schwit1 shares a report from Gizmodo: According to statements from July released this weekend, intelligence officials told members of the Senate Intelligence Committee that there's no need for them to approach courts before requesting a tech company help willfully -- though they can always resort to obtaining a Foreign Intelligence Surveillance Court order if the company refuses. The documents show officials testified they had never needed to obtain such an FISC order, though they declined to tell the committee whether they had "ever asked a company to add an encryption backdoor," per ZDNet. Other reporting has suggested the FISC has the power to authorize government personnel to compel such technical assistance without even notifying the FISC of what exactly is required. Section 702 of the Foreign Intelligence Surveillance Act gives authorities additional powers to compel service providers to build backdoors into their products.

An anonymous reader quotes a report from Ars Technica: The Securities and Exchange Commission on Monday announced that it was taking action against an initial coin offering (ICO) that the SEC alleges is fraudulent. The announcement represents the first enforcement action by the SEC's recently created cyber fraud unit. In July, the agency fired a warning shot. It announced that a 2016 fundraising campaign had run afoul of securities law, but that the SEC would decline to prosecute those responsible. The hope was to get the cryptocurrency world to take securities laws more seriously without doing anything drastic. Now the SEC is taking the next step by prosecuting what it considers to be one of the most egregious scams in the ICO world. The SEC's complaint, filed in federal court in New York, is against Dominic Lacroix, whom the SEC describes as a "recidivist securities law violator." The SEC considers Lacroix's cryptocurrency project, PlexCoin, to be a "fast-moving Initial Coin Offering (ICO) fraud that raised up to $15 million from thousands of investors since August by falsely promising a 13-fold profit in less than a month." The PlexCoin website has a hilariously vague description of this supposedly revolutionary cryptocurrency. "The PlexCoin's new revolutionary operating structure is safer and much easier to use than any other current cryptocurrency," the site proclaims. "One of the many features of PlexBank will be to secure your cryptocurrency from market variation, which is highly volatile, and invest your money in a place where you can get interesting guaranteed returns." According to Ars, "The SEC isn't impressed and is arguing that PlexCoin has 'all of the characteristics of a full-fledged cyber scam.' The agency is seeking to freeze the assets of the PlexCoin project in hopes of getting investors' funds back to them."

An anonymous reader quotes a report from TorrentFreak: A coalition of movie industry companies and ISPs, including Bell, Rogers, and Cineplex are discussing a proposal to implement a plan to allow for website blockades without judicial oversight. The Canadian blocklist would be maintained by a new non-profit organization called "Internet Piracy Review Agency" (IPRA) and enforced through the CTRC, Canadaland reports. The plan doesn't come as a total surprise as Bell alluded to a nationwide blocking mechanism during a recent Government hearing. What becomes clear from the new plans, however, is that the telco is not alone. The new proposal is being discussed by various stakeholders including ISPs and local movie companies. As in other countries, major American movie companies are also in the loop, but they will not be listed as official applicants when the plan is submitted to the CRTC. Canadian law professor Micheal Geist is very critical of the plans. Although the proposal would only cover sites that "blatantly, overwhelmingly or structurally" engage in or facilitate copyright infringement, this can be a blurry line.

"Recent history suggests that the list will quickly grow to cover tougher judgment calls. For example, Bell has targeted TVAddons, a site that contains considerable non-infringing content," Geist notes. "It can be expected that many other sites disliked by rights holders or broadcasters would find their way onto the block list," he adds. While the full list of applicants is not ready yet, it is expected that the coalition will file its proposal to the CRTC before the end of the month.

Catalin Cimpanu, writing for BleepingComputer: German authorities are preparing a law that will force device manufacturers to include backdoors within their products that law enforcement agencies could use at their discretion for legal investigations. The law would target all modern devices, such as cars, phones, computers, IoT products, and more. Officials are expected to submit their proposed law for debate this week, according to local news outlet RedaktionsNetzwerk Deutschland (RND). The man supporting this proposal is Thomas de Maiziere, Germany's Interior Minister, who cites the difficulty law enforcement agents have had in past months investigating the recent surge of terrorist attacks and other crimes.

David Gilbert, writing for Vice: The White House is reportedly looking at a proposal to create a ghost network of private spies in hostile countries -- a way of bypassing the intelligence community's "deep state," which Donald Trump believes is a threat to his administration. The network would report directly to the president and CIA Director Mike Pompeo, and would be developed by Blackwater founder Erik Prince, according to multiple current and former officials speaking to The Intercept. "Pompeo can't trust the CIA bureaucracy, so we need to create this thing that reports just directly to him," a former senior U.S. intelligence official with firsthand knowledge of the proposals told the website. Described as "totally off the books," the network would be run by intelligence contractor Amyntor Group and would not share any data with the traditional intelligence community.

Zack Whittaker, writing for ZDNet: Personal data belonging to over 31 million customers of a popular virtual keyboard app has leaked online, after the app's developer failed to secure the database's server. The server is owned by Eitan Fitusi, co-founder of AI.type, a customizable and personalizable on-screen keyboard, which boasts more than 40 million users across the world. But the server wasn't protected with a password, allowing anyone to access the company's database of user records, totaling more than 577 gigabytes of sensitive data. The database appears to only contain records on the app's Android users.

Adam Clark Estes, writing for Gizmodo: Three years ago, we said the Echo was "the most innovative device Amazon's made in years." That's still true. But you shouldn't buy one. You shouldn't buy one for your family. [...] Your family members do not need an Amazon Echo or a Google Home or an AppleHomePod or whatever that one smart speaker that uses Cortana is called. And you don't either. You only want one because every single gadget-slinger on the planet is marketing them to you as an all-new, life-changing device that could turn your kitchen into a futuristic voice-controlled paradise. You probably think that having an always-on microphone in your home is fine, and furthermore, tech companies only record and store snippets of your most intimate conversations. No big deal, you tell yourself. Actually, it is a big deal. The newfound privacy conundrum presented by installing a device that can literally listen to everything you're saying represents a chilling new development in the age of internet-connected things. By buying a smart speaker, you're effectively paying money to let a huge tech company surveil you. And I don't mean to sound overly cynical about this, either. Amazon, Google, Apple, and others say that their devices aren't spying on unsuspecting families. The only problem is that these gadgets are both hackable and prone to bugs.

According to Oregon Live, "A state panel violated a Beaverton man's free speech rights by claiming he had unlawfully used the title 'engineer' and by fining him when he repeatedly challenged Oregon's traffic-signal timing before local media and policymakers, Oregon's attorney general has ruled." From the report: Oregon's Board of Examiners for Engineering and Land Surveying unconstitutionally applied state law governing engineering practice to Mats Jarlstrom when he exercised his free speech about traffic lights and described himself as an engineer since he was doing so "in a noncommercial'' setting and not soliciting professional business, the state Department of Justice has conceded. "We have admitted to violating Mr. Jarlstrom's rights,'' said Christina L. Beatty-Walters, senior assistant attorney general, in federal court Monday. The state's regulation of Jarlstrom under engineering practice law "was not narrowly tailored to any compelling state interests,'' she wrote in court papers. The state has pledged the board will not pursue the Beaverton man any further when he's not acting in a commercial or professional manner, and on Monday urged a federal judge to dismiss the case. The state also sent a $500 check to Jarlstrom in August, reimbursing him for the state fine.

Jarlstrom and his lawyers argued that's not good enough. They contend Jarlstrom isn't alone in getting snared by the state board's aggressive and "overbroad'' interpretation of state law. They contend others have been investigated improperly and want the court to look broader at the state law and its administrative rules and declare them unconstitutional. In the alternative, the state law should be restricted to only regulating engineering communications that are made as part of paid employment or a contractual agreement.