Businesses

Net Neutrality Protests Move Online, Yet Big Tech Is Quiet (nytimes.com) 54

The New York Times: Protests to preserve net neutrality, or rules that ensure equal access to the internet, migrated online on Tuesday, with numerous online companies posting calls on their sites for action to stop a vote later this week. Reddit, Etsy and Kickstarter were among the sites warning that the proposal at the Federal Communications Commission to roll back so-called net neutrality rules would fundamentally change the way the internet is experienced. Kickstarter, the crowdfunding site, cleared its entire home screen for a sparse white screen reading "Defend Net Neutrality" in large letters. Reddit, the popular online message board, pushed in multiple ways on its site for keeping the rules, including a pop-up box on its home screen. But the online protests also highlighted how the biggest tech companies, such as Facebook and Google, have taken a back seat in the debate about protecting net neutrality (Editor's note: the link may be paywalled; syndicated source), rules that prohibit internet service providers like AT&T and Comcast from blocking or slowing sites or for charging people or companies for faster speeds of particular sites. For the most part, the large tech companies did not engage in the protest on Tuesday. In the past, the companies have played a leading role in supporting the rules.
Businesses

No Matter What Happens With Net Neutrality, an Open Internet Isn't Going Anywhere, Says Former FCC Chairman (recode.net) 143

Michael K. Powell, a former chairman of the Federal Communications Commission, writing for Recode: With an ounce of reflection, one knows that none of this will come to pass, and the imagined doom will join the failed catastrophic predictions of Y2K and massive snow storms that fizzle to mere dustings -- all too common in Washington, D.C. Sadly, rational debate, like Elvis, has left the building. The vibrant and open internet that Americans cherish isn't going anywhere. In the days, weeks and years following this vote, Americans will be merrily shopping online for the holidays, posting pictures on Instagram, vigorously voicing political views on Facebook and asking Alexa the score of the game. Startups and small business will continue to hatch and flourish, and students will be online, studiously taking courses. Time will prove that the FCC did not destroy the internet, and our digital lives will go on just as they have for years. This confidence rests on the fact that ISPs highly value the open internet and the principles of net neutrality, much more than some animated activists would have you think. Why? For one, because it's a better way of making money than a closed internet.
AI

What Does Artificial Intelligence Actually Mean? (qz.com) 80

An anonymous reader writes: A new bill (pdf) drafted by senator Maria Cantwell asks the Department of Commerce to establish a committee on artificial intelligence to advise the federal government on how AI should be implemented and regulated. Passing of the bill would trigger a process in which the secretary of commerce would be required to release guidelines for legislation of AI within a year and a half. As with any legislation, the proposed bill defines key terms. In this, we have a look at how the federal government might one day classify artificial intelligence. Here are the five definitions given:

A) Any artificial systems that perform tasks under varying and unpredictable circumstances, without significant human oversight, or that can learn from their experience and improve their performance. Such systems may be developed in computer software, physical hardware, or other contexts not yet contemplated. They may solve tasks requiring human-like perception, cognition, planning, learning, communication, or physical action. In general, the more human-like the system within the context of its tasks, the more it can be said to use artificial intelligence.
B) Systems that think like humans, such as cognitive architectures and neural networks.
C) Systems that act like humans, such as systems that can pass the Turing test or other comparable test via natural language processing, knowledge representation, automated reasoning, and learning.
D) A set of techniques, including machine learning, that seek to approximate some cognitive task.
E) Systems that act rationally, such as intelligent software agents and embodied robots that achieve goals via perception, planning, reasoning, learning, communicating, decision-making, and acting.

Government

Trump Signs Law Forcing Drone Users To Register With Government (thehill.com) 381

President Trump signed a sweeping defense policy bill into law on Tuesday that will allow the government to require recreational drone users to register their model aircraft. This comes after a federal court ruled in May that Americans no longer have to register non-commercial drones with the Federal Aviation Administration (FAA) "because Congress had said in a previous law that the FAA can't regulate model aircraft," reports The Hill. From the report: In December 2015, the FAA issued an interim rule requiring drone hobbyists to register their recreational aircraft with the agency. The rule -- which had not been formally finalized -- requires model aircraft owners to provide their name, email address and physical address; pay a $5 registration fee; and display a unique drone ID number at all times. Those who fail to comply could face civil and criminal penalties. While Congress directed the FAA to safely integrate drones into the national airspace in a 2012 aviation law, lawmakers also included a special exemption to prevent model aircraft from being regulated. A D.C.-based appeals court cited the 2012 law in its ruling striking down the FAA drone registry, arguing that recreational drones count as model aircraft and that the registry counts as a rule or regulation.
Databases

Searchable Database of 1.4 Billion Stolen Credentials Found On Dark Web (itworldcanada.com) 67

YVRGeek shares a report from IT World Canada: A security vendor has discovered a huge list of easily searchable stolen credentials in cleartext on the dark web, which it fears could lead to a new wave of cyber attacks. Julio Casal, co-founder of identity threat intelligence provider 4iQ, which has offices in California and Spain, said in a Dec. 8 blog his firm found the database of 1.4 billion username and password pairs while scanning the dark web for stolen, leaked or lost data. He said the company has verified at least a group of credentials are legitimate. What is alarming is the file is what he calls "an aggregated, interactive database that allows for fast (one second response) searches and new breach imports." For example, searching for "admin," "administrator" and "root" returned 226,631 passwords of admin users in a few seconds. As a result, the database can help attackers automate account hijacking or account takeover. The dump file was 41GB in size and was found on December 5th in an underground community forum. The total amount of credentials is 1,400,553,869.
Bitcoin

SEC Shuts Down Munchee ICO (techcrunch.com) 41

The Securities and Exchange Commission has shut down Munchee, a company that built a $15 million token sale. According to TechCrunch, "The Munchee ICO aimed to fund the MUN coin, a payment system for restaurant reviews." However, the company "received a cease and desist from the SEC on December 11" because it constituted the offer and sale of unregistered securities. From the report: Within the SECs findings they noted that Munchee touted itself as a "utility" token which means that the company believed the MUN token would be primarily used within the Munchee ecosystem and not be used to fund operations. However, thanks to an application of the Howey Test (a Supreme Court finding that essentially states that any instrument with the expectation of return is an investment vehicle), the SEC found the Munchee was actually releasing a security masquerading as a utility. "Munchee offered MUN tokens in order to raise capital to build a profitable enterprise," read the SEC notice. "Munchee said that it would use the offering proceeds to run its business, including hiring people to develop its product, promoting the Munchee App, and ensuring 'the smooth operation of the MUN token ecosystem.'" The stickiest part? Munchee claimed that its coins would increase in value thanks to a convoluted process of growth.

In short, Munchee was undone by two things: depending on the token sale as a vehicle to raise cash for operations and using the typically spammy and scammy marketing efforts most ICO floggers use now, tactics taken directly from affiliate marketing handbooks. Fortunately, Munchee was able to return all $15 million to the 40 investors that dumped their coins into scheme.

Businesses

Why Google and Amazon Are Hypocrites (om.blog) 234

Amazon earlier this month responded to Google's decision to remove YouTube from all Fire TV products and the Echo Show. Google says it's taking this extreme step because of Amazon's recent delisting of new Nest products (like Nest Secure and the E Thermostat) and the company's long-running refusal to sell Chromecast or support Google Cast in any capacity. Veteran journalist Om Malik writes: This smacks of so much hypocrisy that I don't even know where to start. The two public proponents of network neutrality and anything but neutral about each other's services on each other's platforms. They can complain about the cable companies from blocking their content and charging for fast lanes. The irony isn't lost on me even a wee bit. They are locked in a battle to collect as much data about us -- what we shop, what we see, what we do online and they do so under the guise of offering us services that are amazing and wonderful. They don't talk about what they won't do with our data, instead, they bicker and distract. So to think that these purveyors of hyper-capitalism will fight for interests of consumers is not only childish, it is foolish. We as end customers need to figure out who is speaking on our behalf when it comes to the rules of the Internet.
The Internet

129 Million Americans Can Only Get Internet Service From Companies That Have Violated Net Neutrality (vice.com) 140

An anonymous reader quotes a report from Motherboard: Based on the Federal Communications Commission's own data, the Institute for Local Self Reliance found that 129 million Americans only have one option for broadband internet service in their area, which equals about 40 percent of the country. Of those who only have one option, roughly 50 million are limited to a company that has violated net neutrality in some way. Of Americans who do have more than one option, 50 million of them are left choosing between two companies that have both got shady behavior on their records, from blocking certain access to actively campaigning against net neutrality.

Aside from being a non-ideal situation for consumers like me, this lack of competition is another dock against the FCC's plan to repeal net neutrality rules later this week. In arguing against net neutrality rules, FCC Chairman Ajit Pai has repeatedly cited a free market as just as capable of ensuring internet freedom as government regulations. "All we are simply doing is putting engineers and entrepreneurs, instead of bureaucrats and lawyers, back in charge of the internet," Pai said on Fox News's "Fox & Friends," in November. "What we wanted to do is return to the free market consensus that started in the Clinton administration and that served the internet economy in America very well for many years." But how can market competition regulate an industry when more than a third of the market has no competition at all, and even those that do have to choose between options that don't uphold net neutrality?

Education

France To Ban Mobile Phones In Schools (theguardian.com) 187

The French government is planning to ban students from using mobile phones in the country's primary, junior and middle schools. While children will be permitted to bring their phones to school, they will not be allowed to get them out at any time until they leave, even during breaks. The Guardian reports: Jean-Michel Blanquer, the French education minister, said the measure would come into effect from the start of the next school year in September 2018. It will apply to all pupils from the time they start school at age of six -- up to about 15 when they start secondary school. Blanquer said some education establishments already prohibited pupils from using their mobiles. "Sometimes you need a mobile for teaching reasons [...] for urgent situations, but their use has to be somehow controlled," he told RTL radio. The minister said the ban was also a "public health message to families," adding: "It's good that children are not too often, or even at all, in front of a screen before the age of seven." The French headteachers' union was skeptical that the ban could be enforced.
NASA

President Trump Is Sending NASA Back To The Moon (npr.org) 301

President Trump has formally told NASA to send U.S. astronauts back to the moon. From a report: "The directive I'm signing today will refocus America's space program on human exploration and discovery," he said. Standing at the president's side as he signed "Space Policy Directive 1" on Monday was Apollo 17 astronaut Harrison Schmitt, one of the last two humans to ever walk on the moon, in a mission that took place 45 years ago this week. Since that time, no human has ventured out beyond low-Earth orbit. NASA doesn't even have its own space vehicle, having retired the space shuttles in 2011. Americans currently ride up to the international space station in Russian capsules, though private space taxis are expected to start ferrying them up as soon as next year.
Privacy

How Email Open Tracking Quietly Took Over the Web (wired.com) 115

Brian Merchant, writing for Wired: There are some 269 billion emails sent and received daily. That's roughly 35 emails for every person on the planet, every day. Over 40 percent of those emails are tracked, according to a study published last June by OMC, an "email intelligence" company that also builds anti-tracking tools. The tech is pretty simple. Tracking clients embed a line of code in the body of an email -- usually in a 1x1 pixel image, so tiny it's invisible, but also in elements like hyperlinks and custom fonts. When a recipient opens the email, the tracking client recognizes that pixel has been downloaded, as well as where and on what device. Newsletter services, marketers, and advertisers have used the technique for years, to collect data about their open rates; major tech companies like Facebook and Twitter followed suit in their ongoing quest to profile and predict our behavior online. But lately, a surprising -- and growing -- number of tracked emails are being sent not from corporations, but acquaintances. "We have been in touch with users that were tracked by their spouses, business partners, competitors," says Florian Seroussi, the founder of OMC. "It's the wild, wild west out there." According to OMC's data, a full 19 percent of all "conversational" email is now tracked. That's one in five of the emails you get from your friends. And you probably never noticed.
China

German Intelligence Warns of Increased Chinese Cyberspying (apnews.com) 69

The head of Germany's domestic intelligence agency has warned that China allegedly is using social networks to try to cultivate lawmakers and other officials as sources. From a report: Hans-Georg Maassen said his agency, known by its German acronym BfV, believes more than 10,000 Germans have been targeted by Chinese intelligence agents posing as consultants, headhunters or researchers, primarily on the social networking site LinkedIn. "This is a broad-based attempt to infiltrate in particular parliaments, ministries and government agencies," Maassen said.
HP

HP Laptops Found To Have Hidden Keylogger (bbc.com) 114

Hidden software that can record every letter typed on a computer keyboard has been discovered pre-installed on hundreds of HP laptop models, BBC reported on Monday citing the findings of a security researcher. From the report: Security researcher Michael Myng found the keylogging code in software drivers preinstalled on HP laptops to make the keyboard work. HP said more than 460 models of laptop were affected by the "potential security vulnerability." It has issued a software patch for its customers to remove the keylogger. The issue affects laptops in the EliteBook, ProBook, Pavilion and Envy ranges, among others. HP has issued a full list of affected devices, dating back to 2012. Mr Myng discovered the keylogger while inspecting Synaptics Touchpad software, to figure out how to control the keyboard backlight on an HP laptop. He said the keylogger was disabled by default, but an attacker with access to the computer could have enabled it to record what a user was typing. According to HP, it was originally built into the Synaptics software to help debug errors. It acknowledged that could lead to "loss of confidentiality" but it said neither Synaptics nor HP had access to customer data as a result of the flaw.
United States

FCC Refuses Records For Investigation Into Fake Net Neutrality Comments (variety.com) 164

"FCC general counsel Tom Johnson has told the New York State attorney general that the FCC is not providing information for his investigation into fake net-neutrality comments, saying those comments did not affect the review, and challenging the state's ability to investigate the feds." Variety has more: The FCC's general counsel, in a letter to New York Attorney General Eric Schneiderman, also dismissed his concerns that the volume of fake comments or those made with stolen identities have "corrupted" the rule-making process... He added that Schneiderman's request for logs of IP addresses would be "unduly burdensome" to the commission, and would "raise significant personal privacy concerns."

Amy Spitalnick, Schneiderman's press secretary, said in a statement that the FCC "made clear that it will continue to obstruct a law enforcement investigation. It's easy for the FCC to claim that there's no problem with the process, when they're hiding the very information that would allow us to determine if there was a problem. To be clear, impersonation is a violation of New York law," she said... "The only privacy jeopardized by the FCC's continued obstruction of this investigation is that of the perpetrators who impersonated real Americans."

One of the FCC's Democratic commissioners claimed that this response "shows the FCC's sheer contempt for public input and unreasonable failure to support integrity in its process... Moreover, the FCC refuses to look into how nearly half a million comments came from Russian sources."
Security

Touting Government/Industry 'Partnership' on Security Practices, NIST Drafts Cybersecurity Framework Update (scmagazine.com) 15

Remember NIST, the non-regulatory agency of the U.S. Department of Commerce? Their mission expanded over the years to protecting businesses from cyberthreats, including a "Cybersecurty Framework" first published in 2014. "The original goal was to develop a voluntary framework to help organizations manage cybersecurity risk in the nation's critical infrastructure, such as bridges and the electric power grid," NIST wrote in January, "but the framework has been widely adopted by many types of organizations across the country and around the world." Now SC Media reports: The second draft of the update to the National Institute of Standards and Technology's cybersecurity framework, NIST 1.1, is meant "to clarify, refine, and enhance the Cybersecurity Framework, amplifying its value and making it easier to use," according to NIST. Specifically, it brings clarity to cybersecurity measurement language and tackles improving security of the supply chain. Calling the initial NIST CSF "a landmark effort" that delivered "important benefits, such as providing common language for different models" of standards and best practices already in use, Larry Clinton, president and CEO of the Internet Security Alliance, said "it fell short of some of the most critical demands of Presidential Executive Order 13636, which generated its development...

"To begin with, the new draft makes it clear that our goal is not some undefined metric for use of the Framework, but for effective use of the Framework. Moreover, this use-metric needs to be tied not to some generic standard, but to be calibrated to the unique threat picture, risk appetite and business objective of a particular organization"... Clinton praised the process used by NIST as "a model 'use case' for how government needs to engage with its industry partners to address the cybersecurity issue." The internet's inherent interconnectedness makes it impossible for sustainable security to be achieved through anything other than true partnership, he contended.

Slashdot reader Presto Vivace reminds you that public comments on the draft Framework and Roadmap are due to NIST by 11:59 p.m. EST on January 19, 2018. "If you have an opinion about this, NOW is the time to express it."
Books

San Diego Comic-Con Wins Trademark Suit Against 'Salt Lake Comic Con' (deseretnews.com) 116

The Deseret News reports: A jury has found that Salt Lake Comic Con founders Dan Farr and Bryan Brandenburg, along with their company, violated a trademark when they named their fan convention a "comic con." However, the jury decided that the trademark was not willfully violated, and only awarded $20,000 of the $12 million that San Diego Comic-Con had asked for in damages. The decision came at the end of an eight-day jury trial and three years of legal maneuvering... And with an estimated 140 other fan conventions across the country calling themselves comic cons, the impact of the decision could be felt nationwide...

The Salt Lake group also has an ongoing action with the U.S. Patent and Trademark Office seeking to invalidate San Diego's "comic-con" trademark... San Diego Comic-Con, which has been holding events since 1970, has a trademark on "comic-con" with a hyphen, but was unsuccessful in its 1995 bid to trademark "comic con," with a space. The unhyphenated name "Comic Con International," as well as the event's iconic "eye logo," are also protected by trademark. The event maintains that its trademarks cover the term "comic con" in all its forms...

San Diego Comic-Con wanted more than $12 million in damages from Salt Lake, including over $9 million for a three-month "corrective advertising campaign" to dispel confusion... In his closing arguments, Michael Katz, an attorney for Salt Lake Comic Con, questioned the amount San Diego was seeking, noting that San Diego authorities said during trial the organization generally spends between $20,000 and $30,000 for a month of advertising.

Slashdot reader AlanBDee writes: When I attended the Salt Lake City Comic Con I did assume it was the same organization that put on San Diego Comic-Con... But now I have to wonder how that will affect other Comic Cons around the nation? What should these comic based fan conventions be called if not Comic Con?
Government

Autocratic Governments Can Now 'Buy Their Own NSA' (wired.com) 109

Citizen Lab has been studying information controls since 2001, and this week their director -- a Toronto political science professor -- revealed how governments (including Ethiopia's) are using powerful commercial spyware. Slashdot reader mspohr shared their report: We monitored the command and control servers used in the campaign and in doing so discovered a public log file that the operators mistakenly left open... We were also able to identify the IP addresses of those who were targeted and successfully infected: a group that includes journalists, a lawyer, activists, and academics... Many of the countries in which the targets live -- the United States, Canada, and Germany, among others -- have strict wiretapping laws that make it illegal to eavesdrop without a warrant... Our team reverse-engineered the malware used in this instance, and over time this allowed us to positively identify the company whose spyware was being employed by Ethiopia: Cyberbit Solutions, a subsidiary of the Israel-based homeland security company Elbit Systems. Notably, Cyberbit is the fourth company we have identified, alongside Hacking Team, Finfisher, and NSO Group, whose products and services have been abused by autocratic regimes to target dissidents, journalists, and others...

Remarkably, by analyzing the command and control servers of the cyber espionage campaign, we were also able to monitor Cyberbit employees as they traveled the world with infected laptops that checked in to those servers, apparently demonstrating Cyberbit's products to prospective clients. Those clients include the Royal Thai Army, Uzbekistan's National Security Service, Zambia's Financial Intelligence Centre, and the Philippine president's Malacañang Palace. Outlining the human rights abuses associated with those government entities would fill volumes.... Governments like Ethiopia no longer depend on their own in-country advanced computer science, engineering, and mathematical capacity in order to build a globe-spanning cyber espionage operation. They can simply buy it off the shelf from a company like Cyberbit. Thanks to companies like these, an autocrat whose country has poor national infrastructure but whose regime has billions of dollars, can order up their own NSA. To wit: Elbit Systems, the parent company of Cyberbit, says it has a backlog of orders valuing $7 billion.

Reached for comment, Cyberbit said they were not responsible with what others do with their software, arguing that "governmental authorities and law enforcement agencies are responsible to ensure that they are legally authorized to use the products in their jurisdictions."
Electronic Frontier Foundation

"The FCC Still Doesn't Know How the Internet Works" (eff.org) 289

An anonymous reader writes: The EFF describes the FCC's official plan to kill net neutrality as "riddled with technical errors and factual inaccuracies," including, for example, a false distinction between "Internet access service" and "a distinct transmission service" which the EFF calls "utterly ridiculous and completely ungrounded from reality."

"Besides not understanding how Internet access works, the FCC also has a troublingly limited knowledge of how the Domain Name System (DNS) works -- even though hundreds of engineers tried to explain it to them this past summer... As the FCC would have it, an Internet user actively expects their ISP to provide DNS to them." And in addition, "Like DNS, it treats caching as if it were some specialized service rather than an implementation detail and general-purpose computing technique."

"There are at least two possible explanations for all of these misunderstandings and technical errors. One is that, as we've suggested, the FCC doesn't understand how the Internet works. The second is that it doesn't care, because its real goal is simply to cobble together some technical justification for its plan to kill net neutrality. A linchpin of that plan is to reclassify broadband as an 'information service,' (rather than a 'telecommunications service,' or common carrier) and the FCC needs to offer some basis for it. So, we fear, it's making one up, and hoping no one will notice."

"We noticed," their editorial ends, urging Americans "to tell your lawmakers: Don't let the FCC sell the Internet out."
Businesses

Reporter Regrets Letting Amazon's Delivery People Into His House (washingtonpost.com) 114

An anonymous reader writes: Washington Post reporter Geoffrey A. Fowler describes his short-lived experience with "Amazon Key", a $250 smart lock system with a security camera that grants Amazon's delivery people access to your home. The lock sounds "like R2-D2 with constipation," and at one point it actually jammed (though his persistent delivery person eventually got it working properly). The unlocking of the door triggers a live video feed of the delivery -- which is also stored in a private archive online -- plus an alert to your phone -- and the Post's reporter writes that "The biggest downsides to the experience haven't been the strangers -- it's been Amazon."

They missed their delivery windows four out of eight times, and though the packages all arrived eventually, all four were late by a least a day. But his larger issue is that Amazon "wants to draw you further into an all-Amazon world... Now Amazon wants to literally own your door, so it can push not just packages but also services that come through it, like handymen, dog-walkers, groceries, you name it." His ultimate question? "Who's really being locked in?"

The Post's reporter notes that Amazon CEO Jeff Bezos owns the Washington Post, "but I review all tech the same." He did identify some advantages to the $250 smart lock system -- the door can now also be unlocked with the Amazon Key app, and he can even share that access with his friends by giving them a special access code.

But he also notes that security researchers discovered a way to freeze Amazon's security camera, potentially allowing a rogue delivery person to lurk in your house. And all things considered, it was apparently all too creepy. "After two weeks, my family voted to remove the Amazon Key smart lock and take down the camera."
Privacy

People Keep Finding Hidden Cameras in Their Airbnbs (buzzfeed.com) 166

"Airbnb has a scary problem on their hands: People keep finding hidden cameras in their rental homes," reports the New York Post. "Another host was busted last month trying to film guests without their knowledge -- marking the second time since October that the company has had to publicly deal with this sort of incident." BuzzFeed reports: In October, an Indiana couple visiting Florida discovered a hidden camera disguised as a smoke detector in their Airbnb's master bedroom. Earlier that same year Airbnb was forced to investigate and suspend a Montreal listing after one of the renters discovered a camera in the bedroom of the property... Hidden cameras aren't just an issue for Airbnb -- it's been a hot-button topic in hospitality for years. There are hundreds of stories about hotels using unlawful surveillance. [For example, this one.]

Airbnb recommends its customers read the reviews of the host of any rental property they might be interested in, and also offers an on-platform messaging tool that allows communication between host and guests... "Cameras are never allowed in bathrooms or bedrooms; any other cameras must be properly disclosed to guests ahead of time," Airbnb spokesperson Jeff Henry told BuzzFeed News.

This time the couple discovered hidden cameras that were disguised as a motion detectors. Airbnb says they've permanently banned the offending host -- and offered his guests a refund -- adding that this type of incident was "incredibly rare."

Slashdot Top Deals