Forgot your password?
typodupeerror

Catch up on stories from the past week (and beyond) at the Slashdot story archive

Democrats

Emails Cast Unflattering Light On Internal Politics of Healthcare.gov Rollout 178

Posted by timothy
from the wanna-be-absolutely-clear dept.
An anonymous reader writes with this report from The Verge linking to and excerpting from a newly released report created for a committee in the U.S. House of Representatives, including portions of eight "damning emails" that offer an unflattering look at the rollout of the Obamacare website. The Government Office of Accountability released a report earlier this week detailing the security flaws in the site, but a report from the House Committee on Oversight and Government Reform released yesterday is even more damning. Titled, "Behind the Curtain of the HealthCare.gov Rollout," the report fingers the Centers for Medicare and Medicaid Services, which oversaw the development of the site, and its parent Department of Health and Human Services. "Officials at CMS and HHS refused to admit to the public that the website was not on track to launch without significant functionality problems and substantial security risks," the report says. "There is also evidence that the Administration, to this day, is continuing its efforts to shield ongoing problems with the website from public view." Writes the submitter: "The evidence includes emails that show Obamacare officials more interested in keeping their problems from leaking to the press than working to fix them. This is both both a coverup and incompetence."
Privacy

Proposed Law Would Limit US Search Warrants For Data Stored Abroad 94

Posted by timothy
from the step-in-the-right-direction dept.
An anonymous reader writes On Thursday, a bipartisan law was introduced in the Senate that would limit US law enforcement's ability to obtain user data from US companies with servers physically located abroad. Law enforcement would still be able to gain access to those servers with a US warrant, but the warrant would be limited to data belonging to US citizens. This bill, called the LEADS Act (PDF), addresses concerns by the likes of Microsoft and other tech giants that worry about the impact law enforcement over-reach will have on their global businesses. Critics remain skeptical: "we are concerned about how the provision authorizing long-arm warrants for the accounts of US persons would be administered, and whether we could reasonably expect reciprocity from other nations on such an approach."
Social Networks

Netropolitan Is a Facebook For the Affluent, and It's Only $9000 To Join 173

Posted by samzenpus
from the paying-the-price dept.
MojoKid writes Facebook has become too crowded and too mundane. With around 1.3 billion Facebook users, it's understandable to be overwhelmed by everything and want to get away from it all. However, unlike Facebook which is looking to connect everyone to the internet, there is a new site called Netropolitan that focuses more on exclusivity and privacy. The site was founded by composer and former conductor of the Minnesota Philharmonic Orchestra James Touchi-Peters who wanted to provide a social media site for affluent and accomplished individuals. People wishing to join need only pay a mere $9,000 to join. Of that amount, $6,000 is the initiation fee and the remaining $3,000 is for the annual membership fee which users will continue to pay. So what does the initiation and annual fee get you? For starters, Netropolitan will offer an ad-free experience and will not promote any kind of paid promotions to its members. However, it will allow the creation of groups by businesses in which members can advertise to each other under certain guidelines.
Privacy

Apple's "Warrant Canary" Has Died 228

Posted by samzenpus
from the get-out-of-the-mine dept.
HughPickens.com writes When Apple published its first Transparency Report on government activity in late 2013, the document contained an important footnote that stated: "Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us." Now Jeff John Roberts writes at Gigaom that Apple's warrant canary has disappeared. A review of the company's last two Transparency Reports, covering the second half of 2013 and the first six months of 2014, shows that the "canary" language is no longer there suggesting that Apple is now part of FISA or PRISM proceedings.

Warrant canaries are a tool used by companies and publishers to signify to their users that, so far, they have not been subject to a given type of law enforcement request such as a secret subpoena. If the canary disappears, then it is likely the situation has changed — and the company has been subject to such request. This may also give some insight into Apple's recent decision to rework its latest encryption in a way that makes it almost impossible for the company to turn over data from most iPhones or iPads to police.
Encryption

Next Android To Enable Local Encryption By Default Too, Says Google 125

Posted by timothy
from the keep-it-to-yourself-bub dept.
An anonymous reader writes The same day that Apple announced that iOS 8 will encrypt device data with a local code that is not shared with Apple, Google has pointed out that Android already offers the same feature as a user option and that the next version will enable it by default. The announcements by both major cell phone [operating system makers] underscores a new emphasis on privacy in the wake of recent government surveillance revelations in the U.S. At the same time, it leaves unresolved the tension between security and convenience when both companies' devices are configured to upload user content to iCloud and Google+ servers for backup and synchronization across devices, servers and content to which Apple and Google do have access.
Networking

Once Vehicles Are Connected To the Internet of Things, Who Guards Your Privacy? 130

Posted by timothy
from the I-hope-it's-rob-ford dept.
Lucas123 (935744) writes Carmakers already remotely collect data from their vehicles, unbeknownst to most drivers, but once connected via in-car routers or mobile devices to the Internet, and to roadway infrastructure and other vehicles around them, that information would be accessible by the government or other undesired entities. Location data, which is routinely collected by GPS providers and makers of telematics systems, is among the most sensitive pieces of information that can be collected, according to Nate Cardozo, an attorney with the Electronic Frontier Foundation. "Not having knowledge that a third party is collecting that data on us and with whom they are sharing that data with is extremely troubling," Cardozo said. in-vehicle diagnostics data could also be used by government agencies to track driver behavior. Nightmare scenarios could include traffic violations being issued without law enforcement officers on the scene or federal agencies having the ability to track your every move in a car. That there could be useful data in all that personally identifiable bits made me think of Peter Wayner's "Translucent Databases."
Encryption

Apple Will No Longer Unlock Most iPhones, iPads For Police 499

Posted by timothy
from the just-what-they-want-you-to-think-part-827398 dept.
SternisheFan writes with this selection from a story at the Washington Post: Apple said Wednesday night that it is making it impossible for the company to turn over data from most iPhones or iPads to police — even when they have a search warrant — taking a hard new line as tech companies attempt to blunt allegations that they have too readily participated in government efforts to collect user data. The move, announced with the publication of a new privacy policy tied to the release of Apple's latest mobile operating system, iOS 8, amounts to an engineering solution to a legal dilemma: Rather than comply with binding court orders, Apple has reworked its latest encryption in a way that makes it almost impossible for the company – or anyone else but the device's owner – to gain access to the vast troves of user data typically stored on smartphones or tablet computers. The key is the encryption that Apple mobile devices automatically put in place when a user selects a passcode, making it difficult for anyone who lacks that passcode to access the information within, including photos, e-mails, recordings or other documents. Apple once kept possession of encryption keys that unlocked devices for legally binding police requests, but will no longer do so for iOS8, it said in a new guide for law enforcement. "Unlike our competitors, Apple cannot bypass your passcode and therefore cannot access this data," Apple said on its Web site. "So it's not technically feasible for us to respond to government warrants for the extraction of this data from devices in their possession running iOS 8."
Government

NSA Director Says Agency Is Still Trying To Figure Out Cyber Operations 103

Posted by Soulskill
from the i-don't-think-the-mr-magoo-routine-is-going-to-work dept.
Trailrunner7 writes: In a keynote speech at a security conference in Washington on Tuesday, new NSA Director Mike Rogers emphasized a need to establish behavioral norms for cyber war. "We're still trying to work our way through distinguishing the difference between criminal hacking and an act of war," said Rogers. "If this was easy, we would have figured it out years ago. We have a broad consensus about what constitutes an act of war, what's an act of defense." Rogers went on to explain that we need to better establish standardized terminology and standardized norms like those that exist in the realm of nuclear deterrence. Unfortunately, unlike in traditional national defense, we can not assume that the government will be able to completely protect us against cyber-threats because the threat ecosystem is just too broad.
Privacy

FBI Completes New Face Recognition System 129

Posted by Soulskill
from the they-know-what-you-did-last-summer dept.
Advocatus Diaboli writes: According to a report from Gizmodo, "After six years and over one billion dollars in development, the FBI has just announced that its new biometric facial recognition software system is finally complete. Meaning that, starting soon, photos of tens of millions of U.S. citizen's faces will be captured by the national system on a daily basis. The Next Generation Identification (NGI) program will logs all of those faces, and will reference them against its growing database in the event of a crime. It's not just faces, though. Thanks to the shared database dubbed the Interstate Photo System (IPS), everything from tattoos to scars to a person's irises could be enough to secure an ID. What's more, the FBI is estimating that NGI will include as many as 52 million individual faces by next year, collecting identified faces from mug shots and some job applications." Techdirt points out that an assessment of how this system affects privacy was supposed to have preceded the actual rollout. Unfortunately, that assessment is nowhere to be found.

Two recent news items are related. First, at a music festival in Boston last year, face recognition software was tested on festival-goers. Boston police denied involvement, but were seen using the software, and much of the data was carelessly made available online. Second, both Ford and GM are working on bringing face recognition software to cars. It's intended for safety and security — it can act as authentication and to make sure the driver is paying attention to the road.
Cloud

Tim Cook Says Apple Can't Read Users' Emails, That iCloud Wasn't Hacked 191

Posted by timothy
from the our-cooperation-was-strictly-reluctant dept.
Apple CEO Tim Cook insists that Apple doesn't read -- in fact, says Cook, cannot read -- user's emails, and that the company's iCloud service wasn't hacked. ZDNet presents highlights from Cook's lengthy, two-part interview with Charlie Rose. One selection of particular interest: Apple previously said that even it can't access iMessage and FaceTime communications, stating that such messages and calls are not held in an "identifiable form." [Cook] claimed if the government "laid a subpoena," then Apple "can't provide it." He said, bluntly: "We don't have a key... the door is closed." He reiterated previous comments, whereby Apple has said it is not in the business of collecting people's data. He said: "When we design a new service, we try not to collect data. We're not reading your email." Cook went on to talk about PRISM in more detail, following the lead from every other technology company implicated by those now-infamous PowerPoint slides.
Australia

Quickflix Wants Netflix To Drop Australian VPN Users 172

Posted by timothy
from the all-we-want-is-a-captive-audience dept.
ashshy writes 200,000 Australian residents reportedly use Netflix today, tunneling their video traffic to the US, UK, and other Netflix markets via VPN connections. A proper Netflix Down Under service isn't expected to launch until 2015. Last week, Aussie video streaming company Quickflix told Netflix to stop this practice, so Australian viewers can return to Quickflix and other local alternatives. But Quickflix CEO Stephen Langsford didn't explain how Netflix could restrict Australian VPN users, beyond the IP geolocating and credit card billing address checks it already runs. Today, ZDNet's Josh Taylor ripped into the absurdity of Quickflix's demands. From the article: "If Netflix cuts those people off, they're going to know that it was at the behest of Foxtel and Quickflix, and would likely boycott those services instead of flocking to them. If nothing else, it would encourage those who have tried to do the right thing by subscribing and paying for content on Netflix to return to copyright infringement."
Australia

NSW Police Named as FinFisher Spyware Users 73

Posted by samzenpus
from the oh-watching-the-places-you'll-go dept.
Bismillah writes Wikileaks' latest release of documents shows that the Australian New South Wales police force has spent millions on licenses for the FinFisher set of law enforcement spy- and malware tools — and still has active licenses. What it uses FinFisher, which has been deployed against dissidents by oppressive regimes, for is yet to be revealed. NSW Police spokesperson John Thompson said it would not be appropriate to comment "given this technology relates to operational capability".
Businesses

Comcast Allegedly Asking Customers to Stop Using Tor 418

Posted by samzenpus
from the no-tor-for-you dept.
An anonymous reader writes Comcast agents have reportedly contacted customers who use Tor and said their service can get terminated if they don't stop using Tor. According to Deep.Dot.Web, one of those calls included a Comcast customer service agent who allegedly called Tor an “illegal service.” The Comcast agent told the customer that such activity is against usage policies. The Comcast agent then allegedly told the customer: "Users who try to use anonymity, or cover themselves up on the internet, are usually doing things that aren’t so-to-speak legal. We have the right to terminate, fine, or suspend your account at anytime due to you violating the rules. Do you have any other questions? Thank you for contacting Comcast, have a great day." Update: 09/15 18:38 GMT by S : Comcast has responded, saying they have no policy against Tor and don't care if people use it.
Government

New Details About NSA's Exhaustive Search of Edward Snowden's Emails 200

Posted by samzenpus
from the taking-a-good-look dept.
An anonymous reader points out this Vice story with new information about the NSA's search of Edward Snowden's emails. Last year, the National Security Agency (NSA) reviewed all of Edward Snowden's available emails in addition to interviewing NSA employees and contractors in order to determine if he had ever raised concerns internally about the agency's vast surveillance programs. According to court documents the government filed in federal court September 12, NSA officials were unable to find any evidence Snowden ever had.

In a sworn declaration, David Sherman, the NSA's associate director for policy and records, said the agency launched a "comprehensive" investigation after journalists began to write about top-secret NSA spy programs upon obtaining documents Snowden leaked to them. The investigation included searches of any records where emails Snowden sent raising concerns about NSA programs "would be expected to be found within the agency." Sherman, who has worked for the NSA since 1985, is a "original classification authority," which means he can classify documents as "top-secret" and process, review, and redact records the agency releases in response to Freedom of Information Act (FOIA) requests.

In his declaration, Sherman detailed steps he said agency officials took to track down any emails Snowden wrote that contained evidence he'd raised concerns inside the agency. Sherman said the NSA searched sent, received, deleted emails from Snowden's account and emails "obtained by restoring back-up tapes." He noted that NSA officials reviewed written reports and notes from interviews with "NSA affiliates" with whom the agency spoke during its investigation.
United States

Treasure Map: NSA, GCHQ Work On Real-Time "Google Earth" Internet Observation 266

Posted by samzenpus
from the lets-see-what-you're-doing dept.
wabrandsma) writes with the latest accusations about NSA spying activity in Germany. According to top-secret documents from the NSA and the British agency GCHQ, the intelligence agencies are seeking to map the entire Internet.
Furthermore, every single end device that is connected to the Internet somewhere in the world — every smartphone, tablet and computer — is to be made visible. Such a map doesn't just reveal one treasure. There are millions of them. The breathtaking mission is described in a Treasure Map presentation from the documents of the former intelligence service employee Edward Snowden which SPIEGEL has seen. It instructs analysts to "map the entire Internet — Any device, anywhere, all the time." Treasure Map allows for the creation of an "interactive map of the global Internet" in "near real-time," the document notes. Employees of the so-called "FiveEyes" intelligence agencies from Great Britain, Canada, Australia and New Zealand, which cooperate closely with the American agency NSA, can install and use the program on their own computers. One can imagine it as a kind of Google Earth for global data traffic, a bird's eye view of the planet's digital arteries.
United Kingdom

School Installs Biometric Fingerprint System For Cafeteria 230

Posted by samzenpus
from the paying-with-one-finger dept.
An anonymous reader writes with news about a school in England that has introduced a cashless cafeteria system that is raising some privacy concerns among some. Stourbridge students will soon be able to pay for their lunch without searching their pockets for change. Redhill School has spent £20,000 updating its dining facilities and introducing a cashless catering system. The system will allow parents to deposit funds into students catering accounts, to be debited by the pupil's biometric fingerprint scan at the point of sale. Headteacher Stephen Dunster said: "The benefits are that pupils are less likely to lose cash, parents know their children are using their dinner money to buy nutritious food and there will also be a system to alert staff if students are purchasing food that they may be allergic to."
Government

NSA Metadata Collection Gets 90-Day Extension 73

Posted by Soulskill
from the you-can-trust-us-for-90-more-days dept.
schwit1 sends word that the Foreign Intelligence Surveillance Court has authorized a 90-day extension to the NSA's ability to collect bulk metadata about U.S. citizens' phone calls. In April, the House of Representatives passed a bill to limit the NSA's collection of metadata, but the Senate has been working on their version of the bill since then without yet voting on it. Because of this, and the alleged importance of continuing intelligence operations, the government sought a 90-day reauthorization of the current program. The court agreed. Senator Patrick Leahy said this clearly demonstrates the need to get this legislation passed. "We cannot wait any longer, and we cannot defer action on this important issue until the next Congress. This announcement underscores, once again, that it is time for Congress to enact meaningful reforms to protect individual privacy.
Privacy

Justice Sotomayor Warns Against Tech-Enabled "Orwellian" World 166

Posted by Soulskill
from the trading-privacy-for-convenience dept.
An anonymous reader writes: U.S. Supreme Court Justice Sonia Sotomayor spoke on Thursday to faculty and students at the University of Oklahoma City about the privacy perils brought on by modern technology. She warned that the march of technological progress comes with a need to enact privacy protections if we want to avoid living in an "Orwellian world" of constant surveillance. She said, "There are drones flying over the air randomly that are recording everything that's happening on what we consider our private property. That type of technology has to stimulate us to think about what is it that we cherish in privacy and how far we want to protect it and from whom. Because people think that it should be protected just against government intrusion, but I don't like the fact that someone I don't know can pick up, if they're a private citizen, one of these drones and fly it over my property."
AI

The Challenges and Threats of Automated Lip Reading 120

Posted by Soulskill
from the surgical-masks-become-high-fashion-in-2018 dept.
An anonymous reader writes: Speech recognition has gotten pretty good over the past several years. it's reliable enough to be ubiquitous in our mobile devices. But now we have an interesting, related dilemma: should we develop algorithms that can lip read? It's a more challenging problem, to be sure. Sounds can be translated directly into words, but deriving meaning out of the movement of a person's face is much more complex. "During speech, the mouth forms between 10 and 14 different shapes, known as visemes. By contrast, speech contains around 50 individual sounds known as phonemes. So a single viseme can represent several different phonemes. And therein lies the problem. A sequence of visemes cannot usually be associated with a unique word or sequence of words. Instead, a sequence of visemes can have several different solutions." Beyond the computational aspect, we also need to decide, as a society, if this is a technology that should exist. The privacy implications extend beyond that of simple voice recognition.
Crime

Turning the Tables On "Phone Tech Support" Scammers 210

Posted by timothy
from the mouthwatering-shadenfreude dept.
mask.of.sanity writes A security pro has released a Metasploit module that can take over computers running the Ammyy Admin remote control software popular among "Hi this is Microsoft, there's a problem with your computer" tech support scammers. The hack detailed in Matthew Weeks' technical post works from the end-user, meaning victims can send scammers the hijacking exploit when they request access to their machines. Victims should provide scammers with their external IP addresses rather than their Ammyy identity numbers as the exploit was not yet built to run over the Ammyy cloud, according to the exploit readme. This is much more efficient than just playing along but "accidentally" being unable to follow their instructions.

Money can't buy happiness, but it can make you awfully comfortable while you're being miserable. -- C.B. Luce

Working...