Tag Archives: Politics & Government

The US government is no longer briefing Meta about foreign influence campaigns

Posted on by

As Meta gears up for the 2024 election, the company is grappling with a new challenge that could slow its efforts to combat foreign attempts at election interference. US government agencies have stopped sharing information with the company’s security researchers about covert influence operations on its platform.

Meta says that as of July, the government has “paused” briefings related to foreign election interference, eliminating a key source of information for the company. During a call with reporters, Meta’s head of security policy Nathaniel Gleicher, declined to speculate on the government’s motivations, but the timing lines up with a court order earlier this year that restricted the Biden Administration’s contacts with social media firms.

The order, the result of two states’ attempts to limit platforms' ability to remove misinformation, is currently suspended while the Supreme Court considers the case. But government agencies, like CISA (the Cybersecurity and Infrastructure Agency) and the FBI, have apparently opted to keep the “pause” in place.

Gleicher noted that government contacts aren’t Meta’s only source of information, and that the company continues to work with industry researchers and other civil society groups. But he acknowledged that government officials can be best-placed to advise certain kinds of threats, like those that are coordinated on other platforms. “We have seen that particularly-sophisticated threat actors, like nation states, engaged in foreign interference… there are times when government has the capability to identify these campaigns that other players may not,” he said.

Meta’s researchers regularly share details about networks of fake accounts it catches boosting foreign propaganda and conducting other kinds of influence campaigns, what the company calls “coordinated inauthentic behavior” or CIB. And while most of its takedowns don’t come as a result of government tips, the company has relied on them in detecting CIB targeting US politics. Meta acted on three separate FBI tips about fake accounts from Russia, Iran and Mexico ahead of the 2020 presidential election.

Law enforcement officials have also expressed concern about the lack of coordination with social media platforms. The FBI previously told the House Judiciary Committee that it had “discovered foreign influence campaigns on social media platforms but in some cases did not inform the companies about them because they were hamstrung by the new legal oversight,” NBC News reported, citing congressional sources.

Meta’s latest comments are the first time the company has publicly confirmed that it is no longer receiving tips about election interference. The disclosure comes as the company ramps up its efforts to prepare for multiple elections in 2024, and the inevitable attempts to manipulate political conversations on Facebook. The company said in its latest report on CIB that China is now the third-most common source of coordinated inauthentic behavior on its platform, behind Russia and Iran.

This article originally appeared on Engadget at https://www.engadget.com/the-us-government-is-no-longer-briefing-meta-about-foreign-influence-campaigns-130019156.html?src=rss

Google won’t block news links in Canada after all

Posted on by

Google won't block news links in Canada in response to new legislation after all. The company pledged earlier this year to pull links to Canadian news stories from Search, News and Discover when the country's Online News Act (Bill C-18) takes effect in December. However, Google has reached a deal with the country's government that will see it continuing to serve users there with Canadian news.

"Following constructive discussions, our government and Google have reached an agreement — they will contribute to the Online News Act. We worked hard to make this possible," Minister of Canadian Heritage Pascale St-Onge wrote on X. "This Act is good news for journalism, for online platforms and for Canadians."

Google has agreed to pay news publishers in Canada around $100 million CAD per year, according to the CBC. That's significantly less than the government's previous estimate that Google's annual payments should be around $172 million. The $100 million figure is in line with Google's own estimates of how much it should pay. 

The company will still need to sign an agreement with the media after negotiations. Google had demurred over a mandatory negotiation model that would have seen it hold talks with media organizations. Instead, the CBC reports that Google will only need to negotiate with a representative group, which is said to limit the company's risk of arbitration.

"We thank the Minister of Canadian Heritage, Pascale St-Onge, for acknowledging our concerns and deeply engaging in a series of productive meetings about how they might be addressed," Kent Walker, Google and Alphabet's president of global affairs, told Engadget in a statement. "Following extensive discussions, we are pleased that the Government of Canada has committed to addressing our core issues with Bill C-18, which included the need for a streamlined path to an exemption at a clear commitment threshold. While we work with the government through the exemption process based on the regulations that will be published shortly, we will continue sending valuable traffic to Canadian publishers." 

Google's arrangement with the government will be factored into the Bill C-18 legislative framework, which must be finalized by the middle of December. Although Google said in June that it would remove links to Canadian news stories from several of its key services, it never followed through on that threat. 

Meta, on the other hand, has blocked Canadian news links on Facebook and Instagram since June. According to the CBC, Meta has not returned to the negotiating table with the government. Google and Meta are the only companies that meet Bill C-18's legislative criteria.

Updated 11/29 2:08PM ET: Added statements from Pascale St-Onge and Kent Walker.

This article originally appeared on Engadget at https://www.engadget.com/google-wont-block-news-links-in-canada-after-all-180258909.html?src=rss

Self-proclaimed ‘gay furry hackers’ breach nuclear lab

Posted on by

The nuclear research hub Idaho National Laboratory (INL) confirmed that it fell victim to a data breach on Tuesday. SiegedSec, a group of self-proclaimed "gay furry hackers," took responsibility for the attack and claimed they accessed sensitive employee data like social security numbers, home addresses and more.

"We're willing to make a deal with INL. If they research creating irl catgirls we will take down this post," SiegedSec wrote in a post announcing the leak on Monday. 

The hacktivist group SiegedSec conducted a high profile attack on NATO last month, leaking internal documents as a retaliation against those countries for their attacks on human rights. The group commonly attacks government and affiliated organizations for political reasons, like targeting state governments for passing anti-trans legislation earlier this year.

A spokesperson confirmed the breach to Engadget on Wednesday. "On Monday, Nov. 20, Idaho National Laboratory determined that it was the target of a cybersecurity data breach in a federally approved vendor system outside the lab that supports INL cloud Human Resources services. INL has taken immediate action to protect employee data," an INL spokesperson said. The lab said it has reached out to authorities for help on how to proceed as it determines how to handle the breach. 

INL works as a Department of Energy affiliate researching nuclear reactors, among other projects like sustainable energy. It employs more than 5,000 people. 

This article originally appeared on Engadget at https://www.engadget.com/self-proclaimed-gay-furry-hackers-breach-nuclear-lab-152034192.html?src=rss

US Senator calls for the public release of AT&T ‘Hemisphere’ surveillance records

Posted on by

US Senator Ron Wyden wants the public to know about the details surrounding the long-running Hemisphere phone surveillance program. Wyden has written US Attorney General Merrick Garland a letter (PDF), asking him to release additional information about the project that apparently gives law enforcement agencies access to trillions of domestic phone records. In addition, he said that federal, state, local and Tribal law enforcement agencies have the ability to request "often-warrantless searches" from the project's phone records that AT&T has been collecting since 1987. 

The Hemisphere project first came to light in 2013 when The New York Times reported that the White House Office of National Drug Control Policy (ONDCP) was paying AT&T to mine and keep records of its customers' phone calls. Four billion new records are getting added to its database every day, and a federal or state law enforcement agency can request a query with a subpoena that they can issue themselves. Any law enforcement officer can send in a request to a single AT&T analyst based in Atlanta, Georgia, Wyden's letter says, even if they're seeking information that's not related to any drug case. And apparently, they can use Hemisphere not just to identify a specific number, but to identify the target's alternate numbers, to obtain location data and to look up the phone records of everyone who's been in communication with the target. 

The project has been defunded and refunded by the government several times over the past decade and was even, at one point, receiving federal funding under the name "Data Analytical Services (DAS)." Usually, projects funded by federal agencies would be subject to a mandatory Privacy Impact Assessment conducted by the Department of Justice, which means their records would be made public. 

However, Hemisphere's funding passes through a middleman, so it's not required to go through mandatory assessment. To be specific, ONDCP funds the program through the Houston High Intensity Drug Trafficking Area, which is a regional funding organization that distributes federal anti-drug law grants and is governed by a board made up of federal, state and local law enforcement officials. The DOJ had provided Wyden's office with "dozens of pages of material" related to the project in 2019, but they had been labeled "Law Enforcement Sensitive" and cannot be released to the public. 

"I have serious concerns about the legality of this surveillance program, and the materials provided by the DOJ contain troubling information that would justifiably outrage many Americans and other members of Congress," Wyden wrote in his letter. "While I have long defended the government’s need to protect classified sources and methods, this surveillance program is not classified and its existence has already been acknowledged by the DOJ in federal court. The public interest in an informed debate about government surveillance far outweighs the need to keep this information secret."

This article originally appeared on Engadget at https://www.engadget.com/us-senator-calls-for-the-public-release-of-att-hemisphere-surveillance-records-083627787.html?src=rss

The FCC will crack down on ISPs to address ‘digital discrimination’ in poorer areas

Posted on by

The Federal Communications Commission (FCC) is keeping a close eye on internet providers to make sure they provide Americans with equal access to broadband services regardless of customers' "income level, race, ethnicity, color, religion or national origin." Two years after the Bipartisan Infrastructure Law became official, the FCC has adopted a final set of relevant rules to enforce. 

The Commission will have the power to investigate possible instances of "digital discrimination" under the new rules and could penalize providers for violating them. It could, for instance, look into a company's pricing, network upgrades and maintenance procedures to decide whether a provider is keeping an affluent area well maintained while failing to provide the same level of service to a low-income area. 

As The Wall Street Journal explains, it could even hold companies like AT&T and Comcast liable even if they weren't intentionally discriminatory, as long as their actions "differentially impact consumers' access to broadband." If the FCC does receive complaints against a particular provider, though, it will take into account any technical and economic challenges it may be facing that prevents it from providing equal access to its services. 

According to The Journal, the FCC approved the new rules in a 3-2 vote. Their critics — mainly internet providers and Republican members of the Congress — argued that the decision could affect investments and that the commission is taking things too far by penalizing unintentional discrimination. But FCC Chairwoman Jessica Rosenworcel found the rules to be reasonable, especially since the agency will "accept genuine reasons of technical and economic feasibility as valid reasons." 

In addition to adopting a set of rules for digital discrimination, the FCC has also updated its protections against SIM swapping and port-out scams. It will now require wireless providers to notify customers immediately when a SIM change or a port-out is requested for their account and phone number. Further, providers are required to take additional steps to protect their subscribers from the schemes. The FCC has voted to begin a formal inquiry to look into the impact of artificial intelligence on robocalls, as well. It could, after all, be used to block unwanted voice and text messages, but it could also be used to more easily defraud people through calls and texts. 

Finally, the commission is now requiring mobile providers to split phone lines from family plans for victims of domestic violence when the abuser is on the account. Providers will also have to remove records of calls and texts to domestic violence hotlines from subscribers' logs, and they're expected to support survivors who can't afford lines of their own through the FCC Lifeline program.

Update, November 16, 2023, 8:50PM ET: This story has been updated to add information about the FCC's new rules supporting domestic violence survivors. 

This article originally appeared on Engadget at https://www.engadget.com/the-fcc-will-crack-down-on-isps-to-improve-connectivity-in-poorer-areas-125041256.html?src=rss

Lawmakers question Apple over cancellation of Jon Stewart’s show

Posted on by

A group of lawmakers from a House of Representatives committee wants Apple, like many Jon Stewart enthusiasts, to explain why its streaming arm abruptly canceled the talk show The Problem With Jon Stewart. The current affairs TV series hosted by Jon Stewart briefly made its debut on Apple TV+ in 2021 but its time on air ended when the show received the ax for a third season, reportedly due to “disagreements” over show topics.

According to Reuters, Lawmakers want to know if the show's coverage and criticism of China has anything to do with the show’s cancellation. The government officials have asked Apple to speak on the issue by Dec 15, 2023. 

In a letter to the tech giant, the House members wrote that while Apple has the right to determine what content it deems appropriate for its platform, “the coercive tactics of a foreign power should not be directly or indirectly influencing these determinations.” This effort is bipartisan, with members from both Republican and Democratic parties affiliated with the House of Representatives' Select Committee on Competition with the Chinese Communist Party.

Roughly 19 percent of Apple sales come from China, with over $72.5 billion in net sales reported for the company’s fiscal 2023, which closed in September. It might make sense that the company would avoid streaming a show with strong political opinions that could impact its bottom line in such a significant way. But the show discussed several hot-button topics, including artificial intelligence and gun control. According to the New York Times, sources familiar with the matter said that, beyond discussions about China, the show’s criticism of topics like artificial intelligence played a role in the decision to cut the show.

This article originally appeared on Engadget at https://www.engadget.com/lawmakers-question-apple-over-cancellation-of-jon-stewarts-show-192316298.html?src=rss

Basically all of Maine had data stolen by a ransomware gang

Posted on by

The state agencies of Maine had fallen victim to cybercriminals who exploited a vulnerability in the MOVEit file transfer tool, making them the latest addition to the growing list of entities affected by the massive hack involving the software. In a notice the government has published about the cybersecurity incident, it said the event impacted approximately 1.3 million individuals, which basically make up the state's whole population. The state first caught wind of the software vulnerability in MOVEit on May 31 this year and found that cybercriminals were able to access and download files from its various agencies on May 28 and 29. 

While the nature of stolen data varies per person based on their interaction with a particular agency, the notice says that the bad actors had stolen names, Social Security numbers, birthdates, driver's license and state identification numbers, as well as taxpayer identification numbers. In some cases, they were also able to get away with people's medical and health insurance information. Over 50 percent of the stolen data came from the Maine Department of Health and Human Services, followed by the Maine Department of Education.

The state government had blocked internet access to and from the MOVEit server as soon as it became aware of the incident. However, since the cybercriminals were already able to steal residents' information, it's also offering two years of complimentary credit monitoring and identity theft protection services to people whose SSNs and taxpayer numbers were compromised. As TechCrunch notes, the Clop ransomware gang that's believed to be behind previously reported incidents, has yet to release data stolen from Maine's agencies.

Clop took credit for an earlier New York City Department of Education hack, wherein the information of approximately 45,000 students was stolen. Cybercriminals exploiting the vulnerability haven't only been targeting the government, though, but also companies around the world. Sony is one of them. There's also Maximus Health Services, Inc, a US government contractor, whose breach has been the biggest MOVEit-related incident, so far. 

The Securities and Exchange Commission is already investigating MOVEit creator Progress Software, though it only just sent the company a subpoena in October and is still in the "fact-finding inquiry" phase of its probe. 

This article originally appeared on Engadget at https://www.engadget.com/basically-all-of-maine-had-data-stolen-by-a-ransomware-gang-061407794.html?src=rss

Basically all of Maine had data stolen by a ransomware gang

Posted on by

The state agencies of Maine had fallen victim to cybercriminals who exploited a vulnerability in the MOVEit file transfer tool, making them the latest addition to the growing list of entities affected by the massive hack involving the software. In a notice the government has published about the cybersecurity incident, it said the event impacted approximately 1.3 million individuals, which basically make up the state's whole population. The state first caught wind of the software vulnerability in MOVEit on May 31 this year and found that cybercriminals were able to access and download files from its various agencies on May 28 and 29. 

While the nature of stolen data varies per person based on their interaction with a particular agency, the notice says that the bad actors had stolen names, Social Security numbers, birthdates, driver's license and state identification numbers, as well as taxpayer identification numbers. In some cases, they were also able to get away with people's medical and health insurance information. Over 50 percent of the stolen data came from the Maine Department of Health and Human Services, followed by the Maine Department of Education.

The state government had blocked internet access to and from the MOVEit server as soon as it became aware of the incident. However, since the cybercriminals were already able to steal residents' information, it's also offering two years of complimentary credit monitoring and identity theft protection services to people whose SSNs and taxpayer numbers were compromised. As TechCrunch notes, the Clop ransomware gang that's believed to be behind previously reported incidents, has yet to release data stolen from Maine's agencies.

Clop took credit for an earlier New York City Department of Education hack, wherein the information of approximately 45,000 students was stolen. Cybercriminals exploiting the vulnerability haven't only been targeting the government, though, but also companies around the world. Sony is one of them. There's also Maximus Health Services, Inc, a US government contractor, whose breach has been the biggest MOVEit-related incident, so far. 

The Securities and Exchange Commission is already investigating MOVEit creator Progress Software, though it only just sent the company a subpoena in October and is still in the "fact-finding inquiry" phase of its probe. 

This article originally appeared on Engadget at https://www.engadget.com/basically-all-of-maine-had-data-stolen-by-a-ransomware-gang-061407794.html?src=rss

Apple reaches $25M settlement with the DOJ for discriminating against US residents during hiring

Posted on by

Apple will pay $25 million in backpay and civil penalties to settle allegations that it favored visa holders and discriminated against US citizens and permanent residents during its hiring process, the Department of Justice said in a statement on Thursday. This is the largest amount that the DOJ has collected under the anti-discrimination provision of the Immigration and Nationality Act.

At the heart of the issue is a federal program administered by the Department of Labor and the Department of Homeland Security called the Permanent Labor Certification Program (PERM). PERM allows US employers to file for foreign workers on visas to become permanent US residents. As part of the PERM process, employers are required to prominently advertise open positions so that anyone can apply to them regardless of citizenship status.

The DOJ said that Apple violated these rules by not advertising PERM positions on their recruiting website, and also made it harder for people to apply by requiring mailed-in paper applications, something that it did not do for regular, non-PERM positions. As a result, a DOJ investigation found that Apple received few or no applications for these positions from US citizens or permanent residents who do not require work visas.

As part of the settlement, Apple will pay $6.75 million in civil penalties and set up a $18.25 million fund to pay back eligible discrimination victims, the DOJ's statement said. 

Apple disagreed with the DOJ’s characterization. “Apple proudly employs more than 90,000 people in the United States and continues to invest nationwide, creating millions of jobs,” a company spokesperson told CNBC. “When we realized we had unintentionally not been following the DOJ standard, we agreed to a settlement addressing their concerns. We have implemented a robust remediation plan to comply with the requirements of various government agencies as we continue to hire American workers and grow in the US”

This article originally appeared on Engadget at https://www.engadget.com/apple-reaches-25m-settlement-with-the-doj-for-discriminating-against-us-residents-during-hiring-225857162.html?src=rss

Apple reaches $25M settlement with the DOJ for discriminating against US residents during hiring

Posted on by

Apple will pay $25 million in backpay and civil penalties to settle allegations that it favored visa holders and discriminated against US citizens and permanent residents during its hiring process, the Department of Justice said in a statement on Thursday. This is the largest amount that the DOJ has collected under the anti-discrimination provision of the Immigration and Nationality Act.

At the heart of the issue is a federal program administered by the Department of Labor and the Department of Homeland Security called the Permanent Labor Certification Program (PERM). PERM allows US employers to file for foreign workers on visas to become permanent US residents. As part of the PERM process, employers are required to prominently advertise open positions so that anyone can apply to them regardless of citizenship status.

The DOJ said that Apple violated these rules by not advertising PERM positions on their recruiting website, and also made it harder for people to apply by requiring mailed-in paper applications, something that it did not do for regular, non-PERM positions. As a result, a DOJ investigation found that Apple received few or no applications for these positions from US citizens or permanent residents who do not require work visas.

As part of the settlement, Apple will pay $6.75 million in civil penalties and set up a $18.25 million fund to pay back eligible discrimination victims, the DOJ's statement said. 

Apple disagreed with the DOJ’s characterization. “Apple proudly employs more than 90,000 people in the United States and continues to invest nationwide, creating millions of jobs,” a company spokesperson told CNBC. “When we realized we had unintentionally not been following the DOJ standard, we agreed to a settlement addressing their concerns. We have implemented a robust remediation plan to comply with the requirements of various government agencies as we continue to hire American workers and grow in the US”

This article originally appeared on Engadget at https://www.engadget.com/apple-reaches-25m-settlement-with-the-doj-for-discriminating-against-us-residents-during-hiring-225857162.html?src=rss