Businesses

More Than 40 ISPs Across the Country Tell Chairman Pai to Not Repeal Network Neutrality (eff.org) 39

An anonymous reader shares a report: One excuse FCC Chairman Ajit Pai regularly offers to explain his effort to gut net neutrality protections is the claim that open Internet rules have harmed ISPs, especially small ones. During a speech earlier this year, he stressed that 22 small ISPs told him that the 2015 Open Internet Order hurt their ability to invest and deploy. In reality, though, many more ISPs feel very differently. Today, more than 40 ISPs told the FCC that they have had no problem with the Open Internet Order (PDF) and that it hasn't hurt their ability to develop and expand their networks. What is more, that they want the FCC to do its job and address the problem Congress created when it repealed the broadband privacy rules in March.
Electronic Frontier Foundation

EFF Launches New AI Progress Measurement Project (eff.org) 48

Reader Peter Eckersley writes: There's a lot of real progress happening in the field of machine learning and artificial intelligence, and also a lot of hype. These technologies already have serious policy implications, and may have more in the future. But what's the ratio of hype to real progress? At EFF, we decided to find out.

Today we are launching a pilot project to measure the progress of AI research. It breaks the field into a taxonomy of subproblems like game playing, reading comprehension, computer vision, and asking neural networks to write computer programs, and tracks progress on metrics across these fields. We're hoping to get feedback and contributions from the machine learning community, with the aim of using this data to improve the conversations around the social implications, transparency, safety, and security of AI.

Printer

Researcher Wants To Protect Whistleblowers Against Hidden Printer Dots (bleepingcomputer.com) 218

An anonymous reader writes: "Gabor Szathmari, a security researcher for CryptoAUSTRALIA, is working on a method of improving the security of leaked documents by removing hidden dots left behind by laser printers, which are usually used to watermark documents and track down leakers," reports Bleeping Computer. "Szathmari's work was inspired by the case of a 25-year-old woman, Reality Leigh Winner, who was recently charged with leaking top-secret NSA documents to a news outlet." According to several researchers, Winner might have been caught after The Intercept had shared some of the leaked documents with the NSA. These documents had the invisible markings left behind by laser printers, which included the printer's serial number and the date and time when the document was printed. This allowed the NSA to track down Winner and arrest her even before she was able to publish the leaked documents. Now, Szatmari has submitted a pull request to the PDF Redact Tools, a project for securely redacting and stripping metadata from documents before publishing. Szathmari's pull request adds a code routine to the PDF Redact Tools project that would allow app operators to convert documents to black and white before publishing. "The black and white conversion will convert colors like the faded yellow dots to white," Szathmari said in an interview. Ironically, the project is managed by First Look Media, the parent company behind The Intercept news outlet.
Mozilla

Amazon, Mozilla, Kickstarter, and Reddit Are Staging a Net Neutrality Online Protest (washingtonpost.com) 70

An anonymous reader shares a report: Some of the Internet's biggest names are banding together for a "day of action" to oppose the Federal Communications Commission (alternative source), which is working to undo regulations for Internet providers that it passed during the Obama administration. Among the participants are Etsy, Kickstarter and Mozilla, the maker of the popular Firefox Web browser. Also joining the day of protest will be Reddit, the start-up incubator Y Combinator, and Amazon. On July 12, the companies and organizations are expected to change their websites to raise awareness of the FCC effort, which is aimed at deregulating the telecom and cable industries. Mozilla, for example, will change what users see on their screens when they open a new browser window. Other participants include Demand Progress, Etsy, Vimeo, Private Internet Access, Fight for the Future, EFF, DreamHost, Creative Commons, BitTorrent, American Library Association, ACLU, GreenPeace, Open Media, and Patreon. Find more details here.
Electronic Frontier Foundation

EFF Sues FBI For Records About Paid Best Buy Geek Squad Informants (eff.org) 147

The Electronic Frontier Foundation is suing the FBI for records "about the extent to which it directs and trains Best Buy employees to conduct warrantless searches of people's devices." The lawsuit stems around an incident in 2011 where a gynecology doctor took his computer for repairs at Best Buy's Geek Squad. The repair technician was a paid FBI informant that found child pornography on the doctor's computer, ultimately resulting in the doctor being charged with possessing child pornography. From the EFF's report: A federal prosecution of a doctor in California revealed that the FBI has been working for several years to cultivate informants in Best Buy's national repair facility in Brooks, Kentucky, including reportedly paying eight Geek Squad employees as informants. According to court records in the prosecution of the doctor, Mark Rettenmaier, the scheme would work as follows: Customers with computer problems would take their devices to the Geek Squad for repair. Once Geek Squad employees had the devices, they would surreptitiously search the unallocated storage space on the devices for evidence of suspected child porn images and then report any hits to the FBI for criminal prosecution. Court records show that some Geek Squad employees received $500 or $1,000 payments from the FBI. At no point did the FBI get warrants based on probable cause before Geek Squad informants conducted these searches. Nor are these cases the result of Best Buy employees happening across potential illegal content on a device and alerting authorities. Rather, the FBI was apparently directing Geek Squad workers to conduct fishing expeditions on people's devices to find evidence of criminal activity. Prosecutors would later argue, as they did in Rettenmaier's case, that because private Geek Squad personnel conducted the searches, there was no Fourth Amendment violation. The judge in Rettenmaier's case appeared to agree with prosecutors, ruling earlier this month that because the doctor consented both orally and in writing to the Geek Squad's search of his device, their search did not amount to a Fourth Amendment violation. The court, however, threw out other evidence against Rettenmaier after ruling that FBI agents misstated key facts in the application for a warrant to search his home and smartphone. We disagree with the court's ruling that Rettenmaier consented to a de-facto government search of his devices when he sought Best Buy's help to repair his computer. But the court's ruling demonstrates that law enforcement agents are potentially exploiting legal ambiguity about when private searches become government action that appears intentionally designed to try to avoid the Fourth Amendment.
Transportation

Delta Airlines Tests Facial Recognition To Speed Up Baggage Check-In (cnn.com) 57

Would you let Delta airlines scan your face if it meant you could skip the line to check-in your baggage? An anonymous reader quotes CNN: Delta is testing a face-scanning kiosk for baggage check... It uses facial recognition technology to match your identity to your passport photo. You tag your own bags, pay the fee and drop your luggage on a conveyor belt... Delta will test four of the machines at Minneapolis-St. Paul International Airport this summer. The airline spent $600,000 on the four kiosks.
A senior staff attorney at the EFF warns this could be a slippery slope -- at what point this morphs into airline surveillance? But a Delta spokerspeson insists the images won't be stored, that they're complying with privacy laws, and that the kiosks could double the number of passengers whisking through their check-in procedures.
Communications

FCC Suspends Net Neutrality Comments, As Chairman Pai Mocks 'Mean Tweets' (gizmodo.com) 184

An anonymous reader writes:Thursday the FCC stopped accepting comments as part of long-standing rules "to provide FCC decision-makers with a period of repose during which they can reflect on the upcoming items" before their May 18th meeting. Techdirt wondered if this time to reflect would mean less lobbying from FCC Chairman Ajit Pai, but on Friday Pai recorded a Jimmy Kimmel-style video mocking mean tweets, with responses Gizmodo called "appalling" and implying "that anyone who opposes his cash grab for corporations is a moron."

Meanwhile, Wednesday The Consumerist reported the FCC's sole Democrat "is deploying some scorched-earth Microsoft Word table-making to use FCC Chair Ajit Pai's own words against him." (In 2014 Pai wrote "A dispute this fundamental is not for us five, unelected individuals to decide... We should also engage computer scientists, technologists, and other technical experts to tell us how they see the Internet's infrastructure and consumers' online experience evolving.") But Pai seemed to be mostly sticking to friendlier audiences, appearing with conservative podcasters from the Taxpayer Protection Alliance, the AEI think tank and The Daily Beast.

The Verge reports the flood of fake comments opposing Net Neutrality may have used names and addresses from a breach of 1.4 billion personal information records from marketing company River City Media. Reached on Facebook Messenger, one woman whose named was used "said she hadn't submitted any comments, didn't live at that address anymore and didn't even know what net neutrality is, let alone oppose it."

Techdirt adds "If you do still feel the need to comment, the EFF is doing what the FCC itself should do and has set up its own page at DearFCC.org to hold any comments."
Electronic Frontier Foundation

EFF Warns Most Of Intel's Chipsets Contain 'A Security Hazard' (eff.org) 158

The EFF is issuing a warning about the "tiny homunculus computer" in most of Intel's chipsets -- the largely-undocumented "Management Engine" which houses more than just the AMT module. An anonymous reader quotes their report: While AMT can be disabled, there is presently no way to disable or limit the Management Engine in general. Intel urgently needs to provide one....vulnerabilities in any of the other modules could be as bad, if not worse, for security. Some of the other modules include hardware-based authentication code and a system for location tracking and remote wiping of laptops for anti-theft purposes... It should be up to hardware owners to decide if this code will be installed in their computers or not. Perhaps most alarmingly, there is also reportedly a DRM module that is actively working against the user's interests, and should never be installed in a Management Engine by default...

While Intel may put a lot of effort into hunting for security bugs, vulnerabilities will inevitably exist, and having them lurking in a highly privileged, low-level component with no OS visibility or reliable logging is a nightmare for defensive cybersecurity. The design choice of putting a secretive, unmodifiable management chip in every computer was terrible, and leaving their customers exposed to these risks without an opt-out is an act of extreme irresponsibility... EFF believes that Intel needs to provide a minimum level of transparency and user control of the Management Engines inside our computers, in order to prevent this cybersecurity disaster from recurring. Unless that happens, we are concerned that it may not be appropriate to use Intel CPUs in many kinds of critical infrastructure systems.

TLDR: "We have reason to fear that the undocumented master controller inside our Intel chips could continue to be a source of serious vulnerabilities in personal computers, servers, and critical cybersecurity and physical infrastructure."
The Internet

A New Use For Browser Fingerprints: Defeating Spoofing (browserprint.info) 64

AnonymousCube writes: Researchers at the University of Adelaide have found a new use for browser fingerprints: uncovering and defeating spoofing by web browsers. By using machine learning on browser fingerprints they were able to correctly guess the OS or browser family of a browser 90% of the time, and defeat operating system and browser family spoofing 76% of the time. This was done with small training sets of less than 1000 fingerprints, so accuracy with a much larger training set, like the size of the EFF's Panopticlick database should give even better results; you can help prove this, and see what their site thinks your browser family and OS is, by submitting your fingerprint to their site.
DRM

DRM Will Be Gone By 2025, Predicts Cory Doctorow (theregister.co.uk) 191

An anonymous reader writes: It's been two years since Cory Doctorow joined the EFF's campaign to eliminate DRM within 8 years -- and he still believes it'll happen. "Farmers and the Digital Right To Repair Coalition have done brilliantly and have a message which is extremely resonant with the political right as well as the political left." And now even the entertainment industry seems to oppose extending the DMCA to tractors. "The entertainment industry feels very proprietary towards laws that protect DRM. They really feel that they lobbied for and bought these laws in order to protect the business model they envisioned. For these latecomer upstarts to turn up and stretch and distort these laws out of proportion has really exposed one of the natural cracks in copyright altogether."
Doctorow also says that "If there's anything good that might come of Brexit, it's that the UK will renegotiate and reevaluate its relationship to the Organisation for Economic Co-operation and Development and other directives. The UK enjoys a really interesting market position if it wants to be the only nation in the region that makes, exports, and supports DRM-breaking tools."
Crime

Debian Developer Imprisoned In Russia Over Alleged Role In Riots (itwire.com) 93

An anonymous reader writes: "Dmitry Bogatov, Debian developer and Tor node admin, is still being held in a Moscow jail," tweeted the EFF Saturday. IT Wire reports that the 25-year-old math teacher was arrested earlier this month "on suspicion of organizing riots," and is expected to be held in custody until June 8. "The panel investigating the protests claims Bogatov posted several incitory messages on the sysadmin.ru forum; for example, one claim said he was asking people to bring 'bottles, fabric, gasoline, turpentine, foam plastic' to Red Square, according to a post at Hacker News. The messages were sent in the name of one Airat Bashirov and happened to be transmitted through the Tor node that Bogatov was running. The Hacker News post said Bogatov's lawyer had produced surveillance video footage to show that he was elsewhere at the time when the messages were posted.
"After Dmitry's arrest," reports the Free Bogatov site, "Airat Bashirov continue to post messages. News outlets 'Open Russia' and 'Mediazona' even got a chance to speak with him."

Earlier this month the Debian GNU/Linux project also posted a message of support, noting Dmitry maintains several packages for command line and system tools, and saying their group "honours his good work and strong dedication to Debian and Free Software... we hope he is back as soon as possible to his endeavours... In the meantime, the Debian Project has taken measures to secure its systems by removing Dmitry's keys in the case that they are compromised."
Databases

Five Years Later, Legal Megaupload Data Is Still Trapped On Dead Servers (arstechnica.com) 82

An anonymous reader quotes a report from Ars Technica: It's been more than five years since the government accused Megaupload and its founder Kim Dotcom of criminal copyright infringement. While Dotcom himself was arrested in New Zealand, U.S. government agents executed search warrants and grabbed a group of more than 1,000 servers owned by Carpathia Hosting. That meant that a lot of users with gigabytes of perfectly legal content lost access to it. Two months after the Dotcom raid and arrest, the Electronic Frontier Foundation filed a motion in court asking to get back data belonging to one of those users, Kyle Goodwin, whom the EFF took on as a client. Years have passed. The U.S. criminal prosecution of Dotcom and other Megaupload executives is on hold while New Zealand continues with years of extradition hearings. Meanwhile, Carpathia's servers were powered down and are kept in storage by QTS Realty Trust, which acquired Carpathia in 2015. Now the EFF has taken the extraordinary step of asking an appeals court to step in and effectively force the hand of the district court judge. Yesterday, Goodwin's lawyers filed a petition for a writ of mandamus (PDF) with the U.S. Court of Appeals for the 4th Circuit, which oversees Virginia federal courts. "We've been asking the court for help since 2012," said EFF attorney Mitch Stolz in a statement about the petition. "It's deeply unfair for him to still be in limbo after all this time."
Education

EFF Says Google Chromebooks Are Still Spying On Students (softpedia.com) 84

schwit1 quotes a report from Softpedia: In the past two years since a formal complaint was made against Google, not much has changed in the way they handle this. Google still hasn't shed its "bad guy" clothes when it comes to the data it collects on underage students. In fact, the Electronic Frontier Foundation says the company continues to massively collect and store information on children without their consent or their parents'. Not even school administrators fully understand the extent of this operation, the EFF says. According to the latest status report from the EFF, Google is still up to no good, trying to eliminate students privacy without their parents notice or consent and "without a real choice to opt out." This, they say, is done via the Chromebooks Google is selling to schools across the United States.
Electronic Frontier Foundation

Troll With 'Stupid Patent' Sues EFF. EFF Sues Them Back (arstechnica.com) 68

"The Electronic Frontier Foundation has sued an Australian company that it previously dubbed as a 'classic patent troll' in a June 2016 blog post entitled: Stupid Patent of the Month: Storage Cabinets on a Computer." An anonymous reader quotes Ars Technica: Last year, that company, Global Equity Management (SA) Pty. Ltd. (GEMSA), managed to get an Australian court to order EFF to remove its post -- but EFF did not comply. In January 2017, Pasha Mehr, an attorney representing GEMSA, further demanded that the article be removed and that EFF pay $750,000. EFF still did not comply. The new lawsuit, filed in federal court in San Francisco on Wednesday, asks that the American court declare the Australian ruling unenforceable in the U.S.
GEMSA's attorneys reportedly threatened to have the EFF's post de-indexed from search engine listings -- on the basis of the Australian court order -- so now the EFF "seeks a court order declaring the Australian injunction 'repugnant' to the U.S. Constitution and unenforceable in the United States."

The Register reports that GEMSA has already sued 37 companies, "including big-name tech companies Airbnb, Uber, Netflix, Spotify, and eBay. In each case, GEMSA accused the company's website design of somehow trampling on the GUI patent without permission." But things were different after the EFF's article, according to Courthouse News. "GEMSA said the article made it harder to enforce its patents in the United States, citing its legal opponents' 'reduced interest in pursuing pre-trial settlement negotiations.'"
Government

Should The FBI Have Arrested 'The Hacker Who Hacked No One'? (thedailybeast.com) 227

Last week The Daily Beast ran an article about the FBI's arrest of "the hacker who hacked no one." In December they'd arrested 26-year-old Taylor Huddleston, "the author of a remote administration tool, or RAT, called NanoCore that happens to be popular with hackers." It's been "linked to intrusions in at least 10 countries," reported Kevin Poulsen, but "as Huddleston sees it, he's a victim himself -- hackers have been pirating his program for years and using it to commit crimes."

The article quotes Huddleston's lawyer, as well as a Cornell law professor who warns of the "chilling effect" of its implications on programmers. But it also says security experts who examined the software are "inherently skeptical" of Huddleston's claim that the software was intended for legal use, since that's "a common claim amongst RAT authors." Security researcher Brian Krebs also sees "a more complex and nuanced picture" after "a closer look at the government's side of the story -- as well as public postings left behind by the accused and his alleged accomplices."

Click through for the rest of the story.
Electronic Frontier Foundation

London Police Ink Shadowy Deal With Industry On Website Takedowns (eff.org) 23

AmiMoJo writes: The EFF is warning about unregulated activity against websites by the Police Intellectual Property Crime Unit (PIPCU) of the City of London Police. A program called RogueBlock accepts notifications from IP holders, which the PIPCU then acts on, giving private companies legal jurisdiction over the entire internet, with appeals in the case of malicious reports and mistakes being extremely difficult to make. For example, Spanish sports streaming site Rojadirecta had its domain name seized by the U.S. government for over a year, despite the site being lawful in its native Spain. The EFF terms this kind of activity "Shadow Regulation."
Privacy

How To Protect Your Privacy Online (theverge.com) 130

Though the U.S. Congress voted to roll back privacy rules, broadband customers can still opt-out of targeted advertising from Comcast, Charter, AT&T, and T-Mobile. But an anonymous reader explains why that's not enough: "It's not clear that opting out will prevent ISPs from putting your data to use," reports The Verge, adding "you're opting out of seeing ads, but not out of providing data." Neema Singh Guliani, legislative counsel for the American Civil Liberties Union, tells NPR that consumers can also "call their providers and opt out of having their information shared." But he also suggests a grass roots effort, calling this "an opportunity to pressure companies to implement good practices and for consumers to say 'I think that you should require opt-in consent and if you're not, why not?'"

To try to stop the creation of that data, Brian Krebs has also posted a guide for choosing a VPN provider, and shared a useful link to a chart comparing VPN providers that was recommended by the EFF. This may help avoid some of the problems reported with VPN services, and Krebs also recommends Tor as a free (albeit possibly slower) option, while sharing an informational link describing Tor's own limitations.

I'm curious what steps Slashdot's readers are taking (if any) to protect their own privacy online?
Electronic Frontier Foundation

EFF Issues April Fool's Day Newsletter (eff.org) 21

An anonymous reader writes: There were some surprises in today's edition of the EFF's "EFFector" newsletter. Noting that it's their sqrt(-1)th issue, they report that the EU will protect the privacy of its data by building a 30-foot wall around the United States. "Only U.S. tech companies that comply with EU privacy restrictions and prohibit U.S. government access to their data will be given fiber optic grappling hooks to transport Europeans' data across the Atlantic, over the wall, and back to their U.S.-based servers."

The newsletter also reports that the bipartisan leaders of the U.S. House and Senate Intelligence Committees "apologized during a press conference this morning for failing to provide rigorous supervision of the intelligence community." And the newsletter also reports that Deadpool won an Oscar after PricewaterhouseCoopers mistakenly handed the presenters an envelope with a list of the most-frequently torrent-ed movie of 2016. But perhaps its most unexpected headline is "Comcast to Assimilate with the Borg."

The Borg said the deal would increase its market share, nationwide reach, and overall reputation for evil -- while Comcast claimed that the deal would boost competition.
Communications

Senate Votes To Kill FCC's Broadband Privacy Rules (pcworld.com) 404

The Senate voted 50-48 along party lines Thursday to repeal an Obama-era law that requires internet service providers to obtain permission before tracking what customers look at online and selling that information to other companies. PCWorld adds: The Senate's 50-48 vote Thursday on a resolution of disapproval would roll back Federal Communications Commission rules requiring broadband providers to receive opt-in customer permission to share sensitive personal information, including web-browsing history, geolocation, and financial details with third parties. The FCC approved the regulations just five months ago. Thursday's vote was largely along party lines, with Republicans voting to kill the FCC's privacy rules and Democrats voting to keep them. The Senate's resolution, which now heads to the House of Representatives for consideration, would allow broadband providers to collect and sell a "gold mine of data" about customers, said Senator Bill Nelson, a Florida Democrat. Kate Tummarello, writing for EFF: [This] would be a crushing loss for online privacy. ISPs act as gatekeepers to the Internet, giving them incredible access to records of what you do online. They shouldn't be able to profit off of the information about what you search for, read about, purchase, and more without your consent. We can still kill this in the House: call your lawmakers today and tell them to protect your privacy from your ISP.
Businesses

Patents Are A Big Part Of Why We Can't Own Nice Things (eff.org) 243

An anonymous reader shares an EFF article: Today, the Supreme Court heard arguments in a case that could allow companies to keep a dead hand of control over their products, even after you buy them. The case, Impression Products v. Lexmark International, is on appeal from the Court of Appeals for the Federal Circuit, who last year affirmed its own precedent allowing patent holders to restrict how consumers can use the products they buy. That decision, and the precedent it relied on, departs from long established legal rules that safeguard consumers and enable innovation. When you buy something physical -- a toaster, a book, or a printer, for example -- you expect to be free to use it as you see fit: to adapt it to suit your needs, fix it when it breaks, re-use it, lend it, sell it, or give it away when you're done with it. Your freedom to do those things is a necessary aspect of your ownership of those objects. If you can't do them, because the seller or manufacturer has imposed restrictions or limitations on your use of the product, then you don't really own them. Traditionally, the law safeguards these freedoms by discouraging sellers from imposing certain conditions or restrictions on the sale of goods and property, and limiting the circumstances in which those restrictions may be imposed by contract. But some companies are relentless in their quest to circumvent and undermine these protections. They want to control what end users of their products can do with the stuff they ostensibly own, by attaching restrictions and conditions on purchasers, locking down their products, and locking you (along with competitors and researchers) out. If they can do that through patent law, rather than ordinary contract, it would mean they could evade legal limits on contracts, and that any one using a product in violation of those restrictions (whether a consumer or competitor) could face harsh penalties for patent infringement.

Slashdot Top Deals