An anonymous reader quotes a report from Wired: Findings published on Thursday by the security firm Check Point reveal that Alexa's Web services had bugs that a hacker could have exploited to grab a target's entire voice history, meaning their recorded audio interactions with Alexa. Amazon has patched the flaws, but the vulnerability could have also yielded profile information, including home address, as well as all of the "skills," or apps, the user had added for Alexa. An attacker could have even deleted an existing skill and installed a malicious one to grab more data after the initial attack. [...] For an attacker to exploit the vulnerabilities, they would need first to trick targets into clicking a malicious link, a common attack scenario. Underlying flaws in certain Amazon and Alexa subdomains, though, meant that an attacker could have crafted a genuine and normal-looking Amazon link to lure victims into exposed parts of Amazon's infrastructure. By strategically directing users to track.amazon.com -- a vulnerable page not related to Alexa, but used for tracking Amazon packages -- the attacker could have injected code that allowed them to pivot to Alexa infrastructure, sending a special request along with the target's cookies from the package-tracking page to skillsstore.amazon.com/app/secure/your-skills-page.

At this point, the platform would mistake the attacker for the legitimate user, and the hacker could then access the victim's full audio history, list of installed skills, and other account details. The attacker could also uninstall a skill the user had set up and, if the hacker had planted a malicious skill in the Alexa Skills Store, could even install that interloping application on the victim's Alexa account. Both Check Point and Amazon note that all skills in Amazon's store are screened and monitored for potentially harmful behavior, so it's not a foregone conclusion that an attacker could have planted a malicious skill there in the first place. Check Point also suggests that a hacker might be able to access banking data history through the attack, but Amazon disputes this, saying that information is redacted in Alexa's responses. "The security of our devices is a top priority, and we appreciate the work of independent researchers like Check Point who bring potential issues to us," an Amazon spokesperson told WIRED in a statement. "We fixed this issue soon after it was brought to our attention, and we continue to further strengthen our systems. We are not aware of any cases of this vulnerability being used against our customers or of any customer information being exposed."

Four cities in Indiana are suing Netflix and other video companies, claiming that online video providers and satellite-TV operators should have to pay the same franchise fees that cable companies pay for using local rights of way. Ars Technica reports: The lawsuit was filed against Netflix, Disney, Hulu, DirecTV, and Dish Network on August 4 in Indiana Commercial Court in Marion County. The cities of Indianapolis, Evansville, Valparaiso, and Fishers want the companies to pay the cable-franchise fees established in Indiana's Video Service Franchises (VSF) Act, which requires payments of 5 percent of gross revenue in each city.

The lawsuit is based on an unusual legal argument and doesn't seem likely to succeed. Essentially, the cities are claiming that Netflix and similar providers use the public rights of way simply by offering video streaming services over the Internet: "Defendants transmit video programming to Indiana subscribers using Internet protocol and other technologies. When doing so, Defendants transmit their programming through facilities located at least in part in public rights of way within the geographic boundaries of Indiana Units, including public rights of way located within Plaintiffs' geographic boundaries. Therefore, Defendants are required by the VSF Act to pay the Plaintiffs -- and all other Indiana Units in which Defendants transmit video programming through facilities located at least in part in a public right-of-way -- "franchise fees."

But streaming companies don't have to build physical infrastructure in each city to offer online video, so they aren't deploying their own wires on public rights of way. US law defines a cable system as "a facility, consisting of a set of closed transmission paths and associated signal generation, reception, and control equipment that is designed to provide cable service." Local franchising rules and fees are based on cities' authority to manage their local rights of way. Netflix, Hulu, and Disney+ are Internet-only services. Dish and DirecTV are primarily satellite operators but also offer online access. The cities' lawsuit never mentions the word "satellite" and doesn't fully explain how DirecTV and Dish use the public rights of way.

The website of Notepad++ is banned in China as of Monday, "obviously due to" its release of editions named "Free Uyghur" and "Stand with Hong Kong," the source code and text editor announced on Twitter. TechCrunch reports: First released in 2003 by France-based developer Don Ho, free-to-use Notepad++ operates on Windows and supports some 90 languages. In his release notices for the two editions, Ho openly voiced his concerns over "human rights" conditions, respectively in the Xinjiang autonomous region and Hong Kong. Tests by TechCrunch found that the Notepad++ ban only applies to its Download page -- which showcases the special editions and thus politically sensitive language -- when one tries to reach it from Chinese browsers developed by Tencent (QQ Browser and WeChat's built-in browser), Alibaba (UC Browser), 360 and Sogou. These services flag the page as containing content "prohibited" by local regulators.

Notepad++'s home page, on the other hand, remains unblocked through these local browsers. One can still access the full site from Chrome and DuckDuckGo in China. The ban began as early as August 12 when a user notified Ho of the ban, the developer told TechCrunch. He has never been contacted by any Chinese government authority and does not plan to take measures to cope with the website restriction.

Apple is expanding its program that provides parts, resources and training to independent repair shops to now include support for Mac computers. From a report: The repair program was first announced last fall, with the goal of making it easier for consumers to repair their out-of-warranty iPhones by allowing them to use third-party shops, including small businesses, that would now have access to official repair parts and other tools. The program was meant to complement Apple's existing network of over 5,000 Apple Authorized Service Providers, like Best Buy, which handle both in- and out-of-warranty repairs. To some extent, the program arose from consumer demand.

Many iPhone users were turning to unauthorized repair shops for a variety of reasons -- perhaps the shop was closer to their home, could fix their device more quickly, or offered more affordable repairs, for example. But this choice could result in an uneven consumer experience as the shops were locked out from using official Apple parts. Since its U.S. launch, the independent repair shop program expanded to over 140 businesses and over 700 new locations. This summer, Apple announced the program would now expand internationally as well, to both Europe and Canada.

Below its home page's search bar, Google is now warning everyone in Australia ominously that "The way Aussies search every day on Google is at risk from new Government regulation."

For more emphasis, Google even added the "hazard sign" symbol — a yellow triangle with an exclamation point, reports Gizmodo. "And in case you missed that, the website has also added a famously popular pop-up prompt that comes up during a search." After a year and a half of investigating, the ACCC, affectionately known as Australia's consumer watchdog, published a report last year that found that digital platforms had significant bargaining powers. News publishers, on the other hand, were a lot less powerful and this imbalance had significant adverse affects... In April this year, the Australian government asked Australia's consumer watchdog, the ACCC, to create some rules for a negotiation between news publishers and tech platforms... It laid out a process for negotiation and requirements that the platforms give more information to publishers...

In the letter, Google's ANZ Director Mel Silva claims that the code places free services — like Search, Gmail, Youtube — "at risk", seemingly implying that these services will be affected or may be discontinued if the draft code goes through. "A proposed law, the News Media Bargaining Code, would force us to provide you with a dramatically worse Google Search and YouTube, could lead to your data being handed over to big news businesses, and would put the free services you use at risk in Australia," she wrote...

In adding these warnings, the company is using its real estate on Australia's most visited website as a way to push back against negotiations that could force it to pay for its dominance.
UPDATE (8/17/2020): "The open letter published by Google today contains misinformation..." responds the Australian Competition and Consumer Commission.

American's National Security Agency (NSA) "has shared new guidance with U.S. military and intelligence personnel, suggesting they take additional precautions to safeguard their location data," reports Engadget. "The agency argues the information devices and apps collect can pose a national security threat."

Ars Technica reports: The National Security Agency is recommending that some government workers and people generally concerned about privacy turn off find-my-phone, Wi-Fi, and Bluetooth whenever those services are not needed, as well as limit location data usage by apps. "Location data can be extremely valuable and must be protected," an advisory stated. "It can reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose otherwise unknown associations between users and locations."

NSA officials acknowledged that geolocation functions are enabled by design and are essential to mobile communications. The officials also admit that the recommended safeguards are impractical for most users. Mapping, location tracking of lost or stolen phones, automatically connecting to Wi-Fi networks, and fitness trackers and apps are just a few of the things that require fine-grained locations to work at all. But these features come at a cost. Adversaries may be able to tap into location data that app developers, advertising services, and other third parties receive from apps and then store in massive databases. Adversaries may also subscribe to services such as those offered by Securus and LocationSmart, two services that The New York Times and KrebsOnSecurity documented, respectively. Both companies either tracked or sold locations of customers collected by the cell towers of major cellular carriers.

Not only did LocationSmart leak this data to anyone who knew a simple trick for exploiting a common class of website bug, but a Vice reporter was able to obtain the real-time location of a phone by paying $300 to a different service. The New York Times also published this sobering feature outlining services that use mobile location data to track the histories of millions of people over extended periods.

The advisory also warns that tracking often happens even when cellular service is turned off, since both Wi-Fi and Bluetooth can also track locations and beam them to third parties connected to the Internet or with a sensor that's within radio range.
Long-time Slashdot reader AmiMoJo shares some of the agency's other recommendations:

• Enter airplane mode when not using the device
• Minimize web browsing on your device and do not allow browsers to access location services
• Use an anonymous VPN
• Minimize location information stored in the cloud

Long-time Slashdot readers 93 Escort Wagon and schwit1 both shared the news that U.S. President Trump is "considering" a pardon for Edward Snowden, a former National Security Agency contractor who "leaked a trove of secret files in 2013 to news organizations that revealed vast domestic and international surveillance operations" carried out by the agency, according to Reuters: U.S. authorities for years have wanted Snowden returned to the United States to face a criminal trial on espionage charges brought in 2013. Snowden fled the United States and was given asylum in Russia... Trump's softening stance toward Snowden represents a sharp reversal. Shortly after the leaks, Trump expressed hostility toward Snowden, calling him "a spy who should be executed..."

Some civil libertarians have praised Snowden for revealing the extraordinary scope of America's digital espionage operations including domestic spying programs that senior U.S. officials had publicly insisted did not exist. But such a move would horrify many in the U.S. intelligence community, some of whose most important secrets were exposed.
In 2015 a petition with 100,000 signatures was submitted to the U.S. government seeking a pardon. But then-president Obama's Advisor on Homeland Security and Counterterrorism responded that "Mr. Snowden's dangerous decision to steal and disclose classified information had severe consequences for the security of our country and the people who work day in and day out to protect it," also arguing that Mr. Snowden had failed to accept the consequences of his actions. "He should come home to the United States, and be judged by a jury of his peers — not hide behind the cover of an authoritarian regime."

In 2016, then-president Obama insisted "I can't pardon somebody who hasn't gone before a court and presented themselves... I think that Mr. Snowden raised some legitimate concerns. How he did it was something that did not follow the procedures and practices of our intelligence community." But the New York Times disagreed. "Snowden told The Washington Post that he did report his misgivings to two superiors at the agency, showing them the volume of data collected by the NSA, and that they took no action," the Times wrote in an editorial pushing for clemency.

Others pushing for a pardon include Green Party presidential candidate Jill Stein, the American Civil Liberties Union, one million people who eventually signed another petition which was submitted to the White House — and Edward Snowden.

Slashdot reader Tekla Perry is also senior editor at IEEE Spectrum, and brings a story about San Diego's 3,300 "smart streetlights," each one equipped with "an Intel Atom processor, half a terabyte of storage, Bluetooth and Wi-Fi radios, two 1080p video cameras, two acoustical sensors, and environmental sensors that monitor temperature, pressure, humidity, vibration, and magnetic fields."

San Diego's smart streetlights were supposed to save money and inspire entrepreneurs to use streetlight sensor data to develop apps that would make the city a better place. The money savings didn't add up and the apps never emerged. Instead, the San Diego police realized the video data, intended to be processed at the edge by AI algorithms [and deleted after 5 days], could be tapped directly for law enforcement. Now consumer groups are looking to the city to pass legislation governing the use of data, and other cities are opting to avoid such issues by leaving cameras out of future intelligent lighting systems.
The first video accessed by police exonerated a person they'd arrested for murder in August of 2018. But over the next 10 months they'd accessed 99 more videos to investigate what they called "serious" crimes, a number climbing to up to 175 videos by early 2020. "The list included murders, sexual assaults, and kidnappings — but it also included vandalism and illegal dumping, which caused activists to question the city's definition of 'serious'..." according to IEEE Spectrum. "To date, San Diego police have tapped streetlight video data nearly 400 times, including this past June, during investigations of incidents of felony vandalism and looting during Black Lives Matter protests."

Morgan Currie, a lecturer in data and society at the University of Edinburgh, tells the site it's "a classic example of how data collection systems are easily retooled as surveillance systems, of how the capacities of the smart city to do good things can also increase state and police control."

Charter can charge Netflix and other online video streaming services for network interconnection despite a merger condition prohibiting the practice, a federal appeals court ruled today. From a report: The ruling [PDF] by the US Court of Appeals for the District of Columbia Circuit overturns two merger conditions that the Obama administration imposed on Charter when it bought Time Warner Cable and Bright House Networks in 2016. The FCC under Chairman Ajit Pai did not defend the merits of the merger conditions in court, paving the way for today's ruling. The case was decided in a 2-1 vote by a panel of three DC Circuit judges.

The lawsuit against the FCC seeking to overturn Charter merger conditions was filed by the Competitive Enterprise Institute (CEI), a free-market think tank, and four Charter users who claim they were harmed by the conditions. The FCC unsuccessfully challenged the suing parties' standing to sue, and it did not mount a legal defense of the conditions themselves. Though Charter did not file this lawsuit, the ISP separately asked the FCC to let the network-interconnection condition and a condition prohibiting data caps expire on May 18, 2021, two years earlier than scheduled. Today's court's ruling seems to render Charter's petition moot as far as the network-interconnection condition goes, but the court ruling did not overturn the data-cap prohibition.

TikTok's US employees are planning to file a lawsuit challenging a Trump administration executive order they say would make it illegal for their employer to pay them. From a report: Last week, President Donald Trump issued an executive order barring any US transactions with ByteDance, the Chinese company that owns TikTok, and its subsidiaries. The language of the order is broad, so it's unclear if it would bar TikTok from paying its employees. The Trump administration didn't respond to questions about how the order would impact TikTok's employees. The order, which would take effect Sept. 20, would effectively ban the short-form video app from operating in the US if ByteDance doesn't sell TikTok. Microsoft has acknowledged it's discussing a deal to buy TikTok's service in the US, Canada, Australia and New Zealand. Negotiations could be completed by Sept. 15, which is before the executive order's deadline.

Travelers heading to the US have many reasons to be cautious about their devices when it comes to privacy. A report released Thursday from the Department of Homeland Security provides even more cause for concern about how much data border patrol agents can pull from your phones and computers. From a report: In a Privacy Impact Assessment dated July 30, the DHS detailed its US Border Patrol Digital Forensics program, specifically for its development of tools to collect data from electronic devices. For years, DHS and border agents were allowed to search devices without a warrant, until a court found the practice unconstitutional in November 2019. In 2018, the agency searched more than 33,000 devices, compared to 30,200 searches in 2017 and just 4,764 searches in 2015. Civil rights advocates have argued against this kind of surveillance, saying it violates people's privacy rights.

The report highlights the DHS' capabilities, and shows that agents can create an exact copy of data on devices when travelers cross the border. According to the DHS, extracted data from devices can include: Contacts, call logs/details, IP addresses used by the device, calendar events, GPS locations used by the device, emails, social media information, cell site information, phone numbers, videos and pictures, account information (user names and aliases), text/chat messages, financial accounts and transactions, location history, browser bookmarks, notes, network information, and tasks list. The policy to retain this data for 75 years still remains, according to the report.

An anonymous reader quotes a report from TechCrunch: Several companies offering phone-spying apps -- known as "stalkerware" -- are still advertising in Google search results, despite the search giant's ban that took effect today, TechCrunch has found. These controversial apps are often pitched to help parents snoop on their child's calls, messages, apps and other private data under the guise of helping to protect against online predators. But some repurpose these apps to spy on their spouses -- often without their permission. It's a problem that the wider tech industry has worked to tackle. Security firms and antivirus makers are working to combat the rise of stalkerware, and federal authorities have taken action when app makers have violated the law.

One of the biggest actions to date came last month when Google announced an updated ads policy, effectively banning companies from advertising phone-snooping apps "with the express purpose of tracking or monitoring another person or their activities without their authorization." Google gave these companies until August 11 to remove these ads. But TechCrunch found seven companies known to provide stalkerware -- including FlexiSpy, mSpy, WebWatcher and KidsGuard -- were still advertising in Google search results after the ban took effect. Google did not say explicitly say if the stalkerware apps violated its policy, but told TechCrunch that it removed ads for WebWatcher. Despite the deadline, Google said that enforcement is not always immediate. "We recently updated our policies to prohibit ads promoting spyware for partner surveillance while still allowing ads for technology that helps parents monitor their underage children," said a Google spokesperson. "To prevent deceitful actors who try to disguise the product's intent and evade our enforcement, we look at several signals like the ad text, creative and landing page, among others, for policy compliance. When we find that an ad or advertiser is violating our policies, we take immediate action."

An appeals court ruled today that police use of facial recognition technology in the UK has "fundamental deficiencies" and violates several laws. Ars Technica reports: South Wales Police began using automated facial recognition technology on a trial basis in 2017, deploying a system called AFR Locate overtly at several dozen major events such as soccer matches. Police matched the scans against watchlists of known individuals to identify persons who were wanted by the police, had open warrants against them, or were in some other way persons of interest. In 2019, Cardiff resident Ed Bridges filed suit against the police, alleging that having his face scanned in 2017 and 2018 was a violation of his legal rights. Although he was backed by UK civil rights organization Liberty, Bridges lost his suit in 2019, but the Court of Appeal today overturned that ruling, finding that the South Wales Police facial recognition program was unlawful.

"Too much discretion is currently left to individual police officers," the court ruled. "It is not clear who can be placed on the watchlist, nor is it clear that there are any criteria for determining where AFR can be deployed." The police did not sufficiently investigate if the software in use exhibited race or gender bias, the court added. The South Wales Police in 2018 released data admitting that about 2,300 of nearly 2,500 matches -- roughly 92 percent -- the software made at an event in 2017 were false positives. The ruling did not completely ban the use of facial recognition tech inside the UK, but does narrow the scope of what is permissible and what law enforcement agencies have to do to be in compliance with human rights law. Other police inside the UK who deploy facial recognition technology will have to meet the standard set by today's ruling. That includes the Metropolitan Police in London, who deployed a similar type of system earlier this year.

An anonymous reader quotes a report from MarketWatch: TikTok skirted a privacy safeguard in Google's Android operating system to collect unique identifiers from millions of mobile devices, data that allows the app to track users online without allowing them to opt out, a Wall Street Journal analysis has found. The tactic, which experts in mobile-phone security said was concealed through an unusual added layer of encryption, appears to have violated Google policies limiting how apps track people and wasn't disclosed to TikTok users. TikTok ended the practice in November, the Journal's testing showed.

The identifiers collected by TikTok, called MAC addresses, are most commonly used for advertising purposes. The White House has said it is worried that users' data could be obtained by the Chinese government and used to build detailed dossiers on individuals for blackmail or espionage. In a statement, a spokesperson said the company is "committed to protecting the privacy and safety of the TikTok community. Like our peers, we constantly update our app to keep up with evolving security challenges." The company said "the current version of TikTok does not collect MAC addresses."

University of Michigan researchers recently published a study showing facial recognition technology in schools has limited efficacy and presents a number of serious problems. From a report: The research was led by Shobita Parthasarathy, director of the university's Science, Technology, and Public Policy (STPP) program, and finds the technology isn't just ill-suited to security purposes, it can actively promote racial discrimination, normalize surveillance, and erode privacy while marginalizing gender nonconforming students. The study follows the New York legislature's passage of a moratorium on the use of facial recognition and other forms of biometric identification in schools until 2022. The bill, a response to the Lockport City School District launching a facial recognition system, was among the first in the nation to explicitly regulate or ban use of the technology in schools. That development came after companies including Amazon, IBM, and Microsoft halted or ended the sale of facial recognition products in response to the first wave of Black Lives Matter protests in the U.S.

A U.S. appeals court on Tuesday reversed a lower court ruling against chip supplier Qualcomm in an antitrust lawsuit brought by the Federal Trade Commission. From a report: The United States Ninth Circuit Court of Appeals also vacated an injunction that would have required Qualcomm to change its intellectual property licensing practices. The decision amounted to a near complete victory for the San Diego company, the largest supplier of chips for mobile phones and also a key generator of wireless communications intellectual property and industry standards. Qualcomm was fighting a May 2019 decision by U.S. District Judge Lucy Koh in San Jose, California. That judge sided with antitrust regulators, writing that Qualcomm's practice of requiring phone makers to sign a patent license agreement before selling them chips "strangled competition" and harmed consumers.

A consumer advocacy group is suing Zoom and seeking millions of dollars in damages, accusing the company of misleading its users about the strength of its encryption protections. From a report: The nonprofit group Consumer Watchdog is also accusing the videoconferencing company of deceiving users about the extent of its links with China and the fact that some calls between people in North America were routed through servers in China. That raises the danger Beijing could steal or demand access to the contents of those calls, according to a copy of the lawsuit, which was shared exclusively with The Cybersecurity 202.

Those phony claims "lull[ed] consumers and businesses into a false sense of security" and helped Zoom to soar in popularity during the early months of the pandemic, according the lawsuit, which was filed late yesterday in Washington D.C. Superior Court. The consumer group fears that if Zoom isn't punished, other companies will be incentivized to make false claims about their security and privacy protections to attract users and stand out against competitors.

An anonymous reader quotes a report from Wired: Internet connectivity and cellular service in Belarus have been down since Sunday evening, after sporadic outages early that morning and throughout the day. The connectivity blackout, which also includes landline phones, appears to be a government-imposed outage that comes amid widespread protests and increasing social unrest over Belarus' presidential election Sunday. The ongoing shutdown has further roiled the country of about 9.5 million people, where official election results this morning indicated that five-term president Aleksandr Lukashenko had won a sixth term with about 80 percent of the vote. Around the country, protests against Lukashenko's administration, including criticisms of his foreign policy and handling of the Covid-19 pandemic, grew in the days leading up to the election and exploded on Sunday night. The government has responded to the protests by mobilizing police and military forces, particularly in Minsk, the capital. Meanwhile, opposition candidates and protesters say the election was rigged and believe the results to be illegitimate.

On Monday, Lukashenko said in an interview that the internet outages were coming from abroad, and were not the result of a Belarusian government initiative. Belarus' Community Emergency Response Team, or CERT, in a statement on Sunday blamed large distributed denial-of-service attacks, particularly against the country's State Security Committee and Ministry of Internal Affairs, for causing "problems with equipment." The Belarusian government-owned ISP RUE Beltelecom said in a statement Monday that it is working to resolve the outages and restore service after "multiple cyberattacks of varying intensity." Outside observers have met those claims with skepticism. "The truth of what's going on in Belarus isn't really knowable right now, but there's no indication of a DDoS attack. It can't be ruled out, but there's no external sign of it that we see," says Alp Toker, director of the nonpartisan connectivity tracking group NetBlocks. After midnight Sunday, NetBlocks observed an outage that went largely unnoticed by the Belarus population, given the hour, but the country's internet infrastructure became increasingly wobbly afterward. "Then just as polls are opening in the morning, there are more disruptions, and those really continue and progress," says Toker. "Then the major outage that NetBlocks detected started right as the polls were closing and is ongoing."

The disruption extended even to virtual private networks -- a common workaround for internet outages or censorship -- most of which remain unreachable. "Belarus hasn't had a lot of investment in circumvention technologies, because people there haven't needed to," Toker says. Meanwhile, there are a few anecdotal indications that the outages were planned, and even possibly that the government warned some businesses and institutions ahead of time. A prescient report on Saturday from the Russian newspaper Moskovsky Komsomolets included an interview with a salesperson who warned journalists attempting to buy SIM cards that the government had indicated widespread connectivity outages might be coming as soon as that night.

An anonymous reader quotes a report from The Hill: The Environmental Protection Agency (EPA) will sign and issue new rules this week that will get rid of certain methane gas emission requirements for oil and gas producers, The Wall Street Journal reported Monday. Unidentified administration officials told the newspaper that the new rules will include getting rid of requirements for producers to have systems and processes to find methane leaks. They will also end EPA oversight of smog and emissions from pipelines and storage sites and lessen monitoring and reporting requirements for certain pollutants, the Journal reported. The new rules have most of the major elements of proposals from 2018 and 2019, according to the newspaper.

In 2019, the agency proposed eliminating requirements for oil and gas companies to install technology for monitoring methane emissions from pipelines, wells and facilities. In 2018, it proposed reducing the frequency of monitoring methane emissions of oil and gas wells to every two years and compressor stations that help transport natural gas to just once a year. However, the Journal reported Monday that the administration would forgo the measures that would have reduced the inspection frequency due to difficulty in justifying them legally.

A California judge ruled that Uber and Lyft must classify their drivers as employees in a stunning preliminary injunction issued Monday afternoon. The Verge reports: The injunction is stayed for 10 days, however, giving Uber and Lyft an opportunity to appeal the decision. Uber said it planned to file an immediate emergency appeal to block the ruling from going into effect. [...] Drivers' groups hailed the ruling as forward progress in their fight to upend Uber and Lyft. "Today's ruling affirms what California drivers have long known to be true: workers like me have rights and Uber and Lyft must respect those rights," Mike Robinson, a Lyft driver and member of the Mobile Workers Alliance, a group of Southern California drivers, said in a statement.

But Uber maintains this ruling will result in fewer jobs during a global pandemic that is putting strain on the state's economic conditions. "The vast majority of drivers want to work independently, and we've already made significant changes to our app to ensure that remains the case under California law," an Uber spokesperson said. "When over 3 million Californians are without a job, our elected leaders should be focused on creating work, not trying to shut down an entire industry during an economic depression." A Lyft spokesperson agreed. "Drivers do not want to be employees, full stop," the spokesperson said. "We'll immediately appeal this ruling and continue to fight for their independence. Ultimately, we believe this issue will be decided by California voters and that they will side with drivers." Earlier today in an op-ed via The New York Times, Uber CEO Dara Khosrowshahi said lawmakers should require gig economy companies to create benefits funds, which would "give workers cash that they can use for the benefits they want, like health insurance or paid time off."

An anonymous reader quotes a report from The Intercept: Documents published in the BlueLeaks trove, which was hacked by someone claiming a connection to Anonymous and published by the transparency collective Distributed Denial of Secrets, show the information that TikTok shared with U.S. law enforcement in dozens of cases. Experts familiar with law enforcement requests say that what TikTok collects and hands over is not significantly more than what companies like Amazon, Facebook, or Google regularly provide, but that's because U.S. tech companies collect and hand over a lot of information. The documents also reveal that two representatives with bytedance.com email addresses registered on the website of the Northern California Regional Intelligence Center, a fusion center that covers the Silicon Valley area. And they show that the Federal Bureau of Investigation and Department of Homeland Security actively monitored TikTok for signs of unrest during the George Floyd protests.

The number of requests for subscriber information that TikTok says it receives from law enforcement is significantly lower than what U.S. tech giants reportedly field, likely because police are more accustomed to using data from U.S. companies and apps in investigations. TikTok enumerates its requests from law enforcement in a biannual transparency report, the most recent of which says that for the last half of 2019, the company received 100 requests covering 107 accounts. It handed over information in 82 percent of cases. Facebook, by contrast, says it received a whopping 51,121 requests over the same period, and handed over at least some data in 88 percent of cases. A 2018 document found in BlueLeaks titled "Law Enforcement Technology Investigations Resource Guide" gives police details on how to obtain records from Musical.ly, which was acquired by ByteDance and merged into TikTok that year. "In the releases shown in BlueLeaks, TikTok handed over multiple IP addresses, information about the devices used to register for accounts, cellphone numbers, and unique IDs tied to platforms including Instagram, Facebook, or Google if the user logged in using a social media account," the report adds.

"It is unclear whether these data releases were in response to warrants, subpoenas, or other requests, and the company would not give details, citing user privacy. The accounts for which TikTok handed over data in the BlueLeaks dump range from influencers with tens of thousands of followers to people who primarily post for friends."

In a legal filing, says Apple: Consumers encountering Applicant's Mark are likely to associate the mark with Apple. Applicant's Mark consists of a minimalistic fruit design with a right-angled leaf, which readily calls to mind Apple's famous Apple Logo and creates a similar commercial impression, as shown in the following side-by-side comparison. John Gruber, writing at DaringFireball: Here's the comparison. I could actually see this being a reasonable objection if Prepear were selling computers or phones or watches. But they're a recipe app. Their logo clearly looks like a pear, not an apple, and their pear does not even look like an Apple-logo-like pear. Back in the old days Apple didn't even pursue legal action against the Banana Junior series of personal computers, and their logo was a six-color banana.

With SoftBank's Masayoshi Son trying to sell ARM, a columnist for the Observer newspaper has a suggestion for the U.K. government (and specifically Brexit Tories), calling the Cambridge-based company "a kind of public-interest commercial company: licensing state-of-the art instruction sets that can be implemented in silicon architecture by everyone. It was in nobody's pocket." Its business, as its chief founder, Tudor Brown, acknowledges, relied on it never betraying its neutrality... A future owner could almost trash Arm in the pursuit of its own commercial ends. Nvidia, reported to be in advanced talks with Son, is just such a possible owner. Rooted in the games industry, it has found to its surprise that its processing units are much in demand as artificial intelligence applications mushroom. Son wanted to sell Arm to an industry coalition that might protect the company's independence and business model. None could be found, so, desperate for cash, given a string of failed and written-down investments (WeWork, Uber etc), he is now having to sup with a buyer that can only destroy Arm.

Nvidia's ambitions are scarcely hidden. Once it owns Arm it will withdraw its licensing agreements from its competitors, notably Intel and Huawei, and after July next year take the rump of Arm to Silicon Valley, just as Google has done with the British AI company DeepMind. Arm, and Britain's hopes to be a player in hi-tech, will be dead.

Ownership is fundamental and the lesson of the story is that unless Britain creates the legal, cultural and institutional framework allowing companies such as Arm (or DeepMind) to have anchor shareholders — or simply allowing founder shareholders to have powerful differential voting rights as in the U.S. and Canada — we are condemned to inferiority. But even now Britain could act. The government could offer a foundational investment of, say, £3bn-£5bn and invite other investors — some industrial, some sovereign wealth funds, some commercial asset managers — to join it in a coalition to buy Arm and run it as an independent quoted company, serving the worldwide tech industry... if Britain is to develop an industrial strategy, this is how it must act...

A successful capitalism is always about framing innovative private dynamism within a fit-for-purpose regulatory and ownership architecture designed by the state, a reality that neither major party has ever understood. The open question is whether Brexit Tories, forced by reality, might change. This kind of audacious deal could appeal to Johnson and Cummings, a statement of intent to match China in our commitment to a decisive presence in 21st-century hi-tech.

Brexit was meant to give Britain the freedom to make this kind of move.

Richard Stallman gave a new interview to the site Cointelegraph, which asked him his feelings about cryptocurrencies. "I'm not against them," Stallman answers "I'm not campaigning to eliminate them, I just don't particularly want to use them."

Cointelegraph then asks Stallman how he feels about tests underway for the Chinese government's own central bank digital currency: Richard Stallman: "Digital payment systems are fundamentally dangerous if they are not engineered to ensure privacy. China is the enemy of privacy. China shows what totalitarian surveillance is like. I consider that hell on earth. That's part of why I haven't used cryptocurrencies that are issued by the community. If the cryptocurrency is issued by a government, it would surveille people just the way credit cards do and PayPal does, and all those other systems meaning completely unacceptable."
Stallman later says "I don't do any kind of digital payments, and the reason is the systems that exist do not respect the user's privacy, and that includes Bitcoin. Every Bitcoin transaction is published." But when Cointelegraph asks about various Bitcoin modifications designed for privacy, Stallman answers "I am not convinced about them." Richard Stallman: In any case, the GNU project has developed something much better, which is GNU Taler. GNU Taler is not a cryptocurrency. It is not a currency at all. It is a payment system designed to be used for anonymous payments to businesses to buy something. It is anonymous through a blind signature for the payer. However, the payee has to identify itself for every purchase in order to get money out of the system. So the idea is you can use your bank account to get Taler Tokens, and you can spend them and the payee won't be able to tell who you are.

It won't be able to tell that you got the token from a particular bank account at a particular time, even though you did so. To convert your payment into money in its own bank, the store (the payee) will have to identify itself. So this gives privacy in a much more reliable way than cryptocurrencies do, and it blocks the idea of using this system to enable tax evasion.

GNU Taler recently had an exciting milestone. A few months ago the eurozone banking system became interested in supporting Taler payments, and just recently they succeeded using a test setup in obtaining Taler tokens with one bank account and paying them to another bank account through the Taler system. Now, it's not something that anybody can use but it will be, and that will be really exciting.
And in response to a question about Facebook's "Libra" digital currency project, Stallman says he hasn't study the details "because the most important thing about it I already know. It's connected with Facebook, and Facebook means surveillance.

"I urge people to join me in absolutely refusing to use Facebook or rather be used by Facebook. Because Facebook doesn't have users. Facebook has used. So don't be a sucker, don't be used by Facebook."

Bloomberg looks at some interesting local currency programs that have been implemented around the world. And in at least one case money "is literally being made from trees" — the wooden dollars being printed in a small city in the northwest U.S. and distributed to the needy in monthly stipends.

"We preach localism and investing in our local community," says mayor Wayne Fournier, "and the idea with this scheme is that we'll stand together as a community and provide relief to individuals that need it while fueling consumption." Since the launch in May, cities from Arizona to Montana and California have been in contact with Tenino for advice about starting their own local currencies. "We have no idea what is going to happen next in 2020," adds Fournier. "But cities like ours need to come up with niche ways to be sustainable without relying on the larger world..."

As in Tenino, the Brazilian city of Maric, in Rio de Janeiro state, combines a local currency with a basic income program. Around 80,000 residents, nearly half of the population, receive 130 reais ($35) each per month, without any conditions about how they can spend the money. Launched in 2014, the money is distributed in "Mumbuca," the city's local currency, which is not accepted in the rest of Brazil. "This can become a model on how a city can efficiently disburse social benefits during the pandemic, supporting poor families while they stay at home and also small business during the crisis," says Eduardo Diniz, professor of banking and technology at the São Paulo School of Business Administration, who has been researching public policies using community currencies since 2014...

Inspired by blockchain technology, England's northern city of Hull created the world's first digital-only local currency in 2018, providing discounts of up to 50% on goods and services for those that did voluntary work with local organizations.

A similar Dutch project, Samen Doen, rewards those who carry out socially beneficial activities such as caring for the elderly.

"The Wall Street Journal said it had obtained a Qualcomm presentation lobbying the U.S. government to remove restrictions and let it sell Snapdragon processors to Huawei," reports Engadget: The ban won't prevent Huawei from obtaining necessary parts and could just drive "billions of dollars" of U.S. sales to foreign chip makers like MediaTek and Samsung, Qualcomm reportedly said — lifting the chip ban would theoretically help American companies stay competitive.

There could be a "rapid shift in 5G chipset market share" if Qualcomm is restricted while its foreign rivals aren't, Qualcomm said.

An anonymous reader quotes long-time technology pundit Robert Cringely: Forty-five days from now, we're told, President Trump will shut down TikTok and WeChat. TikTok, maybe, but WeChat? Impossible...

Trump has a chance of taking down TikTok, the short form video sharing site, because that service is dependent on advertising. He can force the app out of U.S. app stores (though not out of foreign ones) and he can cut off the flow of ad dollars... at least those dollars that flow through American pockets. But there are workarounds, I'm sure, even for TikTok and 45 days is a lot of time to come up with them. So maybe the service will be sold to Microsoft or maybe not. In either case I'm sure TikTok will survive in some form.

WeChat, on the other hand, will thrive.

WeChat, if you haven't used it, is the mobile operating system for China. It's an app platform in its own right that is used for communication, entertainment, and commerce. Imagine Facebook, LinkedIn, PayPal, Venmo, Skype, Uber, Gmail and eBay all in a single application. That's WeChat. It's even a third-party application platform, so while U.S. banks operate on the Internet, Chinese banks operate on WeChat. Shutting WeChat down in the U.S. would be a huge blow to WeChat's parent company, TenCent, and a huge blow to the Chinese diaspora. Except it won't work.

To defeat President Trump, all WeChat users need is a Virtual Private Network and any WeChat users already in the U.S. already have a VPN to defeat the much more formidable Great Firewall of China.

"Anyone in the United States who held a Google Plus account between January 1, 2015 and April 2, 2019, and believes they were impacted by a security flaw that Google disclosed in 2018 can now register for a payout from a class action settlement..." reports the Verge.

"Each class action member is eligible for a payout of up to $12 after attorney fees and other costs are accounted for, although this could vary depending on the number of people who submit a claim." Although it's reached a settlement, Google denies the allegations made in the lawsuit. It denies any wrongdoing, and believes that no users "sustained any damages or injuries due to the software bugs."

If you're interested in making a claim, then you can do so over on the settlement's website, where you'll need to provide the email address associated with your Google Plus account. As well as holding an account between the dates listed, your data must have been exposed as part of the security lapse (Google has previously said that as many as 500,000 users were affected). A final fairness hearing is scheduled for November 19.
Google has set aside $7.5 million to handle all costs associated with the settlement, according to the claims page at GooglePlusDataLitigation.com.

"If you submit a Valid Claim by October 8, 2020, you may receive a payment. You will also give up your rights to sue Google and/or any other released entities regarding the legal claims in this case."

Axios reports: New Zealand has now gone 100 days with no detected community spread of COVID-19, the Ministry of Health confirmed in an emailed statement Sunday afternoon local time... Prime Minister Jacinda Ardern has been widely praised for her leadership that saw New Zealand lock down hard for several weeks before all domestic restrictions were lifted in June...

New Zealand has 23 active coronavirus cases. All are NZ residents newly returned from abroad, who are staying in managed isolation facilities. The border remains closed to non-residents and all newly-returned Kiwis must undergo a two-week isolation program managed by the country's defense force... Police are stationed outside hotels where travelers are in quarantine.

China's Great Firewall "is now blocking HTTPS connections set up via the new TLS 1.3 encryption protocol and which use ESNI (Encrypted Server Name Indication)," reports ZDNet: The block has been in place for more than a week, according to a joint report authored by three organizations tracking Chinese censorship — iYouPort, the University of Maryland, and the Great Firewall Report. ZDNet also confirmed the report's findings with two additional sources — namely members of a U.S. telecommunications provider and an internet exchange point (IXP) — using instructions provided in a mailing list...

The reason for the ban is obvious for experts. HTTPS connections negotiated via TLS 1.3 and ESNI prevent third-party observers from detecting what website a user is attempting to access. This effectively blinds the Chinese government's Great Firewall surveillance tool from seeing what users are doing online.

There is a myth surrounding HTTPS connections that network observers (such as internet service providers) cannot see what users are doing. This is technically incorrect. While HTTPS connections are encrypted and prevent network observers from viewing/reading the contents of an HTTPS connection, there is a short period before HTTPS connections are established when third-parties can detect to what server the user is connecting. This is done by looking at the HTTPS connection's SNI (Server Name Indication) field.

In HTTPS connections negotiated via older versions of the TLS protocol (such as TLS 1.1 and TLS 1.2), the SNI field is visible in plaintext.

Bill Gates gave a wide-ranging new interview to Wired's Steven Levy (also republished at Ars Technica.) The interview's first question: as a man who'd been warning about a pandemic for years, are you disappointed with the response of the United States? Bill Gates: Yeah. There's three time periods, all of which have disappointments. There is 2015 until this particular pandemic hit. If we had built up the diagnostic, therapeutic, and vaccine platforms, and if we'd done the simulations to understand what the key steps were, we'd be dramatically better off. Then there's the time period of the first few months of the pandemic, when the U.S. actually made it harder for the commercial testing companies to get their tests approved, the CDC had this very low volume test that didn't work at first, and they weren't letting people test. The travel ban came too late, and it was too narrow to do anything. Then, after the first few months, eventually we figured out about masks, and that leadership is important... [America's Centers for Disease Control and Prevention] have basically been muzzled since the beginning. We called the CDC, but they told us we had to talk to the White House a bunch of times. Now they say, "Look, we're doing a great job on testing, we don't want to talk to you." Even the simplest things, which would greatly improve this system, they feel would be admitting there is some imperfection and so they are not interested.

Wired: Do you think it's the agencies that fell down or just the leadership at the top, the White House?

Bill Gates: We can do the postmortem at some point. We still have a pandemic going on, and we should focus on that....

Wired: At this point, are you optimistic?

Bill Gates: Yes. You have to admit there's been trillions of dollars of economic damage done and a lot of debts, but the innovation pipeline on scaling up diagnostics, on new therapeutics, on vaccines is actually quite impressive. And that makes me feel like, for the rich world, we should largely be able to end this thing by the end of 2021, and for the world at large by the end of 2022. That is only because of the scale of the innovation that's taking place...

This disease, from both the animal data and the phase 1 data, seems to be very vaccine preventable.
Gates also believes the government shouldn't allow encryption to hide "lies or fraud or child pornography" on apps like Facebook Messenger or WhatsApp -- prompting the interviewer to ask whether he's talked to his friend Mark Zuckerberg about it. "After I said this publicly, he sent me mail. I like Mark, I think he's got very good values, but he and I do disagree on the trade-offs involved there..."

Gates also thought today's tech executives got off easy with five hours of testifying before a Congressional subcommittee as a group of four. "Jesus Christ, what's the Congress coming to? If you want to give a guy a hard time, give him at least a whole day that he has to sit there on the hot seat by himself! And they didn't even have to get on a plane...!"

Gates added later that "there are a lot of valid issues, and if you're super-successful, the pleasure of going in front of the Congress comes with the territory."

The BBC reports: U.S. Secretary of State Mike Pompeo says he wants a "clean" internet. What he means by that is he wants to remove Chinese influence, and Chinese companies, from the internet in the U.S.

But critics believe this will bolster a worrying movement towards the breaking up of the global internet.

The so called "splinternet" is generally used when talking about China, and more recently Russia. The idea is that there's nothing inherent or pre-ordained about the internet being global. For governments that want to control what people see on the internet, it makes sense to take ownership of it. The Great Firewall of China is the best example of a nation putting up the internet equivalent of a wall around itself. You won't find a Google search engine or Facebook in China.

What people didn't expect was that the U.S. might follow China's lead.
They're reacting to U.S. president Trump's executive order to block all transactions with TikTok's parent company (starting September 20) to "address the national emergency with respect to the information and communication technology supply chain." An opinion piece in the New York Times calls the move a "foolish and dangerous edict" that's "deeply misguided and unproductive" which suggests that "the United States, like China, no longer believes in a global internet." In the BBC's article Alan Woodward, a security expert at the University of Surrey, calls the U.S. decision "shocking."

"The U.S. government has for a long time criticised other countries for controlling access to the internet⦠and now we see the Americans doing the same thing."

An anonymous reader quotes a report from Bloomberg: U.S. President Donald Trump's decision to ban dealings with ByteDance, owner of video-sharing sensation TikTok, appears to codify what his administration has already been warning. A second edict targeting messaging app WeChat and its parent, Tencent, seems weirdly overdue. The executive orders issued by the White House go beyond stopping average Americans from becoming unwitting spies for the Communist Party through their postings and data. The implications could hurt not only the Chinese targets, but the U.S. companies they work with, including Apple and Alphabet's Google.

Though TikTok and WeChat have been getting all the recent attention, the orders state that American companies cannot work with ByteDance or Tencent (though an unnamed U.S. official later stated that Tencent transactions were still OK). That clarification notwithstanding, the wording of the orders does imply that regardless of intention such bans could extend further, to include Americans advertising on dozens of products offered by either Chinese company, or to selling them cloud-storage services, or perhaps the most nuclear option: distributing their apps, even within China. [...] Even though Chinese smartphone brands dominate their domestic market, iOS and Android remain the dominant platforms and Apple and Google cover almost the entire global ecosystem with their respective app stores. If they can't do business with ByteDance, for example, even after a TikTok spin off, then the Beijing company might be unable to distribute its own apps, even within China.

An anonymous reader quotes a report from Bloomberg Law: The U.S. government charges too much for access to an electronic database of federal court records, the Federal Circuit ruled in a decision curbing a revenue stream the court system uses to help fund other programs. The U.S. Court of Appeals for the Federal Circuit affirmed a lower court's decision that the government was not authorized under federal law to spend $192 million in Public Access to Court Records system fees on court technology projects. The lower court "got it just right" when it limited the government's use of PACER revenues to the costs of operating the system, the court said in a precedential opinion Thursday.

"We agree with plaintiffs and amici that the First Amendment stakes here are high," the court said. But it said it doesn't foresee the lower court's interpretation "as resulting in a level of user fees that will significantly impede public access to courts." The ruling is a win for public access to court information, as PACER fees will go down if the ruling withstands a possible government appeal. But access still won't be free, despite calls for the government to stop charging for it. The Federal Circuit said it was up to Congress to decide whether to require free access. Challengers said PACER fees were too high, while the government said the middle ground reached by the lower court made the fees too low. Fees for downloading a copy of a filing run 10 cents per page, up to $3 per document. The Administrative Office of the U.S. Courts collected more than $145 million in fees in 2014 alone, according to the complaint in the case. Under a 2020 change to the fee waiver rules, about 75% of users pay nothing each quarter.

The therapy-by-text company Talkspace -- which has raised more than $100 million from investors -- made burner phones available for fake reviews and doesn't adequately respect client privacy, former employees say. From a report: The app launched in 2014 to positive press but lukewarm customer reviews, with ratings of about three stars out of five on both the Google and Apple app stores, according to a Times analysis. Users complained about glitchy software and unresponsive therapists. In 2015 and 2016, according to four former employees, the company sought to improve its ratings: It asked workers to write positive reviews. One employee said that Talkspace's head of marketing at the time asked him to compile 100 fake reviews in a Google spreadsheet, so that employees could submit them to app stores. Mr. Lori (an ex-employee) said that Talkspace gave employees "burner" phones to help evade the app stores' techniques for detecting false reviews. "They said, 'Don't do it here. Do it at home. Give us five-star ratings because we have too many bad reviews,'" Mr. Lori said.

Mr. Reilly, the Talkspace lawyer, disputed this account, saying that employees were free to write reviews any way they liked. "We alerted employees if they were to leave a review, to do it from their personal phones -- not from the Talkspace office network, as that would cause issues with the app store," Mr. Reilly said in an emailed statement. "To be clear: We have never used fake identities or encouraged anybody to do so; there is no event involving 'burner' phones, and the idea in and of itself is nonsensical relative to the large number of reviews outstanding."

A small U.S. company with ties to the U.S. defense and intelligence communities has embedded its software in numerous mobile apps, allowing it to track the movements of hundreds of millions of mobile phones world-wide, The Wall Street Journal reported Friday, citing people familiar with the matter and documents it reviewed. From the report: Anomaly Six, a Virginia-based company founded by two U.S. military veterans with a background in intelligence, said in marketing material it is able to draw location data from more than 500 mobile applications, in part through its own software development kit, or SDK, that is embedded directly in some of the apps. An SDK allows the company to obtain the phone's location if consumers have allowed the app containing the software to access the phone's GPS coordinates. App publishers often allow third-party companies, for a fee, to insert SDKs into their apps. The SDK maker then sells the consumer data harvested from the app, and the app publisher gets a chunk of revenue. But consumers have no way to know whether SDKs are embedded in apps; most privacy policies don't disclose that information.

Anomaly Six says it embeds its own SDK in some apps, and in other cases gets location data from other partners. Anomaly Six is a federal contractor that provides global-location-data products to branches of the U.S. government and private-sector clients. The company told The Wall Street Journal it restricts the sale of U.S. mobile phone movement data only to nongovernmental, private-sector clients. Numerous agencies of the U.S. government have concluded that mobile data acquired by federal agencies from advertising is lawful. Several law-enforcement agencies are using such data for criminal-law enforcement, the Journal has reported, while numerous U.S. military and intelligence agencies also acquire this kind of data.

According to The Verge, "President Trump has signed a new executive order which will block all transactions with Bytedance, TikTok's parent corporation, in an effort to 'address the national emergency with respect to the information and communication technology supply chain.'" From the report: The move comes after months of escalating tensions, which saw Secretary of State Mike Pompeo and others at the White House warn that TikTok presented a national security threat because of its Chinese ownership. Microsoft is currently in talks to acquire portions of the app, aimed to be complete by September 15th. Trump's new order is set to take effect in 45 days, just after the September 15th deadline set for negotiations in the Microsoft sale.

Another order banned transactions with WeChat, a popular texting app in China that has maintained a limited U.S. user base focused on recent Chinese immigrants. In both orders, the president names the International Emergency Economic Powers Act as authority for the move, as well as the National Emergencies Act -- effectively naming TikTok's continued operation within the United States as a national emergency. Such a move is highly unusual, and will likely be subject to a legal challenge.

Following a report revealing the California DMV was making $50 million annually from selling drivers' information, a group of nearly a dozen lawmakers on Wednesday wrote a letter looking for answers. Motherboard reports: "What information is being sold, to whom it is sold, and what guardrails are associated with the sale remain unclear," the letter, signed by congress members including Ted Lieu, Barbara Lee, and Mike Thompson, as well as California Assembly members Kevin Mullin and Mark Stone, reads. Specifically, the letter asks what types of organizations has the DMV disclosed drivers' data to in the past three years. Motherboard has previously reported on how other DMVs around the country sold such information to private investigators, including those hired to spy on suspected cheating spouses. In an earlier email to Motherboard, the California DMV said data requesters may include insurance companies, vehicle manufacturers, and prospective employers.

The information sold in general by DMVs includes names, physical addresses, and car registration information. Multiple other DMVs previously confirmed they have cut-off access to some clients after they abused the data. On Wednesday, the California DMV said in an emailed statement, "The DMV does not sell driver information for marketing purposes or to generate revenue outside of the cost of administering its requester program -- which only provides certain driver and vehicle related information as statutorily required."

"The DMV takes its obligation to protect personal information very seriously. Information is only released according to California law, and the DMV continues to review its release practices to ensure information is only released to authorized persons/entities and only for authorized purposes. For example, if a car manufacturer is required to send a recall notice to thousands of owners of a particular model of car, the DMV may provide the car manufacturer with information on California owners of this particular model through this program," the statement added.

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission today voted unanimously to lower the prices inmates pay for phone calls from prisons and jails, but the organization reiterated its position that state governments must take action to lower prices on the majority of inmate calls. Today's action is a proposal to "substantially reduce [the FCC's] interstate rate caps -- currently $0.21 per minute for debit and prepaid calls and $0.25 per minute for collect calls -- to $0.14 per minute for debit, prepaid, and collect calls from prisons, and $0.16 per minute for debit, prepaid, and collect calls from jails." This is part of a Notice of Proposed Rulemaking, which means the commission will take public comment before finalizing the new caps and could change the plan before making it final.

Since the proposed rate cap limits prices on interstate calls only, it won't affect the approximately 80 percent of prison calls that don't cross state lines. Last month, FCC Chairman Ajit Pai urged state governments to cap intrastate calling prices, saying the FCC lacks authority to do so. Pai said that "33 states allow rates that are at least double the current federal cap, and 27 states allow excessive 'first-minute' charges up to 26 times that of the first minute of an interstate call." Prison phone companies Global Tel*Link and Securus Technologies have repeatedly challenged FCC-imposed rate limits in court. But while the Obama-era FCC fought in court to lower intrastate rates, Pai in January 2017 instructed FCC lawyers to drop the commission's court defense of the FCC cap on intrastate calling rates. The FCC might have lost that case anyway, as previous court rulings went against the commission. But Pai's decision to drop the court defense helped ensure that the FCC wouldn't be able to cap intrastate rates. The report notes that the FCC also took action to lower some of the "ancillary" fees prison phone companies apply to both interstate and intrastate calls.

AmiMoJo shares a report from The Guardian: Facebook has removed a post from Donald Trump's page for spreading false information about the coronavirus, a first for the social media company that has been harshly criticized for repeatedly allowing the president to break its content rules. The post included video of Trump falsely asserting that children were "almost immune from Covid-19" during an appearance on Fox News. There is evidence to suggest that children who contract Covid-19 generally experience milder symptoms than adults do. However, they are not immune, and some children have become severely ill or died from the disease.

The Twitter account for Trump's re-election campaign, @TeamTrump, also posted the video, which Twitter said violated its rules. "The account owner will be required to remove the Tweet before they can Tweet again," a company spokesperson said of @TeamTrump. During a press briefing on Wednesday afternoon, Trump repeated his false claims about children and the disease.

The U.S. Senate on Thursday unanimously voted to ban federal employees from using TikTok on government-issued devices. Reuters reports: The app has come under fire from U.S. lawmakers and the Trump administration over national security concerns because China's ByteDance owns the technology. The company currently faces a deadline of Sept. 15 to either sell its U.S. operations to Microsoft Corp or face an outright ban. "I'm encouraged by the bipartisan support we have seen in this body to hold the Chinese Communist Party accountable and that includes ... holding accountable those corporations who would just do China's bidding," [said Senator Josh Hawley who wrote the bill]. "And, if I have anything to say about it, we won't be stopping here," the Republican senator added.

Last month, the House of Representatives voted to bar federal employees from downloading the app on government-issued devices as part of a proposal offered by Representative Ken Buck. With passage in the House and approval by the Senate, the prohibition is expected to soon become law in the United States.

An anonymous reader quotes a report from The Hill: The Trump administration on Wednesday announced a deal worth approximately $1 billion for the manufacturing of 100 million doses of a potential coronavirus vaccine from Johnson & Johnson that the federal government would then own. The move is the latest in a series of agreements the Trump administration has made with several companies making potential coronavirus vaccines. The goal, through the Operation Warp Speed program, is to make bets on a wide array of vaccine candidates with the hope that at least one and maybe more will end up proving safe and effective through clinical trials. The companies will begin manufacturing the doses even before the results are in to accelerate the process. Johnson & Johnson said its goal is to have 1 billion doses made available throughout 2021, if the vaccine proves to be safe and effective.

An anonymous reader quotes a report from The Guardian: New York state is introducing a bill that would make it easier to sue big tech companies for alleged abuses of their monopoly powers. Bill S8700A, [The Twenty-First Century Anti-Trust Act] now being discussed by New York's senate consumer protection committee, would update New York's antiquated antitrust laws for the 21st century, said the bill's sponsor, Senator Mike Gianaris. "Their power has grown to dangerous levels and we need to start reining them in," he said.

New York's antitrust laws currently require two players to collaborate in a conspiracy to conduct anticompetitive behavior such as price setting. In other cases companies may underprice products to the point where they are even incurring a loss just to drive others out of the market -- anticompetitive behavior that New York's laws would currently struggle to prosecute. "Our laws on antitrust in New York are a century old and they were built for a completely different economy," said Gianaris. "Much of the problem today in the 21st century is unilateral action by some of these behemoth tech companies and this bill would allow, for the first time, New York to engage in antitrust enforcement for unilateral action." The bill will probably be discussed when New York's senate returns to work in August but is unlikely to pass before next year. It has the support of New York's attorney general, Letitia James. "The bill would make criminal offenses by individuals punishable by up to 15 years in prison," adds Engadget, "That's up from four years under the existing law. It's also more time than the current federal maximum sentence of 10 years."

"Corporations could be fined up to $100 million, up from the current maximum New York state penalty of $1 million. The proposed changes would also allow class action lawsuits, which could lead to an increase in private antitrust litigation."

From a report: A judge was forced to suspend the virtual bond hearing of the 17-year-old accused of being the "mastermind" behind the recent massive Twitter hack, after several people got into the Zoom meeting posing as CNN and BBC staffers and played loud music and even a porn video. Multiple reporters who attended the hearing via Zoom on Wednesday confirmed the incident. According to independent security journalist Brian Krebs, the problem was that the judge and his clerks did not set up the meeting in a way that would mute attendees and prevent them from taking over the screen (these are features that can be easily set when one creates a Zoom meeting). "Judges holding hearings over Zoom need to get a clue," Krebs wrote on Twitter.

Twitter says a security bug may have exposed the private direct messages of its Android app users, but said that there was no evidence that the vulnerability was ever exploited. From a report: The bug could have allowed a malicious Android app running on the same device to siphon off a user's direct messages stored in the Twitter app by bypassing Android's in-built data permissions. But, Twitter said that the bug only worked on Android 8 (Oreo) and Android 9 (Pie), and has since been fixed. A Twitter spokesperson told TechCrunch that the bug was reported by a security researcher "a few weeks ago" through HackerOne, which Twitter uses for its bug bounty program. "Since then, we have been working to keep accounts secure," said the spokesperson. "Now that the issue has been fixed, we're letting people know." Twitter said it waited to let its users know in order to prevent someone from learning about the issue and taking advantage of it before it was fixed.

An anonymous reader quotes a report from TechCrunch: Anthony Levandowski, the former Google engineer and serial entrepreneur who was at the center of a lawsuit between Uber and Waymo, has been sentenced to 18 months on one count of stealing trade secrets. Judge Alsup said that home confinement would "[give] a green light to every future brilliant engineer to steal trade secrets. Prison time is the answer to that." During court proceedings today, Levandowski also agreed to pay $756,499.22 in restitution to Google and a fine of $95,000.

"Today marks the end of three and a half long years and the beginning of another long road ahead. I'm thankful to my family and friends for their continued love and support during this difficult time," Levandowski said in a statement provided by his attorneys after the sentencing. The sentencing is the latest in a series of legal blows that have seen Levandowski vilified as a thieving tech bro, unceremoniously ejected from Uber, and forced into bankruptcy by a $179 million award against him. And yet, Levandowski is not skulking away. Even as he faced years in prison, the maverick engineer was plotting a comeback that could see him netting upwards of $4 billion from Uber.

TechCrunch has learned that Levandowski recently filed a lawsuit making explosive claims against Waymo and Uber that, if proven, could turn his fortunes around with a multi-billion dollar payout. Whether this is a last-ditch effort by a desperate man whose career has been upended by his own poor choices or a viable claim against a double-dealing tech titan, will be up to the courts to decide. This new lawsuit, filed as part of Levandowski's bankruptcy proceedings, mostly focuses on Uber's agreement to indemnify Levandowski against legal action when it bought his self-trucking company, Otto Trucking. It also includes new allegations concerning the settlement that Waymo and Uber reached over trade secret theft claims.

A user shares a report from Electrek: Tesla's wiper controls through its touchscreen have been ruled illegal in Germany after someone crashed their Model 3 while using them and fought a fine and driving ban through the court system. A Tesla Model 3 driver got into an accident while using the touchscreen to adjust the speed of the automatic windshield wipers. In Model 3 and Model Y vehicles, Tesla didn't install normal windshield wiper settings through a steering wheel stalk. Instead, the automaker is detecting the rain through its Autopilot cameras and automatically adjusting the speed based on the strength of the rainfall. If the driver wants to adjust the speed, they need to do it through the center touchscreen. The driver in Germany was adjusting those settings when he lost control of the vehicle and crashed. A local district court gave him a fine and a one-month driving ban and that's where the problem started for Tesla. He decided to fight the punishment -- bringing the case to the Higher Regional Court (OLG). "It comes as no surprise that enlightened Germans would be the first to rule Tesla's poly engineered cars a road hazard," adds the Slashdot reader. "Touch screen interfaces have no place in cars."

An anonymous reader quotes a report from Ars Technica: Twitter is facing a Federal Trade Commission probe and believes it will likely owe a fine of up to $250 million after being caught using phone numbers intended for two-factor authentication for advertising purposes. The company received a draft complaint from the FTC on July 28, it disclosed in its regular quarterly filing with the Securities and Exchange commission. The complaint alleges that Twitter is in violation of its 2011 settlement with the FTC over the company's "failure to safeguard personal information."

That agreement included a provision banning Twitter from "misleading consumers about the extent to which it protects the security, privacy, and confidentiality of nonpublic consumer information, including the measures it takes to prevent unauthorized access to nonpublic information and honor the privacy choices made by consumers." In October 2019, however, Twitter admitted that phone numbers and email addresses users provided it with for the purpose of securing their accounts were also used "inadvertently" for advertising purposes between 2013 and 2019. In the filing, Twitter estimates the "range of probable loss" it faces in the probe is between $150 million and $250 million, although it adds that "the matter remains unresolved, and there can be no assurance as to the timing or the terms of any final outcome."

An anonymous reader writes: Mozilla today started rolling out Enhanced Tracking Protection (ETP) 2.0 in Firefox. While the company technically launched Firefox 79 for Windows, Mac, and Linux last week, it only unveiled its marquee feature today. Firefox 79 by default blocks redirect tracking, also known as bounce tracking, and adds a handful of new developer features. [...] Since enabling Enhanced Tracking Protection by default, Mozilla says it has blocked 3.4 trillion tracking cookies. But the company notes the ad industry has since created workarounds and new ways to collect user data as you browse the web.

According to Bloomberg, attorneys general from New York and California are partnering with the FTC to investigate Amazon's online marketplace, in what may be the beginnings of a formal antitrust enforcement action. From a report: The agencies are going to interview witnesses jointly on conference calls over the next few weeks. The news comes after intense questioning over Amazon's Marketplace practices during [last week's landmark Big Tech antitrust hearing]. Rep. Lucy McBath (D-GA) asked CEO Jeff Bezos whether its actions toward Marketplace sellers was a pattern of behavior. She played testimony from a third-party bookseller who believed Amazon had blocked their store, without providing an explanation why, effectively destroying her business. Bezos responded that "third-party sellers in aggregate are doing extremely well on Amazon."

The Marketplace platform allows third-party sellers to peddle their wares to Amazon's massive online customer base, accounting for more than half of all of the company's e-commerce sales. Marketplace products are often less expensive -- and sometimes of lower quality -- than other products sold on Amazon. But consumers don't always understand the difference between buying something from a third-party seller versus buying directly from Amazon or one of the company's private-label brands. Amazon's Marketplace has been in the spotlight over the past few months, following a bombshell report in The Wall Street Journal exposing how the e-commerce giant secretly used data it gathered from third-party sellers to launch its own branded products, a practice Amazon executives have denied in the past. At the hearing, Bezos said the company maintains a policy against using seller-specific data but said he could not guarantee that the policy had never been broken.