In a huge move for the mixed reality industry, Meta announced today that it's opening the Quest's operating system to third-party companies, allowing them to build headsets of their own. From a report: Think of it like moving the Quest's ecosystem from an Apple model, where one company builds both the hardware and software, to more of a hardware free-for-all like Android. The Quest OS is being rebranded to "Meta Horizon OS," and at this point it seems to have found two early adopters. ASUS's Republic of Gamers (ROG) brand is working on a new "performance gaming" headsets, while Lenovo is working on devices for "productivity, learning and entertainment." (Don't forget, Lenovo also built the poorly-received Oculus Rift S.)

As part of the news, Meta says it's also working on a limited-edition Xbox "inspired" Quest headset. (Microsoft and Meta also worked together recently to bring Xbox cloud gaming to the Quest.) Meta is also calling on Google to bring over the Google Play 2D app store to Meta Horizon OS. And, in an effort to bring more content to the Horizon ecosystem, software developed through the Quest App Lab will be featured in the Horizon Store. The company is also developing a new spatial framework to let mobile developers created mixed reality apps.

This week the Register spoke to former senior White House cyber policy director A.J. Grotto — who complained it was hard to get even slight concessions from Microsoft: "If you go back to the SolarWinds episode from a few years ago ... [Microsoft] was essentially up-selling logging capability to federal agencies" instead of making it the default, Grotto said. "As a result, it was really hard for agencies to identify their exposure to the SolarWinds breach." Grotto told us Microsoft had to be "dragged kicking and screaming" to provide logging capabilities to the government by default. [In the interview he calls it "an epic fight" which lasted 18 months."] [G]iven the fact the mega-corp banked around $20 billion in revenue from security services last year, the concession was minimal at best.

That illustrates, Grotto said, that "they [Microsoft] just have a ton of leverage, and they're not afraid to use it." Add to that concerns over an Exchange Online intrusion by Chinese snoops, and another Microsoft security breach by Russian cyber operatives, both of which allowed spies to gain access to US government emails, and Grotto says it's fair to classify Microsoft and its products as a national security concern.
He estimates that Microsoft makes 85% of U.S. government productivity software — and has an even greater share of their operating systems. "Microsoft in many ways has the government locked in, he says in the interview, "and so it's able to transfer a lot of these costs associated with the security breaches over to the federal government."

And about five minutes in, he says, point-blank, that "It's perfectly fair" to consider Microsoft a national security threat, given its dominance "not just within the federal government, but really in sort of the boarder IT marketplace. I think it's fair to say, yeah, that a systemic compromise that affects Microsoft and its products do rise to the level of a national security risk."

He'd like to see the government encourage more competition — to the point where public scrutiny prompts software customers to change their behavior, and creates a true market incentive for better performance...

The co-founder of Silicon Valley-based software testing startup HeadSpin was sentenced Friday to 18 months in prison and a $1 million fine, reports SFGate — for defrauding investors. Lachwani pleaded guilty to two counts of wire fraud and a count of securities fraud in April 2023, after federal prosecutors accused him of, for years, lying to investors about HeadSpin's finances to raise more money. HeadSpin, founded in 2015, grew to a $1.1 billion valuation by 2020 with over $115 million in funding from investors including Google Ventures and Iconiq Capital... He had personally altered invoices, lied to the company accountant and sent slide decks with fraudulent information to investors, [according to the government's 2021 criminal complaint]...

Breyer, per the New York Times, rejected Lachwani's lawyer's argument that because HeadSpin investors didn't end up losing money, he should receive a light sentence. The judge, who often oversees tech industry cases, reportedly said: "If you win, there are no serious consequences — that simply can't be the law." Still, the sentencing was far lighter than it could have been. The government's prosecuting attorneys had asked for a five-year prison term.
The New York Times reported in December that HeadSpin's financial statements had "often arrived months late, if at all, investors said in legal declarations," while the company's financial department "consisted of one external accountant who worked mostly from home using QuickBooks." And the comnpany also had no human resources department or organizational chart... After Manish Lachwani founded the Silicon Valley software start-up HeadSpin in 2015, he inflated the company's revenue numbers by nearly fourfold and falsely claimed that firms including Apple and American Express were customers. He showed a profit where there were losses. He used HeadSpin's cash to make risky trades on tech stocks. And he created fake invoices to cover it all up.

What was especially breathtaking was how easily Mr. Lachwani, now 48, pulled all that off... [HeadSpin] had no chief financial officer, had no human resources department and was never audited. Mr. Lachwani used that lack of oversight to paint a rosier picture of HeadSpin's growth. Even though its main investors knew the start-up's financials were not accurate, according to Mr. Lachwani's lawyers, they chose to invest anyway, eventually propelling HeadSpin to a $1.1 billion valuation in 2020. When the investors pushed Mr. Lachwani to add a chief financial officer and share more details about the company's finances, he simply brushed them off. These details emerged this month in filings in U.S. District Court for the Northern District of California after Mr. Lachwani had pleaded guilty to three counts of fraud in April...

The absence of controls at HeadSpin is part of an increasingly noticeable pattern at Silicon Valley start-ups that have run into trouble. Over the past decade, investors in tech start-ups were so eager to back hot companies that many often overlooked reckless behavior and gave up key controls like board seats, all in the service of fast growth and disruption. Then when founders took the ethos of "fake it till you make it" too far, their investors were often unaware or helpless...

Now, amid a start-up shakeout, more frauds have started coming to light. The founder of the college aid company Frank has been charged, the internet connectivity start-up Cloudbrink has been sued, and the social media app IRL has been investigated and sued. Last month, Mike Rothenberg, a Silicon Valley investor, was found guilty on 21 counts of fraud and money laundering. On Monday, Trevor Milton, founder of the electric vehicle company Nikola, was sentenced to four years in prison for lying about Nikola's technological capabilities.
The Times points out that similarly, FTX only had a three-person board "with barely any influence over the company, tracked its finances on QuickBooks and used a small, little-known accounting firm." And that Theranos had no financial audits for six years.

The EU's European Data Protection Board oversees its privacy-protecting GDPR policies.

Earlier this week, TechCrunch reported that nearly two dozen civil society groups and nonprofits wrote the Board an open letter "urging it not to endorse a strategy used by Meta that they say is intended to bypass the EU's privacy protections for commercial gain."

Meta's strategy is sometimes called "Pay or Okay," writes long-time Slashdot reader AmiMoJo : Meta offers users a choice: "consent" to tracking, or pay over €250/year to use its sites without invasive monetization of personal data.
Meta prefers the phrase "subsccription for no ads," and told TechCrunch it makes them compliant with EU laws: A raft of complaints have been filed against Meta's implementation of the pay-or-consent tactic since it launched the "no ads" subscription offer last fall. Additionally, in a notable step last month, the European Union opened a formal investigation into Meta's tactic, seeking to find whether it breaches obligations that apply to Facebook and Instagram under the competition-focused Digital Markets Act. That probe remains ongoing.
The letter to the Board called for "robust protections that prioritize data subjects' agency and control over their information." And Wednesday the board issued its first decision:

"[I]n most cases, it will not be possible for [social media services] to comply with the requirements for valid consent, if they confront users only with a choice between consenting to processing of personal data for behavioural advertising purposes and paying a fee." The EDPB considers that offering only a paid alternative to services which involve the processing of personal data for behavioural advertising purposes should not be the default way forward for controllers. When developing alternatives, large online platforms should consider providing individuals with an 'equivalent alternative' that does not entail the payment of a fee. If controllers do opt to charge a fee for access to the 'equivalent alternative', they should give significant consideration to offering an additional alternative. This free alternative should be without behavioural advertising, e.g. with a form of advertising involving the processing of less or no personal data.
EDPB Chair, Anu Talus added: "Controllers should take care at all times to avoid transforming the fundamental right to data protection into a feature that individuals have to pay to enjoy."

"Workers installing a light pole in Missouri cut into a fiber line," reports the Associated Press, knocking out 911 phone service "for emergency agencies in Nebraska, Nevada and South Dakota, an official with the company that operates the line said Thursday." In Kansas City, Missouri, workers installing a light pole for another company Wednesday cut into a Lumen Technologies fiber line, Lumen global issues director Mark Molzen said in an email to The Associated Press. Service was restored within 2 1/2 hours, he said. There were no reports of 911 outages in Kansas City...

The Dundy County Sheriff's Office in Nebraska warned in a social media post Wednesday night that 911 callers would receive a busy signal and urged people to instead call the administrative phone line. About three hours later, officials said mobile and landline 911 services had been restored. In Douglas County, home to Omaha and more than a quarter of Nebraska's residents, officials first learned there was a problem when calls from certain cellphone companies showed up in a system that maps calls but didn't go through over the phone. Operators started calling back anyone whose call didn't go through, and officials reached out to Lumen, which confirmed the outage. Service was restored by 4 a.m.

Kyle Kramer, the technical manager for Douglas County's 911 Center, said the outage highlights the potential problems of having so many calls go over the same network. "As things become more interconnected in our modern world, whether you're on a wireless device or a landline now, those are no longer going over the traditional old copper phone wires that may have different paths in different areas," Kramer said. "Large networks usually have some aggregation point, and those aggregation points can be a high risk."

Kramer said this incident and the two previous 911 outages he has seen in the past year in Omaha make him concerned that communications companies aren't building enough redundancy into their networks.
South Dakota officials called the state-wide outage "unprecedented," with their Department of Public Safety reporting the outage lasted two hours (though texting to 911 still worked in most locations — and of course, people could still call local emergency services using their non-emergency lines.) America's FCC has already begun an investigation.



The article notes that "The outages, ironically, occurred in the midst of National Public Safety Telecommunicators Week."

Thanks to long-time Slashdot reader davidwr for sharing the article.

Late Friday night the U.S. Senate "reauthorized the Foreign Intelligence Surveillance Act, a key. U.S. surveillance authority," reports Axios, "shortly after it expired in the early hours Saturday morning." The president then signed the bill into law. The reauthorization came despite bipartisan concerns about Section 702, which allows the government to collect communications from non-U.S. citizens overseas without a warrant. The legislation passed the Senate 60 to 34, with 17 Democrats, Sen. Bernie Sanders (I-Vt.) and 16 Republicans voting "nay." It extends the controversial Section 702 for two more years.
The bill had already passed last week in the U.S. House of Representatives, explains CNN: Under FISA's Section 702, the government hoovers up massive amounts of internet and cell phone data on foreign targets. Hundreds of thousands of Americans' information is incidentally collected during that process and then accessed each year without a warrant — down from millions of such queries the US government ran in past years. Critics refer to these queries as "backdoor" searches...

According to one assessment, it forms the basis of most of the intelligence the president views each morning and it has helped the U.S. keep tabs on Russia's intentions in Ukraine, identify foreign efforts to access US infrastructure, uncover foreign terror networks and thwart terror attacks in the U.S.
An interesting detail from The Verge: Sens. Ron Wyden (D-OR) and Josh Hawley (R-MO) introduced an amendment that would have struck language in the House bill that expanded the definition of "electronic communications service provider." Under the House's new provision, anyone "who has access to equipment that is being or may be used to transmit or store wire or electronic communications." The expansion, Wyden has claimed, would force "ordinary Americans and small businesses to conduct secret, warrantless spying." The Wyden-Hawley amendment failed 34-58, meaning that the next iteration of the FISA surveillance program will be more expansive than before.
Saturday morning the U.S. House of Representatives passed a bill banning TikTok if its Chinese owner doesn't sell the app.

The U.S. House of Representatives just passed its long-delayed Ukraine aid bill. But along with it they also approved a bill banning TikTok "if its Chinese owner does not sell the video app," according to NPR: While lawmakers in the House advanced a similar bill last month, this effort is different for two reasons: It is attached to a sweeping foreign aid bill providing support for Ukraine and Israel. And it addresses concerns from some members of the Senate by extending the deadline for TikTok to find a buyer. President Biden supports the effort. That means TikTok being forced to sell, or face a possible ban, is on the fast-track to becoming law. It would mark the first time ever the U.S. government has passed a law that could shut down an entire social media platform, setting the stage for what is expected to be a protracted legal battle... TikTok says it has built a firewall between its headquarters in Los Angeles and its parent company in Beijing, but some reports indicate U.S. user data does still move between the two.

While there has been no evidence made public that Chinese government officials have accessed Americans' information through TikTok, the idea that China has the theoretical ability to weaponize an app used by half of America has been enough to set off an all-out crackdown. In Saturday's vote, 360 Representatives voted in favor of the sell-or-be-banned TikTok bill, while just 58 voted against it.

An anonymous reader shared this report from the Washington Post: U.S. government officials were scrambling Friday night to prevent what they fear could be a significant loss of access to critical national security information, after two major U.S. communications providers said they would stop complying with orders under a controversial surveillance law that is set to expire at midnight, according to five people familiar with the matter.

One communications provider informed the National Security Agency that it would stop complying on Monday with orders under Section 702 of the Foreign Intelligence Surveillance Act, which enables U.S. intelligence agencies to gather without a warrant the digital communications of foreigners overseas — including when they text or email people inside the United States. Another provider suggested that it would cease complying at midnight Friday unless the law is reauthorized, according to the people familiar with the matter, who spoke on the condition of anonymity to discuss sensitive negotiations.

The companies' decisions, which were conveyed privately and have not previously been reported, have alarmed national security officials, who strongly disagree with their position and argue that the law requires the providers to continue complying with the government's surveillance orders even after the statute expires. That's because a federal court this month granted the government a one-year extension to continue intelligence collection.
UPDATE (4/20/2024): US Passes Bill Reauthorizing 'FISA' Surveillance for Two More Years.

An anonymous reader quotes a report from Reuters: The Dutch privacy watchdog AP on Friday said it was recommending that government organizations should stop using Facebook as long as it is unclear what happens with personal data of users of the government's Facebook pages. "People that visit a government's page need to be able to trust that their personal and sensitive data is in safe hands," AP chairman Aleid Wolfsen said in a statement. Junior minister for digitalization Alexandra van Huffelen said Facebook parent company Meta had to make clear before the summer how it could take away the government's concerns on the safety of data. "Otherwise we will be forced to stop using Facebook, in line with this advice," she said.

An anonymous reader quotes a report from Ars Technica: The US Constitution's Fifth Amendment protection against self-incrimination does not prohibit police officers from forcing a suspect to unlock a phone with a thumbprint scan, a federal appeals court ruled yesterday. The ruling does not apply to all cases in which biometrics are used to unlock an electronic device but is a significant decision in an unsettled area of the law. The US Court of Appeals for the 9th Circuit had to grapple with the question of "whether the compelled use of Payne's thumb to unlock his phone was testimonial," the ruling (PDF) in United States v. Jeremy Travis Payne said. "To date, neither the Supreme Court nor any of our sister circuits have addressed whether the compelled use of a biometric to unlock an electronic device is testimonial."

A three-judge panel at the 9th Circuit ruled unanimously against Payne, affirming a US District Court's denial of Payne's motion to suppress evidence. Payne was a California parolee who was arrested by California Highway Patrol (CHP) after a 2021 traffic stop and charged with possession with intent to distribute fentanyl, fluorofentanyl, and cocaine. There was a dispute in District Court over whether a CHP officer "forcibly used Payne's thumb to unlock the phone." But for the purposes of Payne's appeal, the government "accepted the defendant's version of the facts, i.e., 'that defendant's thumbprint was compelled.'" Payne's Fifth Amendment claim "rests entirely on whether the use of his thumb implicitly related certain facts to officers such that he can avail himself of the privilege against self-incrimination," the ruling said. Judges rejected his claim, holding "that the compelled use of Payne's thumb to unlock his phone (which he had already identified for the officers) required no cognitive exertion, placing it firmly in the same category as a blood draw or fingerprint taken at booking." "When Officer Coddington used Payne's thumb to unlock his phone -- which he could have accomplished even if Payne had been unconscious -- he did not intrude on the contents of Payne's mind," the court also said.

An anonymous reader quotes a report from the New York Times: Consumers have grown accustomed to the prospect that their personal data, such as email addresses, social contacts, browsing history and genetic ancestry, are being collected and often resold by the apps and the digital services they use. With the advent of consumer neurotechnologies, the data being collected is becoming ever more intimate. One headband serves as a personal meditation coach by monitoring the user's brain activity. Another purports to help treat anxiety and symptoms of depression. Another reads and interprets brain signals while the user scrolls through dating apps, presumably to provide better matches. ("'Listen to your heart' is not enough," the manufacturer says on its website.) The companies behind such technologies have access to the records of the users' brain activity -- the electrical signals underlying our thoughts, feelings and intentions.

On Wednesday, Governor Jared Polis of Colorado signed a bill that, for the first time in the United States, tries to ensure that such data remains truly private. The new law, which passed by a 61-to-1 vote in the Colorado House and a 34-to-0 vote in the Senate, expands the definition of "sensitive data" in the state's current personal privacy law to include biological and "neural data" generated by the brain, the spinal cord and the network of nerves that relays messages throughout the body. "Everything that we are is within our mind," said Jared Genser, general counsel and co-founder of the Neurorights Foundation, a science group that advocated the bill's passage. "What we think and feel, and the ability to decode that from the human brain, couldn't be any more intrusive or personal to us." "We are really excited to have an actual bill signed into law that will protect people's biological and neurological data," said Representative Cathy Kipp, Democrat of Colorado, who introduced the bill.

A jury found Avraham "Avi" Eisenberg guilty on all three counts of fraud and manipulation in a $110 million crypto trade scheme using the Mango Markets platform. Axios: The case was the first known test for a jury to decide whether existing U.S. laws governing fraud and market manipulation apply to the world of decentralized finance (DeFi). The 28-year-old Eisenberg will be held to account for his actions on Oct. 11, 2022, when a series of trades he made intentionally boosted the price of Mango Markets' native token, MNGO, as well as the price of futures contracts.

He used the inflated futures holdings as collateral to borrow other cryptocurrencies on the platform, then quickly withdrew those assets and walked away from his collateral. Eisenberg never disputed the facts of the strategy but contended that what he did was legal and permitted by the DeFi protocol, a principle in the industry known as "code is law." U.S. laws apply to DeFi: "Avraham Eisenberg ran a con," prosecutors said Wednesday, during closing arguments, continuing its momentum from last week. The word "con" was used at least six more times in those remarks.

An anonymous reader shares a report: A financially motivated criminal hacking group says it has stolen a confidential database containing millions of records that companies use for screening potential customers for links to sanctions and financial crime. The hackers, which call themselves GhostR, said they stole 5.3 million records from the World-Check screening database in March and are threatening to publish the data online.

World-Check is a screening database used for "know your customer" checks (or KYC), allowing companies to determine if prospective customers are high risk or potential criminals, such as people with links to money laundering or who are under government sanctions.The hackers told TechCrunch that they stole the data from a Singapore-based firm with access to the World-Check database, but did not name the firm. A portion of the stolen data, which the hackers shared with TechCrunch, includes individuals who were sanctioned as recently as this year.

An anonymous reader quotes a report from The Hill: The House on Wednesday approved a bill that would limit how the government can purchase data from third parties — legislation that scored a vote after negotiations with a group of GOP colleagues who briefly tanked a vote on warrantless spy powers. Dubbed the Fourth Amendment is Not For Sale, the legislation passed 219-199. It requires law enforcement and other government entities to get a warrant before buying information from third-party data brokers who purchase information gleaned from apps. [...] Senior administration officials said the measure would blind U.S. intelligence outfits from getting information easily purchased by foreign intelligence operations.

"In practice, these standards make it impossible for the [intelligence community], law enforcement to acquire a whole host of readily available information that they currently rely on," an administration official said. "Covered customer records as defined in the bill is very broad and includes records pertaining to any U.S. person or indeed any foreigner inside the United States. And as a practical matter, there's often no way to establish whether a particular individual was in the U.S. at a particular time a piece of data was created. Unless you did one thing, which is paradoxically to intrude further into their privacy just to figure out whether you could obtain some data." "It can be impossible to know what's in a data set before one actually obtains a data set," the official continued. "So you'd be barred from getting that which you don't even know."

CNBC reports that nine Google workers were arrested on trespassing charges Tuesday night in protest of the company's $1.2 billion contract providing cloud computing services to the Israeli government. The sit-in happened at Google Cloud CEO Thomas Kurian's office in Sunnyvale and the 10th floor commons of Google's New York office. From the report: The arrests, which were livestreamed on Twitch by participants, follow rallies outside Google offices in New York, Sunnyvale and Seattle, which attracted hundreds of attendees, according to workers involved. [...] Protesters in Sunnyvale sat in Kurian's office for more than nine hours until their arrests, writing demands on Kurian's whiteboard and wearing shirts that read "Googler against genocide." In New York, protesters sat in a three-floor common space. Five workers from Sunnyvale and four from New York were arrested.

"On a personal level, I am opposed to Google taking any military contracts -- no matter which government they're with or what exactly the contract is about," Cheyne Anderson, a Google Cloud software engineer based in Washington, told CNBC. "And I hold that opinion because Google is an international company and no matter which military it's with, there are always going to be people on the receiving end... represented in Google's employee base and also our user base." Anderson had flown to Sunnyvale for the protest in Kurian's office and was one of the workers arrested Tuesday. "Google Cloud supports numerous governments around the world in countries where we operate, including the Israeli government, with our generally available cloud computing services," a Google spokesperson told CNBC, adding, "This work is not directed at highly sensitive, classified, or military workloads relevant to weapons or intelligence services."