Tag Archives: Politics & Government

TikTok ban in Montana blocked by US judge over free speech rights

Posted on by

Montana's unprecedented state-wide ban of Chinese short-video app, TikTok, was supposed to take effect on January 1, 2024, but as reported by Reuters, US District Judge Donald Molloy issued a preliminary injunction just one month ahead to block said ban. This means that for now, ByteDance and app stores are allowed to continue serving TikTok to users within the Montana state, without being fined $10,000 daily from the start date of the ban.

The judge was quoted saying the ban "oversteps state power and infringes on the constitutional rights of users" — echoing the legal challenge filed by five TikTok creators on the day after the bill was signed back in May, as well as another lawsuit filed by the platform's owner, ByteDance, later on in the same month. It was also questionable as to whether Google and Apple could have effectively enforced such a state-wide ban on their app stores.  

The relevant bill was originally drafted based on claims that this Chinese app would share US users' personal data with the Chinese government, to which ByteDance had long denied since the presidency of Donald Trump. "TikTok US user data is stored in the US, with strict controls on employee access," the company claimed back in August 2020 — and again via a new "transparency" push earlier this year, with reference to "Project Texas" for safeguarding US user data with help from Oracle. 

To date, no other US state had passed a bill to bar TikTok. The outcome of Montana's case may hold the key to this Chinese app's fate across the rest of the country.

This article originally appeared on Engadget at https://www.engadget.com/tiktok-ban-in-montana-blocked-by-us-judge-over-free-speech-rights-011846138.html?src=rss

Bipartisan Senate bill would kill the TSA’s ‘Big Brother’ airport facial recognition

Posted on by

US Senators John Kennedy (R-LA) and Jeff Merkley (D-OR) introduced a bipartisan bill Wednesday to end involuntary facial recognition screening at airports. The Traveler Privacy Protection Act would block the Transportation Security Administration (TSA) from continuing or expanding its facial recognition tech program. It would also require the government agency to explicitly receive congressional permission to renew it, and it would have to dispose of all biometric data within three months.

Senator Merkley described the TSA’s biometric collection practices as the first steps toward an Orwellian nightmare. “The TSA program is a precursor to a full-blown national surveillance state,” Merkley wrote in a news release. “Nothing could be more damaging to our national values of privacy and freedom. No government should be trusted with this power.” Other Senators supporting the bill include Edward J. Markey (D-MA), Roger Marshall (R-KS), Bernie Sanders (I-VT) and Elizabeth Warren (D-MA).

The TSA began testing facial recognition at Los Angeles International Airport (LAX) in 2018. The agency’s pitch to travelers framed it as an exciting new high-tech feature, promising a “biometrically-enabled curb-to-gate passenger experience.” The TSA said this summer it planned to expand the program to over 430 US airports within the next few years.

The program at least technically allows travelers to opt-out, but that process isn’t always transparent in practice. Merkley posted the video above to X in September, demonstrating how agents guided travelers to the facial scanner without mentioning that it’s optional. No signs near the booths said it was optional or explicitly mentioned the gathering of facial data, either. The booths were arranged so that flyers would have difficulty entering their driver’s license or ID (required) without stepping in front of the facial scanner.

Advocacy groups supporting the bill include the ACLU, Electronic Privacy Information Center and Public Citizen. “The privacy risks and discriminatory impact of facial recognition are real, and the government’s use of our faces as IDs poses a serious threat to our democracy,” wrote Jeramie Scott, Senior Counsel and Director of EPIC’s Project on Surveillance Oversight, in Markley’s press release. “The TSA should not be allowed to unilaterally subject millions of travelers to this dangerous technology.”

“Every day, TSA scans thousands of Americans’ faces without their permission and without making it clear that travelers can opt out of the invasive screening,” Sen. Kennedy wrote in a separate news release. “The Traveler Privacy Protection Act would protect every American from Big Brother’s intrusion by ending the facial recognition program.”

This article originally appeared on Engadget at https://www.engadget.com/bipartisan-senate-bill-would-kill-the-tsas-big-brother-airport-facial-recognition-191010937.html?src=rss

The US government is no longer briefing Meta about foreign influence campaigns

Posted on by

As Meta gears up for the 2024 election, the company is grappling with a new challenge that could slow its efforts to combat foreign attempts at election interference. US government agencies have stopped sharing information with the company’s security researchers about covert influence operations on its platform.

Meta says that as of July, the government has “paused” briefings related to foreign election interference, eliminating a key source of information for the company. During a call with reporters, Meta’s head of security policy Nathaniel Gleicher, declined to speculate on the government’s motivations, but the timing lines up with a court order earlier this year that restricted the Biden Administration’s contacts with social media firms.

The order, the result of two states’ attempts to limit platforms' ability to remove misinformation, is currently suspended while the Supreme Court considers the case. But government agencies, like CISA (the Cybersecurity and Infrastructure Agency) and the FBI, have apparently opted to keep the “pause” in place.

Gleicher noted that government contacts aren’t Meta’s only source of information, and that the company continues to work with industry researchers and other civil society groups. But he acknowledged that government officials can be best-placed to advise certain kinds of threats, like those that are coordinated on other platforms. “We have seen that particularly-sophisticated threat actors, like nation states, engaged in foreign interference… there are times when government has the capability to identify these campaigns that other players may not,” he said.

Meta’s researchers regularly share details about networks of fake accounts it catches boosting foreign propaganda and conducting other kinds of influence campaigns, what the company calls “coordinated inauthentic behavior” or CIB. And while most of its takedowns don’t come as a result of government tips, the company has relied on them in detecting CIB targeting US politics. Meta acted on three separate FBI tips about fake accounts from Russia, Iran and Mexico ahead of the 2020 presidential election.

Law enforcement officials have also expressed concern about the lack of coordination with social media platforms. The FBI previously told the House Judiciary Committee that it had “discovered foreign influence campaigns on social media platforms but in some cases did not inform the companies about them because they were hamstrung by the new legal oversight,” NBC News reported, citing congressional sources.

Meta’s latest comments are the first time the company has publicly confirmed that it is no longer receiving tips about election interference. The disclosure comes as the company ramps up its efforts to prepare for multiple elections in 2024, and the inevitable attempts to manipulate political conversations on Facebook. The company said in its latest report on CIB that China is now the third-most common source of coordinated inauthentic behavior on its platform, behind Russia and Iran.

This article originally appeared on Engadget at https://www.engadget.com/the-us-government-is-no-longer-briefing-meta-about-foreign-influence-campaigns-130019156.html?src=rss

Google won’t block news links in Canada after all

Posted on by

Google won't block news links in Canada in response to new legislation after all. The company pledged earlier this year to pull links to Canadian news stories from Search, News and Discover when the country's Online News Act (Bill C-18) takes effect in December. However, Google has reached a deal with the country's government that will see it continuing to serve users there with Canadian news.

"Following constructive discussions, our government and Google have reached an agreement — they will contribute to the Online News Act. We worked hard to make this possible," Minister of Canadian Heritage Pascale St-Onge wrote on X. "This Act is good news for journalism, for online platforms and for Canadians."

Google has agreed to pay news publishers in Canada around $100 million CAD per year, according to the CBC. That's significantly less than the government's previous estimate that Google's annual payments should be around $172 million. The $100 million figure is in line with Google's own estimates of how much it should pay. 

The company will still need to sign an agreement with the media after negotiations. Google had demurred over a mandatory negotiation model that would have seen it hold talks with media organizations. Instead, the CBC reports that Google will only need to negotiate with a representative group, which is said to limit the company's risk of arbitration.

"We thank the Minister of Canadian Heritage, Pascale St-Onge, for acknowledging our concerns and deeply engaging in a series of productive meetings about how they might be addressed," Kent Walker, Google and Alphabet's president of global affairs, told Engadget in a statement. "Following extensive discussions, we are pleased that the Government of Canada has committed to addressing our core issues with Bill C-18, which included the need for a streamlined path to an exemption at a clear commitment threshold. While we work with the government through the exemption process based on the regulations that will be published shortly, we will continue sending valuable traffic to Canadian publishers." 

Google's arrangement with the government will be factored into the Bill C-18 legislative framework, which must be finalized by the middle of December. Although Google said in June that it would remove links to Canadian news stories from several of its key services, it never followed through on that threat. 

Meta, on the other hand, has blocked Canadian news links on Facebook and Instagram since June. According to the CBC, Meta has not returned to the negotiating table with the government. Google and Meta are the only companies that meet Bill C-18's legislative criteria.

Updated 11/29 2:08PM ET: Added statements from Pascale St-Onge and Kent Walker.

This article originally appeared on Engadget at https://www.engadget.com/google-wont-block-news-links-in-canada-after-all-180258909.html?src=rss

Self-proclaimed ‘gay furry hackers’ breach nuclear lab

Posted on by

The nuclear research hub Idaho National Laboratory (INL) confirmed that it fell victim to a data breach on Tuesday. SiegedSec, a group of self-proclaimed "gay furry hackers," took responsibility for the attack and claimed they accessed sensitive employee data like social security numbers, home addresses and more.

"We're willing to make a deal with INL. If they research creating irl catgirls we will take down this post," SiegedSec wrote in a post announcing the leak on Monday. 

The hacktivist group SiegedSec conducted a high profile attack on NATO last month, leaking internal documents as a retaliation against those countries for their attacks on human rights. The group commonly attacks government and affiliated organizations for political reasons, like targeting state governments for passing anti-trans legislation earlier this year.

A spokesperson confirmed the breach to Engadget on Wednesday. "On Monday, Nov. 20, Idaho National Laboratory determined that it was the target of a cybersecurity data breach in a federally approved vendor system outside the lab that supports INL cloud Human Resources services. INL has taken immediate action to protect employee data," an INL spokesperson said. The lab said it has reached out to authorities for help on how to proceed as it determines how to handle the breach. 

INL works as a Department of Energy affiliate researching nuclear reactors, among other projects like sustainable energy. It employs more than 5,000 people. 

This article originally appeared on Engadget at https://www.engadget.com/self-proclaimed-gay-furry-hackers-breach-nuclear-lab-152034192.html?src=rss

US Senator calls for the public release of AT&T ‘Hemisphere’ surveillance records

Posted on by

US Senator Ron Wyden wants the public to know about the details surrounding the long-running Hemisphere phone surveillance program. Wyden has written US Attorney General Merrick Garland a letter (PDF), asking him to release additional information about the project that apparently gives law enforcement agencies access to trillions of domestic phone records. In addition, he said that federal, state, local and Tribal law enforcement agencies have the ability to request "often-warrantless searches" from the project's phone records that AT&T has been collecting since 1987. 

The Hemisphere project first came to light in 2013 when The New York Times reported that the White House Office of National Drug Control Policy (ONDCP) was paying AT&T to mine and keep records of its customers' phone calls. Four billion new records are getting added to its database every day, and a federal or state law enforcement agency can request a query with a subpoena that they can issue themselves. Any law enforcement officer can send in a request to a single AT&T analyst based in Atlanta, Georgia, Wyden's letter says, even if they're seeking information that's not related to any drug case. And apparently, they can use Hemisphere not just to identify a specific number, but to identify the target's alternate numbers, to obtain location data and to look up the phone records of everyone who's been in communication with the target. 

The project has been defunded and refunded by the government several times over the past decade and was even, at one point, receiving federal funding under the name "Data Analytical Services (DAS)." Usually, projects funded by federal agencies would be subject to a mandatory Privacy Impact Assessment conducted by the Department of Justice, which means their records would be made public. 

However, Hemisphere's funding passes through a middleman, so it's not required to go through mandatory assessment. To be specific, ONDCP funds the program through the Houston High Intensity Drug Trafficking Area, which is a regional funding organization that distributes federal anti-drug law grants and is governed by a board made up of federal, state and local law enforcement officials. The DOJ had provided Wyden's office with "dozens of pages of material" related to the project in 2019, but they had been labeled "Law Enforcement Sensitive" and cannot be released to the public. 

"I have serious concerns about the legality of this surveillance program, and the materials provided by the DOJ contain troubling information that would justifiably outrage many Americans and other members of Congress," Wyden wrote in his letter. "While I have long defended the government’s need to protect classified sources and methods, this surveillance program is not classified and its existence has already been acknowledged by the DOJ in federal court. The public interest in an informed debate about government surveillance far outweighs the need to keep this information secret."

This article originally appeared on Engadget at https://www.engadget.com/us-senator-calls-for-the-public-release-of-att-hemisphere-surveillance-records-083627787.html?src=rss

The FCC will crack down on ISPs to address ‘digital discrimination’ in poorer areas

Posted on by

The Federal Communications Commission (FCC) is keeping a close eye on internet providers to make sure they provide Americans with equal access to broadband services regardless of customers' "income level, race, ethnicity, color, religion or national origin." Two years after the Bipartisan Infrastructure Law became official, the FCC has adopted a final set of relevant rules to enforce. 

The Commission will have the power to investigate possible instances of "digital discrimination" under the new rules and could penalize providers for violating them. It could, for instance, look into a company's pricing, network upgrades and maintenance procedures to decide whether a provider is keeping an affluent area well maintained while failing to provide the same level of service to a low-income area. 

As The Wall Street Journal explains, it could even hold companies like AT&T and Comcast liable even if they weren't intentionally discriminatory, as long as their actions "differentially impact consumers' access to broadband." If the FCC does receive complaints against a particular provider, though, it will take into account any technical and economic challenges it may be facing that prevents it from providing equal access to its services. 

According to The Journal, the FCC approved the new rules in a 3-2 vote. Their critics — mainly internet providers and Republican members of the Congress — argued that the decision could affect investments and that the commission is taking things too far by penalizing unintentional discrimination. But FCC Chairwoman Jessica Rosenworcel found the rules to be reasonable, especially since the agency will "accept genuine reasons of technical and economic feasibility as valid reasons." 

In addition to adopting a set of rules for digital discrimination, the FCC has also updated its protections against SIM swapping and port-out scams. It will now require wireless providers to notify customers immediately when a SIM change or a port-out is requested for their account and phone number. Further, providers are required to take additional steps to protect their subscribers from the schemes. The FCC has voted to begin a formal inquiry to look into the impact of artificial intelligence on robocalls, as well. It could, after all, be used to block unwanted voice and text messages, but it could also be used to more easily defraud people through calls and texts. 

Finally, the commission is now requiring mobile providers to split phone lines from family plans for victims of domestic violence when the abuser is on the account. Providers will also have to remove records of calls and texts to domestic violence hotlines from subscribers' logs, and they're expected to support survivors who can't afford lines of their own through the FCC Lifeline program.

Update, November 16, 2023, 8:50PM ET: This story has been updated to add information about the FCC's new rules supporting domestic violence survivors. 

This article originally appeared on Engadget at https://www.engadget.com/the-fcc-will-crack-down-on-isps-to-improve-connectivity-in-poorer-areas-125041256.html?src=rss

Lawmakers question Apple over cancellation of Jon Stewart’s show

Posted on by

A group of lawmakers from a House of Representatives committee wants Apple, like many Jon Stewart enthusiasts, to explain why its streaming arm abruptly canceled the talk show The Problem With Jon Stewart. The current affairs TV series hosted by Jon Stewart briefly made its debut on Apple TV+ in 2021 but its time on air ended when the show received the ax for a third season, reportedly due to “disagreements” over show topics.

According to Reuters, Lawmakers want to know if the show's coverage and criticism of China has anything to do with the show’s cancellation. The government officials have asked Apple to speak on the issue by Dec 15, 2023. 

In a letter to the tech giant, the House members wrote that while Apple has the right to determine what content it deems appropriate for its platform, “the coercive tactics of a foreign power should not be directly or indirectly influencing these determinations.” This effort is bipartisan, with members from both Republican and Democratic parties affiliated with the House of Representatives' Select Committee on Competition with the Chinese Communist Party.

Roughly 19 percent of Apple sales come from China, with over $72.5 billion in net sales reported for the company’s fiscal 2023, which closed in September. It might make sense that the company would avoid streaming a show with strong political opinions that could impact its bottom line in such a significant way. But the show discussed several hot-button topics, including artificial intelligence and gun control. According to the New York Times, sources familiar with the matter said that, beyond discussions about China, the show’s criticism of topics like artificial intelligence played a role in the decision to cut the show.

This article originally appeared on Engadget at https://www.engadget.com/lawmakers-question-apple-over-cancellation-of-jon-stewarts-show-192316298.html?src=rss

Basically all of Maine had data stolen by a ransomware gang

Posted on by

The state agencies of Maine had fallen victim to cybercriminals who exploited a vulnerability in the MOVEit file transfer tool, making them the latest addition to the growing list of entities affected by the massive hack involving the software. In a notice the government has published about the cybersecurity incident, it said the event impacted approximately 1.3 million individuals, which basically make up the state's whole population. The state first caught wind of the software vulnerability in MOVEit on May 31 this year and found that cybercriminals were able to access and download files from its various agencies on May 28 and 29. 

While the nature of stolen data varies per person based on their interaction with a particular agency, the notice says that the bad actors had stolen names, Social Security numbers, birthdates, driver's license and state identification numbers, as well as taxpayer identification numbers. In some cases, they were also able to get away with people's medical and health insurance information. Over 50 percent of the stolen data came from the Maine Department of Health and Human Services, followed by the Maine Department of Education.

The state government had blocked internet access to and from the MOVEit server as soon as it became aware of the incident. However, since the cybercriminals were already able to steal residents' information, it's also offering two years of complimentary credit monitoring and identity theft protection services to people whose SSNs and taxpayer numbers were compromised. As TechCrunch notes, the Clop ransomware gang that's believed to be behind previously reported incidents, has yet to release data stolen from Maine's agencies.

Clop took credit for an earlier New York City Department of Education hack, wherein the information of approximately 45,000 students was stolen. Cybercriminals exploiting the vulnerability haven't only been targeting the government, though, but also companies around the world. Sony is one of them. There's also Maximus Health Services, Inc, a US government contractor, whose breach has been the biggest MOVEit-related incident, so far. 

The Securities and Exchange Commission is already investigating MOVEit creator Progress Software, though it only just sent the company a subpoena in October and is still in the "fact-finding inquiry" phase of its probe. 

This article originally appeared on Engadget at https://www.engadget.com/basically-all-of-maine-had-data-stolen-by-a-ransomware-gang-061407794.html?src=rss

Basically all of Maine had data stolen by a ransomware gang

Posted on by

The state agencies of Maine had fallen victim to cybercriminals who exploited a vulnerability in the MOVEit file transfer tool, making them the latest addition to the growing list of entities affected by the massive hack involving the software. In a notice the government has published about the cybersecurity incident, it said the event impacted approximately 1.3 million individuals, which basically make up the state's whole population. The state first caught wind of the software vulnerability in MOVEit on May 31 this year and found that cybercriminals were able to access and download files from its various agencies on May 28 and 29. 

While the nature of stolen data varies per person based on their interaction with a particular agency, the notice says that the bad actors had stolen names, Social Security numbers, birthdates, driver's license and state identification numbers, as well as taxpayer identification numbers. In some cases, they were also able to get away with people's medical and health insurance information. Over 50 percent of the stolen data came from the Maine Department of Health and Human Services, followed by the Maine Department of Education.

The state government had blocked internet access to and from the MOVEit server as soon as it became aware of the incident. However, since the cybercriminals were already able to steal residents' information, it's also offering two years of complimentary credit monitoring and identity theft protection services to people whose SSNs and taxpayer numbers were compromised. As TechCrunch notes, the Clop ransomware gang that's believed to be behind previously reported incidents, has yet to release data stolen from Maine's agencies.

Clop took credit for an earlier New York City Department of Education hack, wherein the information of approximately 45,000 students was stolen. Cybercriminals exploiting the vulnerability haven't only been targeting the government, though, but also companies around the world. Sony is one of them. There's also Maximus Health Services, Inc, a US government contractor, whose breach has been the biggest MOVEit-related incident, so far. 

The Securities and Exchange Commission is already investigating MOVEit creator Progress Software, though it only just sent the company a subpoena in October and is still in the "fact-finding inquiry" phase of its probe. 

This article originally appeared on Engadget at https://www.engadget.com/basically-all-of-maine-had-data-stolen-by-a-ransomware-gang-061407794.html?src=rss