Google

Google Joins Apple in Condemning the Repeal of the Clean Power Plan (theverge.com) 111

An anonymous reader shares a report: Google filed a public comment today criticizing the Environmental Protection Agency's proposal to roll back the Clean Power Plan, an Obama-era policy that aims to cut power plant pollution. With its comment, Google joins Apple in arguing that keeping the policy is a good deal for the US. Google's comment, which it shared with The Verge, lays out what it called a strong economic case for the Clean Power Plan.It says that the plan would encourage utilities and companies like Google to keep investing in renewable energy -- which Google says is getting cheaper, is desired by both consumers and investors, and is a good source of jobs.
China

Chinese Journalist Banned From Flying, Buying Property Due To 'Social Credit Score' (cbslocal.com) 340

schwit1 shares a report from CBS Local: China is rolling out a high-tech plan to give all of its 1.4 billion citizens a personal score, based on how they behave. But there are consequences if a score gets too low, and for some that's cause for concern. When Liu Hu recently tried to book a flight, he was told he was banned from flying because he was on the list of untrustworthy people. Liu is a journalist who was ordered by a court to apologize for a series of tweets he wrote and was then told his apology was insincere. "I can't buy property. My child can't go to a private school," he said. "You feel you're being controlled by the list all the time." And the list is now getting longer as every Chinese citizen is being assigned a social credit score -- a fluctuating rating based on a range of behaviors. It's believed that community service and buying Chinese-made products can raise your score. Fraud, tax evasion and smoking in non-smoking areas can drop it.
Crime

Belgium Declares Video Game Loot Boxes Gambling and Therefore Illegal (arstechnica.com) 165

The Belgian Gaming Commission has reviewed several big video games and found that randomized loot boxes in at least three of the titles count as "games of chance," and publishers could therefore be subject to fines and prison sentences under the country's gaming legislation. Ars Technica reports: A statement by Belgian Minister of Justice Koen Geens (machine translation) identifies loot boxes in Overwatch, FIFA 18, and Counter Strike: Global Offensive as meeting the criteria for that "game of chance" definition: i.e., "there is a game element [where] a bet can lead to profit or loss and chance has a role in the game." The Commission also looked at Star Wars: Battlefront II and determined that the recent changes EA made to the game means it "no longer technically forms a game of chance." Beyond that simple definition, the Gaming Commission expressed concern over games that draw in players with an "emotional profit forecast" of randomized goods, where players "buy an advantage with real money without knowing what benefit it would be." The fact that these games don't disclose the odds of receiving specific in-game items is also worrisome, the Commission said. The three games noted above must remove their loot boxes or be in criminal violation of the country's gaming legislation, Geens writes. That law carries penalties of up to 800,000EU (~$973,680) and five years in prison, which can be doubled if "minors are involved." But Geens says he wants to start a "dialogue" with loot box providers to "see who should take responsibility where."
Transportation

Amazon Will Now Deliver Packages To the Trunk of Your Car (theverge.com) 126

Last year, Amazon unveiled a service called Amazon Key that lets delivery people into your home to drop off packages. Now, the tech giant wants to do the same thing with your car. Amazon announced a new service that gives it couriers access to a person's vehicle for the purpose of leaving package deliveries inside. "Amazon wants to use the connected technologies embedded in many modern vehicles today" to gain entry, reports The Verge. "The company is launching this new service in partnership with two major automakers -- General Motors and Volvo -- and will be rolling out in 37 cities in the U.S. starting today." From the report: Amazon has been beta testing the new service in California and Washington state for the past six months. To start out, the service will only be available to Amazon Prime subscribers. It's also limited to owners of GM and Volvo vehicles, model year 2015 or newer, with active OnStar and Volvo on Call accounts. Amazon says it plans to add other automobile brands over time. Packages that weigh over 50 pounds, are larger than 26 x 21 x 16 inches in size, require a signature, are valued over $1,300, or come from a third-party seller also are not eligible for in-car delivery.

To access the new delivery service, you need to add your car to your Amazon Key app and include a description of the vehicle, so Amazon's couriers will be able to locate it. The car will need to be parked within a certain radius of an address used for Amazon deliveries, so either home or work. Driveways, parking lots, parking garages, and street parking are all eligible locations, just as long as it's not at some random address across town. To find your car, Amazon's couriers will have access to its GPS location and license plate number, as well as an image of the car.

Bitcoin

Bezop Cryptocurrency Server Exposes Personal Info of 25,000 Investors (threatpost.com) 27

lod123 shares a report from Threatpost: A leaky Mongo database exposed personal information, including scanned passports and driver's licenses, of 25,000 investors and potential investors tied to the Bezop cryptocurrency, according to researchers. Kromtech Security said that it found the unprotected data on March 30, adding that it included a treasure-trove of information ranging from "full names, (street) addresses, email addresses, encrypted passwords, wallet information, along with links to scanned passports, driver's licenses and other IDs," according to the researchers. Kromtech researchers, in their overview of the results of its investigation, said that Bezop.io, the organization behind the currency, immediately secured the data after being notified. Bezop is one of over 1,000 cryptocurrencies in a crowded playing field vying for investor attention. According to Kromtech, the list of 25,000 people included both current and prospective investors promised Bezop cryptocurrency in exchange for promoting the cryptocurrency on social media.
Government

More FISA Orders Were Denied During President Trump's First Year in Office Than in the Court's 40-Year History (zdnet.com) 246

In its first year, the Trump administration kept one little-known courtroom in the capital busy. From a report: A secretive Washington DC-based court that oversees the US government's foreign spy programs denied more surveillance orders during President Donald Trump's first year than in the court's 40-year history, according to newly released figures. Annual data published Wednesday by the US Courts shows that the Foreign Intelligence Surveillance (FISA) Court last year denied 26 applications in full, and 50 applications in part. That's compared to 21 orders between when the court was first formed in 1978 and President Barack Obama's final year in office in 2016.
Censorship

North Korea Linked To Global Hacking Operation Against Critical Infrastructure, Telecoms (thehill.com) 51

A suspected North Korean hacking campaign has expanded to targets in 17 different countries, including the U.S., pilfering information on critical infrastructure, telecommunications and entertainment organizations, researchers say. From a report: Cybersecurity firm McAfee released new research on the hacking campaign this week, calling it Operation GhostSecret and describing the attackers as having "significant capabilities" to develop and use multiple cyber tools and rapidly expand operations across the globe. The findings demonstrate the growing sophistication of North Korea's army of hackers, which has been blamed for high-profile hacking operations such as the WannaCry malware outbreak last year.
AI

Researchers Hacked Amazon's Alexa To Spy On Users, Again (threatpost.com) 42

New submitter lod123 writes: A malicious proof-of-concept Amazon Echo Skill shows how attackers can abuse the Alexa virtual assistant to eavesdrop on consumers with smart devices -- and automatically transcribe every word said. Checkmarx researchers told Threatpost that they created a proof-of-concept Alexa Skill that abuses the virtual assistant's built-in request capabilities. The rogue Skill begins with the initiation of an Alexa voice-command session that fails to terminate (stop listening) after the command is given. Next, any recorded audio is transcribed (if voices are captured) and a text transcript is sent to a hacker. Checkmarx said it brought its proof-of-concept attack to Amazon's attention and that the company fixed a coding flaw that allowed the rogue Skill to capture prolonged audio on April 10.
Windows

E-Waste Innovator Will Go To Jail For Making Windows Restore Disks That Only Worked With Valid Licenses (gizmodo.com) 407

An anonymous reader quotes a report from The Washington Post: California man Eric Lundgren, an electronic waste entrepreneur who produced tens of thousands of Windows restore disks intended to extend the lifespan of aging computers, lost a federal appeals court case in Miami after it ruled "he had infringed Microsoft's products to the tune of $700,000," the Washington Post reported on Tuesday. Per the Post, the appeals court ruled Lundgren's original sentence of 15 months in prison and a $50,000 fine would stay, despite the software being freely available online and only compatible with valid Windows licenses: "The appeals court upheld a federal district judge's ruling that the disks made by Eric Lundgren to restore Microsoft operating systems had a value of $25 apiece, even though they could be downloaded free and could be used only on computers with a valid Microsoft license. The U.S. Court of Appeals for the 11th Circuit initially granted Lundgren an emergency stay of his prison sentence, shortly before he was to surrender, but then affirmed his original 15-month sentence and $50,000 fine without hearing oral argument in a ruling issued April 11." All told, the court valued 28,000 restore disks he produced at $700,000, despite testimony from software expert Glenn Weadock that they were worth essentially zero.
Businesses

EPA Proposes Limits To Science Used In Rulemaking (reuters.com) 308

An anonymous reader quotes a report from Reuters: The U.S. Environmental Protection Agency proposed a rule on Tuesday that would limit the kinds of scientific research it can use in crafting regulations, an apparent concession to big business that has long requested such restrictions. Under the new proposals, the EPA will no longer be able to rely on scientific research that is underpinned by confidential medical and industry data. The measure was billed by EPA Administrator Scott Pruitt as a way to boost transparency for the benefit of the industries his agency regulates. But scientists and former EPA officials worry it will hamstring the agency's ability to protect public health by putting key data off limits.

The EPA has for decades relied on scientific research that is rooted in confidential medical and industry data as a basis for its air, water and chemicals rules. While it publishes enormous amounts of research and data to the public, the confidential material is held back. Business interests have argued the practice is tantamount to writing laws behind closed doors and unfairly prevents them from vetting the research underpinning the EPA's often costly regulatory requirements. They argue that if the data cannot be published, the rules should not be adopted. But ex-EPA officials say the practice is vital.

Communications

WhatsApp Raises Minimum Age In Europe To 16 Ahead of Data Law Change (reuters.com) 39

WhatsApp is raising its minimum age from 13 to 16 in Europe to help it comply with new data privacy rules coming into force next month. The app will ask European users to confirm they are at least 16 years old when they are prompted to agree to new terms of service and a privacy policy provided by a new WhatsApp Ireland entity in the next few weeks. Reuters reports: Facebook, which has a separate data policy, is taking a different approach to teens aged between 13 and 15 in order to comply with the European General Data Protection Regulation (GDPR) law. It is asking them to nominate a parent or guardian to give permission for them to share information on the platform, otherwise they will not see a fully personalized version of the social media platform. But WhatsApp, which had more than 1.5 billion users in January according to Facebook, said in a blog post it was not asking for any new rights to collect personal information in the agreement it has created for the European Union. WhatsApp's minimum age of use will remain 13 years in the rest of the world, in line with its parent.
Yahoo!

SEC Issues $35 Million Fine Over Yahoo Failing To Disclose Data Breach (theverge.com) 35

Altaba, the company formerly known as Yahoo, will have to pay a $35 million fine for failing to disclose a 2014 data breach in which hackers stole info on over 500 million accounts. "The U.S. Securities and Exchange Commission announced today that Altaba, which contains Yahoo's remains, agreed to pay the fine to settle charges that it misled investors by not informing them of the hack until September 2016, despite known of it as early as December 2014," reports The Verge. From the report: The SEC goes on to admonish Yahoo for its failure to disclose the breach to investors, saying that the agency wouldn't "second-guess good faith exercises of judgment" but that Yahoo's decisions were "so lacking" that a fine was necessary. Yahoo isn't being fined for having poor security practices, not informing users, or really anything related to the hack happening. The SEC is just mad that investors weren't told about it, because -- as Yahoo even noted in filings to investors -- data breaches can have financial impacts and legal implications. With a breach this large, the SEC believes that was obviously a real risk. "Public companies should have controls and procedures in place to properly evaluate cyber incidents and disclose material information to investors," Jina Choi, director of the SEC's San Francisco Regional Office, said in a statement. The SEC released guidance to public companies on what to disclose about data breaches earlier this year, which could help to avoid similar situations in the future.
Social Networks

Instagram Launches 'Data Download' Tool To Let You Leave (techcrunch.com) 15

An anonymous reader quotes a report from TechCrunch: Two weeks ago TechCrunch called on Instagram to build an equivalent to Facebook's "Download Your Information" feature so if you wanted to leave for another photo sharing network, you could. The next day it announced this tool would be coming and now TechCrunch has spotted it rolling out to users. Instagram's "Data Download" feature can be accessed here or through the app's privacy settings. It lets users export their photos, videos, archived Stories, profile, info, comments, and non-ephemeral messages, though it can take a few hours to days for your download to be ready. An Instagram spokesperson now confirms to TechCrunch that "the Data Download tool is currently accessible to everyone on the web, but access via iOS and Android is still rolling out." We'll have more details on exactly what's inside once my download is ready.
Privacy

More Than 1 Million Kids Had Their Identities Stolen in 2017 (nypost.com) 68

More than 1 million children were victims of identity fraud in 2017, a new study from Javelin Strategy & Research found, costing a total of $2.6 billion. From a report: With limited financial history or existing account activity, children are the most likely to become victims of new-account fraud, the research showed. These attacks can occur before children even become active internet users, with some two-thirds of victims being under the age of eight. The overall numbers are likely even higher, said Al Pascual, research director at Javelin said, since their study relied on parents and guardians reporting cases of identity theft. In many cases, the parent or another relative may be the one using a child's identity to start a new account.
Businesses

Patent 'Death Squad' System Upheld by US Supreme Court (bloomberg.com) 90

The U.S. Supreme Court upheld an administrative review system that has helped Google, Apple and other companies invalidate hundreds of issued patents. From a report: The justices, voting 7-2, said Tuesday a U.S. Patent and Trademark Office review board that critics call a patent "death squad" wasn't unconstitutionally wielding powers that belong to the courts. Silicon Valley companies have used the system as a less-expensive way to ward off demands for royalties, particularly from patent owners derided as "trolls" because they don't use their patents to make products. Drugmakers and independent inventors complain that it unfairly upends what they thought were established property rights. "It came down to this: Is the patent office fixing its own mistakes or is the government taking property?" said Wayne Stacy, a patent lawyer with Baker Botts. "They came down on the side of the patent office fixing its own mistakes." The ruling caused shares to drop in companies whose main source of revenue -- their patents -- are under threat from challenges. VirnetX, which is trying to protect almost $1 billion in damages it won against Apple, dropped as much as 12 percent. The patent office has said its patents are invalid in a case currently before an appeals court.

Slashdot Top Deals