An anonymous reader writes from a report via The Guardian: U.S. Republican congressional staff said in a report released Wednesday that previous efforts to regulate privacy technology were flawed and that lawmakers need to learn more about technology before trying to regulate it. The 25-page white paper is entitled Going Dark, Going Forward: A Primer on the Encryption Debate and it does not provide any solution to the encryption fight. However, it is notable for its criticism of other lawmakers who have tried to legislate their way out of the encryption debate. It also sets a new starting point for Congress as it mulls whether to legislate on encryption during the Clinton or Trump administration. "Lawmakers need to develop a far deeper understanding of this complex issue before they attempt a legislative fix," the committee staff wrote in their report. The committee calls for more dialogue on the topic and for more interviews with experts, even though they claim to have already held more than 100 such briefings, some of which are classified. The report says in the first line that public interest in encryption has surged once it was revealed that terrorists behind the Paris and San Bernardino attacks "used encrypted communications to evade detection." Congressman Ted Lieu is pushing the federal government to treat ransomware attacks on medical facilities as data breaches and require notifications of patients.
Check out the brand new SourceForge HTML5 speed test! Test your internet connection now. Works on all devices. ×
Trailrunner7 quotes a report from On the Wire: A powerful California congressman is pushing the federal government to treat ransomware attacks on medical facilities as data breaches and require notifications of patients. The pressure is coming from Rep. Ted Lieu (D-Calif.) and follows comments from officials at the Department of Health and Human Services about the department's plan to issue guidance to health care organizations about ransomware attacks. The Office for Civil Rights section of HHS, which has responsibility for health information privacy, will provide guidance on how to handle ransomware attacks, and Lieu is eager to ensure that the guidance specifically addresses how ransomware attacks relate to data breach regulations. "I welcome the news of HHS providing guidance to health providers on a matter that threatens so many hospital IT systems. However, we need to make clear that ransomware is not the same as conventional breaches. The threat to patients from ransomware is typically due to the denial of access to their medical records and medical services. Not only could this be a threat to privacy, but it could result in medical complications and deaths if hospitals can't access patient information," Lieu said in a statement. He sent a letter to the deputy director for health information privacy in the Office of Civil Rights at HHS, Deven McGraw, asking him to instruct health organizations and providers to notify patients of an attack if it results in a denial of access to a medical record or a loss of functionality thats necessary to provide patient care. In the past, Lieu has called for a full congressional investigation into the aforementioned widespread flaw in global phone networks that allows hackers to track anyone's location and spy on their phone calls and text messages. He was also one of the first lawmakers to publicly express his pro-encryption view after a federal judge ordered Apple to help the FBI break into the San Bernardino shooter's iPhone, saying it effectively "forces private-sector companies like Apple to be used as an arm of law enforcement."
An anonymous reader writes from a report via The Stack: A 2014 version of the World-Check database containing more than 2.2 million records of people with suspected terrorist, organized crime, and corruption links has been leaked online. The World-Check database is administered by Thomson-Reuters and is used by 4,500 institutions, 49 of the world's 50 largest banks and by over 300 government and intelligence agencies. The unregulated database is intended for use as "an early warning system for hidden risk" and combines records from hundreds of terror and crime suspects and watch-lists into a searchable resource. Most of the individuals in the database are unlikely to know that they are included, even though it may have a negative impact on their ability to use banking services and operate a business. A Reddit user named Chris Vickery says he obtained a copy of the database, saying he won't reveal how until "a later time." To access the database, customers must pay an annual subscription charge, that can reach up to $1 million, according to Vice, with potential subscribers then vetted before approval. Vickery says he understands that the "original location of the leak is still exposed to the public internet" and that "Thomas Reuters is working feverishly to get it secured." He told The Register that he alerted the company to the leak, but is still considering whether to publish the information contained in it.
An anonymous reader writes: Github's transparency report for 2015 shows that the site received many DMCA notices that removed more than 8,200 projects. "In 2015, we received significantly more takedown notices, and took down significantly more content, than we did in 2014," Github reports. For comparison, the company received only 258 DMCA notices in 2014, 17 of which responded with a counter-notice or retraction. In 2015, they received 505 takedown notices, 62 of which were the subject of counters or withdrawals. TorrentFreak reports: "Copyright holders are not limited to reporting one URL or location per DMCA notice. In fact, each notice filed can target tens, hundreds, or even thousands of allegedly infringing locations." September was a particularly active month as it took down nearly 5,834 projects. "Usually, the DMCA reports we receive are from people or organizations reporting a single potentially infringing repository. However, every now and then we receive a single notice asking us to take down many repositories," Github explains. They are called 'Mass Removals' when more than 100 repositories are asked to be removed. "In all, fewer than twenty individual notice senders requested removal of over 90% of the content GitHub took down in 2015."
An anonymous reader quotes a report from Reuters: The U.S. Federal Communications Commission said on Wednesday the price of 126 MHz of television airwaves taken from broadcasters to be sold for wireless use in an ongoing auction is $86.4 billion. The FCC disclosed the price in a statement after completing the first part of an auction to repurpose low-frequency wireless spectrum relinquished by television broadcasters. The so-called "broadcast incentive" spectrum auction is one of the commission's most complex and ambitious to date. In this round, called a reverse auction, broadcasters competed to give up spectrum to the FCC for the lowest price. In the next stage, the forward auction, wireless and other companies will bid to buy the airwaves for the highest price. If wireless companies are unwilling to pay $86.4 billion, the FCC may have to hold another round of bidding by broadcasters and sell less spectrum than had been expected, analysts said. The Wall Street Journal points out that $86.4 billion is more than the market cap of T-Mobile and Spring combined. It's roughly double the amount raised in the last FCC auction, where ATT spent $18.2 billion and Verizon spent $10.4 billion. It's highly likely we'll see multiple rounds stretching into 2017 that will eventually match the supply with the demand.
An anonymous reader quotes a report from BGR: We can talk about how innovative Tesla is for days on end. Indeed, there's no disputing the fact that the company, in injecting a bit of Silicon Valley ingenuity into the tried and true auto design process, has completely turned the auto industry on its head. At the same time, Tesla helped kickstart the EV revolution, even causing traditional automakers like Porsche and BMW to start taking electric cars more seriously. But in Tesla's zeal to move extraordinarily quickly, problems have inevitably begun to creep in. Specifically, quality control issues still seem to be plaguing the Model X. According to a recent report, avowed Tesla fan named Barrett Lyon recently returned his Model X and filed a lawsuit against Tesla arguing that the Model X was "rushed" and released before it was ready for sale. Now comes word that Tesla has since quietly settled the lawsuit. "In Lyon's lawsuit," Fortune writes, "he claimed the cars doors opened and closed unpredictably, smashing into his wife and other cars, and that the Model X's Auto-Pilot feature posed a danger in the rain. He also shared a video that shows the car's self-parking feature failing to operate successfully." Tesla's response: "We are committed to providing an outstanding customer experience throughout ownership. As a principle, we are always willing to buy back a car in the rare event that a customer isn't completely happy. Today, the majority of Model X owners are loving their cars."
An anonymous reader writes: The American Civil Liberties Union (ACLU) has filed a lawsuit with the U.S. Department of Justice contending that the Computer Fraud and Abuse Act's criminal prohibitions have created a barrier for those wishing to conduct research and anti-discrimination testing online. The ACLU have pursued the matter on behalf of a group of academic researchers, computer scientists and journalists seeking to remove that barrier to allow for third-party testing and research into potential online discrimination. In a public statement the ACLU contend: "The CFAA violates the First Amendment because it limits everyone, including academics and journalists, from gathering the publicly available information necessary to understand and speak about online discrimination."
Stephanie Bodoni, and Aoife White reporting for Bloomberg Technology (condensed):Facebook won an appeal against a Belgian privacy ruling that prompted the social network to prevent people without an account from accessing its site within the country. The Brussels Court of Appeal said the nation's data protection authority couldn't prevent Facebook from storing data from non-users in a fight over measures the technology giant says help it combat hacking attacks. "Belgian courts don't have international jurisdiction over Facebook Ireland, where the data concerning Europe is processed," the Brussels court of appeal said in a ruling Wednesday, referring to the company's European headquarters. The court also said there was no urgency to rule on the case since Belgian court proceedings only started in mid-2015 over behavior that started in 2012. Facebook is appealing a ruling that ordered it to stop storing data from people who don't have an account with the social network, or face a 250,000 euro ($277,800) daily fine. Willem Debeuckelaere, president of the Belgian data protection commission, said last year that Facebook's "disrespectful" treatment of users' personal data, without their knowledge, "needs tackling." Facebook said it can now start showing its pages to Belgians who aren't signed up to its service.
Europe has finally agreed on a set of net neutrality rules. According to a report on TorrentFreak, these rules offer improvements for some individual members states, various activist groups and experts. But the current language would also allow ISPs to throttle BitTorrent traffic permanently if that would optimize overall "transmission quality." From the report (edited):"Europe's new net-neutrality rules should ban throttling BitTorrent, but they don't. They leave ISPs a loophole," said Holmes Wilson of Fight for the Future (FFTF), one of the driving forces behind the Save Net Neutrality campaign. "ISPs can say they're doing it for 'traffic management' purposes -- even when their networks aren't clogged, because the rules say they can throttle to 'prevent impending network congestion,'" he adds. In addition to file-sharing traffic, the proposed rules also allow Internet providers to interfere with encrypted traffic including VPN connections. Since encrypted traffic can't be classified through deep packet inspection, ISPs may choose to de-prioritize it altogether. In theory, ISPs may choose to throttle any type of traffic they want, as long as they frame it as a network congestion risk. "So if your ISP is lazy, or wants to cut corners and save money, they can throttle BitTorrent, or VPNs, or Bitcoin, or Tor, or any class of traffic they can identify," Wilson says.
An anonymous reader shares a FirstPost article:Even as I write this the echo of gunfire continues at Ataturk International Airport. For reasons that defy logic, Istanbul's main airport has always been seen as a vulnerable target which only underscores the fact that all airports in the world are open to attack and fail-safe is not a viable option. At Ataturk, security is usually high, but the weak underbelly lies in vehicular traffic entering the airport being given cursory checks, pretty much like most airports which is why President Erdogan was able to say this sort of attack could have occurred anywhere. That is true. Airports are easy targets. That even though Turkey was aware of the chinks nothing much was done to up the security levels. If you take Delhi International as a prime example, the access to the terminal is scarcely blockaded and one can reach the entry points with ease, crossing a couple of indolent checkpoints and a roller fence. (Editor's note: the article has been written by an Indian author, and so he uses an Indian airport as an example.) Indian airports are as porous as a sponge. Most of our airports are red-starred which places them in the inadequate category. Add to that the fact that several thousand VIPs are given privileges that make a pudding out of security and it indicates how easy peasy it would be to amble up to the terminal entrance. The weakness primarily lies in the absence of X-Rays and deterrent technology on approach. You practically can check in and get to immigration before being cleared for hazardous material.
theodp writes from a report via USA Today: "If there was any lingering doubt as to tech's favored presidential candidate," writes USA Today's Jon Swartz, "Hillary Clinton put an end to that Tuesday with a tech plan that reads like a Silicon Valley wish list. It calls for connecting every U.S. household to high-speed internet by 2020, reducing regulatory barriers and supporting Net neutrality rules, [which ban internet providers from blocking or slowing content.] It proposes investments in computer science and engineering education ("engage the private sector and nonprofits to train up to 50,000 computer science teachers in the next decade"), expansion of 5G mobile data, making inexpensive Wi-Fi available at more airports and train stations, and attaching a green card to the diplomas of foreign-born students earning STEM degrees." dcblogs shares with us a report from Computerworld that specifically discusses Clinton's support of green cards for foreign students who earn STEM degrees: As president, Hillary Clinton will support automatic green cards, or permanent residency, for foreign students who earn advanced STEM degrees. Clinton, the presumptive Democratic presidential candidate, wants the U.S. to "staple" green cards on the diplomas of STEM (science, technology, engineering, math) masters and PhD graduates "from accredited institutions." Clinton outlined her plan in a broader tech policy agenda released today. Clinton's "staple" idea isn't new. It's what Mitt Romney, the GOP presidential candidate in 2012, supported. It has had bipartisan support in Congress. But the staple idea is controversial. Critics will say this provision will be hard to control, will foster age discrimination, and put pressure on IT wages.
itwbennett writes: Blancco Technology Group, which specializes in data erasure, bought 200 secondhand PC storage drives (PDF) from eBay and Craigslist to see if they could recover any of the old data saved inside. Their findings: 78 percent of the drives contained residual data that could be recovered, 67 percent still held personal files, such as photos with location indicators, resumes and financial data, and 11 percent of the drives also contained company data, such as emails, spreadsheets and customer information. Only 10 percent had all the data securely wiped, Blancco said. The Consumerist points out that Blancco makes their money from promising secure data erasure, so the company has a "strong and vested interest in these results." As for why so many of the drives contain unwanted information, the report says it has to do with the difference between "deleting" data and "erasing" data. Your files aren't actually deleted when you drag them to the Trash or Recycle Bin, or by using the delete key -- shocking, I know. You can format a drive to erase the data, but you have to be careful of the format commands being used. A quick format, which was used on 40% of the drives in the sample, still leaves some residual data on the drive for someone to possibly access. A full format, which was used on 14% of the drives, will do a better job in removing unwanted files, but it too may still miss some crucial information. The solution Blancco recommends: buy a tool to perform complete data erasure.
An anonymous reader quotes a report from CNNMoney: Volkswagen's deliberate cheating on emissions tests will cost it a record $14.7 billion. And that's just the start of its problems. The settlement is only a preliminary step in the case; the automaker still faces possible criminal charges, as well as civil penalties for Clean Air Act violations. The Department of Justice is investigating possible criminal charges against both the company and individuals, said Deputy Attorney General Sally Yates. Up to $10 billion of the funds will be paid out to owners of the 487,000 affected diesel cars in the U.S., sold under the VW or luxury Audi brands. How much an owner gets will depend on whether an owner chooses to fix their car or just have VW buy it back -- they have until May 2018 to decide. Repurchasing the cars will cost VW between $12,500 to $44,000 per car. The $14.7 billion settlement estimate assumes that all the cars are repurchased. Owners who elect to get their vehicles fixed will also get a cash payment of between $5,100 and $10,000 to compensate them for the lost value of the cars, as well as for Volkswagen's deceptive promise of "clean diesel." Most of the buyers paid extra for a car with a diesel engine. In addition to the customer payments, Volkswagen will pay $2.7 billion for environmental cleanup and $2 billion to promote zero-emission vehicles. The clean up money will be used by individual states to cut other diesel emissions by replacing older, government-owned trucks, buses and other diesel engines now in use. Volkswagen is betting big on electric vehicles after this emissions scandal. It plans to deliver 30 electric plug-in models by 2025.
An anonymous reader writes from a report via MacRumors: A Florida resident that goes by the name of Thomas S. Ross has filed a lawsuit against Apple this week, claiming that the iPhone, iPad, and iPod infringe upon his 1992 invention of a hand-drawn "Electronic Reading Device" (ERD). The court filing claims the plaintiff was "first to file a device so designed and aggregated," nearly 15 years before the first iPhone. MacRumors reports: "Between May 23, 1992 and September 10, 1992, Ross designed three hand-drawn technical drawings of the device, primarily consisting of flat rectangular panels with rounded corners that "embodied a fusion of design and function in a way that never existed prior to 1992." Ross applied for a utility patent to protect his invention in November 1992, but the application was declared abandoned in April 1995 by the U.S. Patent and Trademark Office after he failed to pay the required application fees. He also filed to copyright his technical drawings with the U.S. Copyright Office in 2014. While the plaintiff claims that he continues to experience "great and irreparable injury that cannot fully be compensated or measured in money," he has demanded a jury trial and is seeking restitution no less than $10 billion and a royalty of up to 1.5% on Apple's worldwide sales of infringing devices." MacRumors commenter Sunday Ironfoot suggests this story may be "The mother of all 'Florida Man' stories." Apple has been awarded a patent today that prohibits smartphone users from taking photos and videos at concerts, movies theaters and other events where people tend to ignore such restrictions.
Taco Cowboy quotes a report from ABC Online: German engineers have created a camera no bigger than a grain of salt that could change the future of health imaging -- and clandestine surveillance. Using 3D printing, researchers from the University of Stuttgart built a three-lens camera, and fit it onto the end of an optical fiber the width of two hairs. Such technology could be used as minimally-intrusive endoscopes for exploring inside the human body, the engineers reported in the journal Nature Photonics. The compound lens of the camera is just 100 micrometers (0.1 millimeters) wide, and 120 micrometers with its casing. It could also be deployed in virtually invisible security monitors, or mini-robots with "autonomous vision." The compound lens can also be printed onto image sensor other than optical fibers, such as those used in digital cameras. The researchers said it only took a few hours to design, manufacture and test the camera, which yielded "high optical performances and tremendous compactness." They believe the 3D printing method -- used to create the camera -- may represent "a paradigm shift."
An anonymous reader writes: Apple has patented a system that prohibits smartphone users from taking photos and videos at concerts, movie theaters and other events where people tend to ignore such restrictions. The patent has been award to Apple today and was first spotted by Patently Apple. QZ reports: "It outlines a system which would allow venues to use an infrared emitter to remotely disable the camera function on smartphones. According to the patent, infrared beams could be picked up by the camera, and interpreted by the smartphone as a command to block the user from taking any photos or videos of whatever they're seeing. The patent also outlines ways that infrared blasters could actually improve someone's experience at a venue. For example, the beams could be used to send information to museum-goers by pointing a smartphone camera at a blaster placed next to a piece of art." The report also mentions that the patent could in theory be used to help police limit smartphone filming of acts of brutality, or help a government shut off filming in certain locations. Last week, SlashGear reported that Alicia Keys is the latest musician to ban cellphones at her events.
An anonymous reader writes:Three U.S. healthcare organisations are reportedly being held to ransom by a hacker who stole data on hundreds of thousands of patients. The hacker has also put the 650,000 records up for sale on dark web markets where stolen data is traded. Prices for the different databases range from $100,000 to $411,000. Buyers have already been found for some of the stolen data, the hacker behind the theft told news site Motherboard. No information about the size of the ransom payment sought by the data thief has emerged, although he did say it was "a modest amount compared to the damage that will be caused to the organisations when I decide to publicly leak the victims."
An anonymous reader writes: The Cyberspace Administration of China has imposed new regulation for the mobile app community, requiring that developers keep a close watch over users and keep a record of their activities. However, the proposed legislation would also prevent apps from requesting unnecessary access to users' contacts, camera, microphone and other spurious installation requests. The regulator introduced the new laws in the name of cracking down on illegal use of mobile platforms for the distribution of pornography, fraud and the spread of 'malicious' content.
Robert Mclean, reporting for CNN:Airbnb is taking its hometown to federal court. The company has filed a lawsuit against the city of San Francisco, objecting to short-term rental rule changes approved by its Board of Supervisors. A new ordinance set to take effect in late July would require all Airbnb hosts to register with the city. If they do not, Airbnb would be fined up to $1,000 a day for each listing, putting the burden on the company to make sure each listing is legal. But the city's $50 registration process is analog enough to turn off many hosts. It can't be completed online and requires submitting all the documents in person. Airbnb contends the new rule violates the Communications Decency Act, Stored Communications Act and the First Amendment.
Reader citadrianne shares a Motherboard article: There are big "no trespassing" signs affixed to most of our electronics. If you own a gaming console, laptop, or computer, it's likely you've seen one of these warnings in the form of a sticker placed over a screw or a seam: "Warranty void if removed." In addition, big manufacturers such as Sony, Microsoft, and Apple explicitly note or imply in their official agreements that their year-long manufacturer warranties -- which entitle you to a replacement or repair if your device is defective -- are void if consumers attempt to repair their gadgets or take them to a third party repair professional. What almost no one knows is that these stickers and clauses are illegal under a federal law passed in 1975 called the Magnuson-Moss Warranty Act . To be clear, federal law says you can open your electronics without voiding the warranty, regardless of what the language of that warranty says.