Canada

People Hate Canada's New 'Amber Alert' System (www.cbc.ca) 319

The CBC reports: When the siren-like sounds from an Amber Alert rang out on cellular phones across Ontario on Monday, it sparked a bit of a backlash against Canada's new mobile emergency alert system. The Ontario Provincial Police had issued the alert for a missing eight-year-old boy in the Thunder Bay region. (The boy has since been found safe)... On social media, people startled by the alerts complained about the number of alerts they received and that they had received separate alerts in English and French... Meanwhile, others who were located far from the incident felt that receiving the alert was pointless. "I've received two Amber Alerts today for Thunder Bay, which is 15 hours away from Toronto by car," tweeted Molly Sauter. "Congrats, you have trained me to ignore Emergency Alerts...."

The CRTC ordered wireless providers to implement the system to distribute warnings of imminent safety threats such as tornadoes, floods, Amber Alerts or terrorist threats. Telecom companies had favoured an opt-out option or the ability to disable the alarm for some types of alerts. But this was rejected by the broadcasting and telecommunications regulator. Individuals concerned about receiving these alerts are left with a couple of options: they can turn off their phone -- it will not be forced on by the alert -- or mute their phone so they won't hear it.

Long-time Slashdot reader knorthern knight complains that the first two alerts-- one in English, followed by one in French -- were then followed by a third (bi-lingual) alert advising recipients to ignore the previous two alerts, since the missing child had been found.
Privacy

Repo Men Scan Billions of License Plates -- For the Government (washingtonpost.com) 238

The Washington Post notes the billions of license plate scans coming from modern repo men "able to use big data to find targets" -- including one who drives "a beat-up Ford Crown Victoria sedan." It had four small cameras mounted on the trunk and a laptop bolted to the dash. The high-speed cameras captured every passing license plate. The computer contained a growing list of hundreds of thousands of vehicles with seriously late loans. The system could spot a repossession in an instant. Even better, it could keep tabs on a car long before the loan went bad... Repo agents are the unpopular foot soldiers in the nation's $1.2 trillion auto loan market... they are the closest most people come to a faceless, sophisticated financial system that can upend their lives...

Derek Lewis works for Relentless Recovery, the largest repo company in Ohio and its busiest collector of license plate scans. Last year, the company repossessed more than 25,500 vehicles -- including tractor trailers and riding lawn mowers. Business has more than doubled since 2014, the company said. Even with the rising deployment of remote engine cutoffs and GPS locators in cars, repo agencies remain dominant. Relentless scanned 28 million license plates last year, a demonstration of its recent, heavy push into technology. It now has more than 40 camera-equipped vehicles, mostly spotter cars. Agents are finding repos they never would have a few years ago. The company's goal is to capture every plate in Ohio and use that information to reveal patterns... "It's kind of scary, but it's amazing," said Alana Ferrante, chief executive of Relentless.

Repo agents are responsible for the majority of the billions of license plate scans produced nationwide. But they don't control the information. Most of that data is owned by Digital Recognition Network (DRN), a Fort Worth company that is the largest provider of license-plate-recognition systems. And DRN sells the information to insurance companies, private investigators -- even other repo agents. DRN is a sister company to Vigilant Solutions, which provides the plate scans to law enforcement, including police and U.S. Immigration and Customs Enforcement. Both companies declined to respond to questions about their operations... For repo companies, one worry is whether they are producing information that others are monetizing.

The Almighty Buck

First Government Office in the US To Accept Bitcoin As Payment (orlandosentinel.com) 42

Long-time Slashdot reader SonicSpike quotes the Orlando Sentinel: If cash, check or credit card seems too old-fashioned, Seminole County, Florida Tax Collector Joel Greenberg said this week his office will begin accepting bitcoin as payment for new IDs, license plates and property taxes starting next month. Greenberg said accepting bitcoin and bitcoin cash as a payment method will promote transparency and accuracy in payment.

"There's no risk to the taxpayer," said Greenberg, who has often raised eyebrows since his 2016 election by moves including encouraging certain employees with concealed-weapons permits to carry a firearm openly as a security measure. "Blockchain technology is the future of the whole financial industry."

A spokesperson for a neighboring county's tax collector said they had no plans to follow the move. "Frankly, I think the currency is so volatile that I donâ(TM)t think it makes sense."

And an official at a nearby county said bitcoin payments were "not on our to-do list", adding that no one in the county had requested the ability to pay their taxes in bitcoin.
United States

40 Cellphone-Tracking Devices Discovered Throughout Washington (nbcwashington.com) 62

The investigative news "I-Team" of a local TV station in Washington D.C. drove around with "a leading mobile security expert" -- and discovered dozens of StingRay devices mimicking cellphone towers to track phone and intercept calls in Maryland, Northern Virginia, and Washington, D.C. An anonymous reader quotes their report: The I-Team found them in high-profile areas like outside the Trump International Hotel on Pennsylvania Avenue and while driving across the 14th Street bridge into Crystal City... The I-Team's test phones detected 40 potential locations where the spy devices could be operating, while driving around for just a few hours. "I suppose if you spent more time you'd find even more," said D.C. Councilwoman Mary Cheh. "I have bad news for the public: Our privacy isn't what it once was..."

The good news is about half the devices the I-Team found were likely law enforcement investigating crimes or our government using the devices defensively to identify certain cellphone numbers as they approach important locations, said Aaron Turner, a leading mobile security expert... The I-Team got picked up [by StingRay devices] twice off of International Drive, right near the Chinese and Israeli embassies, then got another two hits along Massachusetts Avenue near Romania and Turkey... The phones appeared to remain connected to a fake tower the longest, right near the Russian Embassy.

StringRay devices are also being used in at least 25 states by police departments, according to the ACLU. The devices were authorized by the FCC back in 2011 for "federal, state, local public safety and law enforcement officials only" (and requiring coordination with the FBI).

But back in April the Associated Press reported that "For the first time, the U.S. government has publicly acknowledged the existence in Washington of what appear to be rogue devices that foreign spies and criminals could be using to track individual cellphones and intercept calls and messages... More sophisticated versions can eavesdrop on calls by forcing phones to step down to older, unencrypted 2G wireless technology. Some attempt to plant malware."
Privacy

'I Asked Apple for All My Data. Here's What Was Sent Back' (zdnet.com) 171

"I asked Apple to give me all the data it's collected on me since I first became a customer in 2010," writes the security editor for ZDNet, "with the purchase of my first iPhone." That was nearly a decade ago. As most tech companies have grown in size, they began collecting more and more data on users and customers -- even on non-users and non-customers... Apple took a little over a week to send me all the data it's collected on me, amounting to almost two dozen Excel spreadsheets at just 5MB in total -- roughly the equivalent of a high-quality photo snapped on my iPhone. Facebook, Google, and Twitter all took a few minutes to an hour to send me all the data they store on me -- ranging from a few hundred megabytes to a couple of gigabytes in size...

The zip file contained mostly Excel spreadsheets, packed with information that Apple stores about me. None of the files contained content information -- like text messages and photos -- but they do contain metadata, like when and who I messaged or called on FaceTime. Apple says that any data information it collects on you is yours to have if you want it, but as of yet, it doesn't turn over your content which is largely stored on your slew of Apple devices. That's set to change later this year... And, of the data it collects to power Siri, Maps, and News, it does so anonymously -- Apple can't attribute that data to the device owner... One spreadsheet -- handily -- contained explanations for all the data fields, which we've uploaded here...

[T]here's really not much to it. As insightful as it was, Apple's treasure trove of my personal data is a drop in the ocean to what social networks or search giants have on me, because Apple is primarily a hardware maker and not ad-driven, like Facebook and Google, which use your data to pitch you ads.

CNET explains how to request your own data from Apple.
Earth

Floating Pacific Island Is In the Works With Its Own Government, Cryptocurrency (cnbc.com) 168

An anonymous reader quotes a report from CNBC: Nathalie Mezza-Garcia is a political scientist turned "seavangelesse" -- her term for an evangelist in favor of living off the grid -- and on the ocean. Mezza-Garcia spoke with CNBC's Matthew Taylor about what she sees as the trouble with governments, and why she believes tech startups should head to Tahiti. This seavangelesse is a researcher for the Blue Frontiers and Seasteading Institute's highly-anticipated Floating Island Project. The project is a pilot program in partnership with the government of French Polynesia, which will see 300 homes built on an island that runs under its own governance, using a cryptocurrency called Varyon.

"Once we can see how this first island works, we will have a proof of concept to plan for islands to house climate refugees," she said. The project is funded through philanthropic donations via the Seasteading Institute and Blue Frontiers, which sells tokens of the cryptocurrency Varyon. The pilot island is expected to be completed by 2022 and cost up to $50 million. As well as offering a home for the displaced, the self-contained islands are designed to function as business centers that are beyond the influence of government regulation.

United Kingdom

FM Radio Faces UK Government Switch-Off As Digital Listening Passes 50 Percent Milestone (inews.co.uk) 99

The Amazon Echo and other smart speakers have helped push the audience for digital radio past that of FM and AM in the UK for the first time. According to Radio Joint Audience Research (RAJAR), digital listening has reached a new record share of 50.9%, up from 47.2% a year ago. This milestone will trigger a government review into whether the analog FM radio signal should be switched off altogether. iNews reports: The BBC said it would be "premature" to switch off the FM signal. It could cut off drivers with analogue car radios and disenfranchise older wireless listeners. Margot James, Digital minister, welcomed "an important milestone for radio." She confirmed that the Government will "work closely with all partners -- the BBC, commercial radio, (transmitter business) Arqiva, car manufacturers and listeners" before committing to a timetable for analogue switch-off.

James Purnell, BBC Director of Radio and Education, said: "We're fully committed to digital, and growing its audiences, but, along with other broadcasters, we've already said that it would be premature to switch off FM." Mr Purnell said that BBC podcast listening was up a third across all audiences since the same time last year, accounting now for 40,000 hours a week. But younger audiences have not inherited the habit of listening to "live" radio, even on digital.

Privacy

FCC Investigating LocationSmart Over Phone-Tracking Flaw (cnet.com) 19

The FCC has opened an investigation into LocationSmart, a company that is buying your real-time location data from four of the largest U.S. carriers in the United States. The investigation comes a day after a security researcher from Carnegie Mellon University exposed a vulnerability on LocationSmart's website. CNET reports: The bug has prompted an investigation from the FCC, the agency said on Friday. An FCC spokesman said LocationSmart's case was being handled by its Enforcement Bureau. Since The New York Times revealed that Securus, an inmate call tracking service, had offered the same tracking service last week, Sen. Ron Wyden, a Democrat from Oregon, called for the FCC and major wireless carriers to investigate these companies. On Friday, Wyden praised the investigation, but requested the FCC to expand its look beyond LocationSmart.

"The negligent attitude toward Americans' security and privacy by wireless carriers and intermediaries puts every American at risk," Wyden said. "I urge the FCC expand the scope of this investigation, and to more broadly probe the practice of third parties buying real-time location data on Americans." He is also calling for FCC Chairman Ajit Pai to recuse himself from the investigation, because Pai was a former attorney for Securus.

Intel

New Spectre Attack Can Reveal Firmware Secrets (zdnet.com) 60

Yuriy Bulygin, the former head of Intel's advanced threat team, has published research showing that the Spectre CPU flaws can be used to break into the highly privileged CPU mode on Intel x86 systems known as System Management Mode (SMM). ZDNet reports: Bulygin, who has launched security firm Eclypsium, has modified Spectre variant 1 with kernel privileges to attack a host system's firmware and expose code in SMM, a secure portion of BIOS or UEFI firmware. SMM resides in SMRAM, a protected region of physical memory that should only be accessible by BIOS firmware and not the operating system kernel, hypervisors or security software. SMM handles especially disruptive interrupts and is accessible through the SMM runtime of the firmware, knows as System Management Interrupt (SMI) handlers.

"Because SMM generally has privileged access to physical memory, including memory isolated from operating systems, our research demonstrates that Spectre-based attacks can reveal other secrets in memory (eg, hypervisor, operating system, or application)," Bulygin explains. To expose code in SMM, Bulygin modified a publicly available proof-of-concept Spectre 1 exploit running with kernel-level privileges to bypass Intel's System Management Range Register (SMRR), a set or range registers that protect SMM memory. "These enhanced Spectre attacks allow an unprivileged attacker to read the contents of memory, including memory that should be protected by the range registers, such as SMM memory," he notes.

Security

RedDawn Android Malware Is Harvesting Personal Data of North Korean Defectors (theinquirer.net) 21

According to security company McAfee, North Korea uploaded three spying apps to the Google Play Store in January that contained hidden functions designed to steal personal photos, contact lists, text messages, and device information from the phones they were installed on. "Two of the apps purported to be security utilities, while a third provided information about food ingredients," reports The Inquirer. All three of the apps were part of a campaign dubbed "RedDawn" and targeted primarily North Korean defectors. From the report: The apps were promoted to particular targets via Facebook, McAfee claims. However, it adds that the malware was not the work of the well-known Lazarus Group, but another North Korean hacking outfit that has been dubbed Sun Team. The apps were called Food Ingredients Info, Fast AppLock and AppLockFree. "Food Ingredients Info and Fast AppLock secretly steal device information and receive commands and additional executable (.dex) files from a cloud control server. We believe that these apps are multi-staged, with several components."

"AppLockFree is part of the reconnaissance stage, we believe, setting the foundation for the next stage unlike the other two apps. The malwares were spread to friends, asking them to install the apps and offer feedback via a Facebook account with a fake profile promoted Food Ingredients Info," according to McAfee security researcher Jaewon Min. "After infecting a device, the malware uses Dropbox and Yandex to upload data and issue commands, including additional plug-in dex files; this is a similar tactic to earlier Sun Team attacks. From these cloud storage sites, we found information logs from the same test Android devices that Sun Team used for the malware campaign we reported in January. The logs had a similar format and used the same abbreviations for fields as in other Sun Team logs. Furthermore, the email addresses of the new malware's developer are identical to the earlier email addresses associated with the Sun Team."

Government

Congress Is Looking To Extend Copyright Protection Term To 144 Years (wired.com) 292

"Because it apparently isn't bad enough already, Congress is looking to extend the copyright term to 144 years," writes Slashdot reader llamalad. "Please write to your representatives and consider donating to the EFF." American attorney Lawrence Lessig writes via Wired: Almost exactly 20 years ago, Congress passed the Sonny Bono Copyright Term Extension Act, which extended the term of existing copyrights by 20 years. The Act was the 11th extension in the prior 40 years, timed perfectly to assure that certain famous works, including Mickey Mouse, would not pass into the public domain. Immediately after the law came into force, a digital publisher of public domain works, Eric Eldred, filed a lawsuit challenging the act [which the Supreme Court later rejected].

Twenty years later, the fight for term extension has begun anew. Buried in an otherwise harmless act, passed by the House and now being considered in the Senate, this new bill purports to create a new digital performance right -- basically the right to control copies of recordings on any digital platform (ever hear of the internet?) -- for musical recordings made before 1972. These recordings would now have a new right, protected until 2067, which, for some, means a total term of protection of 144 years. The beneficiaries of this monopoly need do nothing to get the benefit of this gift. They don't have to make the work available. Nor do they have to register their claims in advance.

Transportation

Utilities, Tesla Appeal Federal Rollback of Auto Emissions Standards (arstechnica.com) 118

A coalition of utilities and electric vehicle makers, including Tesla, are petitioning the EPA to reconsider its recent plan to roll back auto emissions standards. In April, the EPA said that it would relax greenhouse gas emissions standards that had been put in place for model year 2022-2025 vehicles. Ars Technica reports: The National Coalition for Advanced Transportation (NCAT) represents 12 utilities as well as Tesla, electric truck maker Workhorse, and EV charging network EVgo. NCAT earlier this month asked the Second Circuit Court of Appeals in Washington, DC to review the EPA's latest efforts to relax the Obama-era fuel economy standards.

The coalition challenge to the EPA follows a similar challenge made by 17 states, including California. The utilities' efforts show that they're interested in protecting one of the major projected avenues for growth in electricity demand. Electricity consumption has stagnated in the U.S. as efficiency measures take effect and, in some states, solar panels make it easier for residents to buy less electricity from the local utility.

Businesses

Trump Personally Pushed Postmaster General To Double Rates on Amazon, Other Firms: Report (washingtonpost.com) 352

President Trump personally urged the leader of the U.S. Postal Service to double the rates the agency charges Amazon and other firms for delivery packages in several private conversations in 2017 and 2018, The Washington Post reported Friday (alternative source). From the report: Postmaster General Megan Brennan has so far resisted Trump's demand, explaining in multiple conversations occurring this year and last that these arrangements are bound by contracts and must be reviewed by a regulatory commission, the three people said. She has told the president that the Amazon relationship is beneficial for the Postal Service and gave him a set of slides that showed the variety of companies, in addition to Amazon, that also partner for deliveries.

Despite these presentations, Trump has continued to level criticism at Amazon. And last month, his critiques culminated in the signing of an executive order mandating a government review of the financially strapped Postal Service that could lead to major changes in the way it charges Amazon and others for package delivery. Few U.S. companies have drawn Trump's ire as much as Amazon, which has rapidly grown to be the second-largest U.S. company in terms of market capitalization. For more than three years, Trump has fumed publicly and privately about the giant commerce and services company and its founder Jeffrey P. Bezos, who is also the owner of The Washington Post.

Crime

Alleged Owners of Mugshots.com Have Been Arrested For Extortion (lawandcrime.com) 101

Reader schwit1 writes: The alleged owners of Mugshots.com have been charged and arrested. These four men Sahar Sarid, Kishore Vidya Bhavnanie, Thomas Keesee, and David Usdan only removed a person's mugshot from the site if this individual paid a "de-publishing" fee, according to the California Attorney General on Wednesday. That's apparently considered extortion. On top of that, they also face charges of money laundering, and identity theft.

If you read a lot of articles about crime, then you're probably already familiar with the site (which is still up as of Friday afternoon). They take mugshots, slap the url multiple times on the image, and post it on the site alongside an excerpt from a news outlet that covered the person's arrest. According to the AG's office, the owners would only remove the mugshots if the person paid a fee, even if the charges were dismissed. This happened even if the suspect was only arrested because of "mistaken identity or law enforcement error." You can read the affidavit here.

Security

A Bug in Keeper Password Manager Leads To Sparring Over 'Zero-Knowledge' Claim (zdnet.com) 47

Keeper, a password manager maker that recently and controversially sued a reporter, has fixed a bug that a security researcher claimed could have allowed access to a user's private data. From a report: The bug -- which the company confirmed and has since fixed -- filed anonymously to a public security disclosure list, detailed how anyone controlling Keeper's API server could gain access to the decryption key to a user's vault of passwords and other sensitive information. The researcher found the issue in the company's Python-powered script called Keeper Commander, which allows users to rotate passwords, eliminating the need for hardcoded passwords in software and systems.

According to the write-up, the researcher said it's possible that someone in control of Keeper's API -- such as employees at the company -- could unlock an account, because the API server stores the information used to produce an intermediary decryption key. "What seems to appear in the code of Keeper Commander from November 2015 to today is blind trust of the API server," said the researcher.

Businesses

Satellite Data Strongly Suggests That China, Russia and Other Authoritarian Countries Are Fudging Their GDP Reports (washingtonpost.com) 175

Christopher Ingraham, writing for The Washington Post: China, Russia and other authoritarian countries inflate their official GDP figures by anywhere from 15 to 30 percent in a given year, according to a new analysis of a quarter-century of satellite data. The working paper, by Luis R. Martinez of the University of Chicago, also found that authoritarian regimes are especially likely to artificially boost their gross domestic product numbers in the years before elections, and that the differences in GDP reporting between authoritarian and non-authoritarian countries can't be explained by structural factors, such as urbanization, composition of the economy or access to electricity. Martinez's findings are derived from a novel data source: satellite imagery that tracks changes in the level of nighttime lighting within and between countries over time.
Facebook

Facebook's Android App Is Asking for Superuser Privileges, Users Say (bleepingcomputer.com) 183

Catalin Cimpanu, reporting for BleepingComputer: The Facebook Android app is asking for superuser permissions, and a bunch of users are freaking out about granting the Facebook app full access to their device, an understandable reaction following the fallout from the Cambridge Analytica privacy scandal. "Grants full access to your device," read the prompts while asking users for superuser permissions. These popups originate from the official Facebook Android app (com.facebook.katana) and are started appearing last night [UTC timezone], continuing throughout the day. Panicked users took to social media, Reddit, and Android-themed forums to share screengrabs of these suspicious popups and ask for advice on what's going on.
Government

US Government Wants To Start Charging For Landsat, the Best Free Satellite Data On Earth (qz.com) 239

The U.S. government may begin charging users for access to five decades of satellite images of Earth. Quartz reports: Nature reports that the Department of Interior has asked an advisory board to consider the consequences of charging for the data generated by the Landsat program, which is the largest continuously collected set of Earth images taken in space and has been freely available to the public since 2008. Since 1972, Landsat has used eight different satellites to gather images of the Earth, with a ninth currently slated for a December 2020 launch. The data are widely used by government agencies, and since it became free, by an increasing number of academics, private companies and journalists. "As of March 31, 2018, more than 75 million Landsat scenes have been downloaded from the USGS-managed archive!" the agency noted on the 10th anniversary of the program.

Now, the government says the cost of sharing the data has grown as more people access it. Advocates for open data say the public benefit produced through research and business activity far outweigh those costs. A 2013 survey cited by Nature found that the dataset generated $2 billion in economic activity, compared to an $80 million budget for the program.

Education

Scottish Students Used Spellchecker Glitch To Cheat In Literacy Test (bbc.com) 166

Thelasko shares a report from the BBC: Schools are to be given advice on how to disable a glitch that allows pupils sitting online spelling tests to right-click their mouse and find the answer. It follows the discovery by teachers that children familiar with traditional computer spellcheckers were simply applying it to the tests. The Scottish National Standardized Assessments were introduced to assess progress in four different age groups. A spokesman said the issue was not with the Scottish National Standardized Assessments (SNSA) but with browser or device settings on some machines.

Introduced in 2017, the spelling test asks children to identify misspelt words. However, on some school computers the words were highlighted with a red line. Pupils who right-clicked on the words were then able to access the correct spelling. The web-based SNSA tool enables teachers to administer online literacy and numeracy tests for pupils in P1, P4, P7 and S3, which are marked and scored automatically. Advice is being given to schools about how to disable the spellchecking function.

Wireless Networking

Ask Slashdot: Which Is the Safest Router? 380

MindPrison writes: As ashamed as I am to admit it -- a longtime computer user since the Commodore heydays, I've been hacked twice recently and that has seriously made me rethink my options for my safety and well-being. So, I ask you dear Slashdot users, from one fellow longtime Slashdotter to another: which is the best router for optimal safety today?

Slashdot Top Deals