The Courts

Here's the Letter Alleging Uber Spied on Individuals For Competitive Intelligence (recode.net) 26

The judge in the $1.9 billion civil suit between Google-parent company Alphabet's self-driving car unit Waymo and Uber released the letter of a disgruntled former employee -- former Uber security officer Richard Jacobs -- on Friday, laying bare a number of explosive allegations against the ride-hailing company that include corporate espionage, unlawful surveillance, illegal wiretapping, bribery of foreign officials, and illicit hacking. From a report: The letter read: "This program, formerly known as the Strategic Services Group, under Nick Gicinto, collected intelligence and conducted unauthorized surveillance, including unauthorized recording of private conversations against executives from competitor firms, such as DiDi Chuxing and against its own employees and contractors at the Autonomous Technologies Group in Pittsburgh." Jacobs testified in court and walked back some of the allegations made in the letter, which was written by his attorney, Clayton Halunen. Days later, Uberâ(TM)s new chief legal officer Tony West issued a directive to employees to stop surveilling individuals, which Recode first reported. In a separate note to staff Khosrowshahi (current CEO of Uber) said the letter detailed enough to "merit serious concern." While Jacobs, Padilla (Uber's general counsel) and other employees addressed some of the claims made within the letter -- confirming the use of Wickr for business-related communications -- the letter itself had not been made public before Friday evening. The document prepared by Jacobs' attorney also claimed Uber was using some of these surveillance tactics on Alphabet's self-driving arm, Waymo. However, during his testimony, Jacobs walked that allegation back.
Cellphones

Don't Keep Cellphones Next To Your Body, California Health Department Warns (techcrunch.com) 239

The California Department of Public Health (CDPH) issued a warning against the hazards of cellphone radiation this week. They are asking people to decrease their use of these devices and suggest keeping your distance when possible. TechCrunch reports: The warning comes after findings were offered up this week from a 2009 department document, which was published after an order from the Sacramento Superior Court. A year ago, UC Berkeley professor Joel Moskowitz initiated a lawsuit to get the department to release the findings after he started looking into whether mobile phone use increased the risk of tumors. A draft of the document was released in March, but the final release is more extensive.

According to the Federal Communication Commission's website, there is no national standard developed for safety limits. However, the agency requires cell phone manufacturers to ensure all phones comply with "objective limits for safe exposure." The CDPH recommends not keeping your phone in your pocket, not putting it up to your ear for a prolonged amount of time, keeping use low if there are two bars or less, not sleeping near it at night and to be aware that if you are in a fast-moving car, bus or train, your phone will emit more RF energy to maintain the connection.

Bitcoin

Feds Moving Quickly To Cash in on Seized Bitcoin, Now Worth $8.4 Million (arstechnica.com) 141

A federal judge in Utah has agreed to let the US government sell off a seized cache of over 513 bitcoins (BTC) and 512 Bitcoin Cash (BCH). At current prices, that would yield approximately $8.4 million for the bitcoins and nearly $1 million for the BCH. From a report: In a court filing, prosecutors noted that due to the volatility of the Bitcoin market, both coins risk losing value. Both the BTC and the BCH have already been transferred to government-controlled wallets. The new round of seized digital currency belonged to a Utah man named Aaron Shamo, whom prosecutors say led a multimillion-dollar ring of counterfeit pharmaceuticals, including oxycodone and alprazolam that were sold on Dark Web marketplaces. Shamo was arrested over a year ago -- his trial has not yet been scheduled. On Tuesday, US District Judge Dale Kimball allowed the sale to proceed. Once sold, the money would go to an account held at the Treasury Executive Office for Asset Forfeiture.
Businesses

One of Australia's Richest Men Lost $1 Million To Email Scam (bloomberg.com) 83

Kaye Wiggins, reporting for Bloomberg: The multi-millionaire founder of Twynam Agricultural Group lost $1 million in an email fraud, a London court heard Thursday. The British man who facilitated the theft says he's a victim too. John Kahlbetzer, who is on the Forbes list of the 50 richest Australians, lost the money when fraudsters tricked the administrator of his personal finances into transferring it to them, his court papers say. Fraudsters emailed Christine Campbell, pretending to be the 87-year-old and asking her to pay $1 million to an account held by a British man, David Aldridge, which she did. Kahlbetzer is suing Aldridge to recover the funds, but Aldridge says he was being "unwittingly used" and was himself the victim of a fraud involving a woman he met online and believed he was in a loving relationship with. Email frauds where companies' staff are tricked into transferring money are a growing problem. U.S. Federal Bureau of Investigation statistics show "business email compromise" cases, where criminals ask company officials to transfer funds, have cost more than $3 billion since 2015.
Crime

DOJ Confirms Uber Is Being Investigated For Criminal Behavior (arstechnica.com) 34

A newly released letter from the Department of Justice has formally acknowledged that federal prosecutors have an open criminal investigation into Uber. Ars Technica reports: Late last month, as part of the proceedings in the high-profile and ongoing Waymo v. Uber trade secrets lawsuit, U.S. District Judge William Alsup said that on November 22 he had received a letter from San Francisco-based federal prosecutors. It is very unusual for a judge in a civil case to be apprised of a pending criminal investigation involving one of the litigants. In a separate November 28 letter sent to Judge Alsup, Acting U.S. Attorney Alex Tse asked that the first letter not be made public. The judge unsealed both letters on Wednesday. The first letter was signed by two prosecutors, Matthew Parrella and Amie Rooney. Those attorneys are assigned to the Computer Hacking and Intellectual Property (CHIP) Unit at the United States Attorney's Office in San Jose. [T]he letter could mean Uber and/or its current or former employees may be under investigation for possible crimes under the Computer Fraud and Abuse Act, a longstanding anti-hacking law.
The Internet

Lawmakers Are Fighting For Net Neutrality (theverge.com) 212

An anonymous reader quotes a report from The Verge: Lawmakers and public officials are responding to the FCC's decision to gut net neutrality with promises of action. In the hours following the FCC hearing, officials from around the country announced lawsuits and bills intended to counter the FCC's decision. In New York, Attorney General Eric Schneiderman said that he's leading a multi-state lawsuit to challenge the FCC's vote, though he didn't give further details on the suit or who would be joining him. Calling today's decision an "illegal rollback," he described it as giving "Big Telecom an early Christmas present."

Washington state Attorney General Bob Ferguson also announced he would sue alongside Schneiderman and other attorneys general across the country, saying that he held "a strong legal argument" and that it was likely the government had failed to follow the law with this vote. Other officials from Santa Clara, California, including county supervisor Joe Simitian, are also suing the FCC to block the decision. "We believe the depth of your ideas should outweigh the depths of your pockets," Simitian said at a press conference.

State Sen. Scott Wiener (D-CA) announced plans to introduce a bill to adopt net neutrality as a requirement in his state. He wrote in a Medium post, "If the FCC won't stand up for a free and open internet, California will."

Rep. Mike Coffman (R-CO) tweeted that he will be submitting net neutrality legislation, saying that this was a decision better left to Congress. Coffman was the first Republican to ask the FCC to delay the vote, citing "unanticipated negative consequences" on Tuesday.
Furthermore, Sen. Bernie Sanders (D-VT) and Sen. Brian Schatz (D-HI) are supporting Sen. Ed Markey's (D-MA) plan to introduce a Congressional Review Act resolution to undo the FCC vote. Even Rep. Marsha Blackburn (R-TN), who had previously announced on Twitter her support for Ajit Pai and the FCC, tweeted a video, saying, "We will codify the need for no blocking, no throttling, and making certain that we preserve that free and open internet." We're likely to see many others express their disappointment with the FCC's decision over the next few hours and days.
Electronic Frontier Foundation

EFF: Accessing Publicly Available Information On the Internet Is Not a Crime (eff.org) 174

An anonymous reader quotes a report from EFF: EFF is fighting another attempt by a giant corporation to take advantage of our poorly drafted federal computer crime statute for commercial advantage -- without any regard for the impact on the rest of us. This time the culprit is LinkedIn. The social networking giant wants violations of its corporate policy against using automated scripts to access public information on its website to count as felony "hacking" under the Computer Fraud and Abuse Act, a 1986 federal law meant to criminalize breaking into private computer systems to access non-public information.

EFF, together with our friends DuckDuckGo and the Internet Archive, have urged the Ninth Circuit Court of Appeals to reject LinkedIn's request to transform the CFAA from a law meant to target "hacking" into a tool for enforcing its computer use policies. Using automated scripts to access publicly available data is not "hacking," and neither is violating a website's terms of use. LinkedIn would have the court believe that all "bots" are bad, but they're actually a common and necessary part of the Internet. "Good bots" were responsible for 23 percent of Web traffic in 2016. Using them to access publicly available information on the open Internet should not be punishable by years in federal prison. LinkedIn's position would undermine open access to information online, a hallmark of today's Internet, and threaten socially valuable bots that journalists, researchers, and Internet users around the world rely on every day -- all in the name of preserving LinkedIn's advantage over a competing service. The Ninth Circuit should make sure that doesn't happen.

Security

Maker of Sneaky Mac Adware Sends Security Researcher Cease-and-Desist Letters (zdnet.com) 86

Zack Whittaker, writing for ZDNet: The maker of a sneaky adware that hijacks a user's browser to serve ads is back with a new, more advanced version -- one that can gain root privileges and spy on the user's activities. News of the updated adware dropped Tuesday in a lengthy write-up by Amit Serper, principal security researcher at Cybereason. The adware, dubbed OSX.Pirrit, is still highly active, infecting tens of thousands of Macs, according to Serper, who has tracked the malware and its different versions for over a year. Serper's detailed write-up is well worth the read. [...] TargetingEdge sent cease-and-desist letters to try to prevent Serper from publishing his research. "We've received several letters over the past two weeks," Serper told ZDNet. "We decided to publish anyway because we're sick of shady 'adware' companies and their threats."
Botnet

Mirai IoT Botnet Co-Authors Plead Guilty (krebsonsecurity.com) 33

Three hackers responsible for creating the massive Mirai botnet that knocked large swathes of the internet offline last year have pleaded guilty. Brian Krebs reports: The U.S. Justice Department on Tuesday unsealed the guilty pleas of two men (Editor's note: three men) first identified in January 2017 by KrebsOnSecurity as the likely co-authors of Mirai, a malware strain that remotely enslaves so-called "Internet of Things" devices such as security cameras, routers, and digital video recorders for use in large scale attacks designed to knock Web sites and entire networks offline (including multiple major attacks against this site). Entering guilty pleas for their roles in developing and using Mirai are 21-year-old Paras Jha from Fanwood, N.J. and Josiah White, 20, from Washington, Pennsylvania. Jha and White were co-founders of Protraf Solutions LLC, a company that specialized in mitigating large-scale DDoS attacks. Like firemen getting paid to put out the fires they started, Jha and White would target organizations with DDoS attacks and then either extort them for money to call off the attacks, or try to sell those companies services they claimed could uniquely help fend off the attacks. Editor's note: The story was updated to note that three men have pleaded guilty. -- not two as described in some reports.
Businesses

Uber's Massive Scraping Program Collected Data About Competitors Around The World (gizmodo.com) 29

Kate Conger, reporting for Gizmodo: For years, Uber systemically scraped data from competing ride-hailing companies all over the world, harvesting information about their technology, drivers, and executives. Uber gathered information from these firms using automated collection systems that ran constantly, amassing millions of records, and sometimes conducted physical surveillance to complement its data collection. Uber's scraping efforts were spearheaded by the company's Marketplace Analytics team, while the Strategic Services Group gathered information for security purposes, Gizmodo learned from three people familiar with the operations of these teams, from court testimony, and from internal Uber documents. Until Uber's data scraping was discontinued this September in the face of mounting litigation and multiple federal investigations, Marketplace Analytics gathered information on Uber's overseas competitors in an attempt to advance Uber's position in those markets. SSG's mission was to protect employees, executives, and drivers from violence, which sometimes involved tracking protesters and other groups that were considered threatening to Uber. An Uber spokesperson declined to comment for this story.
Government

Trump Signs Law Forcing Drone Users To Register With Government (thehill.com) 468

President Trump signed a sweeping defense policy bill into law on Tuesday that will allow the government to require recreational drone users to register their model aircraft. This comes after a federal court ruled in May that Americans no longer have to register non-commercial drones with the Federal Aviation Administration (FAA) "because Congress had said in a previous law that the FAA can't regulate model aircraft," reports The Hill. From the report: In December 2015, the FAA issued an interim rule requiring drone hobbyists to register their recreational aircraft with the agency. The rule -- which had not been formally finalized -- requires model aircraft owners to provide their name, email address and physical address; pay a $5 registration fee; and display a unique drone ID number at all times. Those who fail to comply could face civil and criminal penalties. While Congress directed the FAA to safely integrate drones into the national airspace in a 2012 aviation law, lawmakers also included a special exemption to prevent model aircraft from being regulated. A D.C.-based appeals court cited the 2012 law in its ruling striking down the FAA drone registry, arguing that recreational drones count as model aircraft and that the registry counts as a rule or regulation.
Bitcoin

SEC Shuts Down Munchee ICO (techcrunch.com) 43

The Securities and Exchange Commission has shut down Munchee, a company that built a $15 million token sale. According to TechCrunch, "The Munchee ICO aimed to fund the MUN coin, a payment system for restaurant reviews." However, the company "received a cease and desist from the SEC on December 11" because it constituted the offer and sale of unregistered securities. From the report: Within the SECs findings they noted that Munchee touted itself as a "utility" token which means that the company believed the MUN token would be primarily used within the Munchee ecosystem and not be used to fund operations. However, thanks to an application of the Howey Test (a Supreme Court finding that essentially states that any instrument with the expectation of return is an investment vehicle), the SEC found the Munchee was actually releasing a security masquerading as a utility. "Munchee offered MUN tokens in order to raise capital to build a profitable enterprise," read the SEC notice. "Munchee said that it would use the offering proceeds to run its business, including hiring people to develop its product, promoting the Munchee App, and ensuring 'the smooth operation of the MUN token ecosystem.'" The stickiest part? Munchee claimed that its coins would increase in value thanks to a convoluted process of growth.

In short, Munchee was undone by two things: depending on the token sale as a vehicle to raise cash for operations and using the typically spammy and scammy marketing efforts most ICO floggers use now, tactics taken directly from affiliate marketing handbooks. Fortunately, Munchee was able to return all $15 million to the 40 investors that dumped their coins into scheme.

Books

San Diego Comic-Con Wins Trademark Suit Against 'Salt Lake Comic Con' (deseretnews.com) 117

The Deseret News reports: A jury has found that Salt Lake Comic Con founders Dan Farr and Bryan Brandenburg, along with their company, violated a trademark when they named their fan convention a "comic con." However, the jury decided that the trademark was not willfully violated, and only awarded $20,000 of the $12 million that San Diego Comic-Con had asked for in damages. The decision came at the end of an eight-day jury trial and three years of legal maneuvering... And with an estimated 140 other fan conventions across the country calling themselves comic cons, the impact of the decision could be felt nationwide...

The Salt Lake group also has an ongoing action with the U.S. Patent and Trademark Office seeking to invalidate San Diego's "comic-con" trademark... San Diego Comic-Con, which has been holding events since 1970, has a trademark on "comic-con" with a hyphen, but was unsuccessful in its 1995 bid to trademark "comic con," with a space. The unhyphenated name "Comic Con International," as well as the event's iconic "eye logo," are also protected by trademark. The event maintains that its trademarks cover the term "comic con" in all its forms...

San Diego Comic-Con wanted more than $12 million in damages from Salt Lake, including over $9 million for a three-month "corrective advertising campaign" to dispel confusion... In his closing arguments, Michael Katz, an attorney for Salt Lake Comic Con, questioned the amount San Diego was seeking, noting that San Diego authorities said during trial the organization generally spends between $20,000 and $30,000 for a month of advertising.

Slashdot reader AlanBDee writes: When I attended the Salt Lake City Comic Con I did assume it was the same organization that put on San Diego Comic-Con... But now I have to wonder how that will affect other Comic Cons around the nation? What should these comic based fan conventions be called if not Comic Con?
Businesses

Bangladesh Bank, NY Fed Discuss Suing Manila Bank For Heist Damages (reuters.com) 29

An anonymous reader shares a report: Bangladesh's central bank has asked the Federal Reserve Bank of New York to join a lawsuit it plans to file against a Philippines bank for its role in one of the world's biggest cyber-heists, several sources said. The Fed is yet to respond formally, but there is no indication it would join the suit. Unidentified hackers stole $81 million from Bangladesh Bank's account at the New York Fed in February last year, using fraudulent orders on the SWIFT payments system. The money was sent to accounts at Manila-based Rizal Commercial Banking Corp and then disappeared into the casino industry in the Philippines.
Businesses

ISP Disclosures About Data Caps and Fees Eliminated By Net Neutrality Repeal (arstechnica.com) 281

In 2015, the Federal Communications Commission forced ISPs to be more transparent with customers about hidden fees and the consequences of exceeding data caps. Since the requirements were part of the net neutrality rules, they will be eliminated when the FCC votes to repeal the rules next week. Ars Technica reports: While FCC Chairman Ajit Pai is proposing to keep some of the commission's existing disclosure rules and to impose some new disclosure requirements, ISPs won't have to tell consumers exactly what everything will cost when they sign up for service. There have been two major versions of the FCC's transparency requirements: one created in 2010 with the first net neutrality rules, and an expanded version created in 2015. Both sets of transparency rules survived court challenges from the broadband industry. The 2010 requirement had ISPs disclose pricing, including "monthly prices, usage-based fees, and fees for early termination or additional network services." That somewhat vague requirement will survive Pai's net neutrality repeal. But Pai is proposing to eliminate the enhanced disclosure requirements that have been in place since 2015. Here are the disclosures that ISPs currently have to make -- but won't have to after the repeal:

-Price: the full monthly service charge. Any promotional rates should be clearly noted as such, specify the duration of the promotional period and the full monthly service charge the consumer will incur after the expiration of the promotional period.
-Other Fees: all additional one time and/or recurring fees and/or surcharges the consumer may incur either to initiate, maintain, or discontinue service, including the name, definition, and cost of each additional fee. These may include modem rental fees, installation fees, service charges, and early termination fees, among others.
-Data Caps and Allowances: any data caps or allowances that are a part of the plan the consumer is purchasing, as well as the consequences of exceeding the cap or allowance (e.g., additional charges, loss of service for the remainder of the billing cycle).

Pai's proposed net neutrality repeal says those requirements and others adopted in 2015 are too onerous for ISPs.

Government

Volkswagen Executive Sentenced To Maximum Prison Term For His Role In Dieselgate (arstechnica.com) 101

An anonymous reader quotes a report from Ars Technica: On Wednesday, a U.S. District judge in Detroit sentenced Oliver Schmidt, a former Volkswagen executive, to seven years in prison for his role in the Volkswagen diesel emissions scandal of 2015. Schmidt was also ordered to pay a criminal penalty of $400,000, according to a U.S. Department of Justice (DOJ) press release. The prison term and the fine together represent the maximum sentence that Schmidt could have received under the plea deal he signed in August. Schmidt, a German citizen who lived in Detroit as an emissions compliance executive for VW, was arrested in Miami on vacation last January. In August, he pleaded guilty to conspiracy and to making a false statement under the Clean Air Act. Schmidt's plea deal stated that the former executive could face up to seven years in prison and between $40,000 and $400,000 in fines.

Last week, Schmidt's attorneys made a last-minute bid requesting a lighter sentence for Schmidt: 40 months of supervised release and a $100,000 fine. Schmidt also wrote a letter to the judge, which surfaced over the weekend, in which the executive said he felt "misused" by his own company and claimed that higher-ranked VW executives coached him on a script to help him lie to a California Air Resources Board (CARB) official. Instead, Schmidt was sentenced to the maximum penalties outlined in the plea deal. Only one other VW employee has been sentenced in connection with the emissions scandal: former engineer James Liang, who received 40 months in prison and two years of supervised release as the result of his plea deal. Although six other VW Group executives have been indicted, none is in U.S. custody.

Google

Inside Oracle's Cloak-and-dagger Political War With Google (recode.net) 86

schwit1 shares a Recode report: The story that appeared in Quartz this November seemed shocking enough on its own: Google had quietly tracked the location of its Android users, even those who had turned off such monitoring on their smartphones. But missing from the news site's report was another eyebrow-raising detail: Some of its evidence, while accurate, appears to have been furnished by one of Google's fiercest foes: Oracle. For the past year, the software and cloud computing giant has mounted a cloak-and-dagger, take-no-prisoners lobbying campaign against Google, perhaps hoping to cause the company intense political and financial pain at a time when the two tech giants are also warring in federal court over allegations of stolen computer code. Since 2010, Oracle has accused Google of copying Java and using key portions of it in the making of Android. Google, for its part, has fought those claims vigorously. More recently, though, their standoff has intensified. And as a sign of the worsening rift between them, this summer Oracle tried to sell reporters on a story about the privacy pitfalls of Android, two sources confirmed to Recode.
Businesses

Judge Dismisses Lawsuit That Claims Google Paid Female Employees Less Than Male Colleagues (cnn.com) 257

A California judge has rejected a class action claim against Google for alleged gender inequity. In September, three female Google employees filed a lawsuit against Google, claiming the search giant "engaged in systemic and pervasive pay and promotion discrimination." They sought class action status on behalf of women who have worked at Google in California for the past four years. CNN reports: This week, a judge rejected their request to make the suit a class action. A judge ruled that the class was "overbroad," stating that it "does not purport to distinguish between female employees who may have valid claims against Google based upon its alleged conduct from those who do not." Jim Finberg, the lawyer representing the plaintiffs, said his clients plan to file an amended complaint seeking class action certification. He said it will address the court's ruling and make "clear that Google violates the California Equal Pay Act throughout California and throughout the class period by paying women less than men for substantially equal work in nearly every job classification."
Government

Warrantless Surveillance Can Continue Even If Law Expires, Officials Say (theverge.com) 68

According to a New York Times report citing American officials, the Trump administration has decided that the National Security Agency and the FBI can lawfully keep operating their warrantless surveillance program even if Congress fails to extend the law authorizing it before an expiration date of New Year's Eve. The Verge reports: The White House believes the Patriot Act's surveillance provisions won't expire until four months into 2018. Lawyers point to a one-year certification that was granted on April 26th of last year. If that certification is taken as a legal authorization for the FISA court overall -- as White House lawyers suggest -- then Congress will have another four months to work out the details of reauthorization. There are already several proposals for Patriot Act reauthorization in the Senate, which focus the Section 702 provisions that authorize certain types of NSA surveillance. Some of the proposals would close the backdoor search loophole that allows for warrantless surveillance of U.S. citizens, although a recent House proposal would leave it in place. But with Congress largely focused on tax cuts and the looming debt ceiling fight, it's unlikely the differences could be reconciled before the end of the year.
Firefox

Yahoo Sues Mozilla For Breach of Contract -- So Mozilla Counter Sues Yahoo (betanews.com) 112

Mark Wilson writes: Mozilla and Yahoo have started a legal spat about the deal that existed between the two companies regarding the use of the Yahoo search engine in the Firefox browser. On December 1, Yahoo fired the first shot filing a complaint that alleges Mozilla breached a contract that existed between the two companies by terminating the arrangement early. In a counter complaint, Mozilla says that it was not only justified in terminating the contract early, but that Yahoo Holdings and Oath still have a bill that needs to be settled.

Slashdot Top Deals