Government

Proposed Active-Defense Bill Would Allow Destruction of Data, Use of Beacon Tech (onthewire.io) 41

Trailrunner7 quotes a report from On the Wire: A bill that would allow victims of cybercrime to use active defense techniques to stop attacks and identify attackers has been amended to require victims to notify the FBI of their actions and also add an exemption to allow victims to destroy their data once they locate it on an attacker's machine. The Active Cyber Defense Certainty Act, drafted by Rep. Tom Graves (R-Ga.) in March, is designed to enable people who have been targets of cybercrime to employ certain specific techniques to trace the attack and identify the attacker. The bill defines active cyber defense as "any measure -- (I) undertaken by, or at the direction of, a victim"; and "(II) consisting of accessing without authorization the computer of the attacker to the victim" own network to gather information in order to establish attribution of criminal activity to share with law enforcement or to disrupt continued unauthorized activity against the victim's own network." After releasing an initial draft of the bill in March, Rep. Tom Graves held a public event in Georgia to collect feedback on the legislation. Based on that event and other feedback, Graves made several changes to the bill, including the addition of the notification of law enforcement and an exception in the Computer Fraud and Abuse Act for victims who use so-called beaconing technology to identify an attacker. "The provisions of this section shall not apply with respect to the use of attributional technology in regard to a defender who uses a program, code, or command for attributional purposes that beacons or returns locational or attributional data in response to a cyber intrusion in order to identify the source of the intrusion," the bill says.
Privacy

83 Percent Of Security Staff Waste Time Fixing Other IT Problems (betanews.com) 102

An anonymous reader shares a report: A new survey of security professionals reveals that 83 percent say colleagues in other departments turn to them to fix personal computer problems. The study by security management company FireMon shows a further 80 percent say this is taking up more than an hour of their working week, which in a year could equate to more than $88,000. For organizations, eight percent of professionals surveyed helping colleagues out five hours a week or more could be costing over $400,000. Organizations are potentially paying qualified security professionals salaries upwards of $100,000 a year and seeing up to 12.5 percent of that investment being spent on non-security related activities.
Censorship

Egypt Blocks 21 Websites For 'Terrorism' And 'Fake News' (reuters.com) 44

Ahmed Aboulenein, reporting for Reuters: Egypt has banned 21 websites, including the main website of Qatar-based Al Jazeera television and prominent local independent news site Mada Masr, accusing them of supporting terrorism and spreading false news. The blockade is notable in scope and for being the first publicly recognized by the government. It was heavily criticized by journalists and rights groups. The state news agency announced it late on Wednesday. Individual websites had been inaccessible in the past but there was never any official admission. Reuters found the websites named by local media and were inaccessible. The move follows similar actions taken on Wednesday by Egypt's Gulf allies Saudi Arabia and the United Arab Emirates, which blocked Al Jazeera and other websites after a dispute with Qatar. From a separate report: "This is not the typical Egyptian regime attitude," Lina Attalah, the editor-in-chief of Mada Masr told BuzzFeed News in an interview in Cairo. "We are used to facing troubles with the regime since we have always chosen to write the stories they don't like to hear. We are used to being arrested or have cases filed against us, but blocking us is a new thing." Mada Masr, since its founding in 2013, has regularly published critical stories of the regime in both English and Arabic.
Government

US Intelligence Community Has Lost Credibility Due To Leaks (bloomberg.com) 298

Two anonymous readers and Mi share an article: U.K. police investigating the Manchester terror attack say they have stopped sharing information with the U.S. after a series of leaks that have so angered the British government that Prime Minister Therese May wants to discuss them with President Donald Trump during a North Atlantic Treaty Organization meeting in Brussels. What can Trump tell her, though? The leaks drive him nuts, too. Since the beginning of this century, the U.S. intelligence services and their clients have acted as if they wanted the world to know they couldn't guarantee the confidentiality of any information that falls into their hands. At this point, the culture of leaks is not just a menace to intelligence-sharing allies. It's a threat to the intelligence community's credibility. [...] If this history has taught the U.S. intelligence community anything, it's that leaking classified information isn't particularly dangerous and those who do it largely enjoy impunity. Manning spent seven years in prison (though she'd been sentenced to 35), but Snowden, Assange, Petraeus, the unknown Chinese mole, the people who stole the hacking tools and the army of recent anonymous leakers, many of whom probably still work for U.S. intelligence agencies, have escaped any kind of meaningful punishment. President Donald Trump has just now announced that the administration would "get to the bottom" of leaks. In a statement, he said: "The alleged leaks coming out of government agencies are deeply troubling. These leaks have been going on for a long time and my Administration will get to the bottom of this. The leaks of sensitive information pose a grave threat to our national security. I am asking the Department of Justice and other relevant agencies to launch a complete review of this matter, and if appropriate, the culprit should be prosecuted to the fullest extent of the law. There is no relationship we cherish more than the Special Relationship between the United States and the United Kingdom.
Facebook

How Facebook Flouts Holocaust Denial Laws Except Where It Fears Being Sued (theguardian.com) 263

An anonymous reader quotes a report from The Guardian: Facebook's policies on Holocaust denial will come under fresh scrutiny following the leak of documents that show moderators are being told not to remove this content in most of the countries where it is illegal. The files explain that moderators should take down Holocaust denial material in only four of the 14 countries where it is outlawed. One document says the company "does not welcome local law that stands as an obstacle to an open and connected world" and will only consider blocking or hiding Holocaust denial messages and photographs if "we face the risk of getting blocked in a country or a legal risk." A picture of a concentration camp with the caption "Never again Believe the Lies" was permissible if posted anywhere other than the four countries in which Facebook fears legal action, one document explains. Facebook contested the figures but declined to elaborate. Documents show Facebook has told moderators to remove dehumanizing speech or any "calls for violence" against refugees. Content "that says migrants should face a firing squad or compares them to animals, criminals or filth" also violate its guidelines. But it adds: "As a quasi-protected category, they will not have the full protections of our hate speech policy because we want to allow people to have broad discussions on migrants and immigration which is a hot topic in upcoming elections." The definitions are set out in training manuals provided by Facebook to the teams of moderators who review material that has been flagged by users of the social media service. The documents explain the rules and guidelines the company applies to hate speech and "locally illegal content," with particular reference to Holocaust denial. One 16-page training manual explains Facebook will only hide or remove Holocaust denial content in four countries -- France, Germany, Israel and Austria. The document says this is not on grounds of taste, but because the company fears it might get sued.
Earth

8 In 10 People Now See Climate Change As a 'Catastrophic Risk,' Says Survey (trust.org) 332

An anonymous reader quotes a report from the Thomas Reuters Foundation: Nearly nine in 10 people say they are ready to make changes to their standard of living if it would prevent future climate catastrophe, a survey on global threats found Wednesday. The survey of more than 8,000 people in eight countries -- the United States, China, India, Britain, Australia, Brazil, South Africa and Germany -- found that 84 percent of people now consider climate change a "global catastrophic risk." That puts worry about climate change only slightly behind fears about large-scale environmental damage and the threat of politically motivated violence escalating into war, according to the Global Challenges Foundation, which commissioned the Global Catastrophic Risks 2017 report. The survey, released in advance of this week's G7 summit of advanced economies in Italy, also found that 85 percent of people think the United Nations needs reforms to be better equipped to address global threats. About 70 percent of those surveyed said they think it may be time to create a new global organization -- with power to enforce its decisions -- specifically designed to deal with a wide range of global risks. Nearly 60 percent said they would be prepared to have their country give up some level of sovereignty to make that happen.
Space

Boeing Will Make the Military's New Hypersonic Spaceplane (theverge.com) 77

The Department of Defense has selected Boeing to make a new hypersonic spaceplane that can be reused frequently over a short period of time to deliver multiple satellites into orbit. "DARPA, the agency that tests new advanced technologies for the military, has picked Boeing's design concept, called the Phantom Express, to move forward as part of the agency's Experimental Spaceplane (XS-1) program," reports The Verge. From the report: The goal of DARPA's XS-1 program is to create a spacecraft that's something of a hybrid between an airplane and a traditional vertical rocket. The spaceplane is meant to take off vertically and fly uncrewed to high altitudes above Earth. From there, the vehicle will release a mini-rocket -- a booster with an engine that can propel a satellite weighing up to 3,000 pounds into orbit. As the booster deploys the satellite, the spaceplane will then land back on Earth horizontally just like a normal airplane -- and then be fueled up for its next mission. DARPA wants the turnaround time between flights to last just a few hours. But perhaps the most audacious goal is the price DARPA wants for each flight. The agency is aiming for the spaceplane to cost $5 million per mission, a significant bargain considering most orbital rockets cost tens to hundreds of millions of dollars to launch. And Boeing says it's up to the task. "Phantom Express is designed to disrupt and transform the satellite launch process as we know it today, creating a new, on-demand space-launch capability that can be achieved more affordably and with less risk," Darryl Davis, president of Boeing Phantom Works, said in a statement.
The Internet

Manchester Attack Could Lead To Internet Crackdown (independent.co.uk) 355

New submitter boundary writes: The UK government looks to be about to put the most egregious parts of the Investigative Powers Act into force "soon after the election" (which is in a couple of weeks) in the wake of the recent bombing in Manchester. "Technical Capability Orders" require tech companies to break their own security. I wonder who'll comply? The Independent reports: "Government will ask parliament to allow the use of those powers if Theresa May is re-elected, senior ministers told The Sun. 'We will do this as soon as we can after the election, as long as we get back in,' The Sun said it was told by a government minister. 'The level of threat clearly proves there is no more time to waste now. The social media companies have been laughing in our faces for too long.'"
Databases

Vermont DMV Caught Using Illegal Facial Recognition Program (vocativ.com) 107

schwit1 quotes a report from Vocativ: The Vermont Department of Motor Vehicles has been caught using facial recognition software -- despite a state law preventing it. Documents obtained by the American Civil Liberties Union of Vermont describe such a program, which uses software to compare the DMV's database of names and driver's license photos with information with state and federal law enforcement. Vermont state law, however, specifically states that "The Department of Motor Vehicles shall not implement any procedures or processes that involve the use of biometric identifiers." The program, the ACLU says, invites state and federal agencies to submit photographs of persons of interest to the Vermont DMV, which it compares against its database of some 2.6 million Vermonters and shares potential matches. Since 2012, the agency has run at least 126 such searches on behalf of local police, the State Department, FBI, and Immigrations and Customs Enforcement.
Robotics

Robot Police Officer Goes On Duty In Dubai (bbc.com) 49

The first robot officer has joined the Dubai Police force tasked with patrolling the city's malls and tourist attractions. "People will be able to use it to report crimes, pay fines and get information by tapping a touchscreen on its chest," reports BBC. "Data collected by the robot will also be shared with the transport and traffic authorities." From the report: The government said the aim was for 25% of the force to be robotic by 2030 but they would not replace humans. "We are not going to replace our police officers with this tool," said Brig Khalid Al Razooqi, director general of smart services at Dubai Police. "But with the number of people in Dubai increasing, we want to relocate police officers so they work in the right areas and can concentrate on providing a safe city. "Most people visit police stations or customer service, but with this tool we can reach the public 24/7. It can protect people from crime because it can broadcast what is happening right away to our command and control center."
Government

The Trump Administration Wants To Be Able To Track and Hack Your Drone (fastcompany.com) 214

An anonymous reader shares a report: The Trump administration wants federal agencies to be able to track, hack, or even destroy drones that pose a threat to law enforcement and public safety operations, The New York Times reports. A proposed law, if passed by Congress, would let the government take down unmanned aircraft posing a danger to firefighting and search-and-rescue missions, prison operations, or "authorized protection of a person." The government will be required to respect "privacy, civil rights, and civil liberties" when exercising that power, the draft bill says. But records of anti-drone actions would be exempt from public disclosure under freedom of information laws, and people's right to sue over damaged and seized drones would be limited, according to the text of the proposal published by the Times. The administration, which would not comment on the proposal, scheduled a classified briefing on Wednesday for congressional staff members to discuss the issue.
Businesses

US International Tourism Market Share Is Falling Under Trump (buzzfeed.com) 421

An anonymous reader writes: The United States' slice of the international tourism pie is declining, according to a new report from Foursquare that looks at data from millions of phones worldwide. The US share of international tourism dropped 16% in March 2017 compared with the previous year. And it declined an average of 11% year over year in months spanning October 2016 to March 2017, according to the report. The drop coincides with the final month of the US election, the Trump transition, and the early months of the Trump administration, which notably imposed a travel ban on people from several majority-Muslim countries in January 2017 that was eventually halted in court but is currently under appeal. Declines in tourism market share from people originating in the Middle East were more pronounced than the rest of the world, down 25% this January, along with a smaller decrease from South America, Foursquare found. The data accounts for the percentage of international tourism coming to the US and not the absolute number of tourists, but Foursquare CEO Jeff Glueck told BuzzFeed News that it's unlikely tourist visits to the US increased while share declined. "I don't think you'd see a 16% decline in international market share and absolute numbers being up. I don't think that's compatible," he said. "The volume of tourism doesn't change that fast."
China

China Censored Google's AlphaGo Match Against World's Best Go Player (theguardian.com) 93

DeepMind's board game-playing AI, AlphaGo, may well have won its first game against the Go world number one, Ke Jie, from China -- but most Chinese viewers could not watch the match live. From a report: The Chinese government had issued a censorship notice to broadcasters and online publishers, warning them against livestreaming Tuesday's game, according to China Digital Times, a site that regularly posts such notices in the name of transparency. "Regarding the go match between Ke Jie and AlphaGo, no website, without exception, may carry a livestream," the notice read. "If one has been announced in advance, please immediately withdraw it." The ban did not just cover video footage: outlets were banned from covering the match live in any way, including text commentary, social media, or push notifications. It appears the government was concerned that 19-year-old Ke, who lost the first of three scheduled games by a razor-thin half-point margin, might have suffered a more damaging defeat that would hurt the national pride of a state which holds Go close to its heart.
Security

Wikimedia Is Clear To Sue the NSA Over Its Use of Warrantless Surveillance Tools (engadget.com) 60

The Wikimedia Foundation has the right to sue the National Security Agency over its use of warrantless surveillance tools, a federal appeals court ruled. "A district judge shot down Wikimedia's case in 2015, saying the group hadn't proved the NSA was actually illegally spying on its communications," reports Engadget. "In this case, proof was a tall order, considering information about the targeted surveillance system, Upstream, remains classified." From the report: The appeals court today ruled Wikimedia presented sufficient evidence that the NSA was in fact monitoring its communications, even if inadvertently. The Upstream system regularly tracks the physical backbone of the internet -- the cables and routers that actually transmit our emoji. With the help of telecom providers, the NSA then intercepts specific messages that contain "selectors," email addresses or other contact information for international targets under U.S. surveillance. "To put it simply, Wikimedia has plausibly alleged that its communications travel all of the roads that a communication can take, and that the NSA seizes all of the communications along at least one of those roads," the appeals court writes. "Thus, at least at this stage of the litigation, Wikimedia has standing to sue for a violation of the Fourth Amendment. And, because Wikimedia has self-censored its speech and sometimes forgone electronic communications in response to Upstream surveillance, it also has standing to sue for a violation of the First Amendment."
Security

DEFCON Conference To Target Voting Machines (politico.com) 105

An anonymous reader quotes a report from Politico: Hackers will target American voting machines -- as a public service, to prove how vulnerable they are. When over 25,000 of them descend on Caesar's Palace in Las Vegas at the end of July for DEFCON, the world's largest hacking conference, organizers are planning to have waiting what they call "a village" of different opportunities to test how easily voting machines can be manipulated. Some will let people go after the network software remotely, some will be broken apart to let people dig into the hardware, and some will be set up to see how a prepared hacker could fiddle with individual machines on site in a polling place through a combination of physical and virtual attacks. With all the attention on Russia's apparent attempts to meddle in American elections -- former President Barack Obama and aides have made many accusations toward Moscow, but insisted that there's no evidence of actual vote tampering -- voting machines were an obvious next target, said DEFCON founder Jeff Moss.
Cellphones

Republicans Want To Leave You Voicemail -- Without Ever Ringing Your Cellphone (recode.net) 436

bricko quotes a report from Recode: The GOP's leading campaign and fundraising arm, the Republican National Committee, has quietly thrown its support behind a proposal at the Federal Communications Commission that would pave the way for marketers to auto-dial consumers' cellphones and leave them prerecorded voicemail messages -- all without ever causing their devices to ring. Under current federal law, telemarketers and others, like political groups, aren't allowed to launch robocall campaigns targeting cellphones unless they first obtain a consumer's written consent. But businesses stress that it's a different story when it comes to "ringless voicemail" -- because it technically doesn't qualify as a phone call in the first place. In their eyes, that means they shouldn't need a customer or voter's permission if they want to auto-dial mobile voicemail inboxes in bulk pre-made messages about a political candidate, product or cause. And they want the FCC to rule, once and for all, that they're in the clear. Their argument, however, has drawn immense opposition from consumer advocates.
Censorship

FCC Won't Punish Stephen Colbert For Controversial Trump Insult (slashdot.org) 304

Earlier this month, the FCC said it would look into complaints made against The Late Show host Stephen Colbert over a homophobic joke he made about President Donald Trump. Well, it turns out the FCC is not going to levy a fine against the comedian for using the word "cock" on late-night network television, reports The Verge. From the report: "Consistent with standard operating procedure, the FCC's Enforcement Bureau has reviewed the complaints and the material that was the subject of these complaints," reads the FCC's statement, according to Variety. "The Bureau has concluded that there was nothing actionable under the FCC's rules." Helping Colbert's case was the fact that the broadcast, time delayed for incidents like these, bleeped out the questionable word and also blurred the host's mouth as he was saying it. The FCC has broad authority to regulate what can and cannot be broadcast based on legal precedent regarding obscenity laws. Yet looser rules apply during the hours of 10PM and 6AM ET, when Colbert's show airs. So it would appear that the ample self-censorship on behalf of CBS saved the program from a guilty verdict in this case.
The Courts

Engineer At Boeing Admits Trying To Sell Space Secrets To Russians (arstechnica.com) 69

An anonymous reader shares an ArsTechnica report: Gregory Allen Justice, a 49-year-old engineer living in Culver City, Calif., has pleaded guilty to charges of attempted economic espionage and attempted violation of the Export Control Act. Justice, who according to his father worked for Boeing Satellite Systems in El Segundo, Calif., was arrested last July after selling technical documents about satellite systems to someone he believed to be a Russian intelligence agent. Instead, he sold the docs to an undercover Federal Bureau of Investigation employee. The sting was part of a joint operation by the FBI and the US Air Force Office of Special Investigations. The documents provided by Justice to the undercover agent included information on technology on the US Munitions List, meaning they were regulated by government International Trade in Arms regulations (ITAR). "In exchange for providing these materials during a series of meeting between February and July of 2016, Justice sought and received thousands of dollars in cash payments," a Justice Department spokesperson said in a statement. "During one meeting, Justice and the undercover agent discussed developing a relationship like one depicted on the television show 'The Americans.'"
Communications

Comcast Proves Need For Net Neutrality By Trying To Censor Advocacy Website (fightforthefuture.org) 150

Reader mrchaotica writes: As most Slashdot readers are probably aware, the FCC, under the direction of Trump-appointed chairman Ajit Pai, is trying to undo its 2015 decision to protect Net Neutrality (PDF) by classifying ISPs as common carriers. During the recent public comment period, the FCC's website was flooded with pro-Net-Neutrality comments from actual people (especially those who heeded John Oliver's call to arms) as well as anti-Net-Neutrality comments posted by bots using the names and addresses of people without their consent. The fake comments use boilerplate identical to that used in a 2010 press release by the conservative lobbying group Center for Individual Freedom (which is funded by Comcast, among other entities), but beyond that, the entities who perpetrated and funded the criminal acts have not been conclusively identified. In response to this brazen attempt to undermine the democratic process, the Internet freedom advocacy group Fight for the Future (FFTF) created the website Comcastroturf.com to call attention to the fraud and allow people to see if their identity had been misappropriated. Comcast, in a stunning display of its tone-deaf attitude towards free speech, has sent a cease-and-desist order to FFTF, claiming that Comcastroturf.com violates its "valuable intellectual property[sic]." According to the precedent set in Bosley Medical Institute, Inc. v. Kremer , websites created for the purpose of criticizing an organization can not be considered trademark infringement. As such, FFTF reportedly has no intention of taking down the site.

"This is exactly why we need Title II net neutrality protections that ban blocking, throttling, and censorship," said Evan Greer, campaign director of Fight for the Future, "If Ajit Pai's plan is enacted, there would be nothing preventing Comcast from simply blocking sites like Comcastroturf.com that are critical of their corporate policies," she added. "It also makes you wonder what Comcast is so afraid of? Are their lobbying dollars funding the astroturfing effort flooding the FCC with fake comments that we are encouraging Internet users to investigate?"

Could there be a better example to illustrate why ensuring strong Net Neutrality protections by regulating ISPs as common carriers is so important?


Slashdot Top Deals