Your rights online

Syndicate content Slashdot: Your Rights Online
News for nerds, stuff that matters
Updated: 22 hours 30 min ago

Facebook Design Flaw Let Thousands of Kids Join Chats With Unauthorized Users

Mon, 07/22/2019 - 21:25
A design flaw in Facebook's Messenger Kids app allowed children to enter group chats with unapproved strangers. "For the past week, Facebook has been quietly closing down those group chats and alerting users, but has not made any public statements disclosing the issue," reports The Verge. The alert reads as follows: "Hi [PARENT], We found a technical error that allowed [CHILD]'s friend [FRIEND] to create a group chat with [CHILD] and one or more of [FRIEND]'s parent-approved friends. We want you to know that we've turned off this group chat and are making sure that group chats like this won't be allowed in the future. If you have questions about Messenger Kids and online safety, please visit our Help Center and Messenger Kids parental controls. We'd also appreciate your feedback." From the report: The bug arose from the way Messenger Kids' unique permissions were applied in group chats. In a standard one-on-one chat, children can only initiate conversations with users who have been approved by the child's parents. But those permissions became more complex when applied to a group chat because of the multiple users involved. Whoever launched the group could invite any user who was authorized to chat with them, even if that user wasn't authorized to chat with the other children in the group. As a result, thousands of children were left in chats with unauthorized users, a violation of the core promise of Messenger Kids. It's unclear how long the bug was present in the app, which launched with group features in December 2017.

Read more of this story at Slashdot.

Categories: Privacy

Siemens Contractor Pleads Guilty To Planting Logic Bomb In Company Spreadsheets

Mon, 07/22/2019 - 20:45
Former Siemens contractor David Tinley faces up to 10 years in prison, a fine of $250,000, or both, for planting logic bombs inside spreadsheets he created for the company. The logic bomb would crash spreadsheets after a certain date, resulting in Siemens hiring the contractor to fix the latest bugs. ZDNet reports: According to court documents, Tinley provided software services for Siemens' Monroeville, PA offices for nearly ten years. Among the work he was asked to perform was the creation of spreadsheets that the company was using to manage equipment orders. The spreadshees included custom scripts that would update the content of the file based on current orders stored in other, remote documents, allowing the company to automate inventory and order management. But while Tinley's files worked for years, they started malfunctioning around 2014. According to court documents, Tinley planted so-called "logic bombs" that would trigger after a certain date, and crash the files. Every time the scripts would crash, Siemens would call Tinley, who'd fix the files for a fee. The scheme lasted for two years, until May 2016, when Tinley's trickery was unraveled by Siemens employees. According to a report from Law360, the scheme fell apart when Tinley was out of town, and had to hand over an administrative password for the spreadsheets to Siemens' IT staff, so they could fix the buggy scripts and fill in an urgent order. Siemens IT employees found the logic bomb, and it all went downhill from there. Tinley was charged this May, and pled guilty last week, on July 19. The contractor's sentencing hearing is scheduled for November 8.

Read more of this story at Slashdot.

Categories: Privacy

Apple In Advanced Talks To Buy Intel's Smartphone-Modem Chip Business

Mon, 07/22/2019 - 18:40
According to The Wall Street Journal, Apple is in advanced talks to buy Intel's smartphone-modem chip business (Warning: source paywalled; alternative source), "a move that would jump-start the iPhone maker's push to take control of developing the critical components powering its devices." From the report: A deal, covering a portfolio of patents and staff valued at $1 billion or more, could be reached in the next week, the people said -- assuming the talks don't fall apart. Though the purchase price is a rounding error for companies valued in the hundreds of billions of dollars, the transaction would be important strategically and financially. It would give Apple access to engineering work and talent behind Intel's yearslong push to develop modem chips for the crucial next generation of wireless technology known as 5G, potentially saving years of development work. For Intel's part, a deal would allow the company to shed a business that had been weighing on its bottom line: The smartphone operation had been losing about $1 billion annually, a person familiar with its performance has said, and has generally failed to live up to expectations. Though it would exit the smartphone business, Intel plans to continue to work on 5G technology for other connected devices. Earlier this year, it was reported that Apple began discussing plans to acquire parts of Intel's smartphone modem chip business last summer, around the time former Intel Chief Executive Brian Krzanich resigned. "Mr. Krzanich championed the modem business and touted 5G technology as a big future revenue stream," reports The Wall Street Journal. "When Bob Swan was named to that job in January, analysts said the odds of a deal rose because his focus on cleaning up Intel would require addressing the losses in the modem business."

Read more of this story at Slashdot.

Categories: Privacy

Microsoft Pays $25 Million To End US Probe Into Bribery Overseas

Mon, 07/22/2019 - 18:03
An anonymous reader quotes a report from Bloomberg: Microsoft Corp. agreed to pay $25 million to settle U.S. government investigations into alleged bribery by former employees in Hungary. The software maker's Hungarian subsidiary entered into a non-prosecution agreement with the U.S. Department of Justice and a cease-and-desist order with the Securities and Exchange Commission, Microsoft said in an email to employees from Chief Legal Officer Brad Smith that was posted Monday on the company's web site. The case concerned violations of the Foreign Corrupt Practices Act, according to an SEC filing. The Justice Department concluded that between 2013 and June 2015 "a senior executive and some other employees at Microsoft Hungary participated in a scheme to inflate margins in the Microsoft sales channel, which were used to fund improper payments under the FCPA," Smith wrote in the email. Microsoft sold software to partners at a discount and the partners then resold the products to the Hungarian government at a higher price. The difference went to fund kickbacks to government officials, the Wall Street Journal reported in 2018. The company fired the employees involved, Smith noted. The company says it "now requires discounts it provides to sales partners to be passed directly to government customers," and "the company makes customers aware of any discounts to ensure they are receiving them and that funds are not diverted for other purposes like bribes," the report adds. "The company also is using machine-learning software to track contracts and flag discounts or other practices that appear unusual." In semi-related news, Microsoft today announced that it would invest $1 billion in OpenAI to develop AI technologies on Azure.

Read more of this story at Slashdot.

Categories: Privacy

Microsoft Warns of Political Cyberattacks, Announces Free Vote-Verification Software

Sat, 07/20/2019 - 18:44
"Microsoft on Wednesday announced that it would give away software designed to improve the security of American voting machines," reports NBC News. Microsoft also said its AccountGuard service has already spotted 781 cyberattacks by foreign adversaries targeting political organizations -- 95% of which were located in the U.S. The company said it was rolling out the free, open-source software product called ElectionGuard, which it said uses encryption to "enable a new era of secure, verifiable voting." The company is working with election machine vendors and local governments to deploy the system in a pilot program for the 2020 election. The system uses an encrypted tracking code to allow a voter to verify that his or her vote has been recorded and has not been tampered with, Microsoft said in a blog post... Edward Perez, an election security expert with the independent Open Source Election Technology Institute, said Microsoft's move signals that voting systems, long a technology backwater, are finally receiving attention from the county's leading technical minds. "We think that it's good when a technology provider as significant as Microsoft is stepping into something as nationally important as election security," Perez told NBC News. "ElectionGuard does provide verification and it can help to detect attacks. It's important to note that detection is different from prevention." Microsoft also said its notified nearly 10,000 customers that they've been targeted or compromised by nation-state cyberattacks, according to the article -- mostly from Russia, Iran, and North Korea. "While many of these attacks are unrelated to the democratic process," Microsoft said in a blog post, "this data demonstrates the significant extent to which nation-states continue to rely on cyberattacks as a tool to gain intelligence, influence geopolitics, or achieve other objectives."

Read more of this story at Slashdot.

Categories: Privacy

Is Russia Trying to Deanonymize Tor Traffic?

Sat, 07/20/2019 - 15:34
A contractor for Russia's intelligence agency suffered a breach, revealing projects they were pursuing -- including one to deanonymize Tor traffic. An anonymous reader shared this report from ZDNet: The breach took place last weekend, on July 13, when a group of hackers going by the name of 0v1ru$ hacked into SyTech's Active Directory server from where they gained access to the company's entire IT network, including a JIRA instance. Hackers stole 7.5TB of data from the contractor's network, and they defaced the company's website with a "yoba face," an emoji popular with Russian users that stands for "trolling..." Per the different reports in Russian media, the files indicate that SyTech had worked since 2009 on a multitude of projects. In February ZDNet reported that Russia disconnected itself from the rest of the internet in a test -- and suggests today that it was a real-world test of one of these leaked "secret projects" from the Russian intelligence agency. But the other projects include: Nautilus-S - a project for deanonymizing Tor traffic with the help of rogue Tor servers. Nautilus - a project for collecting data about social media users (such as Facebook, MySpace, and LinkedIn). Reward - a project to covertly penetrate P2P networks, like the one used for torrents. Mentor - a project to monitor and search email communications on the servers of Russian companies. Tax-3 - a project for the creation of a closed intranet to store the information of highly-sensitive state figures, judges, and local administration officials, separate from the rest of the state's IT networks. ZDNet also reports that the Tor-deanonymizing project, started in 2012, "appears to have been tested in the real world," citing a 2014 paper which found 18 malicious Tor exit nodes located in Russia. Each of those hostile Russian exit nodes used version 0.2.2.37 of Tor -- the same one described in these leaked files.

Read more of this story at Slashdot.

Categories: Privacy

New Map Shows Where America's Police, Businesses Are Using Facial Recognition and Other Surveillance Tech

Sat, 07/20/2019 - 13:34
"Fight For the Future, a tech-focused nonprofit, on Thursday released its Ban Facial Recognition map, logging the states and cities using surveillance technology," reports CNET -- noting that "surveillance technology" in this case includes Amazon's Ring doorbell security cameras. A CNET investigation earlier this year highlighted the close ties between Ring and police departments across the US, many of which offer free or discounted Ring doorbells using taxpayer money. The cameras have helped police create an easily accessible surveillance network in neighborhoods and allowed law enforcement to request videos through an app. The arrangement has critics worried about the erosion of privacy. Until the release of Fight for the Future's map, there was no comprehensive directory of all the police departments that had partnered with Ring. Now you can find them by going on the map and toggling it to "Police (Local)." It lists more than 40 cities where police have partnered with Amazon for Ring doorbells.... The map is far from complete. Police departments aren't always up front about the technology that they're using. On the interactive map, Fight for the Future asked visitors to send it any new entries to add to the map.... The map also has filters for airports, stores and stadiums that are using facial recognition, as well as states that provide driver's license photos to the FBI's database of faces... . Fight for the Future's map also features a filter for regions where facial recognition use by government is banned. For now, that's only in San Francisco; Somerville, Massachusetts; and Oakland, California. The group's deputy director told CNET that the map's goal is allowing people "to turn their ambient anxiety into effective action by pushing at the local and state level to ban this dangerous tech. "No amount of regulation will fix the threat posed by facial recognition," he added. "It must be banned."

Read more of this story at Slashdot.

Categories: Privacy

China's Tech Giants Have a Second Job: Helping Beijing Spy on Its People

Fri, 07/19/2019 - 10:43
Tencent and Alibaba are among the firms that assist authorities in hunting down criminal suspects, silencing dissent and creating surveillance cities. From a report: Alibaba Group's sprawling campus has collegial workspaces, laid-back coffee bars and, on the landscaped grounds, a police outpost. Employees use the office to report suspected crimes to the police, according to people familiar with the operation. Police also use it to request data from Alibaba for their own investigations, these people said, tapping into the trove of information the tech giant collects through its e-commerce and financial-payment networks. In one case, the police wanted to find out who had posted content related to terrorism, said a former Alibaba employee. "They came to me and asked me for the user ID and information," he recalled. He turned it over. The Chinese government is building one of the world's most sophisticated, high-tech systems to keep watch over its citizens, including surveillance cameras, facial-recognition technology and vast computers systems that comb through terabytes of data. Central to its efforts are the country's biggest technology companies, which are openly acting as the government's eyes and ears in cyberspace. Companies including Alibaba Group Holding, Tencent Holdings and Baidu, are required to help China's government hunt down criminal suspects and silence political dissent. Their technology is also being used to create cities wired for surveillance.

Read more of this story at Slashdot.

Categories: Privacy

Google and Facebook Might Be Tracking Your Porn History, Researchers Warn

Fri, 07/19/2019 - 03:00
Researchers at Microsoft, Carnegie Mellon University and the University of Pennsylvania analyzed 22,484 porn sites and found that 93% leak user data to a third party. Normally, for extra protection when surfing the web, a user might turn to incognito mode. But, the researchers said, incognito mode only ensures that your browsing history is not stored on your computer. CNET reports: According to a study released Monday, Google was the No. 1 third-party company. The research found that Google, or one of its subsidiaries like the advertising platform DoubleClick, had trackers on 74% of the pornography sites examined. Facebook had trackers on 10% of the sites. "In the U.S., many advertising and video hosting platforms forbid 'adult' content. For example, Google's YouTube is the largest video host in the world, but does not allow pornography," the researchers wrote. "However, Google has no policies forbidding websites from using their code hosting (Google APIs) or audience measurement tools (Google Analytics). Thus, Google refuses to host porn, but has no limits on observing the porn consumption of users, often without their knowledge."

Read more of this story at Slashdot.

Categories: Privacy

Chuck Schumer Asks FBI To Investigate FaceApp

Thu, 07/18/2019 - 21:25
Senate minority leader Chuck Schumer is calling on the FBI to investigate FaceApp after privacy concerns have been raised about the Russian company which developed the app. In a letter posted on Twitter, Mr Schumer called it "deeply disturbing" that personal data of U.S. citizens could go to a "hostile foreign power." The BBC reports: Wireless Lab, a company based in St. Petersburg, says it does not permanently store images, and does not collect troves of data -- only uploading specific photos selected by users for editing. "Even though the core R&D team is located in Russia, the user data is not transferred to Russia," a company statement reported by news site TechCrunch said. Mr Schumer however has asked that the FBI and the Federal Trade Commission (FTC) investigate FaceApp. "I have serious concerns regarding both the protection of the data that is being aggregated as well as whether users are aware of who may have access to it," his letter reads.

Read more of this story at Slashdot.

Categories: Privacy

EFF Hits AT&T With Class-Action Lawsuit For Selling Customers' Location To Bounty Hunters

Thu, 07/18/2019 - 20:03
An anonymous reader quotes a report from Motherboard: Tuesday, the Electronic Frontier Foundation (EFF) filed a class action lawsuit against AT&T and two data brokers over their sale of AT&T customers' real-time location data. The lawsuit seeks an injunction against AT&T, which would ban the company from selling any more customer location data and ensure that any already sold data is destroyed. The move comes after multiple Motherboard investigations found AT&T, T-Mobile, Sprint, and Verizon sold their customers' data to so-called location aggregators, which then ended up in the hands of bounty hunters and bail bondsman. The lawsuit, focused on those impacted in California, represents three Californian AT&T customers. Katherine Scott, Carolyn Jewel, and George Pontis are all AT&T customers who were unaware the company sold access to their location. The class action complaint says the three didn't consent to the sale of their location data. The complaint alleges that AT&T violated the Federal Communications Act by not properly protecting customers' real-time location data; and the California Unfair Competition Law and the California Consumers Legal Remedies Act for misleading its customers around the sale of such data. It also alleges AT&T and the location aggregators it sold data through violated the California Constitutional Right to Privacy. The lawsuit highlights AT&T's Privacy Policy that says "We will not sell your personal information to anyone, for any purpose. Period." An AT&T spokesperson said in a statement "While we haven't seen this complaint, based on our understanding of what it alleges we will fight it. Location-based services like roadside assistance, fraud protection, and medical device alerts have clear and even life-saving benefits. We only share location data with customer consent. We stopped sharing location data with aggregators after reports of misuse."

Read more of this story at Slashdot.

Categories: Privacy

Data Broker LocationSmart Will Fight Class Action Lawsuit Over Selling AT&T Data

Thu, 07/18/2019 - 18:03
A broker that helped sell AT&T customers' real-time location data says it will fight a class action lawsuit against it. From a report: The broker, called LocationSmart, was involved in a number of data selling and cybersecurity incidents, including selling location data that ended up in the hands of bounty hunters. "LocationSmart will fight this lawsuit because the allegations of wrongdoing are meritless and rest on recycled falsehoods," a LocationSmart spokesperson said in an emailed statement. LocationSmart did not point to any specific part of the lawsuit to support these claims. On Tuesday, activist group the Electronic Frontier Foundation (EFF) and law firm Pierce Bainbridge filed a class action lawsuit against LocationSmart, another data broker called Zumigo, and telecom giant AT&T. The lawsuit's plaintiffs are three California residents who say they did not consent to AT&T selling their real-time location data through the data brokers. The lawsuit alleges all three companies violated the California Constitutional Right to Privacy, and seeks monetary damages as well as an injunction against AT&T to ensure the deletion of any sold data.

Read more of this story at Slashdot.

Categories: Privacy

Ex-Microsoft Worker Charged in Alleged Scheme To Steal $10M in Gift Cards and Use Funds To Finance Extravagant Purchases

Thu, 07/18/2019 - 14:06
An anonymous reader shares a report: A former Microsoft worker has been arrested and charged with mail fraud, in an alleged scheme to steal $10 million worth of digital currency from his ex-employer and use the funds to finance extravagant purchases, including a Tesla and lakefront home. Volodymyr Kvashuk, a 25-year-old software developer and Ukrainian citizen who worked for Microsoft from 2016 to 2018, allegedly took advantage of a testing program meant to simulate customer purchases. He made test accounts to obtain Microsoft gift cards and then sold some or all of them through online resellers.

Read more of this story at Slashdot.

Categories: Privacy

Bulgaria's Hacked Database Leaks To Hacking Forums

Thu, 07/18/2019 - 13:28
The database of Bulgaria's National Revenue Agency (NRA), which was hacked over the weekend and sent to local reporters, is now being shared on hacking forums, ZDNet has learned from sources in the threat intelligence community. From a report: Download links to the hacked database have been shared by a hacked data trader known as Instakilla, believed to be operating out of Bulgaria. ZDNet obtained a copy of the database and verified its authenticity with local sources, and this is a copy of the same database sent to local media over the weekend. The database contains 57 folders, 10.7 GB in size, and holds personal and financial information consistent with what Bulgarian newspapers reported receiving over the weekend. This includes personally identifiable information, tax information, from both the NRA, and from other government agencies who shared their data.

Read more of this story at Slashdot.

Categories: Privacy

To Foil Hackers, 'Morpheus' Chip Can Change Its Code In the Blink of An Eye

Thu, 07/18/2019 - 03:00
Todd Austin, a professor at the University of Michigan, is working on an approach known as Morpheus that aims to frustrate hackers trying to gain control of microchips by presenting them with a rapidly changing target. At a conference in Detroit this week organized by the U.S. Defense Department's Defense Advanced Research Projects Agency (DARPA), Austin described how the prototype Morpheus chip works. MIT Technology Review reports: The aim is to make it incredibly difficult for hackers to exploit key software that helps govern the chip's operation. Morpheus does this by repeatedly randomizing elements of the code that attackers need access to in order to compromise the hardware. This can be achieved without disrupting the software applications that are powered by the processor. Austin has been able to get the chip's code "churning" to happen once every 50 milliseconds -- way faster than needed to frustrate the most powerful automated hacking tools. So even if hackers find a vulnerability, the information needed to exploit it disappears in the blink of an eye. There's a cost to all this: the technology causes a slight drop in performance and requires somewhat bigger chips. The military may accept this trade-off in return for greater security on the battlefield, but it could limit Morpheus's appeal to businesses and consumers. Austin said a prototype has already resisted every known variant of a widely-used hacking technique known as a control-flow attack, which does things like tampering with the way a processor handles memory in order to allow hackers to sneak in malware. More tests lie ahead. A team of U.S. national security experts will soon begin probing the prototype chip to see if they can compromise its defenses, and Austin also plans to post some of Morpheus's code online so that other researchers can try to find flaws in it, too.

Read more of this story at Slashdot.

Categories: Privacy

A Researcher Attempted To Opt Out of Facial Recognition at the Airport -- It Wasn't Easy

Wed, 07/03/2019 - 13:30
Allie Funk, writing for Wired: The announcement came as we began to board. Last month, I was at Detroit's Metro Airport for a connecting flight to Southeast Asia. I listened as a Delta Air Lines staff member informed passengers that the boarding process would use facial recognition instead of passport scanners. As a privacy-conscious person, I was uncomfortable boarding this way. I also knew I could opt out. Presumably, most of my fellow fliers did not: I didn't hear a single announcement alerting passengers how to avoid the face scanners. To figure out how to do so, I had to leave the boarding line, speak with a Delta representative at their information desk, get back in line, then request a passport scan when it was my turn to board. Federal agencies and airlines claim that facial recognition is an opt-out system, but my recent experience suggests they are incentivizing travelers to have their faces scanned -- and disincentivizing them to sidestep the tech -- by not clearly communicating alternative options. Last year, a Delta customer service representative reported that only 2 percent of customers opt out of facial-recognition. It's easy to see why.

Read more of this story at Slashdot.

Categories: Privacy

Security Flaws In a Popular Smart Home Hub Let Hackers Unlock Front Doors

Tue, 07/02/2019 - 22:10
In new research published Tuesday, security researchers Chase Dardaman and Jason Wheeler found three security flaws which, when chained together, could be abused to open a front door with a smart lock. TechCrunch reports: Dardaman and Wheeler began looking into the ZipaMicro, a popular smart home hub developed by Croatian firm Zipato, some months ago, but only released their findings once the flaws had been fixed. The researchers found they could extract the hub's private SSH key for "root" -- the user account with the highest level of access -- from the memory card on the device. Anyone with the private key could access a device without needing a password, said Wheeler. They later discovered that the private SSH key was hardcoded in every hub sold to customers -- putting at risk every home with the same hub installed. Using that private key, the researchers downloaded a file from the device containing scrambled passwords used to access the hub. They found that the smart hub uses a "pass-the-hash" authentication system, which doesn't require knowing the user's plaintext password, only the scrambled version. By taking the scrambled password and passing it to the smart hub, the researchers could trick the device into thinking they were the homeowner. All an attacker had to do was send a command to tell the lock to open or close. With just a few lines of code, the researchers built a script that locked and unlocked a smart lock connected to a vulnerable smart hub.

Read more of this story at Slashdot.

Categories: Privacy

Elizabeth Warren Accuses Advisory Panel For FCC of Corruption

Tue, 07/02/2019 - 20:50
An anonymous reader quotes a report from CNET: A panel that provides policy advice to the Federal Communications Commission is "stacked with corporate insiders," Democratic presidential candidate Elizabeth Warren said Monday. She cited a blog post by the Project On Government Oversight (POGO), which showed more than half of all Communications Security, Reliability and Interoperability Council (CSRIC) members are direct employees of private companies or of industry trade groups. This could lead to allegations that rather than working for American consumers, the FCC is working for "giant telecom companies", Warren, a Democratic senator from Massachusetts, tweeted Monday. "This is the definition of corruption: industry members writing the rules to benefit themselves & their rich friends," she added in another tweet. Sen. Warren has called on FCC Chair Ajit Pai to "explain the extent to which CSRIC may be corrupted by corporate influence." A letter from Warren and Rep. Pramila Jayapal dated June 27, spotted earlier by The Hill, asks for information (PDF) from Pai on whether the panel is "inappropriately dominated by industry (pdf) insiders." "The industry-dominated personnel on the panel have recommended policies that are directly in line with the wishes of the companies from which their members are drawn," the letter says, adding that POGO says a lack of expertise among FCC members means they rely increasingly on the panel's recommendations.

Read more of this story at Slashdot.

Categories: Privacy

Oracle On Why It Thinks AWS Winning Pentagon's $10 Billion Jedi Cloud Contract Stinks

Tue, 07/02/2019 - 16:50
An anonymous reader quotes a report from The Register: Ahead of its first day in a U.S. federal claims court in Washington DC, Oracle has outlined its position against the Pentagon's award of the Joint Enterprise Defense Infrastructure (JEDI) cloud contract to Amazon Web Services. Big Red's lengthy filing questions the basis of Uncle Sam's procurement procedure as well as Amazon's hiring of senior Department of Defense staff involved in that procurement process. Oracle's first day in court is set for 10 July. The JEDI deal could be worth up to $10 billion over 10 years. The Department of Defense handed the contract to AWS after deciding that only Amazon and Microsoft could meet the minimum security standards required in time. Oracle's filing said that U.S. "warfighters and taxpayers have a vested interest in obtaining the best services through lawful, competitive means... Instead, DoD (with AWS's help) has delivered a conflict-ridden mess in which hundreds of contractors expressed an interest in JEDI, over 60 responded to requests for information, yet only the two largest global cloud providers can clear the qualification gates." The company said giving JEDI, with its "near constant technology refresh requirements", to just one company was in breach of procurement rules. It accused the DoD of gaming the metrics used in the process to restrict competition for the contract. Oracle also accused Amazon of breaking the rules by hiring two senior DoD staff, Deap Ubhi and Anthony DeMartino, who were involved in the JEDI procurement process. Ubhi is described as "lead PM." A third name is redacted in the publicly released filing. The DoD, which is expected to make an offer to settle the case in late August, said in a statement: "We anticipate a court decision prior to that time. The DoD will comply with the court's decision. While the acquisition and litigation processes are proceeding independently the JEDI implementation will be subject to the determination of the court." The 50-page filing can be found here (PDF).

Read more of this story at Slashdot.

Categories: Privacy

China Is Forcing Tourists To Install Text-Stealing Malware at its Border

Tue, 07/02/2019 - 12:06
Foreigners crossing certain Chinese borders into the Xinjiang region, where authorities are conducting a massive campaign of surveillance and oppression against the local Muslim population, are being forced to install a piece of malware on their phones that gives all of their text messages as well as other pieces of data to the authorities, a collaboration by Motherboard, Suddeutsche Zeitung, the Guardian, the New York Times, and the German public broadcaster NDR has found. From the report: The Android malware, which is installed by a border guard when they physically seize the phone, also scans the tourist or traveller's device for a specific set of files, according to multiple expert analyses of the software. The files authorities are looking for include Islamic extremist content, but also innocuous Islamic material, academic books on Islam by leading researchers, and even music from a Japanese metal band. In no way is the downloading of tourists' text messages and other mobile phone data comparable to the treatment of the Uighur population in Xinjiang, who live under the constant gaze of facial recognition systems, CCTV, and physical searches. [...] The malware news shows that the Chinese government's aggressive style of policing and surveillance in the Xinjiang region has extended to foreigners, too. "[This app] provides yet another source of evidence showing how pervasive mass surveillance is being carried out in Xinjiang. We already know that Xinjiang residents -- particularly Turkic Muslims -- are subjected to round-the-clock and multidimensional surveillance in the region," Maya Wang, China senior researcher at Human Rights Watch, said. "What you've found goes beyond that: it suggests that even foreigners are subjected to such mass, and unlawful surveillance."

Read more of this story at Slashdot.

Categories: Privacy