Government

Ask Slashdot: How Would You Use Computers To Make Elections Better? 496

shanen writes: Regarding politics, is there anything that Americans agree on? If so, it's probably something negative like "The system is broken," or "The leading candidates are terrible," or even "Your state is a shithole." With all our fancy technology, what's going wrong? Our computers are creating problems, not solutions. For example, gerrymandering relies on fancy computers to rig the maps. Negative campaigning increasingly relies on computers to target the attacks on specific voters. Even international attacks exploit the internet to intrude into elections around the world. Here are three of my suggested solutions, though I can't imagine any of today's politicians would ever support anything along these lines:

(1) Guest voting: If you hate your district, you could vote in a neighboring district. The more they gerrymander, the less predictable the election results.
(2) Results-based weighting: The winning candidates get more voting power in the legislature, reflecting how many people actually voted for them. If you win a boring and uncontested election where few people vote, then part of your vote in the legislature would be transferred to the winners who also had more real votes.
(3) Negative voting: A voter could use an electronic ballot to make it explicit that the vote is negative, not positive. The candidate with the most positive or fewest negative votes still wins, but if the election has too many negative votes, then that "winner" would be penalized, perhaps with a half term rather than a full term.

What wild and crazy ideas do you have for using computers to make elections better, not worse?
China

Apple's China iCloud Data Migration Sweeps Up International User Accounts (techcrunch.com) 45

Yesterday, it was reported that Apple's iCloud services in mainland China will be operated by a Chinese company from next month. What wasn't reported was the fact that Apple has included iCloud accounts that were opened in the U.S., are paid for using U.S. dollars and/or are connected to U.S.-based App Store accounts in the data that will be handled by local partner Guizhou-Cloud Big Data (GCBD) from February 28. TechCrunch reports: Apple has given China-based users the option to delete their data, but there is no opt out that allows them to have it stored elsewhere. That has concerned some users who are uneasy that the data migration is a sign of closer ties with the Chinese government, particularly since GCBD is owned by the Guizhou provincial government. When asked for comment, Apple pointed TechCrunch to its terms and conditions site which explains that it is migrating iCloud accounts based on their location: "The operation of iCloud services associated with Apple IDs that have China in their country or region setting will be subject to this transition. You will be notified of this transition via email and notifications on your devices. You don't need to take any further action and can keep using iCloud in China. After February 28, 2018, you will need to agree to the terms and conditions of iCloud operated by GCBD to keep using iCloud in China."

However, TechCrunch found instances of iCloud accounts registered overseas that were part of the migration. One user did find an apparent opt-out. That requires the user switching their iCloud account back to China, then signing out of all devices. They then switch their phone and iCloud settings to the U.S. and then, upon signing back into iCloud, their account will (seemingly) not be part of the migration. Opting out might be a wise-move, as onlookers voice concern that a government-owned company is directly involved in storing user data.

Intel

Researcher Finds Another Security Flaw In Intel Management Firmware (arstechnica.com) 87

An anonymous reader quotes a report from Ars Technica: Meltdown and Spectre are not the only security problems Intel is facing these days. Today, researchers at F-Secure have revealed another weakness in Intel's management firmware that could allow an attacker with brief physical access to PCs to gain persistent remote access to the system, thanks to weak security in Intel's Active Management Technology (AMT) firmware -- remote "out of band" device management technology installed on 100 million systems over the last decade, according to Intel. [T]he latest vulnerability -- discovered in July of 2017 by F-Secure security consultant Harry Sintonen and revealed by the company today in a blog post -- is more of a feature than a bug. Notebook and desktop PCs with Intel AMT can be compromised in moments by someone with physical access to the computer -- even bypassing BIOS passwords, Trusted Platform Module personal identification numbers, and Bitlocker disk encryption passwords -- by rebooting the computer, entering its BIOS boot menu, and selecting configuration for Intel's Management Engine BIOS Extension (MEBx).

If MEBx hasn't been configured by the user or by their organization's IT department, the attacker can log into the configuration settings using Intel's default password of "admin." The attacker can then change the password, enable remote access, and set the firmware to not give the computer's user an "opt-in" message at boot time. "Now the attacker can gain access to the system remotely," F-Secure's release noted, "as long as they're able to insert themselves onto the same network segment with the victim (enabling wireless access requires a few extra steps)."

The Courts

US Supreme Court Will Revisit Ruling On Collecting Internet Sales Tax (theverge.com) 177

An anonymous reader quotes a report from Bloomberg: The U.S. Supreme Court will consider freeing state and local governments to collect billions of dollars in sales taxes from online retailers, agreeing to revisit a 26-year-old ruling that has made much of the internet a tax-free zone. Heeding calls from traditional retailers and dozens of states, the justices said they'll hear South Dakota's contention that the 1992 ruling is obsolete in the e-commerce era and should be overturned. State and local governments could have collected up to $13 billion more in 2017 if they'd been allowed to require sales tax payments from online merchants and other remote sellers, according to a report from the Government Accountability Office, Congress's non-partisan audit and research agency. Other estimates are even higher. All but five states impose sales taxes.

The high court's 1992 Quill v. North Dakota ruling, which involved a mail-order company, said retailers can be forced to collect taxes only in states where the company has a "physical presence." The court invoked the so-called dormant commerce clause, a judge-created legal doctrine that bars states from interfering with interstate commerce unless authorized by Congress. South Dakota passed its law in 2016 with an eye toward overturning the Quill decision. It requires retailers with more than $100,000 in annual sales in the state to pay a 4.5 percent tax on purchases. Soon after enacting the law, the state filed suit and asked the courts to declare the measure constitutional.

Piracy

Studios Sue Dragon Box in Latest Crackdown on Streaming Devices (variety.com) 54

An anonymous reader shares a report: Netflix and Amazon joined with the major studios on Wednesday in a lawsuit against Dragon Box, as the studios continue their crackdown on streaming devices. The suit accuses Dragon Box of facilitating piracy by making it easy for customers to access illegal streams of movies and TV shows. Some of the films available are still in theaters, including Disney's "Coco," the suit alleges. Dragon Box has advertised the product as a means to avoid paying for authorized subscription services, the complaint alleges, quoting marketing material that encourages users to "Get rid of your premium channels ... [and] Stop paying for Netflix and Hulu." The same studios filed a similar complaint in October against TickBox, another device that enables users to watch streaming content. Both TickBox and Dragon Box make use of Kodi add-ons, a third-party software application.
Wireless Networking

FCC Undoing Rules That Make It Easier For Small ISPs To Compete With Big Telecom (vice.com) 98

An anonymous reader quotes a report from Motherboard: The Federal Communications Commission is currently considering a rule change that would alter how it doles out licenses for wireless spectrum. These changes would make it easier and more affordable for Big Telecom to scoop up licenses, while making it almost impossible for small, local wireless ISPs to compete. The Citizens Broadband Radio Service (CBRS) spectrum is the rather earnest name for a chunk of spectrum that the federal government licenses out to businesses. It covers 3550-3700 MHz, which is considered a "midband" spectrum. It can get complicated, but it helps to think of it how radio channels work: There are specific channels that can be used to broadcast, and companies buy the license to broadcast over that particular channel. The FCC will be auctioning off licenses for the CBRS, and many local wireless ISPs -- internet service providers that use wireless signal, rather than cables, to connect customers to the internet -- have been hoping to buy licenses to make it easier to reach their most remote customers.

The CBRS spectrum was designed for Navy radar, and when it was opened up for auction, the traditional model favored Big Telecom cell phone service providers. That's because the spectrum would be auctioned off in pieces that were too big for smaller companies to afford -- and covered more area than they needed to serve their customers. But in 2015, under the Obama administration, the FCC changed the rules for how the CBRS spectrum would be divvied up, allowing companies to bid on the spectrum for a much smaller area of land. Just as these changes were being finalized this past fall, Trump's FCC proposed going back to the old method. This would work out well for Big Telecom, which would want larger swaths of coverage anyway, and would have the added bonus of being able to price out smaller competitors (because the larger areas of coverage will inherently cost more.)
As for why the FCC is even considering this? You can blame T-Mobile. "According to the agency's proposal, because T-Mobile and CTIA, a trade group that represents all major cellphone providers, 'ask[ed] the Commission to reexamine several of the [...] licensing rules,'" reports Motherboard. The proposal reads: "Licensing on a census tract-basis -- which could result in over 500,000 [licenses] -- will be challenging for Administrators, the Commission, and licensees to manage, and will create unnecessary interference risks due to the large number of border areas that will need to be managed and maintained."
Bitcoin

South Korea Plans To Ban Cryptocurrency Trading 77

South Korea's government said on Thursday it plans to ban cryptocurrency trading, sending bitcoin prices plummeting and throwing the virtual coin market into turmoil as the nation's police and tax authorities raided local exchanges on alleged tax evasion. Reuters reports: The clampdown in South Korea, a crucial source of global demand for cryptocurrency, came as policymakers around the world struggled to regulate an asset whose value has skyrocketed over the last year. Justice minister Park Sang-ki said the government was preparing a bill to ban trading of the virtual currency on domestic exchanges. Once a bill is drafted, legislation for an outright ban of virtual coin trading will require a majority vote of the total 297 members of the National Assembly, a process that could take months or even years. The local price of bitcoin plunged as much as 21 percent in midday trade to 18.3 million won (12,730.35 pounds) after the minister's comments. It still trades at around a 30 percent premium compared to other countries.
Patents

TiVo Sues Comcast Again, Alleging Operator's X1 Infringes Eight Patents (variety.com) 57

TiVo's Rovi subsidiary on Wednesday filed two lawsuits in federal district courts, alleging Comcast's X1 platform infringes eight TiVo-owned patents. "That includes technology covering pausing and resuming shows on different devices; restarting live programming in progress; certain advanced DVR recording features; and advanced search and voice functionality," reports Variety. From the report: A Comcast spokeswoman said the company will "aggressively defend" itself. "Comcast engineers independently created our X1 products and services, and through its litigation campaign against Comcast, Rovi seeks to charge Comcast and its customers for technology Rovi didn't create," the Comcast rep said in a statement. "Rovi's attempt to extract these unfounded payments for its aging and increasingly obsolete patent portfolio has failed to date."

TiVo's legal action comes after entertainment-tech vendor Rovi (which acquired the DVR company in 2016 and adopted the TiVo name) sued Comcast and its set-top suppliers in April 2016, alleging infringement of 14 patents. In November 2017, the U.S. International Trade Commission ruled that Comcast infringed two Rovi patents -- with the cable operator prevailing on most of the patents at issue. However, because one of the TiVo patents Comcast was found to have violated covered cloud-based DVR functions, the cable operator disabled that feature for X1 customers. Comcast is appealing the ITC ruling.

Crime

Apple Health Data Is Being Used As Evidence In a Rape and Murder Investigation (vice.com) 185

An anonymous reader quotes a report from Motherboard: Hussein K., an Afghan refugee in Freiburg, has been on trial since September for allegedly raping and murdering a student in Freiburg, and disposing of her body in a river. But many of the details of the trial have been hazy -- no one can agree on his real age, and most notably, there's a mysterious chunk of time missing from the geodata and surveillance video analysis of his whereabouts at the time of the crime. He refused to give authorities the passcode to his iPhone, but investigators hired a Munich company (which one is not publicly known) to gain access to his device, according to German news outlet Welt. They searched through Apple's Health app, which was added to all iPhones with the release of iOS 8 in 2014, and were able to gain more data about what he was doing that day. The app records how many steps he took and what kind of activity he was doing throughout that day. The app recorded a portion of his activity as "climbing stairs," which authorities were able to correlate with the time he would have dragged his victim down the river embankment, and then climbed back up. Freiburg police sent an investigator to the scene to replicate his movements, and sure enough, his Health app activity correlated with what was recorded on the defendant's phone.
Microsoft

Microsoft Partners with Signal to Bring End-To-End Encryption to Skype (bleepingcomputer.com) 64

Microsoft and Open Whisper Systems (makers of the Signal app) surprised many on Thursday when they said they are partnering to bring support for end-to-end (E2E) encrypted conversations to Skype. From a report: The new feature, called Skype Private Conversations has been rolled out for initial tests with Skype Insider builds. Private Conversations will encrypt Skype audio calls and text messages. Images, audio or video files sent via Skype's text messaging feature will also be encrypted. Microsoft will be using the Signal open-source protocol to encrypt these communications. This is the same end-to-end encryption protocol used by Facebook for WhatsApp and Facebook Messenger, and by Google for the Allo app.
Government

House Passes Bill To Renew NSA Internet Spying Tool (reuters.com) 114

Dustin Volz, reporting for Reuters: The U.S. House of Representatives on Thursday passed a bill to renew the National Security Agency's warrantless internet surveillance program, overcoming objections from privacy advocates and confusion prompted by morning tweets from President Donald Trump that initially questioned the spying tool. The legislation, which passed 256-164 and split party lines, is the culmination of a yearslong debate in Congress on the proper scope of U.S. intelligence collection -- one fueled by the 2013 disclosures of classified surveillance secrets by former NSA contractor Edward Snowden. Senior Democrats in the U.S. House of Representatives had urged cancellation of the vote after Trump appeared to cast doubt on the merits of the program, but Republicans forged ahead.
Businesses

Uber Used Another Secret Software To Evade Police, Report Says (bloomberg.com) 226

schwit1 shares a Bloomberg report: In May 2015 about 10 investigators for the Quebec tax authority burst into Uber Technologies's office in Montreal. The authorities believed Uber had violated tax laws and had a warrant to collect evidence. Managers on-site knew what to do, say people with knowledge of the event. Like managers at Uber's hundreds of offices abroad, they'd been trained to page a number that alerted specially trained staff at company headquarters in San Francisco. When the call came in, staffers quickly remotely logged off every computer in the Montreal office, making it practically impossible for the authorities to retrieve the company records they'd obtained a warrant to collect. The investigators left without any evidence.

Most tech companies don't expect police to regularly raid their offices, but Uber isn't most companies. The ride-hailing startup's reputation for flouting local labor laws and taxi rules has made it a favorite target for law enforcement agencies around the world. That's where this remote system, called Ripley, comes in. From spring 2015 until late 2016, Uber routinely used Ripley to thwart police raids in foreign countries, say three people with knowledge of the system. Allusions to its nature can be found in a smattering of court filings, but its details, scope, and origin haven't been previously reported. The Uber HQ team overseeing Ripley could remotely change passwords and otherwise lock up data on company-owned smartphones, laptops, and desktops as well as shut down the devices. This routine was initially called the unexpected visitor protocol. Employees aware of its existence eventually took to calling it Ripley, after Sigourney Weaver's flamethrower-wielding hero in the Alien movies. The nickname was inspired by a Ripley line in Aliens, after the acid-blooded extraterrestrials easily best a squad of ground troops. 'Nuke the entire site from orbit. It's the only way to be sure.'

Encryption

FBI Calls Apple 'Jerks' and 'Evil Geniuses' For Making iPhone Cracks Difficult (itwire.com) 348

troublemaker_23 shares a report from iTWire: A forensics expert from the FBI has lashed out at Apple, calling the company's security team a bunch of "jerks" and "evil geniuses" for making it more difficult to circumvent the encryption on its devices. Stephen Flatley told the International Conference on Cyber Security in New York on Wednesday that one example of the way that Apple had made it harder for him and his colleagues to break into the iPhone was by recently making the password guesses slower, with a change in hash iterations from 10,000 to 10,000,000. A report on the Motherboard website said Flatley explained that this change meant that the speed at which one could brute-force passwords went from 45 attempts a second to one every 18 seconds. "Your crack time just went from two days to two months," he was quoted as saying. "At what point is it just trying to one up things and at what point is it to thwart law enforcement? Apple is pretty good at evil genius stuff," Flatley added.
Electronic Frontier Foundation

Violating a Website's Terms of Service Is Not a Crime, Federal Court Rules (eff.org) 82

An anonymous reader quotes a report from the Electronic Frontier Foundation: Good news out of the Ninth Circuit: the federal court of appeals heeded EFF's advice and rejected an attempt by Oracle to hold a company criminally liable for accessing Oracle's website in a manner it didn't like. The court ruled back in 2012 that merely violating a website's terms of use is not a crime under the federal computer crime statute, the Computer Fraud and Abuse Act. But some companies, like Oracle, turned to state computer crime statutes -- in this case, California and Nevada -- to enforce their computer use preferences. This decision shores up the good precedent from 2012 and makes clear -- if it wasn't clear already -- that violating a corporate computer use policy is not a crime.
The Courts

NYC Sues Oil Companies Over Climate Change (theguardian.com) 433

An anonymous reader quotes a report from The Guardian: New York City is seeking to lead the assault on both climate change and the Trump administration with a plan to divest $5 billion from fossil fuels and sue the world's most powerful oil companies over their contribution to dangerous global warming. City officials have set a goal of divesting New York's $189 billion pension funds from fossil fuel companies within five years in what they say would be "among the most significant divestment efforts in the world to date." Currently, New York City's five pension funds have about $5 billion in fossil fuel investments. New York state has already announced it is exploring how to divest from fossil fuels. New York's Mayor, Bill de Blasio, said that the city is taking the five fossil fuel firms -- BP, Exxon Mobil, Chevron, ConocoPhillips and Shell -- to federal court due to their contribution to climate change.

Court documents state that New York has suffered from flooding and erosion due to climate change and because of looming future threats it is seeking to "shift the costs of protecting the city from climate change impacts back on to the companies that have done nearly all they could to create this existential threat." The court filing claims that just 100 fossil fuel producers are responsible for nearly two-thirds of all greenhouse gas emissions since the industrial revolution, with the five targeted companies the largest contributors. The case will also point to evidence that firms such as Exxon knew of the impact of climate change for decades, only to downplay and even deny this in public.

Communications

FCC Plan To Lower Broadband Standards Is Met With 'Mobile Only Challenge' (arstechnica.com) 145

An anonymous reader quotes a report from Ars Technica: Broadband consumer advocates have launched a "Mobile Only Challenge" to show U.S. regulators that cellular data should not be considered an adequate replacement for home Internet service. The awareness campaign comes as the Federal Communications Commission is considering a change to the standard it uses to judge whether broadband is being deployed to all Americans in a reasonable and timely fashion. While FCC Chairman Ajit Pai hasn't released his final plan yet, the FCC may soon declare that America's broadband deployment problem is solved as long as everyone has access to either fast home Internet or cellular Internet service with download speeds of at least 10Mbps. That would be a change from current FCC policy, which says that everyone should have access to both mobile data and fast home Internet services such as fiber or cable.

"The FCC wants to lower broadband standards," organizers of the Mobile Only Challenge say on the campaign's website. "Pledge to spend one day in January 2018 accessing the Internet only on your mobile device to tell them that's not OK." The Mobile Only Challenge was organized by Public Knowledge, Next Century Cities, New America's Open Technology Institute, the Institute for Local Self-Reliance, the National Hispanic Media Coalition (NHMC), and other groups. Participants are encouraged to share their experiences using the #MobileOnly hashtag.

Desktops (Apple)

macOS High Sierra's App Store System Preferences Can Be Unlocked With Any Password (macrumors.com) 58

A bug report submitted on Open Radar this week reveals a security vulnerability in the current version of macOS High Sierra that allows the App Store menu in System Preferences to be unlocked with any password. From a report: MacRumors is able to reproduce the issue on macOS High Sierra version 10.13.2, the latest public release of the operating system, on an administrator-level account by following these steps: 1. Click on System Preferences. 2. Click on App Store. 3. Click on the padlock icon to lock it if necessary. 4. Click on the padlock icon again. 5. Enter your username and any password. 6. Click Unlock.

As mentioned in the radar, System Preferences does not accept an incorrect password with a non-administrator account. We also weren't able to unlock any other System Preferences menus with an incorrect password. We're unable to reproduce the issue on the third or fourth betas of macOS High Sierra 10.13.3, suggesting Apple has fixed the security vulnerability in the upcoming release. However, the update currently remains in testing.

Facebook

WhatsApp Security Flaws Could Be Exploited To Covertly Add Members To Group Chats (iacr.org) 29

A group of crytopgraphers from Germany's Ruhr University Bochum have uncovered flaws in WhatsApp's security that compromise the instant messaging service's end-to-end encryption. WhatsApp, owned by Facebook, has over one billion active users. In a paper published last week, "More is Less: On the End-to-End Security of Group Chats in Signal, WhatsApp, and Threema," anyone who controls WhatsApp's servers, including company employees, can covertly add members to any group -- a claim that might not bode well with privacy enthusiasts. From the paper: The described weaknesses enable attacker A, who controls the WhatsApp server or can break the transport layer security, to take full control over a group. Entering the group however leaves traces since this operation is listed in the graphical user interface. The WhatsApp server can therefore use the fact that it can stealthily reorder and drop messages in the group. Thereby it can cache sent messages to the group, read their content first and decide in which order they are delivered to the members. Additionally the WhatsApp server can forward these messages to the members individually such that a subtly chosen combination of messages can help it to cover the traces. Further reading: Wired.
Businesses

Senator Wants Apple To Answer Questions on Slowing iPhones (reuters.com) 169

The chairman of a U.S. Senate committee overseeing business issues asked Apple to answer questions about its disclosure that it slowed older iPhones with flagging batteries, Reuters reported on Wednesday, citing a letter. From the report: The California-based company apologized over the issue on Dec. 28, cut battery replacement costs and said it will change its software to show users whether their phone battery is good. Senator John Thune, a Republican who chairs the Commerce, Science and Transportation Committee, said in a Jan. 9 letter to Apple Chief Executive Officer Tim Cook that "the large volume of consumer criticism leveled against the company in light of its admission suggests that there should have been better transparency."
Privacy

Congress Is About To Vote On Expanding the Warrantless Surveillance of Americans (vice.com) 225

An anonymous reader quotes a report from Motherboard: On Tuesday afternoon, a handful of U.S. Representatives will convene to review an amendment that would reauthorize warrantless foreign surveillance and expand the law so that it could include American citizens. It would, in effect, legalize a surveillance practice abandoned by the NSA in 2017 in order to appease the Foreign Intelligence Surveillance Court, which found the NSA to have abused its collection capacity several times. If it passes Tuesday's review, the bill may be voted on by the U.S. House of Representatives as early as Thursday. Drafted by the House Intelligence Committee last December, the FISA Amendments Reauthorization Act of 2017 is an amendment to Section 702 of the Foreign Intelligence Surveillance Act (FISA). It is one of six different FISA-related bills under consideration by Congress at the moment, but by far the most damaging to the privacy rights of American citizens.

FISA was enacted in 1978, but Section 702, referred to by former FBI Director James Comey as the "crown jewels of the intelligence community," wasn't added until 2008. This section allows intelligence agencies to surveil any foreigner outside the U.S. without a warrant that the agency considers a target. The problem is that this often resulted in the warrantless surveillance of U.S. citizens as well due to two loopholes known as "backdoor searches" and "about collection." Backdoor search refers to a roundabout way of monitoring Americans' communications. Since intelligence agencies are able to designate any foreigner's communications as a target for surveillance, if this foreigner has communicated with an American this means this American's communications are then also considered fair game for surveillance by the agency.

Slashdot Top Deals