Your rights online

Syndicate content Slashdot: Your Rights Online
News for nerds, stuff that matters
Updated: 4 days 23 hours ago

We Need To Prepare for the Future of War, NSA Official Says

Tue, 09/10/2019 - 12:10
Glenn S. Gerstell, the general counsel of the National Security Agency, writing at The New York Times: The threats of cyberattack and hypersonic missiles are two examples of easily foreseeable challenges to our national security posed by rapidly developing technology. It is by no means certain that we will be able to cope with those two threats, let alone the even more complicated and unknown challenges presented by the general onrush of technology -- the digital revolution or so-called Fourth Industrial Revolution -- that will be our future for the next few decades. The digital revolution has urgent and profound implications for our federal national security agencies. It is almost impossible to overstate the challenges. If anything, we run the risk of thinking too conventionally about the future. The short period of time our nation has to prepare for the effects of this revolution is already upon us, and it could not come at a more perilous and complicated time for the National Security Agency, Central Intelligence Agency, National Geospatial-Intelligence Agency, Defense Intelligence Agency, Federal Bureau of Investigation and the other components of the intelligence community. Gearing up to deal with those new adversaries, which do not necessarily present merely conventional military threats, is itself a daunting challenge and one that must be undertaken immediately and for at least the next decade or two. But that is precisely when we must put in place a new foundation for dealing with the even more profound and enduring implications of the digital revolution. That revolution will sweep through all aspects of our society so powerfully that our only chance of effectively grappling with its consequences will lie in taking bold steps in the relatively near term. In short, our attention must turn to a far more complex set of threats of multiple dimensions enabled by the digital revolution. While the potential consequences are less catastrophic than nuclear war, they are nonetheless deeply threatening in a range of ways we will have trouble countering.

Read more of this story at Slashdot.

Categories: Privacy

Mozilla Launches VPN as Part of Resurrected Firefox Test Pilot Program

Tue, 09/10/2019 - 11:30
Mozilla is resurrecting its recently expunged Test Pilot program with a renewed focus on privacy-focused tools and products. The Firefox developer today lifted the lid on the first product to emerge from the new Test Pilot, and it appears to be something akin to a virtual private network (VPN) in all but name. From a report: Firefox Private Network, as the new tool is called, is available in beta today for logged-in Firefox desktop users in the U.S. only, and is accessible through a browser extension. By way of a quick recap, Mozilla debuted Firefox Test Pilot a decade ago but then relaunched it back in 2016. Test Pilot went on to attain an average of 100,000 daily users, each looking to test Mozilla's latest developments -- including a price-tracking feature for online shoppers, content recommendations based on browsing activity, and more. Some of these became full-fledged features within Firefox and others did not, but back in January Mozilla announced it was killing its Test Pilot program altogether. This came as something of a surprise given Mozilla's own statements about the success of the program. At the time, Mozilla said it was "evolving" its approach to experimentation and suggested it was looking to ideate more widely across the company. Fast-forward nine months, and Firefox Test Pilot is back for a third time.

Read more of this story at Slashdot.

Categories: Privacy

US Charges Chinese Professor With Fraud For Allegedly Taking Tech From a California Company To Benefit Huawei

Tue, 09/10/2019 - 06:00
U.S. prosecutors have charged a Chinese professor with fraud for allegedly taking technology from a California company to benefit Huawei, in another shot at the embattled Chinese telecommunications equipment maker. From the report: Bo Mao was arrested in Texas on Aug. 14 and released six days later on $100,000 bond after he consented to proceed with the case in New York, according to court documents. Bo Mao was arrested in Texas on Aug. 14 and released six days later on $100,000 bond after he consented to proceed with the case in New York, according to court documents. According to the criminal complaint, Mao entered into an agreement with the unnamed California tech company to obtain its circuit board, claiming it was for academic research. The complaint, however, accuses an unidentified Chinese telecommunications conglomerate, which sources say is Huawei, of trying to steal the technology, and alleges Mao played a role in its alleged scheme. A court document also indicates the case is related to Huawei. Although Huawei has not been charged, the company said it views the case against Mao as the U.S. government's latest instance of "selective prosecution."

Read more of this story at Slashdot.

Categories: Privacy

NYC Mayor and Presidential Hopeful Bill De Blasio Wants a Tax On Robots

Mon, 09/09/2019 - 19:30
In an opinion article published last week on Wired, New York City Mayor and 2020 Democratic presidential candidate Bill de Blasio said as president he would issue a robot tax for corporations displacing humans and would create a federal agency to oversee automation. CNET reports: "The scale of automation in our economy is increasing far faster than most people realize, and its impact on working people in America and across the world, unless corralled, will be devastating," de Blasio wrote. De Blasio would call the new regulator the Federal Automation and Worker Protection Agency, which would safeguard jobs and communities. In addition, his proposed "robot tax" would be imposed on large companies that eliminate jobs as they become more automated. The tax would be equal to five years of payroll taxes for each employee eliminated, according to De Blasio.

Read more of this story at Slashdot.

Categories: Privacy

Web Scraping Doesn't Violate Anti-Hacking Law, Appeal Court Rules

Mon, 09/09/2019 - 18:10
An anonymous reader quotes a report from Ars Technica: Scraping a public website without the approval of the website's owner isn't a violation of the Computer Fraud and Abuse Act, an appeals court ruled on Monday. The ruling comes in a legal battle that pits Microsoft-owned LinkedIn against a small data-analytics company called hiQ Labs. HiQ scrapes data from the public profiles of LinkedIn users, then uses the data to help companies better understand their own workforces. After tolerating hiQ's scraping activities for several years, LinkedIn sent the company a cease-and-desist letter in 2017 demanding that hiQ stop harvesting data from LinkedIn profiles. Among other things, LinkedIn argued that hiQ was violating the Computer Fraud and Abuse Act, America's main anti-hacking law. This posed an existential threat to hiQ because the LinkedIn website is hiQ's main source of data about clients' employees. So hiQ sued LinkedIn, seeking not only a declaration that its scraping activities were not hacking but also an order banning LinkedIn from interfering. A trial court sided with hiQ in 2017. On Monday, the 9th Circuit Appeals Court agreed with the lower court, holding that the Computer Fraud and Abuse Act simply doesn't apply to information that's available to the general public. [...] By contrast, hiQ is only scraping information from public LinkedIn profiles. By definition, any member of the public has authorization to access this information. LinkedIn argued that it could selectively revoke that authorization using a cease-and-desist letter. But the 9th Circuit found this unpersuasive. Ignoring a cease-and-desist letter isn't analogous to hacking into a private computer system. "The CFAA was enacted to prevent intentional intrusion onto someone else's computer -- specifically computer hacking," a three-judge panel wrote. The court notes that members debating the law repeatedly drew analogies to physical crimes like breaking and entering. In the 9th Circuit's view, this implies that the CFAA only applies to information or computer systems that were private to start with -- something website owners typically signal with a password requirement. The court notes that when the CFAA was first enacted in the 1980s, it only applied to certain categories of computers that had military, financial, or other sensitive data. "None of the computers to which the CFAA initially applied were accessible to the general public," the court writes. "Affirmative authorization of some kind was presumptively required."

Read more of this story at Slashdot.

Categories: Privacy

Purism Finally Starts Shipping Its Privacy-Focused 'Librem 5' Smartphone

Sun, 09/08/2019 - 18:34
"It's here! Purism announces shipment of the Librem 5," writes long-time Slashdot reader Ocean Consulting: Librem 5 is a landmark mobile device with a dedicated platform, runs PureOS Linux, and is the first mobile phone to seek hardware certification from the Free Software Foundation. Initially a crowd sourced funding campaign, the phone embraces principles of free software and user privacy. IP native communication is supported via Matrix. Privacy features include hardware kill switches for camera, microphone, cellular, wifi, Bluetooth and GPS. "The Librem 5 phone is built from the ground up to respect the privacy, security, and freedoms of society," reads the site's official announcement. "It is a revolutionary approach to solving the issues that people face today around data exploitation -- putting people in control of their own digital lives." They're adopting an "iterative" shipping schedule -- publishing a detailed schedule defining specific batches and their features with corresponding shipping dates. "Each iteration improves upon the prior in a rapid rolling release throughout the entire first version of the phone... As slots in a particular early batch free up, we will open it up for others in a later batch to join in, according to the date of the order."

Read more of this story at Slashdot.

Categories: Privacy

One of America's Biggest Markets for AI-Powered Security Cameras: Schools

Sun, 09/08/2019 - 13:34
New video analytics systems can "identify people, suspicious behavior and guns" in real-time, and the technology is being used by Fortune 500 companies, stadiums, retailers, and police departments, reports the Los Angeles Times. But schools are "among the most enthusiastic adopters," they note, citing an interview with Paul Hildreth, the "emergency operations coordinator" at an Atlanta school district A year after an expelled student killed 17 people at Marjory Stoneman Douglas High School in Parkland, Florida, Broward County installed cameras from Avigilon of Canada throughout the district in February. Hildreth's Atlanta district will spend $16.5 million to put the cameras in its roughly 100 buildings in coming years. In Greeley, Colo., the school district has used Avigilon cameras for about five years, and the technology has advanced rapidly, said John Tait, security manager for Weld County School District 6... Schools are the largest market for video surveillance systems in the U.S., estimated at $450 million in 2018, according to IHS Markit, a London data and information services company. The overall market for real-time video analytics was estimated at $3.2 billion worldwide in 2018 -- and it's expected to grow to $9 billion by 2023, according to one estimate... Shannon Flounnory, executive director for safety and security for Fulton County Schools, said no privacy concerns have been heard there. "The events of Parkland kind of changed the game," he said. "We have not had any arguments or any pushback right now...." One company, Athena Security, has cameras that spot when someone has a weapon. And in a bid to help retailers, it recently expanded its capabilities to help identify big spenders when they visit a store... Both ZeroEyes and Athena Security in Austin, Texas, say their systems can detect weapons with more than 90% accuracy, but acknowledge their products haven't been tested in a real-life scenario. And both systems are unable to detect weapons if they're covered -- a limitation the companies say they are working to overcome.

Read more of this story at Slashdot.

Categories: Privacy

YouTube's Fine Criticized As Proof US Government Is 'Not Serious' About Big Tech Crackdown

Sun, 09/08/2019 - 12:34
YouTube's $170 million fine for illegally collecting data on children "shows the US government is not serious about a Big Tech crackdown," argues an article at CNBC: The FTC's new settlement with YouTube over alleged violations of child privacy rules is just a fraction of the revenue its parent company generates in a single day. Shares of Google parent company Alphabet were up following news of the settlement, just like shares of Facebook after its record FTC fine. The action shows the U.S. government is not prepared for a Big Tech crackdown that will fundamentally alter the business. Momentum is building in Washington to crack down on Big Tech's most free-wheeling practices: the Department of Justice is conducting a broad review of tech companies in addition to a reported antitrust investigation of Google, and Facebook disclosed a new antitrust probe by the Federal Trade Commission in July. But the meager penalties imposed on these companies in recent years, when compared with their size, shows the U.S. government is not yet prepared to take actions that will fundamentally alter the industry... Wednesday's announcement marks the third agreement the FTC has reached with Google since 2011, when it charged the company with using "deceptive" privacy practices at the launch of its now-defunct social network. In 2012, the agency hit Google with a $22.5 million penalty, its highest ever for a violation of a commission order at the time, over charges that it misrepresented its ad-targeting practices to consumers. But in 2019, Google appears none the worse for wear. Google's stock price has grown more than 260% since the time of its historic 2012 FTC penalty and the company's now worth more than $800 billion. Revenue and profits have both more than doubled. The article also notes that "Despite the penalties and noise from politicians about cracking down, Facebook's stock is up more than 40% so far this year," arguing that "the agencies that have so far had the power to force Big Tech to make real changes have opted for more incremental adjustments." Long-time Slashdot reader AndrewFlagg has another suggestion: Stop the madness of fines. Just sentence the leadership to jail and prison time... Don't fine the companies. That just hurts the stockholders who really don't know whats going on in the board room...

Read more of this story at Slashdot.

Categories: Privacy

Firefox Will Soon Encrypt DNS Requests By Default

Sun, 09/08/2019 - 09:34
This month Firefox will make DNS over encrypted HTTPS the default for the U.S., with a gradual roll-out starting in late September, reports Engadget: Your online habits should be that much more private and secure, with fewer chances for DNS hijacking and activity monitoring. Not every request will use HTTPS. Mozilla is relying on a "fallback" method that will revert to your operating system's default DNS if there's either a specific need for them (such as some parental controls and enterprise configurations) or an outright lookup failure. This should respect the choices of users and IT managers who need the feature turned off, Mozilla said. The team is watching out for potential abuses, though, and will "revisit" its approach if attackers use a canary domain to disable the technology. Users will be given the option to opt-out, explains Mozilla's official announcement. "After many experiments, we've demonstrated that we have a reliable service whose performance is good, that we can detect and mitigate key deployment problems, and that most of our users will benefit from the greater protections of encrypted DNS traffic." "We feel confident that enabling DNS-over-HTTPS by default is the right next step."

Read more of this story at Slashdot.

Categories: Privacy

'It Shouldn't Be This Hard To Responsibly Fly a Drone'

Sun, 09/08/2019 - 06:34
The B4UFLY app from America's Federal Aviation Administration tells you where you can and can't fly your drone. But a senior writer for IEEE Spectrum reports that in fact the app "ignores both local and national regulations," and concludes after some field-testing in Oregon that it's "in many situations, worse than useless." Buried in a PDF FAQ (now offline) about the app is this: "Additionally, there may be local laws or ordinances about flying unmanned aircraft affecting your intended flight that are not reflected in this app. It is the responsibility of the operator to know the rules and fly safely at all times." And oh boy is that a huge responsibility that the app itself doesn't even mention, and that enormous loophole means that the B4UFLY app's "good to go" indicator is not just meaningless but in fact giving you the wrong idea entirely.... You could argue that this is worse than no app at all, because the app is actively giving you bad information. You are not, in fact, good to go, and if you're already going, you should stop immediately... When the FAA itself presents the B4UFLY app as a tool that can be used so that "recreational flyers know whether it is safe to fly their drone," that's exactly what it should do. Instead, the app provides only one very limited kind of information about recreational drone safety, without telling the user that it's on them to somehow dig up all the rest of the information that may or may not affect their flight... At the absolute minimum, the B4UFLY app should not tell users that they're "good to go" unless they are flying from an area where drone use is explicitly permitted, like national forests. Anywhere else, users should be instructed to verify that their local laws allow drone use. Is that going to be a huge annoyance that drives users away from the app? Of course. But it's the truth, and if the FAA doesn't like that, they should work with local governments to put the necessary information into the app instead. This article inspired a suggestion from long-time Slashdot reader gurps_npc. "What should be done is that every park that is not too close to an airport or other forbidden zone should set aside a location and a time where they allow and encourage people to use drones."

Read more of this story at Slashdot.

Categories: Privacy

'Google's Chrome Has My Dead Grandpa's Data and He Never Used the Internet'

Sun, 09/08/2019 - 00:34
schwit1 shares a Forbes article by Joe Toscano, a former experience design consultant for Google who in 2017 "decided to step away from my role consulting with Google, due to ethical concerns." This summer he got a big surprise when he looked in Chrome's "addresses" panel at chrome://settings/addresses It turns out Google has info connecting me to my grandma (on my dad's side) who's alive and well but has never had the internet, and my grandpa (on my mom's side), who recently passed away in March 2019 and also never had the internet. This was disturbing for several reasons, the biggest of which being that neither of them had ever logged onto the internet in their lives. Neither even had the internet in their homes their entire lives! Beyond that, Google knew their exact addresses and their middle initials. I couldn't even have told you those things about my grandparents... [T]he data wasn't manually entered by me or anyone using my account, but yet the data is associated with my account? How did that happen? The only thing I can think of is that at one point in history my grandpa gave his information to someone or some company in real life and his information was sold to Google at one point or another... But then that led me to another question: How did his data get associated with my Google account...? Other questions I have: What other information does Google have about me/my family/others that I don't know about...? He's now asking readers if they have any idea how Google connected him to his dead grandpa -- and whether Google is somehow creating an ancestry database. Toscano also discovered Chrome has been creating a list of "Never Saved" passwords at chrome://settings/passwords?search=credentials even though "At no point did I tell Google to create and store a list of websites I had logged into that they didn't get access to but would like access to at some point in the future. Maybe in the Terms of Service/Privacy Policy I agreed to this, but who knows? Not the majority of us, and it's just creepy." And in an update Toscano writes that he hopes the article will "provoke thought" about "why we willingly allow this to happen": Why is it okay that the internet is designed to be a surveillance machine? Why isn't it designed to be private by design? Is this how we want to carry on? Just because something is legal doesn't mean it's right. What would you like to see done? How would you like to see things changed?

Read more of this story at Slashdot.

Categories: Privacy

MIT Media Lab Chief Joi Ito Resigns Following Ronan Farrow's New Yorker Expose

Sat, 09/07/2019 - 21:34
Long-time Slashdot reader theodp writes: It was beginning to look like Joi Ito, the director of the MIT Media Lab, might weather a scandal over accepting donations from the financier and convicted sex offender Jeffrey Epstein. But less than a day after a scathing new expose in the New Yorker by Ronan Farrow alleged the Media Lab had a deeper fund-raising relationship with Epstein than previously acknowledged and attempted to conceal the extent of its contacts with him, Ito resigned from his position. "After giving the matter a great deal of thought over the past several days and weeks, I think that it is best that I resign as director of the media lab and as a professor and employee of the Institute, effective immediately," Ito wrote in an internal e-mail. In a message to the MIT community, MIT President L. Rafael Reif wrote, "Because the accusations in the story are extremely serious, they demand an immediate, thorough and independent investigation," and announced that MIT's general counsel would engage an outside law firm to oversee that investigation. Ronan's damning New Yorker story began: "Dozens of pages of e-mails and other documents obtained by The New Yorker reveal that, although Epstein was listed as 'disqualified' in MIT's official donor database, the Media Lab continued to accept gifts from him, consulted him about the use of the funds, and, by marking his contributions as anonymous, avoided disclosing their full extent, both publicly and within the university. Perhaps most notably, Epstein appeared to serve as an intermediary between the lab and other wealthy donors, soliciting millions of dollars in donations from individuals and organizations, including the technologist and philanthropist Bill Gates and the investor Leon Black." "The effort to conceal the lab's contact with Epstein was so widely known," reports the New Yorker, that some of Ito's staff "referred to Epstein as Voldemort or 'he who must not be named.'"

Read more of this story at Slashdot.

Categories: Privacy

Hong Kong Protesters Using Mesh Messaging App China Can't Block: Usage Up 3685%

Sat, 09/07/2019 - 16:34
An anonymous reader quotes Forbes: How do you communicate when the government censors the internet? With a peer-to-peer mesh broadcasting network that doesn't use the internet. That's exactly what Hong Kong pro-democracy protesters are doing now, thanks to San Francisco startup Bridgefy's Bluetooth-based messaging app. The protesters can communicate with each other — and the public — using no persistent managed network... While you can chat privately with contacts, you can also broadcast to anyone within range, even if they are not a contact. That's clearly an ideal scenario for protesters who are trying to reach people but cannot use traditional SMS texting, email, or the undisputed uber-app of China: WeChat. All of them are monitored by the state. Wednesday another article in Forbes confirmed with Bridgefy that their app uses end-to-end RSA encryption -- though an associate professor at the Johns Hopkins Information Security Institute warns in the same article about the possibility of the Chinese government demanding that telecom providers hand over a list of all users running the app and where they're located. Forbes also notes that "police could sign up to Bridgefy and, at the very least, cause confusion by flooding the network with fake broadcasts" -- or even use the app to spread privacy-compromising malware. "But if they're willing to accept the risk, Bridgefy could remain a useful tool for communicating and organizing in extreme situations."

Read more of this story at Slashdot.

Categories: Privacy

South Africa, UK Acknowledge Mass Surveillance By Tapping Undersea Internet Cables

Sat, 09/07/2019 - 15:34
The South African government has been conducting mass surveillance on all communications in the country, reports Reclaim the Net:, citing a report from Privacy International as well as recently-revealed affidavits and other documents from former State Security Agency (SSA) director-general Arthur Fraser: Interestingly, the mass surveillance has been happening since 2008... The surveillance was supposedly designed to cover information about organized crime and acts of terrorism. It even involves surveillance on food security, water security, and even illegal financial flows. The report also revealed that the South African government has done bulk interception of Internet traffic by way of tapping into fiber-optic cables under the sea. What is not clear though is whether the surveillance covers all Internet traffic or limited only to some of the fiber cables. The SSA said that the automated collection of data was specifically geared for foreign communications that pose threats to state security only. However, even the SSA admits to the fact that it will require human intervention to determine whether any communications that pass through the fiber cables are foreign or not. Hence, it would be difficult to distinguish between foreign and local communications. The iAfrikan site interviewed a digital rights researcher at South Africa's amaBhungane Centre for Investigative Journalism, whose legal filings helped bring this information to light. "We had details of the state's mass surveillance activities at least as early as 2006...." he tells the site, adding later that "The government has been quite upfront that it's collecting data from a vast number of people who are not suspected of any wrongdoing... Essentially, the State Security Agency is collecting as much haystack as it can, just in case it needs to look for a needle." Privacy International reports that the U.K. government has also recently acknowledged their "bulk interception of internet traffic by tapping undersea fibre optic cables." The site describes the work of the two countries as "some of the most pervasive surveillance programmes in human history."

Read more of this story at Slashdot.

Categories: Privacy

COBOL Turns 60. Why It Will Outlive Us All

Sat, 09/07/2019 - 14:34
ZDNet remembers when the only programming languages "were machine and assembler," until Burroughs Corporation programmer Mary Hawes proposed a vendor-neutral language with an English-like vocabulary. (Grace Hopper suggested they approach the Department of Defense, leading to a summit of 41 computer users and manufacturers at the Pentagon in 1959.) But ZDNet argues that 60 years later, COBOL isn't done yet. In 2016, the Government Accountability Office reported the Department of Homeland Security, Department of Veterans Affairs, and the Social Security Administration, to name just three, were still using COBOL. According to a COBOL consulting company, which goes by the delightful name, COBOL Cowboys, 200 billion lines of COBOL code are still in use today and 90% of Fortune 500 companies still having COBOL code keeping the lights on. And, if you've received cash out of an ATM recently, it's almost certain COBOL was running behind the scenes. ZDNet explains that's the largest number of businesses using COBOL are financial institutions, which, according to Micro Focus includes "banking, insurance and wealth management/equities trading. Second is government services (federal, provincial, local)." Micro Focus is the company that now maintains COBOL, and their global director of marketing and "application modernization" tells ZDNet that "the number of organizations running COBOL systems today is in the tens of thousands. It is impossible to estimate the tens of millions of end users who interface with COBOL-based applications on a daily basis, but the language's reliance is clearly seen with its use in 70 percent of global transaction processing systems. Any time you phone a call center, any time you transfer money, or check your account, or pay a mortgage, or renew or get an insurance quote, or when contacting a government department, or shipping a parcel, or ordering some flowers, or buying something online at a whole range of retailers, or booking a vacation, or a flight, or trading stocks, or even checking your favorite baseball team's seasonal statistics, you are interacting with COBOL. ZDNet notes that some people are even moving their COBOL applications into the cloud, concluding "At this rate, COBOL programs will outlive us all."

Read more of this story at Slashdot.

Categories: Privacy