United Kingdom

Facebook Reopens Probe Into Russian Involvement in Brexit (techcrunch.com) 1

An anonymous reader quotes TechCrunch: Facebook has said it will conduct a wider investigation into whether there was Russian meddling on its platform relating to the 2016 Brexit referendum vote in the UK. Wednesday its UK policy director Simon Milner wrote to a parliamentary committee that's been conducting a wide-ranging enquiry into fake news -- and whose chair has been witheringly critical of Facebook and Twitter for failing to co-operate with requests for information and assistance on the topic of Brexit and Russia -- saying it will widen its investigation, per the committee's request. Though he gave no firm deadline for delivering a fresh report -- beyond estimating "a number of weeks".

It's not clear whether Twitter will also bow to pressure to conduct a more thorough investigation of Brexit-related disinformation. At the time of writing the company had not responded to our questions either. At the end of last year committee chair Damian Collins warned both companies they could face sanctions for failing to co-operate with the committee's enquiry -- slamming Twitter's investigations to date as "completely inadequate", and expressing disbelief that both companies had essentially ignored the committee's requests... Independent academic studies have suggested there was in fact significant tweet-based activity generated around Brexit by Russian bots."

Theresa May has said Russia's attempts to "sow discord" in the West could not go unchallenged, and warned Vladimir Putin, "We know what you are up to."

Facebook's response complained that a new investigation "requires detailed analysis of historic data by our security experts, who are also engaged in preventing live threats to our service."
Crime

Church Elder/'Jeopardy' Champion Charged With Computer Crimes (mlive.com) 36

Stephanie Jass, a record-setting, seven-time winner on Jeopardy, has been charged with two felonies for accessing the email accounts of two executives at the college where she worked as an assistant professor. An anonymous reader quotes MLive: Jass was able to access the accounts because of an April 24 issue with the college email system, hosted by Google. Frank Hribar, vice president for enrollment and student affairs, said there was network outage caused by loss of power. On April 25, users received a text message with a generic, standard passcode: "Please attempt to login to Gmail using this password. You should be prompted to change password after login..." Not everyone, however, was prompted to do so. Some did make the change using a tutorial. Some received an error and were unable to create a new password, the timeline states. Others did not alter the password at all. The method "worked just fine, had there not been manipulation of the system," said Hribar...

Jass, 47, of Tecumseh was charged in December with unauthorized access to a computer, program or network, and using a computer to commit a crime, both felonies... On May 5, the college deactivated Jass' email account and access to all other college software. The locks to her office door were changed and her desktop computer was confiscated, according to the timeline.

The police report "indicates Jass accessed emails while using an internet network at First Presbyterian Church of Tecumseh, where she served as an elder."
Microsoft

Microsoft Fights Search Warrants for Overseas Emails in the Supreme Court (microsoft.com) 33

Microsoft's Chief Legal Officer writes about "the landmark Microsoft case that will decide whether the U.S. government can use a search warrant to force a company to seize a customer's private emails stored in Ireland and import them to the United States." On Thursday, 289 different groups and individuals from 37 countries signed 23 different legal briefs supporting Microsoft's position that Congress never gave law enforcement the power to ignore treaties and breach Ireland's sovereignty in this way. How could it? The government relies on a law that was enacted in 1986, before anyone conceived of cloud computing... When the U.S. government requires a tech company to execute a warrant for emails stored overseas, the provider must search a foreign datacenter and make a copy abroad, and then import that copy to the United States. This creates a complex issue with huge international consequences. It shouldn't be resolved by taking the law to a place it was never intended to go...

The U.S. Department of Justice's attempt to seize foreign customers' emails from other countries ignores borders, treaties and international law, as well as the laws those countries have in place to protect the privacy of their own citizens... It's also a path that will lead to the doorsteps of American homes by putting the privacy of U.S. citizens' emails at risk. If the U.S. government obtains the power to search and seize foreign citizens' private communications physically stored in other countries, it will invite other governments to do the same thing. If we ignore other countries' laws, how can we demand that they respect our laws?

Amicus briefs supporting Microsoft have been filed in the U.S. Supreme Court by Ireland, France, and the European Commission and European privacy regulators. Microsoft even notes that on this issue, "Fox News agreed with the American Civil Liberties Union."
Iphone

iPhone X Purchase Leads To Police, Battering Ram, and Handcuffs (cbslocal.com) 245

An anonymous reader quotes CBS SFBayArea: On one recent morning, Rick Garcia and his wife Shannon Knuth woke up to a posse of San Francisco police officers at their front door. "I peered through the peephole and I saw a police officer and a battering ram," Garcia said. "We heard 'SFPD' and 'warrant,' and I was like 'what's going on?'" Knuth remembers. It felt like a nightmare yet it was real. Garcia says that within seconds he was dragged into the hallway of his apartment complex, handcuffed, then whisked away to the Taraval Station.... Meanwhile Knuth, who had just got out of the shower, was ordered to sit on the couch... After rifling through the apartment Knuth says the officers finally told her what they were looking for: Her husband's iPhone X.

According to the warrant, it was stolen but Knuth showed them the receipt which proved her husband bought it. Once the officers realized their mistake they called the police station and a squad car brought Garcia home. "They gathered their pry bar and their battering ram and they left," he said. So how could a mistake like that happen? It's still unclear but it turns out Garcia and Knuth bought the iPhone at an Apple store at Stonestown Galleria just a few weeks after 300 iPhone Xs were stolen from a UPS truck in the mall parking lot.

One former police chief says the way it was handled "kind of boggles the mind...

"This was clearly an incident that should have just been a knock and talk, a couple detectives come to the door, knock on the door and they would have gathered the same info that they gathered after they put him in handcuffs and hauled him off to jail."
United States

Apple and Google Are Rerouting Their Employee Buses as Attacks Resume (mashable.com) 235

Slashdot reader sqorbit writes: Apple runs shuttle buses for it's employees in San Francisco. It seems someone who is not happy with Apple has decided to take out their anger on these buses. In an email obtained by Mashable, Apple states "Due to recent incidents of broken windows along the commute route, specifically on highway 280, we're re-routing coaches for the time being. This change in routes could mean an additional 30-45 minutes of commute time in each direction for some riders." It has been reported that at least four buses have had windows broken, some speculating that it might caused by rubber bullets.
"Around four years ago, people started attacking the shuttle buses that took Google employees to and from work, as a way of protesting the tech-company-driven gentrification taking place around San Francisco," remembers Fortune, adding "it seems to be happening again."

At least one Google bus was also attacked, according to the San Francisco Chronicle, which adds that the buses "were not marked with company logos, and the perpetrators are suspected of broadly targeting technology shuttle buses rather than a specific company."
Electronic Frontier Foundation

EFF: Thousands of People Have Secure Messaging Clients Infected By Spyware (eff.org) 35

An anonymous reader quotes the EFF: The Electronic Frontier Foundation (EFF) and mobile security company Lookout have uncovered a new malware espionage campaign infecting thousands of people in more than 20 countries. Hundreds of gigabytes of data has been stolen, primarily through mobile devices compromised by fake secure messaging clients. The trojanized apps, including Signal and WhatsApp, function like the legitimate apps and send and receive messages normally. However, the fake apps also allow the attackers to take photos, retrieve location information, capture audio, and more.

The threat, called Dark Caracal by EFF and Lookout researchers, may be a nation-state actor and appears to employ shared infrastructure which has been linked to other nation-state actors. In a new report, EFF and Lookout trace Dark Caracal to a building belonging to the Lebanese General Security Directorate in Beirut. "People in the U.S., Canada, Germany, Lebanon, and France have been hit by Dark Caracal. Targets include military personnel, activists, journalists, and lawyers, and the types of stolen data range from call records and audio recordings to documents and photos," said EFF Director of Cybersecurity Eva Galperin. "This is a very large, global campaign, focused on mobile devices. Mobile is the future of spying, because phones are full of so much data about a person's day-to-day life."

Dark Caracal apparently gets installed through carefully-targeted spearphishing attacks, accoridng to the EFF. "Several types of phishing emails directed people -- including military personnel, activists, journalists, and lawyers -- to go to a fake app store-like page, where fake Android apps waited. There is even evidence that, in some cases, Dark Caracal used physical access to people's phones to install the fake apps."
Government

'New California' Movement Wants To Create a 51st State (wqad.com) 472

PolygamousRanchKid, Ayano, and an anonymous reader all shared the same story. Tribune Media reports: A group has launched a campaign to divide California into two states. It isn't the first attempt to split California, but unlike a failed campaign in 2016 to divide California into six states, the campaign to create New California would split the state into one made up of rural counties and another made up of coastal counties.
USA Today provides some context: Breaking up California remains no easy task: A formal secession means getting approval from both Congress and California's legislature itself. But that hasn't stopped folks from trying. Hundreds of times... Monday's declaration of "the State of New California" marked the latest in more than 200 long-shot efforts to split the Golden State. All so far have failed.
Government

What a Government Shutdown Will Mean For NASA and SpaceX (theverge.com) 180

Ars Technica reports of how the government shutdown affects federal agencies like NASA, as well as commercial companies like SpaceX: So far, NASA has been keeping quiet about this particular shutdown and has been directing all questions to the White House Office of Management and Budget, which did not respond to a request for comment. But NASA's acting administrator, Robert Lightfoot, told employees in an email obtained by The Verge to be on alert for directions over the next couple of days. "If there is a lapse in funding for the federal government Friday night, report to work the same way you normally would until further notice, and you will receive guidance on how best to closeout your activities on Monday," he wrote in the email. The most recent guidance from NASA, released in 2017, indicates that all nonessential employees should stay home during a shutdown, while a small contingent of staff continue to work on "excepted" projects. The heads of each NASA center decide which employees need to stay, but they're typically the people who operate important or hazardous programs, including employees working on upcoming launches or those who operate satellites and the International Space Station.

NASA's next big mission is the launch of its exoplanet-hunting satellite, TESS, which is going up on a SpaceX Falcon 9 rocket from Florida in March. So it shouldn't be affected by a shutdown (unless it takes a while to find a resolution). However, it's possible that preparations on another big spacecraft, the James Webb Space Telescope, may come to a halt, according to Nature. The space telescope is currently at NASA's Johnson Space Center for testing, but NASA's guidelines say that only spacecraft preparations that are "necessary to prevent harm to life or property" should continue during a shutdown. More immediately, an Atlas V rocket from the United Launch Alliance is launching a missile-detecting satellite tonight out of the Cape Canaveral Air Force Station in Florida, while SpaceX is slated to launch a communications satellite on January 30th. The timing of both launches may mean they avoid the shutdown. But if they did occur during the shutdown, it's unclear if they would suffer delays.

Businesses

How To Tame the Tech Titans (economist.com) 161

dryriver shares an opinion piece from The Economist: Not long ago, being the boss of a big Western tech firm was a dream job. As the billions rolled in, so did the plaudits: Google, Facebook, Amazon and others were making the world a better place. Today these companies are accused of being BAADD -- big, anti-competitive, addictive and destructive to democracy. Regulators fine them, politicians grill them and one-time backers warn of their power to cause harm. Much of this techlash is misguided. The presumption that big businesses must necessarily be wicked is plain wrong. Apple is to be admired as the world's most valuable listed company for the simple reason that it makes things people want to buy, even while facing fierce competition. Many online services would be worse if their providers were smaller. Evidence for the link between smartphones and unhappiness is weak. Fake news is not only an online phenomenon.

But big tech platforms, particularly Facebook, Google and Amazon, do indeed raise a worry about fair competition. That is partly because they often benefit from legal exemptions. Unlike publishers, Facebook and Google are rarely held responsible for what users do on them; and for years most American buyers on Amazon did not pay sales tax. Nor do the titans simply compete in a market. Increasingly, they are the market itself, providing the infrastructure (or "platforms") for much of the digital economy. Many of their services appear to be free, but users "pay" for them by giving away their data. Powerful though they already are, their huge stockmarket valuations suggest that investors are counting on them to double or even triple in size in the next decade. There is thus a justified fear that the tech titans will use their power to protect and extend their dominance, to the detriment of consumers (see article). The tricky task for policymakers is to restrain them without unduly stifling innovation.

The Internet

Ajit Pai's FCC Can't Admit Broadband Competition Is a Problem (dslreports.com) 105

An anonymous reader quotes a report from DSLReports: While the FCC is fortunately backing away from a plan that would have weakened the standard definition of broadband, the agency under Ajit Pai still can't seem to acknowledge the lack of competition in the broadband sector. Or the impact this limited competition has in encouraging higher prices, net neutrality violations, privacy violations, or what's widely agreed to be some of the worst customer service of any industry in America. The Trump FCC had been widely criticized for a plan to weaken the standard definition of broadband from 25 Mbps down, 3 Mbps up, to include any wireless connection capable of 10 Mbps down, 1 Mbps up. Consumer advocates argued the move was a ham-fisted attempt to try and tilt the data to downplay the industry's obvious competitive and coverage shortcomings. They also argued that the plan made no coherent sense, given that wireless broadband is frequently capped, often not available (with carrier maps the FCC relies on falsely over-stating coverage), and significantly more expensive than traditional fixed-line service.

In a statement (pdf), FCC boss Ajit Pai stated the agency would fortunately be backing away from the measure, while acknowledging that frequently capped and expensive wireless isn't a comparable replacement for fixed-line broadband. "The draft report maintains the same benchmark speed for fixed broadband service previously adopted by the Commission: 25 Mbps download/3 Mbps upload," stated Pai. "The draft report also concludes that mobile broadband service is not a full substitute for fixed service. Instead, it notes there are differences between the two technologies, including clear variations in consumer preferences and demands." That's the good news. The bad news: the FCC under Pai's leadership continues to downplay and ignore the lack of competition in the sector, and the high prices and various bad behaviors most people are painfully familiar with.

Privacy

Trump Signs Surveillance Extension Into Law (thehill.com) 93

President Trump took to Twitter this afternoon to announce that he has signed a six-year renewal of a powerful government surveillance tool. "Just signed 702 Bill to authorize foreign intelligence collection," Trump tweeted. "This is NOT the same FISA law that was so wrongly abused during the election. I will always do the right thing for our country and put the safety of the American people first!" The Hill reports: Section 702 of the Foreign Intelligence Surveillance Act (FISA), which the Senate voted to renew with a few small tweaks this week, allows the U.S. to spy on foreigners overseas. The intelligence community says the program is a critical tool in identifying and disrupting terror plots. But the broader surveillance law, which governs U.S. spying on foreigners, has become politically entangled with the controversy over the federal investigation into Trump's campaign and Russia. Some Republicans have claimed that the FBI inappropriately obtained a politically motivated FISA warrant to spy on Trump during the transition and on Friday, Capitol Hill was consumed with speculation about a four-page memo produced by House Intelligence Committee Republicans that some GOP lawmakers hinted contained evidence of such wrongdoing.
Businesses

Linking Is Not Copyright Infringement, Boing Boing and EFF Tell Court (torrentfreak.com) 88

An anonymous reader shares a report: The popular blog Boing Boing has asked a federal court in California to drop the copyright infringement lawsuit filed against it by Playboy. With help from the EFF, Boing Boing argues that its article linking to an archive of hundreds of centerfold playmates is clearly fair use. Or else it will be "the end of the web as we know it," the blog warns. Late last year Playboy sued the popular blog Boing Boing for publishing an article that linked to an archive of every playmate centerfold till then. "Kind of amazing to see how our standards of hotness, and the art of commercial erotic photography, have changed over time," Boing Boing's Xena Jardin commented. Playboy, instead, was amazed that infringing copies of their work were being shared in public. While Boing Boing didn't upload or store the images in question, the publisher took the case to court.
Businesses

China's Smartphone Maker OnePlus Says Up To 40,000 Customers Were Affected by Credit Card Security Breach (theverge.com) 8

sqorbit writes: OnePlus, a manufacturer of an inexpensive smartphone meant to compete with the iPhone, states that data from 40,000 customers credit card information was stolen while purchasing phones from its website. Even as the company has just confirmed the breach, it says the the script stealing information had been running since November. It is not clear whether this was a remote attack or the attack happened from within the company. Credit purchases on the OnePlus site have been suspended and will remain that way while an investigation takes place. [...] Earlier this week, OnePlus had temporarily shut down credit card payments on its website following reports that customers' payment details were stolen after they bought goods through its online store. The company says it's disabling credit card payments "as a precaution," but will still be accepting purchases through PayPal. The investigation began after a poll posted by users on OnePlus' forums found that many customers had experienced the same problem.
Businesses

Instant Messaging Company Snap Threatens Jail Time for Leakers (cheddar.com) 92

An anonymous reader shares a report: Snap has a simple message to its employees: leak information and you could be sued or even jailed. The chief lawyer and general counsel of Snapchat's parent company, Michael O'Sullivan, sent a threatening memo to all employees last week just before The Daily Beast published an explosive story with confidential user metrics about how certain Snapchat features are used. "We have a zero-tolerance policy for those who leak Snap Inc. confidential information," O'Sullivan said in the memo, a copy of which was obtained by Cheddar. "This applies to outright leaks and any informal 'off the record' conversations with reporters, as well as any confidential information you let slip to people who are not authorized to know that information."
Communications

Why People Dislike Really Smart Leaders (scientificamerican.com) 651

An anonymous reader quotes a report from Scientific American: Intelligence makes for better leaders -- from undergraduates to executives to presidents -- according to multiple studies. It certainly makes sense that handling a market shift or legislative logjam requires cognitive oomph. But new research on leadership suggests that, at a certain point, having a higher IQ stops helping and starts hurting. The researchers looked at 379 male and female business leaders in 30 countries, across fields that included banking, retail and technology. The managers took IQ tests (an imperfect but robust predictor of performance in many areas), and each was rated on leadership style and effectiveness by an average of eight co-workers. IQ positively correlated with ratings of leader effectiveness, strategy formation, vision and several other characteristics -- up to a point. The ratings peaked at an IQ of around 120, which is higher than roughly 80 percent of office workers. Beyond that, the ratings declined. The researchers suggest the "ideal" IQ could be higher or lower in various fields, depending on whether technical versus social skills are more valued in a given work culture. The study's lead author, John Antonakis, a psychologist at the University of Lausanne in Switzerland, suggests leaders should use their intelligence to generate creative metaphors that will persuade and inspire others -- the way former U.S. President Barack Obama did. "I think the only way a smart person can signal their intelligence appropriately and still connect with the people," Antonakis says, "is to speak in charismatic ways."
Bitcoin

Bitcoin's Fluctuations Are Too Much For Even Ransomware Cybercriminals (theguardian.com) 81

Bitcoin's price swings are so huge that even ransomware developers are dialling back their reliance on the currency, according to researchers at cybersecurity firm Proofpoint. From a report: Over the last quarter of 2017, researchers saw a fall of 73% in payment demands denominated in bitcoin. When demanding money to unlock a victim's data, cybercriminals are now more likely to simply ask for a figure in US dollars, or a local currency, than specify a sum of bitcoin. Just like conventional salespeople, ransomware developers pay careful attention to the prices they charge. Some criminals offer discounts depending on the region the victim is in, offering cheaper unlocking to residents of developing nations, while others use an escalating price to encourage users to pay quickly and without overthinking things. But a rapidly oscillating bitcoin price plays havoc with those goals, Proofpoint says.
Google

Less Than 1 in 10 Gmail Users Enable Two-Factor Authentication (theregister.co.uk) 254

It has been nearly seven years since Google introduced two-factor authentication for Gmail accounts, but virtually no one is using it. From a report: In a presentation at Usenix's Enigma 2018 security conference in California, Google software engineer Grzegorz Milka this week revealed that, right now, less than 10 per cent of active Google accounts use two-step authentication to lock down their services. He also said only about 12 per cent of Americans have a password manager to protect their accounts, according to a 2016 Pew study.
Security

Senate Passes Bill Renewing NSA's Internet Surveillance Program (reuters.com) 96

From a report: The U.S. Senate on Thursday passed a bill to renew the National Security Agency's warrantless internet surveillance program for six years and with minimal changes, overcoming objections from civil liberties advocates that it did too little to safeguard the privacy of Americans. From a report on CNET: The programs, known as Prism and Upstream, allow the NSA to collect online communications of foreigners outside the US. Prism collects these communications from internet services, and Upstream taps into the internet's infrastructure to capture information in transit. Some communications from Americans and others in the US are collected in the process. The vote Thursday renews the programs for six years. The House approved a bill renewing the programs last week. Former NSA contractor Edward Snowden first revealed the programs by leaking information about them to journalists in 2013. After the news coverage, the administration of President Barack Obama declassified much information about the programs.
Crime

Software 'No More Accurate Than Untrained Humans' At Predicting Recidivism (theguardian.com) 162

An anonymous reader quotes a report from The Guardian: The credibility of a computer program used for bail and sentencing decisions has been called into question after it was found to be no more accurate at predicting the risk of reoffending than people with no criminal justice experience provided with only the defendant's age, sex and criminal history. The algorithm, called Compas (Correctional Offender Management Profiling for Alternative Sanctions), is used throughout the U.S. to weigh up whether defendants awaiting trial or sentencing are at too much risk of reoffending to be released on bail. Since being developed in 1998, the tool is reported to have been used to assess more than one million defendants. But a new paper has cast doubt on whether the software's predictions are sufficiently accurate to justify its use in potentially life-changing decisions.

The academics used a database of more than 7,000 pretrial defendants from Broward County, Florida, which included individual demographic information, age, sex, criminal history and arrest record in the two year period following the Compas scoring. The online workers were given short descriptions that included a defendant's sex, age, and previous criminal history and asked whether they thought they would reoffend. Using far less information than Compas (seven variables versus 137), when the results were pooled the humans were accurate in 67% of cases, compared to the 65% accuracy of Compas. In a second analysis, the paper found that Compas's accuracy at predicting recidivism could also be matched using a simple calculation involving only an offender's age and the number of prior convictions.

Privacy

Amazon Won't Say If It Hands Your Echo Data To the Government (zdnet.com) 105

Zack Whittaker reports via ZDNet of how Amazon still won't say whether or not it hands your Echo data to the government -- three years after the Echo was first released. From the report: Amazon has a transparency problem. Three years ago, the retail giant became the last major tech company to reveal how many subpoenas, search warrants, and court orders it received for customer data in a half-year period. While every other tech giant had regularly published its government request figures for years, spurred on by accusations of participation in government surveillance, Amazon had been largely forgotten. Eventually, people noticed and Amazon acquiesced. Since then, Amazon's business has expanded. By its quarterly revenue, it's no longer a retail company -- it's a cloud giant and a device maker. The company's flagship Echo, an "always listening" speaker, collects vast amounts of customer data that's openly up for grabs by the government. But Amazon's bi-annual transparency figures don't want you to know that. In fact, Amazon has been downright deceptive in how it presents the data, obfuscating the figures in its short, but contextless, twice-yearly reports. Not only does Amazon offer the barest minimum of information possible, the company has -- and continues -- to deliberately mislead its customers by actively refusing to clarify how many customers, and which customers, are affected by the data demands it receives.

Slashdot Top Deals