"An American organization founded by tech giants Google and IBM is working with a company that is helping China's authoritarian government conduct mass surveillance against its citizens," the Intercept reports.

The OpenPower Foundation -- a nonprofit led by Google and IBM executives with the aim of trying to "drive innovation" -- has set up a collaboration between IBM, Chinese company Semptian, and U.S. chip manufacturer Xilinx. Together, they have worked to advance a breed of microprocessors that enable computers to analyze vast amounts of data more efficiently. Shenzhen-based Semptian is using the devices to enhance the capabilities of internet surveillance and censorship technology it provides to human rights-abusing security agencies in China, according to sources and documents. A company employee said that its technology is being used to covertly monitor the internet activity of 200 million people...

Semptian presents itself publicly as a "big data" analysis company that works with internet providers and educational institutes. However, a substantial portion of the Chinese firm's business is in fact generated through a front company named iNext, which sells the internet surveillance and censorship tools to governments. iNext operates out of the same offices in China as Semptian, with both companies on the eighth floor of a tower in Shenzhen's busy Nanshan District. Semptian and iNext also share the same 200 employees and the same founder, Chen Longsen. [The company's] Aegis equipment has been placed within China's phone and internet networks, enabling the country's government to secretly collect people's email records, phone calls, text messages, cellphone locations, and web browsing histories, according to two sources familiar with Semptian's work.
Promotional documents obtained from the company promise "location information for everyone in the country." One company representative even told the Intercept they were processing "thousands of terabits per second," and -- not knowing they were talking to a reporter -- forwarded a 16-minute video detailing their technology. "If a government operative enters a person's cellphone number, Aegis can show where the device has been over a given period of time: the last three days, the last week, the last month, or longer," the Intercept reports.

Joss Wright, a senior research fellow at the University of Oxford's Internet Institute, told the Intercept that "by any meaningful definition, this is a vast surveillance effort."

Read what the U.S. companies had to say about their involvement with Chinese surveillance technology:

PolygamousRanchKid quotes Reuters: A proposal to prevent big technology companies from functioning as financial institutions or issuing digital currencies has been circulated for discussion by the Democratic majority that leads the House Financial Services Committee, according to a copy of the draft legislation seen by Reuters. In a sign of widening scrutiny after Facebook Inc's (FB.O) proposed Libra digital coin aroused widespread objection, the bill proposes a fine of $1 million per day for violation of such rules....

Last week, U.S. President Donald Trump criticized Libra and other cryptocurrencies and demanded that companies seek a banking charter and make themselves subject to U.S. and global regulations if they wanted to "become a bank." His comments came after Federal Reserve Chairman Jerome Powell told lawmakers that Facebook's plan to build a digital currency called Libra could not move forward unless it addressed concerns over privacy, money laundering, consumer protection and financial stability.
The article concedes this proposal "would likely spark opposition" in the House and Senate, but adds that "Nevertheless, the draft proposal sends a strong message to large tech firms increasingly eyeing the financial services space."

The draft legislation's title? The "Keep Big Tech Out Of Finance Act."

America's FBI "wants to gather more information from social media," reports Engadget. Friday, it issued a call for contracts for a new social media monitoring tool. According to a request-for-proposals (RFP), it's looking for an "early alerting tool" that would help it monitor terrorist groups, domestic threats, criminal activity and the like.

The tool would provide the FBI with access to the full social media profiles of persons-of-interest. That could include information like user IDs, emails, IP addresses and telephone numbers. The tool would also allow the FBI to track people based on location, enable persistent keyword monitoring and provide access to personal social media history. According to the RFP, "The mission-critical exploitation of social media will enable the Bureau to detect, disrupt, and investigate an ever growing diverse range of threats to U.S. National interests."

But a tool of this nature is likely to raise a few red flags, despite the FBI's call for "ensuring all privacy and civil liberties compliance requirements are met."
Back in 2011 a video by The Onion jokingly described Facebook as "the massive online surveillance program run by the CIA." Looks like they had the right idea -- but the wrong government agency.

On Twitter the ACLU's senior staff attorney highlighted some key phrases from the FBI's request for proposals -- including "constant monitoring of social media platforms." He added that "They're not beating around the bush in terms of how pervasively they're monitoring social media content:"

At least 170 local or state government systems in America have been hit with ransomware, and the French Interior Ministry received reports of 560 incidents just in 2018, according to Phys.org. (Though the French ministry also notes that most incidents aren't reported.)

But when a government system is hit by ransomware, do they have a responsibility to pay the ransomware to restore their data -- or to not pay it? "You have to do what's right for your organization," said Gregory Falco, a researcher at Stanford University specializing in municipal network security. "It's not the FBI's call. You might have criminal justice information, you could have decades of evidence. You have to weigh this for yourself." Josh Zelonis at Forrester Research offered a similar view, saying in a blog post that victims need to consider paying the ransom as a valid option, alongside other recovery efforts.

But Randy Marchany, chief information security officer for Virginia Tech University, said the best answer is to take a hardline "don't pay" attitude. "I don't agree with any organization or city paying the ransom," Marchany said. "The victims will have to rebuild their infrastructure from scratch anyway. If you pay the ransom, the hackers give you the decryption key but you have no assurance the ransomware has been removed from all of your systems. So, you have to rebuild them anyway."

Victims often fail to take preventive measures such as software updates and data backups that would limit the impact of ransomware. But victims may not always be aware of potential remedies that don't involve paying up, said Brett Callow of Emsisoft, one of several security firms that offer free decryption tools. "If the encryption in ransomware is implemented properly, there is a zero chance of recovery unless you pay the ransom," Callow said. "Often it isn't implemented properly, and we find weaknesses in the encryption and undo it."

Callow also points to coordinated efforts of security firms including the No More Ransom Project, which partners with Europol, and ID Ransomware, which can identify some malware and sometimes unlock data.