Check out the brand new SourceForge HTML5 speed test! Test your internet connection now. Works on all devices. ×
Encryption

US Efforts To Regulate Encryption Have Been Flawed, Government Report Finds (theguardian.com) 98

An anonymous reader writes from a report via The Guardian: U.S. Republican congressional staff said in a report released Wednesday that previous efforts to regulate privacy technology were flawed and that lawmakers need to learn more about technology before trying to regulate it. The 25-page white paper is entitled Going Dark, Going Forward: A Primer on the Encryption Debate and it does not provide any solution to the encryption fight. However, it is notable for its criticism of other lawmakers who have tried to legislate their way out of the encryption debate. It also sets a new starting point for Congress as it mulls whether to legislate on encryption during the Clinton or Trump administration. "Lawmakers need to develop a far deeper understanding of this complex issue before they attempt a legislative fix," the committee staff wrote in their report. The committee calls for more dialogue on the topic and for more interviews with experts, even though they claim to have already held more than 100 such briefings, some of which are classified. The report says in the first line that public interest in encryption has surged once it was revealed that terrorists behind the Paris and San Bernardino attacks "used encrypted communications to evade detection." Congressman Ted Lieu is pushing the federal government to treat ransomware attacks on medical facilities as data breaches and require notifications of patients.
Government

Congressman Wants Ransomware Attacks To Trigger Breach Notifications (onthewire.io) 69

Trailrunner7 quotes a report from On the Wire: A powerful California congressman is pushing the federal government to treat ransomware attacks on medical facilities as data breaches and require notifications of patients. The pressure is coming from Rep. Ted Lieu (D-Calif.) and follows comments from officials at the Department of Health and Human Services about the department's plan to issue guidance to health care organizations about ransomware attacks. The Office for Civil Rights section of HHS, which has responsibility for health information privacy, will provide guidance on how to handle ransomware attacks, and Lieu is eager to ensure that the guidance specifically addresses how ransomware attacks relate to data breach regulations. "I welcome the news of HHS providing guidance to health providers on a matter that threatens so many hospital IT systems. However, we need to make clear that ransomware is not the same as conventional breaches. The threat to patients from ransomware is typically due to the denial of access to their medical records and medical services. Not only could this be a threat to privacy, but it could result in medical complications and deaths if hospitals can't access patient information," Lieu said in a statement. He sent a letter to the deputy director for health information privacy in the Office of Civil Rights at HHS, Deven McGraw, asking him to instruct health organizations and providers to notify patients of an attack if it results in a denial of access to a medical record or a loss of functionality thats necessary to provide patient care. In the past, Lieu has called for a full congressional investigation into the aforementioned widespread flaw in global phone networks that allows hackers to track anyone's location and spy on their phone calls and text messages. He was also one of the first lawmakers to publicly express his pro-encryption view after a federal judge ordered Apple to help the FBI break into the San Bernardino shooter's iPhone, saying it effectively "forces private-sector companies like Apple to be used as an arm of law enforcement."
Databases

2 Million-Person Terror Database Leaked Online (thestack.com) 158

An anonymous reader writes from a report via The Stack: A 2014 version of the World-Check database containing more than 2.2 million records of people with suspected terrorist, organized crime, and corruption links has been leaked online. The World-Check database is administered by Thomson-Reuters and is used by 4,500 institutions, 49 of the world's 50 largest banks and by over 300 government and intelligence agencies. The unregulated database is intended for use as "an early warning system for hidden risk" and combines records from hundreds of terror and crime suspects and watch-lists into a searchable resource. Most of the individuals in the database are unlikely to know that they are included, even though it may have a negative impact on their ability to use banking services and operate a business. A Reddit user named Chris Vickery says he obtained a copy of the database, saying he won't reveal how until "a later time." To access the database, customers must pay an annual subscription charge, that can reach up to $1 million, according to Vice, with potential subscribers then vetted before approval. Vickery says he understands that the "original location of the leak is still exposed to the public internet" and that "Thomas Reuters is working feverishly to get it secured." He told The Register that he alerted the company to the leak, but is still considering whether to publish the information contained in it.
Businesses

Volkswagen Agrees To Record $14.7B Settlement Over Emissions Cheating (cnn.com) 141

An anonymous reader quotes a report from CNNMoney: Volkswagen's deliberate cheating on emissions tests will cost it a record $14.7 billion. And that's just the start of its problems. The settlement is only a preliminary step in the case; the automaker still faces possible criminal charges, as well as civil penalties for Clean Air Act violations. The Department of Justice is investigating possible criminal charges against both the company and individuals, said Deputy Attorney General Sally Yates. Up to $10 billion of the funds will be paid out to owners of the 487,000 affected diesel cars in the U.S., sold under the VW or luxury Audi brands. How much an owner gets will depend on whether an owner chooses to fix their car or just have VW buy it back -- they have until May 2018 to decide. Repurchasing the cars will cost VW between $12,500 to $44,000 per car. The $14.7 billion settlement estimate assumes that all the cars are repurchased. Owners who elect to get their vehicles fixed will also get a cash payment of between $5,100 and $10,000 to compensate them for the lost value of the cars, as well as for Volkswagen's deceptive promise of "clean diesel." Most of the buyers paid extra for a car with a diesel engine. In addition to the customer payments, Volkswagen will pay $2.7 billion for environmental cleanup and $2 billion to promote zero-emission vehicles. The clean up money will be used by individual states to cut other diesel emissions by replacing older, government-owned trucks, buses and other diesel engines now in use. Volkswagen is betting big on electric vehicles after this emissions scandal. It plans to deliver 30 electric plug-in models by 2025.
Transportation

DoNotPay Bot Has Beaten 160,000 Traffic Tickets -- and Counting (venturebeat.com) 179

Khari Johnson, writing for VentureBeat:A bot made to challenge traffic tickets has been used more than 9,000 times by New Yorkers, according to DoNotPay maker Joshua Browder. The bot was made available to New Yorkers in March. In recent years and decades, residents of The Big Apple have seen a persistent increase in traffic fines. A record $1.9 billion in traffic fines was issued by the City of New York in 2015. Since the first version of the bot was released in London last fall, 160,000 of 250,000 tickets have been successfully challenged with DoNotPay, Browder said. "I think the people getting parking tickets are the most vulnerable in society," said Browder. "These people aren't looking to break the law. I think they're being exploited as a revenue source by the local government." Browder, who's 19, hopes to extend DoNotPay to Seattle this fall.
Patents

Apple Patents a Way To Keep People From Filming At Concerts and Movie Theaters (qz.com) 262

An anonymous reader writes: Apple has patented a system that prohibits smartphone users from taking photos and videos at concerts, movie theaters and other events where people tend to ignore such restrictions. The patent has been award to Apple today and was first spotted by Patently Apple. QZ reports: "It outlines a system which would allow venues to use an infrared emitter to remotely disable the camera function on smartphones. According to the patent, infrared beams could be picked up by the camera, and interpreted by the smartphone as a command to block the user from taking any photos or videos of whatever they're seeing. The patent also outlines ways that infrared blasters could actually improve someone's experience at a venue. For example, the beams could be used to send information to museum-goers by pointing a smartphone camera at a blaster placed next to a piece of art." The report also mentions that the patent could in theory be used to help police limit smartphone filming of acts of brutality, or help a government shut off filming in certain locations. Last week, SlashGear reported that Alicia Keys is the latest musician to ban cellphones at her events.
Piracy

Judge Dismisses Movie Piracy Case, IP-Address Doesn't Prove Anything (torrentfreak.com) 160

An anonymous reader quotes a report from TorrentFreak: In what's believed to be a first of its kind ruling, a federal court in Oregon has dismissed a direct infringement complaint against an alleged movie pirate from the outset. According to the judge, linking an IP-address to a pirated download is not enough to prove direct copyright infringement. In the Oregon District Court, Magistrate Judge Stacie Beckerman recently recommended dismissal of a complaint filed by the makers of the Adam Sandler movie The Cobbler. According to the Judge both claims of direct and indirect infringement were not sufficient for the case to continue. What's unique in this case, is that the direct infringement claims were dismissed sua sponte, which hasn't happened before. To prove direct infringement copyright holders merely have to make it "plausible" that a defendant, Thomas Gonzales in this case, is indeed the copyright infringer. This is traditionally done by pointing out that the IP-address is directly linked to the defendant's Internet connection, for example. However, according to Judge Beckerman this is not enough. In response to community backlash, Oculus has decided to change its DRM policy (again) to allow HTC Vive games to play on the Oculus Rift virtual-reality system.
Government

Tour de France To Use Thermal Cameras To Spot Cheats (npr.org) 158

An anonymous reader writes: At this year's Tour de France, thermal cameras and various other tools will be used to detect "mechanical doping." The image tests can be done anywhere and their locations will not be publicized, according to officials. NPR reports: "As far back as at least 2010, accusations have flown that elite cyclists were turning in superhuman performances with the help of motors that are hidden inside their bike's seat tube. Commercial versions of such devices can provide a steady power stream of around 200 watts -- the lower range of a pro cyclist's average output in a stage race. They can also be set to assist riders automatically if their pedaling cadence falls below a certain threshold. Tour de France officials explain how the detection system will work: 'Developed by the CEA (the French Atomic Energy Commission), the method consists of using a thermal imaging camera capable of detecting mechanical anomalies on the riders' bikes. The checks can be made in the race and on the side of the roads.'"
Earth

Google's Satellite Map Gets a 700-Trillion-Pixel Makeover (theatlantic.com) 67

An anonymous reader writes: On Monday, Google Maps has received a makeover with 700 trillion pixels of new data added to the service. The Atlantic reports: "The new map, which activates this week for all users of Google Maps and Google Earth, consists of orbital imagery that is newer, more detailed, and of higher contrast than the previous version. Most importantly, this new map contains fewer clouds than before -- only the second time Google has unveiled a "cloudless" map. Google had not updated its low- and medium- resolution satellite map in three years. The new version of the map includes data from Landsat 8, the newer version of the same satellite (Landsat 7, the U.S. government satellite which supplied the older map's imagery data), letting Google clear the ugly artifacts. Google's new update doesn't include imagery at the highest zoom levels, like the kind needed to closely inspect an individual house, pool, or baseball field. Those pictures do not come from Landsat at all, but from a mix of other public and private aerial and space-based cameras, including DigitalGlobe's high-resolution satellites. The image processing for this most recent map was completed entirely in Google Earth Engine, the company's geospatial-focused cloud infrastructure. In fact, the entire algorithm to create the cloudless map was written in Javascript in the Earth Engine development interface."
AI

Drivers Prefer Autonomous Cars That Don't Kill Them (hothardware.com) 449

"A new study shows that most people prefer that self-driving cars be programmed to save the most people in the event of an accident, even if it kills the driver," reports Information Week. "Unless they are the drivers." Slashdot reader MojoKid quotes an article from Hot Hardware about the new study, which was published by Science magazine. So if there is just one passenger aboard a car, and the lives of 10 pedestrians are at stake, the survey participants were perfectly fine with a self-driving car "killing" its passenger to save many more lives in return. But on the flip side, these same participants said that if they were shopping for a car to purchase or were a passenger, they would prefer to be within a vehicle that would protect their lives by any means necessary. Participants also balked at the notion of the government stepping in to regulate the "morality brain" of self-driving cars.
The article warns about a future where "a harsh AI reality may whittle the worth of our very existence down to simple, unemotional percentages in a computer's brain." MIT's Media Lab is now letting users judge for themselves, in a free online game called "Moral Machine" simulating the difficult decisions that might someday have to be made by an autonomous self-driving car.
Government

As It Searches For Suspects, The FBI May Be Looking At You (technologyreview.com) 90

schwit1 quotes the MIT Technology Review: The FBI has access to nearly 412 million photos in its facial recognition system—perhaps including the one on your driver's license. But according to a new government watchdog report, the bureau doesn't know how error-prone the system is, or whether it enhances or hinders investigations.

Since 2011, the bureau has quietly been using this system to compare new images, such as those taken from surveillance cameras, against a large set of photos to look for a match. That set of existing images is not limited to the FBI's own database, which includes some 30 million photos. The bureau also has access to face recognition systems used by law enforcement agencies in 16 different states, and it can tap into databases from the Department of State and the Department of Defense. And it is in negotiations with 18 other states to be able to search their databases, too...

Adding to the privacy concerns is another finding in the GAO report: that the FBI has not properly determined how often its system makes errors and has not "taken steps to determine whether face recognition systems used by external partners, such as states and federal agencies, are sufficiently accurate" to support investigations.

Transportation

Star Trek Actor's Death Inspires Class Action Against Car Manufacturer (cnn.com) 361

Anton Yelchin, who played Chekov in the new Star Trek movies, was killed Sunday when his own vehicle rolled backwards. Now Slashdot reader ripvlan writes: It has recently emerged that his vehicle was a Jeep. As discussed on Slashdot previously consumers are having a hard time knowing if the vehicle is in "Park." A new class action lawsuit is gaining momentum... Also Maserati has a similar system and can join the class action.
In fact, Maserati "is recalling about 13,000 sedans that have the same sort of gear shifter that was used in the Jeep that killed Yelchin," according to CNN Money, and Chrysler Fiat had in fact already filed a recall notice with federal regulators in April for Yelchin's band of Jeep, "but owners had only received a warning and not an official recall notice at the time of Yelchin's death". The lawsuit claims Chrysler "fraudulently concealed and failed to remedy a gear shifter design defect affecting 811,000 vehicles and linked to driverless rollaway incidents," including 2014-2015 Jeep Grand Cherokees, 2012-2014 Chrysler 300s, and 2012-2014 Dodge Chargers.
Communications

Why You Should Stop Using Telegram Right Now (gizmodo.com) 67

Earlier this week, The Intercept evaluated the best instant messaging clients from the privacy standpoint. The list included Facebook's WhatsApp, Google's Allo, and Signal -- three apps that employ end-to-end encryption. One popular name that was missing from the list was Telegram. A report on Gizmodo sheds further light on the matter, adding that Telegram is riddled with a wide range of security issues, and "doesn't live up to its proclamations as a safe and secure messaging application." Citing many security experts, the report states:One major problem Telegram has is that it doesn't encrypt chats by default, something the FBI has advocated for. "There are many Telegram users who think they are communicating in an encrypted way, when they're not because they don't realize that they have to turn on an additional setting," Christopher Soghoian, Principal Technologist and Senior Policy Analyst at the American Civil Liberties Union, told Gizmodo. "Telegram has delivered everything that the government wants. Would I prefer that they used a method of encryption that followed industry best practices like WhatsApp and Signal? Certainly. But, if it's not turned on by default, it doesn't matter."The other issue that security experts have taken a note of is that Telegram employs its own encryption, which according to them, "is widely considered to be a fatal flaw when developing encrypted messaging apps." The report adds:"They use the MTproto protocol which is effectively homegrown and I've seen no proper proofs of its security," Alan Woodward, professor at the University of Surrey told Gizmodo. Woodward criticized Telegram for their lack of transparency regarding their home cooked encryption protocol. "At present we don't know enough to know if it's secure or insecure. That's the trouble with security by obscurity. It's usual for cryptographers to reveal the algorithms completely, but here we are in the dark. Unless you have considerable experience, you shouldn't write your own crypto. No one really understands why they did that."The list goes on and on.
Transportation

Austin Is Conducting Sting Operations Against Ride-Sharing Drivers (examiner.com) 258

Since the Uber and Lyft ride-sharing apps stopped service in Austin, drunk driving has increased, riders are hunting for alternatives, and the police are conducting undercover sting operations against unauthorized ride-sharing drivers. With Chicago also considering new restrictions on ride-sharing apps, Slashdot reader MarkWhittington shares this report from Austin: With thousands of drivers and tens of thousands of riders who once depended on ride-sharing services in a lurch, a group called Arcade City has tried to fill the void with a person-to-person site to link up drivers and riders who then negotiate a fare. Of course, according to a story on KVUE, the Austin city government, and the police are on the case. The Austin Police Department has diverted detectives and resources to conduct sting operations on ride-sharing drivers who attempt to operate without official sanction. Undercover operatives will arrange for a ride with an Arcade City driver and then bust them, impounding their vehicle and imposing a fine.
"The first Friday and Saturday after Uber was gone, we were joking that it was like the zombie apocalypse of drunk people," one former ride-sharing driver told Vocative.com. Earlier this month the site compared this year's drunk driving arrests to last years -- and discovered that in the three weeks since Uber and Lyft left Austin, 7.5% more people have been arrested for drunk driving.
EU

Web Petition For 2nd EU Referendum Draws Huge Interest (ap.org) 633

From an Associated Press report:An online petition seeking a second referendum on a British exit from the Europe Union has drawn more than 1.6 million names, a measure of the extraordinary divisiveness of Thursday's vote to leave the 28-nation bloc. The online petition site hosted by the House of Commons website even crashed Friday under the weight of the activity as officials said they'd seen unprecedented interest in the measure, which calls on the government to implement a rule that stating if that if "remain" or "leave" camps won less than 60 percent of the vote with less than a 75 percent turnout "there should be another referendum."According to reports, this is the biggest surge of support Parliament's website has ever seen. Looking at the keywords people were hitting up on Google after the news first broke, it was clear that a considerable portion of the population was clueless about the whole situation.
Communications

Snowden Finally Identified As Target of Investigation That Ended Lavabit (washingtontimes.com) 76

An anonymous reader quotes a report from The Washington Times: Three years after a government investigation forced the shuttering of Lavabit, a Texas-based email provider, its CEO revealed Friday that an account belonging to Edward Snowden spurred the probe that put his company out of business. "Ladar Levison shut down his encrypted webmail service in August 2013 amid an FBI investigation focused on one of his company's nearly half-a-million customers," reports The Washington Times. "A gag-order that has just recently been vacated in federal has legally prevented him up until now from confirming the account in question was registered to none other than the NSA contractor attributed with one of the largest intelligence leaks in U.S. history. U.S. District Judge Claude Hilton nullified the mandatory non-disclosure orders in a June 13 court filing that went unnoticed until Lavabit released a statement Friday. Officially, the consent order approved by Judge Hilton in the Eastern District of Virginia earlier this month removes all gag-orders concerning Lavabit and Mr. Levison with regards to a grand jury investigation that led the FBI to Mr. Snowdenâ(TM)s email account. 'While Iâ(TM)m pleased that I can finally speak freely about the target of the investigation, I also know the fight to protect our collective freedom is far from over,' Mr. Levison said in a statement. He said he plans to discuss the case further during the DefCon security conference in Las Vegas this summer."
Security

FBI Is Classifying Its Tor Browser Exploit Because 'National Security' (vice.com) 81

Joseph Cox, reporting for Motherboard:Defense teams across the US have been trying to get access to a piece of malware the FBI used to hack visitors of a child pornography site. None have been successful at obtaining all of the malware's code, and the government appears to have no intention of handing it over. Now, the FBI is classifying the Tor Browser exploit for reasons of national security, despite the exploit already being used in normal criminal investigations well over a year ago. Experts say it indicates a lack of organization or technical capabilities within the FBI. "The FBI has derivatively classified portions of the tool, the exploits used in connection with the tool, and some of the operational aspects of the tool in accordance with the FBI's National Security Information Classification Guide," government attorneys wrote in a filing earlier this month. It came in response to the defense of Gerald Andrew Darby, who is charged with child pornography offenses.
The Courts

Federal Court: The Fourth Amendment Does Not Protect Your Home Computer (eff.org) 309

An anonymous reader writes: The EFF reports that a federal court in Virginia today ruled that a criminal defendant has no "reasonable expectation of privacy" in his personal computer (PDF), located inside his home. The court says the federal government does not need a warrant to hack into an individual's computer. EFF reports: "The implications for the decision, if upheld, are staggering: law enforcement would be free to remotely search and seize information from your computer, without a warrant, without probable cause, or without any suspicion at all. To say the least, the decision is bad news for privacy. But it's also incorrect as a matter of law, and we expect there is little chance it would hold up on appeal. (It also was not the central component of the judge's decision, which also diminishes the likelihood that it will become reliable precedent.) But the decision underscores a broader trend in these cases: courts across the country, faced with unfamiliar technology and unsympathetic defendants, are issuing decisions that threaten everyone's rights.
Canada

Why Drones Could Save Door-To-Door Mail Delivery (vice.com) 156

An anonymous reader writes: Online shopping aside, people don't have as many physical items to mail as they used to, which is largely the reason why Canada Post announced it would be phasing out door-to-door mail delivery. Motherboard reports: "The corporation is exploring future use of drone technology to make deliveries, according to a report from the Canadian Press. At this point, Canada Post is engaging in a 'proper exercise,' a spokesperson told the Canadian Press, adding that the project is in its earliest, experimental stages. According to Graham Scott, the deputy editor of Canadian Business, even if mail-delivering drones remain a theoretical concept for now, it's inevitable they'll be considered as a way to drive costs down. There are many good reasons why mail delivery drones may never get off the ground. For one thing, current technology limits them to delivering one item of post at a time, which is tremendously impractical. But, as we've seen with the rolling out of community mailboxes -- a program that was put on hold earlier this year when the review was launched -- the invisible hand of the market is always looking to drive costs down. So don't count out flying robot deliveries for good. From a manager's perspective at least, drones have their advantages. They don't suffer from dog bites, and they (ideally) don't deviate from their routes. 'Drones don't twist their ankle, they don't get tired, and they don't form a union.' said Scott." In 2013, Amazon CEO Jeff Bezos revealed during a CBS 60 Minutes interview that the company is working on a service called "Prime Air" to deliver packages by autonomous octocopter drones within 30 minutes of hitting the "buy" button. The Guardian reported last year that Amazon has been testing its drone delivery service at a secret site in Canada, following repeated warnings by the e-commerce giant that it would go outside the U.S. to bypass what it sees as the U.S. federal government's lethargic approach to the new technology.
Databases

154 Million Voter Records Exposed Due To Database Error (dailydot.com) 95

blottsie writes: Chris Vickery, a security researcher at MacKeeper, has uncovered a new voter database containing 154 million voter records, exposed as a result of a CouchDB installation error. The database includes names, addresses, Facebook profile URLs, gun ownership, and more. Who exposed the voter database? Vickery believes the suspect may be linked to L2, a company specializing in voter data utilization, after he noticed that the voter ID field was labeled "LALVOTERID." After calling the company, L2 said the database likely belongs to one of their clients, noting that there are very few clients big enough to have a national database like that. The database was secured within three hours of their phone call. L2's CEO Bruce Willsie said that the client told L2 that they were hacked and the firewall had been taken down. Their client is conducting their own research to figure out the extent of the incursion. The Daily Dot reports: "Why does this keep happening, and what is our government doing about it? No federal agency is enforcing data security in political organizations or non-profits, and so far, neither are state attorneys general."

Slashdot Top Deals