal data whenever it wishes.

Jeff Grubb, reporting for VentureBeat: Over the weekend, some thrifty gamers spotted a deal on Amazon. A downloadable version of the tough strategy survival sim Frostpunk was available on the Amazon Marketplace from a third-party seller for $3, which is a 90 percent discount from the standard $30 price. But after looking into the game, some customers who dropped the three bucks had some questions. For example, why does the metadata for this version of Frostpunk refer to the DRM-free version that people can buy from GOG. [...] So I reached out to Amazon, and it provided the following statement from a company spokesperson: "Our customers trust that when they make a purchase through Amazon's store --either directly from Amazon or from its third-party sellers -- they will receive authentic products, and we take any claims that endanger that trust seriously. We strictly prohibit the sale of counterfeit products, and these games have been removed." That's all it would say on this.

The 2nd Circuit denies an immediate appeal in a case that challenges how news organizations used embedded photos of Tom Brady. The Hollywood Reporter: Back in February, a New York judge caused a bit of a freakout by issuing a copyright decision regarding the embedding of a copyrighted photo of NFL superstar Tom Brady. Now comes another surprise with potentially big ramifications to the future of embedding and in-line linking: The 2nd Circuit Court of Appeals has denied an interlocutory appeal. Justin Goldman is the plaintiff in the lawsuit after finding the photo of the New England Patriots quarterback he shot and uploaded to Snapchat go viral. Many news organizations embedded social media posts that took Goldman's photo in stories about whether the Boston Celtics would recruit NBA star Kevin Durant with Brady's assistance. Breitbart, Heavy, Time, Yahoo, Vox Media, Gannett Company, Herald Media, Boston Globe Media Partners and New England Sports Network were defendants in the lawsuit, but many of these companies have since settled.

Heavy has not, and in February, U.S. District Court Judge Katherine Forrest shocked many legal observers with a decision that refused to apply the "Server Test," where the direct liability of a website publisher for copyright infringement turns on whether the image is hosted on the publisher's own server or is embedded or linked from a third-party server. Although the Server Test has been adopted in other jurisdictions, Forrest wrote, "The plain language of the Copyright Act, the legislative history undergirding its enactment, and subsequent Supreme Court jurisprudence provide no basis for a rule that allows the physical location or possession of an image to determine who may or may not have 'displayed' a work within the meaning of the Copyright Act." She added, "Nowhere does the Copyright Act suggest that possession of an image is necessary in order to display it. Indeed, the purpose and language of the Act support the opposite view."

Lorenzo Franceschi-Bicchierai of Motherboard has a chilling story on how hackers flip seized Instagram handles and cryptocurrency in a shady, buzzing underground market for stolen accounts and usernames. Their victim's weakness? Phone numbers. He writes: First, criminals call a cell phone carrier's tech support number pretending to be their target. They explain to the company's employee that they "lost" their SIM card, requesting their phone number be transferred, or ported, to a new SIM card that the hackers themselves already own. With a bit of social engineering -- perhaps by providing the victim's Social Security Number or home address (which is often available from one of the many data breaches that have happened in the last few years) -- the criminals convince the employee that they really are who they claim to be, at which point the employee ports the phone number to the new SIM card. Game over.

An anonymous reader quotes a report from IGN: Saudi Arabia is apparently banning 47 games in response to a pair of children committing suicide after allegedly being encouraged to do so while playing an online game. Per the Associated Press, the Saudi General Commission for Audio-Visual Media said yesterday that a 13-year-old girl and a 12-year-old boy have taken their own lives after playing a social media game known as Blue Whale. Also called the Blue Whale Challenge, the disturbing social media phenomenon is a form of extreme cyberbullying. It's not clear how the Saudi government believes this connects to more mainstream video games, but it nonetheless appears to have banned 47 popular indie and AAA games in response.The Saudi General Commission for Audio-Visual Media's website actually says the list of banned games was last updated on July 2, but the Associated Press' report claims the bans were just announced Monday.

schwit1 shares an excerpt from an in-depth report via ProPublica and NPR, which have been investigating for the past year the various tactics the health insurance industry uses to maximize its profits: A future in which everything you do -- the things you buy, the food you eat, the time you spend watching TV -- may help determine how much you pay for health insurance. With little public scrutiny, the health insurance industry has joined forces with data brokers to vacuum up personal details about hundreds of millions of Americans, including, odds are, many readers of this story. The companies are tracking your race, education level, TV habits, marital status, net worth. They're collecting what you post on social media, whether you're behind on your bills, what you order online. Then they feed this information into complicated computer algorithms that spit out predictions about how much your health care could cost them. Patient advocates warn that using unverified, error-prone "lifestyle" data to make medical assumptions could lead insurers to improperly price plans -- for instance raising rates based on false information -- or discriminate against anyone tagged as high cost. And, they say, the use of the data raises thorny questions that should be debated publicly, such as: Should a person's rates be raised because algorithms say they are more likely to run up medical bills? Such questions would be moot in Europe, where a strict law took effect in May that bans trading in personal data.

Rep. Mike Coffman (R-CO) today announced his support for a bill that would institute the basic outlines of the FCC's 2015 Open Internet order, which banned the throttling and blocking of content as well as harmful paid prioritization practices. He is also the first Republican to sign on to the Democrat-led discharge petition, which aims to force a vote on the House floor to roll back the FCC's December decision to repeal net neutrality. The Verge reports: The 21st Century Internet Act aims to restructure the current framework by which the internet has been governed since the '90s. Coffman's bill moves past this argument by amending the 1934 Telecommunications Act and adding the new Title VIII. This new classification would "permanently codify into law the 'four corners' of net neutrality" by banning providers from controlling traffic quality and speed and forbidding them from participating in paid prioritization programs or charging access fees from edge providers.

On top of providing stable ground for net neutrality rules to be upheld in the future, the legislation also makes it illegal for providers to participate in "unfair or deceptive acts or practices." It directs the FCC to investigate claims of anticompetitive behavior on behalf of consumers after receiving their complaints. Transparency requirements are heightened for providers as well, as companies must publicly disclose information regarding their network practices to allow consumers to "make informed choices regarding use of such services."

hackingbear writes: "China's medical insurance regulator will begin negotiations with domestic and overseas pharmaceutical companies to lower prices of cancer drugs in a bid to cut the financial burden on patients," reports Reuters. "The State Medical Insurance Administration said it was preparing to include more cancer drugs on its list of medicines eligible for reimbursement, and said 10 foreign and eight domestic pharmaceutical companies had expressed a willingness to work with the authority."

Unlike India, or what we may have been told, China enforces pharmaceutical patents rigorously. Recently, the Chinese box office hit Dying to Survive, which told the real life story of a leukemia patient/businessman put on trial due to smuggling imitation drugs to help fellow patients who cannot pay the exorbitant cost of a drug produced by a Swiss pharmaceutical giant, has brought in huge revenues and rave reviews since the movie was released on July 5. Last year, China forced two rounds of NRDL negotiations after seven years of stasis. More than a dozen cancer drugs, including AstraZeneca's Iressa and Roche's Herceptin, are now covered by the country's insurance program, but only after the companies agreed to huge discounts -- a typical move trading lower prices for higher volume. Demand for Herceptin, for example, surged after the discount and triggered a national shortage.

According to The Wall Street Journal, Uber is being investigated by U.S. authorities over a complaint about gender discrimination (Warning: source may be paywalled; alternative source). The U.S. Equal Employment Opportunity Commission (EEOC) is leading the investigation, which began last August but hasn't been previously reported. From the report: EEOC investigators have been interviewing former and current Uber employees as well as seeking documents from Uber officials, these people said. The investigators have been seeking information related to hiring practices, pay disparity and other matters as they relate to gender, one person said. Uber, which hopes to debut on the public markets sometime in the second half of next year, is already is facing at least five other federal investigations by multiple agencies into its pricing practices, accusations of bribery by Uber executives abroad, and its use of software designed to evade local officials tracking its operations, among other matters.

The EEOC, tasked with enforcing federal laws against discrimination, generally responds to confidential complaints filed by workers against employers, and can file suit or seek private arbitration. Of roughly 90,000 complaints filed annually, a fraction result in a settlement or EEOC-led lawsuit. It is unclear whether the EEOC intends to take any action against Uber, which would be one of the agency's most prominent recent cases.

An anonymous reader shares a report: A prestigious college in Beijing that reportedly tried to bar a student because his father was on a government blacklist is causing huge controversy in China. According to state media reports, a high school student with the surname Rao in the eastern city of Wenzhou, in Zhejiang province, was accepted on the back of his score in China's fiendishly difficult and incredibly competitive national college entrance exam. But before his family could enjoy Rao's accomplishments, the college notified them he may not be able to attend because of his father's poor credit standing -- the father owed 200,000 RMB (about $30,000) to a local bank, and had been put on a blacklist dubbed the "lost trust list" for individuals with bad social standing, state media reported.

Blacklists are a key feature of China's controversial "social credit system" -- a set of government programs that sets up both incentives and disincentives to encourage people to behave in socially desirable ways. Social credit in today's China involves government programs that collect and analyze data from different parts of people's lives, including their education history, compliance with traffic rules, criminal history and debt. It has raised serious concerns over individual privacy rights.

Airbnb is facing fresh regulatory pressure in Europe. But this time it's not about the short-term home rental platform's core business model -- it's about its terms and conditions, and the way the company presents pricing to consumers. From a report: On Monday, the European Commission and a number of EU consumer watchdogs accused Airbnb of breaking consumer law. If the company does not change the way it operates by the end of August, then it could face legal action. Specifically, the regulators said Airbnb must show people total prices up-front that include all charges and fees, and it must clearly tell customers whether a property is being offered by a private host or a professional. The American company's terms and conditions are illegal under EU law for a variety of reasons, the regulators added. For example, the company tells people in the EU that they cannot sue a host in cases of personal harm or other damages, and it claims it can unilaterally change its terms and conditions without giving customers a warning and the option of cancelling their contracts. These sorts of terms might fly in the U.S., but they're banned in Europe.

devoid42 writes: In a Tampa courtroom, Judge Gregory Holder held William Montanez in contempt of court for failure to unlock a mobile device. What led to this was a frightening slippery slope that threatens our Fourth Amendment rights to the core. Montanez was stopped for failing to yield properly. After being pulled over, the officer asked to search his car; Montanez refused, so the officer held him until a drug dog was brought in to give the officer enough probable cause to search the vehicle. They found a misdemeanor amount of marijuana, which they used to arrest Montenez, but they asked to search his two cellphones, which he also refused. They were able to secure a warrant for those as well, but Montenez claimed he had forgotten his password. The result: Montanez is being held in contempt of court and is serving a six-month jail sentence.

An anonymous reader writes: "Login passwords for tens of thousands of Dahua devices have been cached inside search results returned by ZoomEye, a search engine for discovering Internet-connected devices (also called an IoT search engine)," reports Bleeping Computer. A security researcher has recently discovered that instead of just indexing IoT devices, ZoomEye is also sending an exploitation package to devices and caching the results, which also include cleartext DDNS passwords that allow an attacker remote access to these devices. Searching for the devices is trivial and simple queries can unearth tens of thousands of vulnerable Dahua DVRs. According to the security researcher who spotted these devices, the trick has been used in the past year by the author of the BrickerBot IoT malware, the one who was on a crusade last year, bricking unsecured devices in an attempt to have them go offline instead of being added to IoT botnets.

It seems like everyone these days has had a paranoiac moment where a website advertises something to you that you recently purchased or was gifted without a digital trail. According to a new website called New Organs, which collects first-hand accounts of these moments, "the feeling of being listened to is among the most common experiences, along with seeing the same ads on different websites, and being tracked via geo-location," reports The Outline. The website was created by Tega Brain and Sam Lavigne, two Brooklyn-based artists whose work explores the intersections of technology and society. From the report: "We are stuck in this 20th century idea of spying, of wiretapping and hidden microphones," said Brain. "But really there is this whole new sensory apparatus, a complicated entanglement of online trackers and algorithms that are watching over us." It is this new sensory apparatus that Brain and Lavigne metaphorically refer to as "new organs," as if the online surveillance framework used by social media platforms like Facebook has somehow transfigured into a semi-living organism. "These new organs don't actually need to listen to your voice to know that you like Japanese knives," Lavigne told me. "They actually have ways of coming to know things about you that we don't fully understand yet." In other words, these new methods of data collection have become so uncannily accurate in their knowledge of you as to occasionally feel indistinguishable from actual ears listening in on and understanding intimate conversations.

There are a few things that we do already know about these new "organs" of data processing, as defined by Brain and Lavigne. We know, for instance, that they have an insatiable appetite for personal data. They gather this by first tracking online activity, which is enough to tell them what people like, what they search for, what they listen to, what they read, where they're walking for dinner, and also, worryingly, who their friends are and what they like, read, purchase -- data that is gathered without their awareness. But, then, the organs also gather information purchased from commercial data brokers about people's offline lives, like how many credit cards they own, what their income is, and what they purchase when they go grocery shopping. And all of this information is triangulated with friends' data, because if they know what those dear to you are buying -- a Japanese knife, for instance -- there is a good chance that that person will be interested in that very same thing. The new organs process this enormous amount of information to break you down into categories, which are sometimes innocuous like, "Listens to Spotify" or "Trendy Moms," but can also be more sensitive, identifying ethnicity and religious affiliation, or invasively personal, like "Lives away from family." More than this, the new organs are being integrated with increasingly sophisticated algorithms, so they can generate predictive portraits of you, which they then sell to advertisers who can target products that you don't even know you want yet.

Tesla has confirmed to Jalopnik that its 200,000th vehicle has been delivered this month, meaning the full $7,500 federal tax credit for electric cars will slowly be phased out. Tesla is the first automaker to reach this mark. "GM is close, too, while Nissan, Ford, and others still have a ways to go," notes The Verge. From the report: Tesla customers who take delivery of their cars -- regardless of whether it's a Model S, X, or 3 -- between now and December 31st, 2018, will still be eligible for the full $7,500 credit from the IRS. Customers who take delivery of their cars between January 1st and June 30th, 2019, will only be eligible for a $3,750 credit. And customers who take delivery of their cars between July 1st and December 31st, 2019, will be offered just $1,875. After that, the incentive is dead.

Put in place early on in the Obama administration, the tax credit was seen as a tool that could be used to encourage customers to buy plug-in electric or hybrid vehicles. This would simultaneously help advance the president's climate and clean energy goals while offering consumers a bit of a break while the cost of battery technology slowly came down. It was also meant to encourage manufacturers to push for greater advancements in that technology. The dollar amount was technically flexible; it was essentially a $2,500 credit with room to increase up to $7,500 depending on the battery capacity of the car being sold. The better the battery in a company's car, the better the rebate their buyers would get.

An anonymous reader quotes a report from the Electronic Frontier Foundation: The latest country to consider a website blocking proposal is Japan, and EFF has responded to the call for comment by sharing all the reasons that cutting off websites is a terrible solution for copyright violations. In response to infringement of copyrighted material, specifically citing a concern for manga, the government of Japan began work on a proposal that would make certain websites inaccessible in Japan. In response to Japan's proposal, EFF explained that website blocking is not effective at the stated goal of protecting artists and their work. First, it can be easily circumvented. Second, it ends up capturing a lot of lawful expression. Blocking an entire website does not distinguish between legal and illegal content, punishing both equally. According to numerous studies, the best answer to the problem of online infringement is providing easy, lawful alternatives. Doing this also has the benefit of not penalizing legitimate expression the way blocking does. According to The Japan Times, the "emergency measure" would "encourage [ISPs] to restrict access to such 'malicious' websites 'on a voluntary basis' in order to protect the nation's famed manga and anime industries from free-riders."

"Non-compete clauses are common among professionals, justified by a variety of innocuous-sounding and apparently reasonable business reasons," writes Slashdot reader Beeftopia. "This story shows that, surprisingly, it is a very effective wage suppression mechanism as well, used in industries where it would seem unnecessary."

NPR reports: For many years, fast-food franchises agreed not to recruit or hire one another's workers within the same chain. These "no-poach agreements," as they are known, meant a worker couldn't get better pay or move up the ladder by going to another franchise. Bob Ferguson, Washington's attorney general, said such agreements are clearly illegal. "These no-poach clauses, I think, are an example of a rigged system," he said. "I think you're a worker, you have no idea this clause exists, you haven't signed it. And yet when you try to go to another business to improve your wages, you can't do it, because of this condition in a contract that you never signed..."

Princeton economist Alan Krueger says such restrictions make the labor market work inefficiently, keeping wages artificially low. "I think it's very hard to come up with a sound business justification for this practice, other than reducing competition for workers," he says.
Arby's, Carl's Jr., and five other fast food chains agreed "under pressure" to stop enforcing their non-compete agreements, while eight more chains are currently being investigated by a coalition of 11 state attorney generals. Massachusetts Attorney General Maura Healey reports that 80% of fast food workers are currently locked into non-compete agreements, according to Food & Wine magazine.

"Though a statement from the International Franchise Association argues that these agreements are necessary to keep employees from jumping ship before the expense to train them has been recouped, opponents of these clauses suggest the industrywide benefit of suppressing wages may be the real driving factor."

An anonymous reader quotes a report from The Daily Beast: The Trump Administration is planning to eliminate a vast trove of medical guidelines that for nearly 20 years has been a critical resource for doctors, researchers and others in the medical community. Maintained by the Agency for Healthcare Research and Quality [AHRQ], part of the Department of Health and Human Services, the database is known as the National Guideline Clearinghouse [NGC], and it's scheduled to "go dark," in the words of an official there, on July 16. "Guideline.gov was our go-to source, and there is nothing else like it in the world," King said, referring to the URL at which the database is hosted, which the agency says receives about 200,000 visitors per month. "It is a singular resource," Valerie King, a professor in the Department of Family Medicine and Director of Research at the Center for Evidence-based Policy at Oregon Health & Science University, added. [She] said the NGC is perhaps the most important repository of evidence-based research available.

Medical guidelines are best thought of as cheatsheets for the medical field, compiling the latest research in an easy-to use format. When doctors want to know when they should start insulin treatments, or how best to manage an HIV patient in unstable housing -- even something as mundane as when to start an older patient on a vitamin D supplement -- they look for the relevant guidelines. The documents are published by a myriad of professional and other organizations, and NGC has long been considered among the most comprehensive and reliable repositories in the world. AHRQ said it's looking for a partner that can carry on the work of NGC, but that effort hasn't panned out yet. Not even an archived version of the site will remain, according to an official at AHRQ.

The U.S. Commerce Department has lifted the export ban on Chinese telecommunications giant ZTE now that it has met all the terms required to get a full reprieve. "Officials confirmed that ZTE had put $400 million in escrow on top of other requirements, including the payment of a $1 billion fine, replacing key leadership and accepting outside monitors that will ensure it honors U.S. export controls," reports Engadget. From the report: Strictly speaking, this more of a probation -- as with the last time, the Commerce Department is suspending its ban rather than removing it entirely. The monitors will keep watch over ZTE during the entire 10-year period of the suspension, so it won't have much choice but to fly straight if it wants to avoid another ban. The earlier ban would have "only" lasted seven years. The Senate recently passed a bill that would reinstate U.S. sanctions on the company, but the White House has vowed to squash it before it becomes law.

According to a new paper from Oxford Internet Institute researchers Victoria Nash and Andrew Przybylski, internet filters rarely work to keep adolescents away from online porn. Basically, the filters are expensive and they don't work. "Internet filtering tools are expensive to develop and maintain, and can easily 'underblock' due to the constant development of new ways of sharing content. Additionally, there are concerns about human rights violations -- filtering can lead to 'overblocking', where young people are not able to access legitimate health and relationship information." TechCrunch reports: The researchers "found that Internet filtering tools are ineffective and in most cases [and] were an insignificant factor in whether young people had seen explicit sexual content." The study's most interesting finding was that between 17 and 77 households "would need to use Internet filtering tools in order to prevent a single young person from accessing sexual content" and even then a filter "showed no statistically or practically significant protective effects." The study looked at 9,352 male and 9,357 female subjects from the EU and the UK and found that almost 50 percent of the subjects had some sort of Internet filter at home. Regardless of the filters installed, subjects still saw approximately the same amount of porn.

An anonymous reader quotes a report from The Verge: Chinese authorities have arrested six suspects behind a World Cup gambling ring that was hosting more than 10 billion yuan -- or $1.5 billion USD -- worth of cryptocurrency bets, according to a statement released yesterday by the police department in Guangdong province. The gambling syndicate ran on the dark web, accepting bets in the form of bitcoin, ethereum, and litecoin for an eight-month stretch before being apprehended. It attracted more than 300,000 players from different countries, and 8,000 "agents" who earned commissions for recruiting new members through a pyramid scheme-like system, according to the South China Morning Post. The bust that took down the dark web syndicate was a part of China's larger plans to stem the criminal activity -- though this was the first to involve cryptocurrency, according to Guangdong law enforcement. Thus far, they've arrested 540 suspects and frozen more than 260 million yuan as a part of their efforts.

Earlier this month, The New York Times reported that a number of smart TV makers include services from companies that track a range of viewer information about their customers. Now, two Democratic US senators are asking the Federal Trade Commission to investigate privacy problems related to Internet-connected televisions. From a report: "Many Internet-connected smart TVs are equipped with sophisticated technologies that can track the content users are watching and then use that information to tailor and deliver targeted advertisements to consumers," Sens. Ed Markey (D-Mass.) and Richard Blumenthal (D-Conn.) wrote in a letter yesterday to FTC Chairman Joseph Simons. "Regrettably, smart TV users may not be aware of the extent to which their televisions are collecting sensitive information about their viewing habits." The letter asked the FTC to "launch an investigation into the privacy policies and practices of smart TV manufacturers." When contacted by Ars, an FTC spokesperson confirmed that the agency received the letter from Markey and Blumenthal, but the FTC offered no further comment.

Addressing a growing concern by privacy advocates and users alike over the usage of facial recognition by government bodies, Microsoft urged the US government on Friday to start thinking about what limits should be set on the use of such technologies. From a report: In a blog post, Microsoft also said it is consulting with outside groups to help set its own policies for how it will use and sell such technology. Face recognition can be used for a range of purposes, from reuniting missing kids to mass surveillance. Currently, there are few rules for those using or selling the technology. "The only effective way to manage the use of technology by a government is for the government proactively to manage this use itself," Microsoft president Brad Smith said in a blog post. "And if there are concerns about how a technology will be deployed more broadly across society, the only way to regulate this broad use is for the government to do so." For its own part, Smith said Microsoft is going to move slowly on commercial use of face recognition while it explores what its own policies should be.