Your rights online

Syndicate content Slashdot: Your Rights Online
News for nerds, stuff that matters
Updated: 22 hours 53 min ago

Senate Passes Cybersecurity Bill To Decrease Grid Digitization, Move Toward Manual Control

Mon, 07/01/2019 - 22:03
On June 27, the U.S. Senate passed a bipartisan cybersecurity bill that will study ways to replace automated systems with low-tech redundancies to protect the country's electric grid from hackers. Called The Securing Energy Infrastructure Act (SEIA), the bill establishes a two-year pilot program identifying new security vulnerabilities and researching and testing solutions, including "analog and nondigital control systems." The U.S Department of Energy would be required to report back to Congress on its findings. Utility Drive reports: The increase in distributed energy resources can serve load more efficiently, but also offers potential attackers more potential entry points. "Our connectivity is a strength that, if left unprotected, can be exploited as a weakness," Sen. Angus King, I-Maine, who sponsored the bill with Sen. Jim Risch, R-Idaho, said in a statement. Sens. Susan Collins, R-Maine, Martin Heinrich, D-N.M., and Mike Crapo, R-Idaho cosponsored the bill. The House measure is being introduced by Reps. Dutch Ruppersberger, D-Md., and John Carter, R-Texas.

Read more of this story at Slashdot.

Categories: Privacy

India Widens Antitrust Probe Into Google's Android Dominance

Mon, 07/01/2019 - 03:34
An anonymous reader quotes Reuters: Google appears to have misused its dominant position in India and reduced the ability of device manufacturers to opt for alternate versions of its Android mobile operating system, Indian officials found before ordering a wider probe in an antitrust case. A 14-page order from the Competition Commission of India (CCI), reviewed by Reuters this week, found Google's restrictions on manufacturers seemed to amount to imposition of "unfair conditions" under India's competition law.... The Indian case is similar to one Google faced in Europe, where regulators imposed a $5 billion fine on the company for forcing manufacturers to pre-install its apps on Android devices. Google has appealed against the verdict. By making pre-installation of Google's proprietary apps conditional, Google "reduced the ability and incentive of device manufacturers to develop and sell devices operated on alternate versions of Android", the CCI said in the order. "It amounts to prima facie leveraging of Google's dominance".

Read more of this story at Slashdot.

Categories: Privacy

Former Equifax CIO Sentenced to 4 Months in Prison for Insider Training

Sun, 06/30/2019 - 16:34
An anonymous reader quotes CNET: A former Equifax executive who sold his stock in the consumer credit reporting firm before it announced a massive data breach has been sentenced to four months in federal prison for insider trading. Jun Ying, former chief information officer for the company's US Information Solutions, was also ordered to pay about $117,000 in restitution and a $55,000 fine, the US Attorney's Office said Thursday... Ying sold all his shares in Equifax, making more than $950,000. Ying's insider trading happened 10 days before Equifax publicly announced its breach. Ying, 44, is the second Equifax employee convicted of insider trading related to the data breach. Sudhakar Reddy Bonthu, a former Equifax software development manager, pleaded guilty in 2018 to using the insider information to make more than $75,000 on the stock market. Bonthu was ordered to serve eight months home confinement, pay a $50,000 fine and forfeit the proceeds from the stock sale. In announcing the sentence, U.S. Attorney Byung J. Pak said that Ying had "thought of his own financial gain before the millions of people exposed in this data breach even knew they were victims."

Read more of this story at Slashdot.

Categories: Privacy

Wikipedia Co-Founder Calls For a Social Media Strike July 4-5

Sun, 06/30/2019 - 13:34
Wikpedia co-founder Larry Sanger is also Slashdot reader #936,381. He has an announcement: "Humanity has been contemptuously used by vast digital empires," says my new Declaration of Digital Independence, which you can sign. So I'm calling a massive social media strike for July 4-5 to raise awareness of the possibility of decentralizing social media, which is wildly popular whenever proposed. Read the FAQ use the resources to learn and spread the word far and wide. Look for lots of news about this soon. And get ready! Maybe we can make a long-held geek dream finally come true.

Read more of this story at Slashdot.

Categories: Privacy

Sting Finds Ransomware Data Recovery Firms Are Just Paying The Ransom

Sun, 06/30/2019 - 03:34
"ProPublica recently reported that two U.S. firms, which professed to use their own data recovery methods to help ransomware victims regain access to infected files, instead paid the hackers. Now there's new evidence that a U.K. firm takes a similar approach." An anonymous reader quotes their report: Fabian Wosar, a cyber security researcher, told ProPublica this month that, in a sting operation he conducted in April, Scotland-based Red Mosquito Data Recovery said it was "running tests" to unlock files while actually negotiating a ransom payment. Wosar, the head of research at anti-virus provider Emsisoft, said he posed as both hacker and victim so he could review the company's communications to both sides. Red Mosquito Data Recovery "made no effort to not pay the ransom" and instead went "straight to the ransomware author literally within minutes," Wosar said. "Behavior like this is what keeps ransomware running." Since 2016, more than 4,000 ransomware attacks have taken place daily, or about 1.5 million per year, according to statistics posted by the U.S. Department of Homeland Security. Law enforcement has failed to stem ransomware's spread, and culprits are rarely caught... But clients who don't want to give in to extortion are susceptible to firms that claim to have their own methods of decrypting files. Often, victims are willing to pay more than the ransom amount to regain access to their files if they believe the money is going to a data recovery firm rather than a hacker, Wosar said. Red Mosquito charged their client four times the actual ransom amount, according to the report -- though after ProPublica followed up, the company "did not respond to emailed questions, and hung up when we called the number listed on its website." The company then also "removed the statement from its website that it provides an alternative to paying hackers. It also changed 'honest, free advice' to 'simple free advice,' and the 'hundreds' of ransomware cases it has handled to 'many.'"

Read more of this story at Slashdot.

Categories: Privacy

Microsoft Claims Unauthorized Repairing of Its Devices Would Be a Security Risk

Sat, 06/29/2019 - 15:41
In comments submitted to America's Federal Trade Commission, Microsoft says repairing its devices could jeopardize protections from the Trusted Platform Module (TPM) security chip. "Don't believe them," argues a group of information security professionals who support the right to repair. Slashdot reader chicksdaddy quotes their report: The statement was submitted ahead of Nixing the Fix, an FTC workshop on repair restrictions that is scheduled for mid-July... "The unauthorized repair and replacement of device components can result in the disabling of key hardware security features or can impede the update of firmware that is important to device security or system integrity," Microsoft wrote... "If the TPM or other hardware or software protections were compromised by a malicious or unqualified repair vendor, those security protections would be rendered ineffective and consumers' data and control of the device would be at risk. Moreover, a security breach of one device can potentially compromise the security of a platform or other devices connected to the network...." As we know: Firms like Microsoft, Lexmark, LG, Samsung and others use arguments like this all the time and then not too subtly imply that their authorized repair professionals are more trustworthy and honest than independent competitors. But that's just hot air. They have no data to back up those assertions and there's no way that their repair technicians are more trustworthy than owners, themselves... There's nothing inherent in repair or the things called for in right to repair laws like providing diagnostic software, diagnostic codes, schematics and replacement parts that puts the integrity of the TPM or the trust model it anchors at risk. Nor does the TPM require that the devices it secures remain pristine: using the same hardware and software configuration as when they were sold by the OEM. After all, TPMs are in Dell computers. Dell makes diagnostic software and diagnostic codes and schematics available for their hardware and I haven't heard Microsoft or anybody else suggest that a TPM on a repairable Dell laptop is any less secure than the TPM on an unrepairable Microsoft Surface.

Read more of this story at Slashdot.

Categories: Privacy

Trump Relaxes US Ban On Selling To Huawei In Surprise G20 Concession

Sat, 06/29/2019 - 13:34
hackingbear tipped us off to a breaking news story. CNN reports: US President Donald Trump has appeared to soften his tone on Chinese communications giant Huawei, suggesting that he would allow the company to once again purchase U.S. technology. Speaking at a press conference in Osaka, Saturday, Trump said that the U.S. sells a "tremendous amount of product" to Huawei. "That's okay, we will keep selling that product," said Trump. "The (U.S.) companies were not exactly happy that they couldn't sell." Forbes points out "While it's not a lifting of the blanket ban, it will significantly benefit the Chinese manufacturer." ZDNet reports: This news just broke with comments made by Trump, including "U.S. companies can sell their equipment to Huawei. We're talking about equipment where there's no great national security problem with it." The details of this statement are still pending, but it is likely that 5G infrastructure equipment may still not be part of this access deal while the smartphone segment may be where we see open access. One Daily Beast contributor argues the action "appears to be a surrender to publicly issued Chinese demands." But TechCrunch writes that "any mutual trust has been broken and things are unlikely to be the same again."

Read more of this story at Slashdot.

Categories: Privacy

Theranos Founder Elizabeth Holmes To Stand Trial In 2020

Sat, 06/29/2019 - 09:00
An anonymous reader quotes a report from TechCrunch: Elizabeth Holmes, the founder of the now-defunct biotech unicorn Theranos, will face trial in federal court next summer with penalties of up to 20 years in prison and millions of dollars in fines. Jury selection will begin July 28, 2020, according to U.S. District Judge Edward J. Davila, who announced the trial will commence in August 2020 in a San Jose federal court Friday morning. Holmes and former Theranos president Ramesh "Sunny" Balwani were indicted by a grand jury last June with 11 criminal charges in total. Two of those charges were conspiracy to commit wire fraud (against investors, and against doctors and patients). The remaining nine are actual wire fraud, with amounts ranging from the cost of a lab test to $100 million. Bloomberg says Holmes' legal team plans to argue that The Wall Street Journal's John Carreyrou "had an undue influence on federal regulators," and "went beyond reporting the Theranos story." "The jury should be aware that an outside actor, eager to break a story, and portray the story as a work of investigative journalism, was exerting influence on the regulatory process in a way that appears to have warped the agencies' focus on the company and possibly biased the agencies' findings against it," her attorneys wrote, per Bloomberg. "The agencies' interactions with Carreyrou thus go to the heart of the government's case."

Read more of this story at Slashdot.

Categories: Privacy

House Votes To Block Ajit Pai's Plan To Kill San Francisco Broadband Law

Fri, 06/28/2019 - 20:45
An anonymous reader quotes a report from Ars Technica: The U.S. House of Representatives has voted to block Ajit Pai's attempt to kill a San Francisco ordinance designed to promote broadband competition in apartment buildings. As we reported last week, the Federal Communications Commission chair has scheduled a July 10 vote on a measure that would preempt the San Francisco city ordinance, which lets Internet service providers use the existing wiring inside multiunit residential and commercial properties even if the wiring is already used by another ISP that serves the building. The ordinance applies only when the inside wiring belongs to the property owner, but it makes it easier for ISPs to compete in many multiunit buildings already served by another provider. Pai claimed that the city's rule "deters broadband deployment" and infringes on the FCC's regulation of cable wiring. But US Rep. Katie Porter (D-Calif.) proposed a budget amendment that would forbid the FCC from using any funding to implement or enforce Pai's preemption proposal. The House, which is controlled by Democrats, yesterday approved the Financial Services and General Government Appropriations Act for fiscal 2020 in a mostly party-line vote of 224-196. Earlier in the day, the House approved a block of amendments including Porter's proposal that "prohibits the Federal Communications Committee from finalizing a draft declaratory ruling that would overturn local ordinances that promote broadband competition." The amendment's passage by a vote of 227-220 was also noted in the Congressional Record.

Read more of this story at Slashdot.

Categories: Privacy

NSA Improperly Collected US Phone Call Data After Saying Problem Was Fixed

Fri, 06/28/2019 - 18:40
An anonymous reader quotes a report from USA Today: The National Security Agency improperly collected phone call records of Americans last fall, months after a previous breach that compelled the agency to destroy millions of records from the contentious program, documents released Wednesday revealed. The redacted documents, obtained by the ACLU in a Freedom of Information Act lawsuit, do not indicate how many records NSA improperly collected in the October breach, nor which telecommunications provider submitted the improper data. "These documents provide further evidence that the NSA has consistently been unable to operate the call detail record program within the bounds of the law," the ACLU said in a letter to Congress this week lobbying for an end to the program. The letter says elements within the Office of the Director of National Intelligence concluded the October violations had a "significant impact" on privacy and civil rights, but that the Americans affected were not told of the breach.

Read more of this story at Slashdot.

Categories: Privacy

Technology is Eroding the Ability To Move Around the Physical World Anonymously

Fri, 06/28/2019 - 17:21
Hal Hodson, a correspondent for Economist writes in a Twitter thread: Something really massive is happening, and I feel like society is barely grasping the tendrils of the implications. Technology is eroding one of the great levees of human society -- the ability to move around the physical world anonymously. This is happening because computers are getting better at spotting patterns in data, and the cost of capturing data that contain patterns about human beings is plummeting. Most adult humans have a device in their pocket capable of recognizing the patterns in another human's face. Face recognition is just the most obvious side of this new reality. It's easy to grasp that a computer can remember what your face looks like, because humans can do that too (not that well though). But computers don't care what data is used to tag you, only that the data is unique. You can measure someone's: heartbeat with a laser; breathing with the RF-waves in wifi; walking gait with a camera; geographical movements through their phone; and voice and emotional state through a microphone. These datasets all hold patterns which uniquely ID a person. Pretty much anyone can "scan" anyone at this point. The hard bit is matching the patterns in that data with a person's legal identity, figuring out to whom a pattern belongs. This means that control of and access to identity systems is more important than it has ever been before. The issue is that currently the world does not expect to be identified anywhere at any time, by anyone. Society runs on the assumption that people are unknowable in some spaces. I don't know what happens as that disappears, but I am worried. It's easy to imagine bad actors gathering all the data they can on everyone they can get their hands on. Doesn't matter if it isn't linked with an ID right now. Store it, and when someone becomes a threat, do the work to ID them in stored data, find something to get them with. Legal systems need to recreate and/or reinforce some of the levees that cheap compute and sensing are washing away. Maybe folks want to live in a world where anyone can set a drone or autonomous agent to track a person around town and report their movements. I don't think so. Addedum: the direction of travel is crystal clear here. Cheaper sensors, closer to the body and mind, coupled with ever-cheaperbetter computation. You can't rely on nature for "privacy" any more. You have to do it for ourselves, if you want.

Read more of this story at Slashdot.

Categories: Privacy

A Second US City Has Banned Facial Recognition

Fri, 06/28/2019 - 09:00
An anonymous reader quotes a report from Motherboard: Somerville, Massachusetts just became the second U.S. city to ban the use of facial recognition in public space. The "Face Surveillance Full Ban Ordinance," which passed through Somerville's City Council on Thursday night, forbids any "department, agency, bureau, and/or subordinate division of the City of Somerville" from using facial recognition software in public spaces. The ordinance passed Somerville's Legislative Matters Committee on earlier this week. The ordinance defines facial surveillance as "an automated or semi-automated process that assists in identifying an individual, capturing information about an individual, based on the physical characteristics of an individual's face," which is operationally equivalent to facial recognition. San Francisco banned the use of facial recognition by police and city government agencies a month ago.

Read more of this story at Slashdot.

Categories: Privacy

Trump White House Reportedly Debating Encryption Policy Behind Closed Doors

Thu, 06/27/2019 - 22:02
According to a report in Politico, the Trump administration held a National Security Council meeting on Wednesday that weighed the challenges and benefits of encryption. "One of Politico's sources said that the meeting was split into two camps: Decide, create and publicize the administration's position on encryption or go so far as to ask Congress for legislation to ban end-to-end encryption," reports Gizmodo. From the report: That would be a huge escalation in the encryption fight and, moreover, would probably be unsuccessful due to a lack of willpower in Congress. No decision was made by the Trump administration officials, Politico reported. The White House did not respond to a request for comment. The fact that these discussions are ongoing both within the White House and with Silicon Valley shows that the issue is still very much alive within the corridors of power.

Read more of this story at Slashdot.

Categories: Privacy

The Pentagon Has a Laser That Can Identify People From a Distance By Their Heartbeat

Thu, 06/27/2019 - 20:03
An anonymous reader quotes a report from MIT Technology Review: A new device, developed for the Pentagon after U.S. Special Forces requested it, can identify people without seeing their face: instead it detects their unique cardiac signature with an infrared laser. While it works at 200 meters (219 yards), longer distances could be possible with a better laser. "I don't want to say you could do it from space," says Steward Remaly, of the Pentagon's Combatting Terrorism Technical Support Office, "but longer ranges should be possible." Contact infrared sensors are often used to automatically record a patient's pulse. They work by detecting the changes in reflection of infrared light caused by blood flow. By contrast, the new device, called Jetson, uses a technique known as laser vibrometry to detect the surface movement caused by the heartbeat. This works though typical clothing like a shirt and a jacket (though not thicker clothing such as a winter coat).

Read more of this story at Slashdot.

Categories: Privacy

Google's New ReCAPTCHA Has a Dark Side

Thu, 06/27/2019 - 18:40
An anonymous reader quotes a report from Fast Company: We've all tried to log into a website or submit a form only to be stuck clicking boxes of traffic lights or storefronts or bridges in a desperate attempt to finally convince the computer that we're not actually a bot. For many years, this has been one of the predominant ways that reCaptcha -- the Google-run internet bot detector -- has determined whether a user is a bot or not. But last fall, Google launched a new version of the tool, with the goal of eliminating that annoying user experience entirely. Now, when you enter a form on a website that's using reCaptcha V3, you won't see the "I'm not a robot" checkbox, nor will you have to prove you know what a cat looks like. Instead, you won't see anything at all. Google is also now testing an enterprise version of reCaptcha v3, where Google creates a customized reCaptcha for enterprises that are looking for more granular data about users' risk levels to protect their site algorithms from malicious users and bots. But this new, risk-score based system comes with a serious trade-off: users' privacy. According to two security researchers who've studied reCaptcha, one of the ways that Google determines whether you're a malicious user or not is whether you already have a Google cookie installed on your browser. It's the same cookie that allows you to open new tabs in your browser and not have to re-log in to your Google account every time. But according to Mohamed Akrout, a computer science PhD student at the University of Toronto who has studied reCaptcha, it appears that Google is also using its cookies to determine whether someone is a human in reCaptcha v3 tests. Akrout wrote in an April paper about how reCaptcha v3 simulations that ran on a browser with a connected Google account received lower risk scores than browsers without a connected Google account. "Because reCaptcha v3 is likely to be on every page of a website, if you're signed into your Google account there's a chance Google is getting data about every single webpage you go to that is embedded with reCaptcha v3 -- and there many be no visual indication on the site that it's happening, beyond a small reCaptcha logo hidden in the corner," the report adds.

Read more of this story at Slashdot.

Categories: Privacy

Intel Launches Blockbuster Auction For Its Mobile Portfolio

Thu, 06/27/2019 - 18:00
In what looks set to become one of the highest profile patent sales in years, Intel has put its IP relating to cellular wireless connectivity on the auction block. The company is seeking to divest around 8,500 assets from its massive portfolio. From a report: The news comes as the chip giant searches for a buyer for its 5G smartphone modem business having announced in April that it was pulling out of the market. That was after as it had become increasingly clear that the company, which has been the supplier of 4G modem chips to Apple for the last few years, was struggling to release a 5G product even though the rollout of the next generation of mobile technology is well underway. The auction offering is comprised of two parts: the cellular portfolio and a connected device portfolio. The former includes approximately 6,000 patent assets related to 3G, 4G and 5G cellular standards and an additional 1,700 assets that read on wireless implementation technologies. The latter is made up of 500 patents with broad applicability across the semiconductor and electronics industries. Although that represents a large portion of Intel's cellular IP it is understood that it will retain significant wireless assets.

Read more of this story at Slashdot.

Categories: Privacy

When You Listen, They Watch: Pre-Saving Albums Can Allow Labels To Track Users on Spotify

Thu, 06/27/2019 - 17:20
Pre-saving albums on Spotify can give music labels access to personal user data like emails addresses and playlists, according to a Billboard report. From a report: To pre-save music, which adds a release to a user's library as soon as it comes out, Spotify users click through and approve permissions that give the label far more account access than the streaming giant normally grants them -- enough to track what they listen to, change what artists they follow and potentially even control their music streaming remotely. This lets labels access some of the data that streaming companies usually guard for themselves -- which they want in order to compete with the streaming giants on a more even playing field. But at a time when the policies of online giants like Google and Facebook has made online privacy a contentious issue, music's pre-saving process could begin to spark concern among consumers, and perhaps even regulators. Labels also ask for far more permissions than they need. Spotify users who, for example, tried to pre-save the Little Mix single "Bounce Back" from links shared by the act or its label, Sony Music, were prompted to agree that Spotify could allow Sony to "view your Spotify account data," "view your activity on Spotify" and "take actions in Spotify on your behalf." The exact permissions Sony requests are only visible to those who click through to the corresponding submenus, so users may not fully understand all that they're agreeing to -- or that the changes apply to their account unless they change it on Spotify's website.

Read more of this story at Slashdot.

Categories: Privacy

India Reportedly Wants To Build Its Own WhatsApp For Government Communications

Thu, 06/27/2019 - 10:41
India may have plans to follow France's footsteps in building a chat app and requiring government employees to use it for official communications. From a report: The New Delhi government is said to be pondering about the need to have homegrown email and chat apps, local news outlet Economic Times reported on Thursday. The rationale behind the move is to cut reliance on foreign entities, the report said, a concern that has somehow manifested amid U.S.'s ongoing tussle with Huawei and China. "We need to make our communication insular," an unnamed top government official was quoted as saying by the paper. The person suggested that by putting Chinese giant Huawei on the entity list, the U.S. has "set alarm bells ringing in New Delhi." India has its own ongoing trade tension with the U.S. Donald Trump earlier this month removed the South Asian nation from a special trade program after India did not assure him that it "unfortunate," and weeks later, increased tariffs on some U.S. exports.

Read more of this story at Slashdot.

Categories: Privacy

EU Should Ban AI-Powered Citizen Scoring and Mass Surveillance, Say Experts

Thu, 06/27/2019 - 10:02
A group of policy experts assembled by the EU has recommended that it ban the use of AI for mass surveillance and mass "scoring of individuals"; a practice that potentially involves collecting varied data about citizens -- everything from criminal records to their behavior on social media -- and then using it to assess their moral or ethical integrity. From a report: The recommendations are part of the EU's ongoing efforts to establish itself as a leader in so-called "ethical AI." Earlier this year, it released its first guidelines on the topic, stating that AI in the EU should be deployed in a trustworthy and "human-centric" manner. The new report offers more specific recommendations. These include identifying areas of AI research that require funding; encouraging the EU to incorporate AI training into schools and universities; and suggesting new methods to monitor the impact of AI. However, the paper is only a set of recommendations at this point, and not a blueprint for legislation. Notably, the suggestions that the EU should ban AI-enabled mass scoring and limit mass surveillance are some of the report's relatively few concrete recommendations.

Read more of this story at Slashdot.

Categories: Privacy

Second Florida City Pays Giant Ransom To Ransomware Gang In a Week

Wed, 06/26/2019 - 18:40
Less than a week after a first Florida city agreed to pay a whopping $600,000 to get their data back from hackers, now, a second city's administration has taken the same path. On Monday, in an emergency meeting of the city council, the administration of Lake City, a small Florida city with a population of 65,000, voted to pay a ransom demand of 42 bitcoins, worth nearly $500,000. ZDNet reports: The decision to pay the ransom demand was made after the city suffered a catastrophic malware infection earlier this month, on June 10, which the city described as a "triple threat." Despite the city's IT staff disconnecting impacted systems within ten minutes of detecting the attack, a ransomware strain infected almost all its computer systems, with the exception of the police and fire departments, which ran on a separate network. A ransom demand was made a week after the infection, with hackers reaching out to the city's insurance provider -- the League of Cities, which negotiated a ransom payment of 42 bitcoins last week. City officials agreed to pay the ransom demand on Monday, and the insurer made the payment yesterday, on Tuesday, June 25, local media reported. The payment is estimated to have been worth between $480,000 to $500,000, depending on Bitcoin's price at the time of the payment. The city's IT staff is now working to recover their data after receiving a decryption key.

Read more of this story at Slashdot.

Categories: Privacy