Slashdot Mirror

New submitter cdreimer shares a report from The New York Times (Warning: source may be paywalled; alternate source): Tens of thousands of people who took out private loans to pay for college but have not been able to keep up payments may get their debts wiped away because critical paperwork is missing. The troubled loans, which total at least $5 billion, are at the center of a protracted legal dispute between the student borrowers and a group of creditors who have aggressively pursued them in court after they fell behind on payments. Judges have already dismissed dozens of lawsuits against former students, essentially wiping out their debt, because documents proving who owns the loans are missing. A review of court records by The New York Times shows that many other collection cases are deeply flawed, with incomplete ownership records and mass-produced documentation. Some of the problems playing out now in the $108 billion private student loan market are reminiscent of those that arose from the subprime mortgage crisis a decade ago, when billions of dollars in subprime mortgage loans were ruled uncollectable by courts because of missing or fake documentation. And like those troubled mortgages, private student loans -- which come with higher interest rates and fewer consumer protections than federal loans -- are often targeted at the most vulnerable borrowers, like those attending for-profit schools.

At the center of the storm is one of the nation's largest owners of private student loans, the National Collegiate Student Loan Trusts. It is struggling to prove in court that it has the legal paperwork showing ownership of its loans, which were originally made by banks and then sold to investors. National Collegiate is an umbrella name for 15 trusts that hold 800,000 private student loans, totaling $12 billion. More than $5 billion of that debt is in default, according to court filings.

Frosty Piss summarizes the Seattle Times: Microsoft will bypass Puget Sound Energy to secure carbon-free power on wholesale markets under an agreement with state regulators. In 2015, 60 percent of PSE electricity came from coal and natural-gas plants, according to company statistics. The agreement calls for Microsoft to pay a $23.6 million transition fee to Puget Sound Energy, which the utility will pass on to its Western Washington customers... But the settlement does not address one major financial issue that hangs over PSE and its customers -- how to handle the costs of shutting down coal-fired units in the Colstrip, Montana, power station... State regulators and Puget Sound Energy determined that Microsoft is legally responsible for a share of the Colstrip, Montana coal-fired generating plant costs.

An anonymous reader quotes a report from Ars Technica: A handful of Twitter users, backed by the Knight First Amendment Institute at Columbia University, sued President Donald Trump on Tuesday, claiming their constitutional rights are being violated because the president has blocked them from his @realDonaldTrump handle. The suit claims that Trump's Twitter feed is a public forum and an official voice of the president. Excluding people from reading or replying to his tweets -- especially because they tweeted critical comments -- amounts to a First Amendment breach, according to the lawsuit.

"The @realDonaldTrump account is a kind of digital town hall in which the president and his aides use the tweet function to communicate news and information to the public, and members of the public use the reply function to respond to the president and his aides and exchange views with one another," according to the lawsuit (PDF) filed in New York federal court. "Defendants' viewpoint-based blocking of the Individual Plaintiffs from the @realDonaldTrump account infringes the Individual Plaintiffs' First Amendment rights. It imposes an unconstitutional restriction on their participation in a designated public forum," the suit says. "It imposes an unconstitutional restriction on their right to access statements that Defendants are otherwise making available to the public at large. It also imposes an unconstitutional restriction on their right to petition the government for redress of grievances."

An anonymous reader quotes a report from TechRepublic: Today's vending machines are likely to be bolted to the floor or each other and are much more sophisticated -- possibly containing machine intelligence, and belonging to the Internet of Things (IoT). Hacking this kind of vending machine obviously requires a more refined approach. The type security professionals working for the U.S. Central Intelligence Agency (CIA) might conjure up, according to journalists Jason Leopold and David Mack, who first broke the story A Bunch Of CIA Contractors Got Fired For Stealing Snacks From Vending Machines. In their BuzzFeed post, the two writers state, "Several CIA contractors were kicked out of the Agency for stealing more than $3,000 in snacks from vending machines according to official documents... ." This October 2013 declassified Office of Inspector General (OIG) report is one of the documents referred to by Leopold and Mack. The reporters write that getting the records required initiating a Freedom Of Information Act lawsuit two years ago, adding that the redacted files were only recently released. The OIG report states Agency employees use an electronic payment system, developed by FreedomPay, to purchase food, beverages, and goods from the vending machines. The payment system relies on the Agency Internet Network to communicate between vending machines and the FreedomPay controlling server. The OIG report adds the party hacking the electronic payment system discovered that severing communications to the FreedomPay server by disconnecting the vending machine's network cable allows purchases to be made using unfunded FreedomPay cards.

Zack Whittaker reports via ZDNet: A U.S. company refused to comply with a top-secret order that compelled it to facilitate government surveillance, according to newly declassified documents. According to the document, the unnamed company's refusal to participate in the surveillance program was tied to an apparent expansion of the foreign surveillance law, details of which were redacted by the government prior to its release, as it likely remains classified. It's thought to be only the second instance of an American company refusing to comply with a government surveillance order. The first was Yahoo in 2008. It was threatened with hefty daily fines if it didn't hand over customer data to the National Security Agency. The law is widely known in national security circles as forming the legal basis authorizing the so-called PRISM surveillance program, which reportedly taps data from nine tech titans including Apple, Facebook, Google, Microsoft, and others. It also permits "upstream" collection from the internet fiber backbones of the internet. Any guesses as to which company it may be? The company was not named in the 2014-dated document, but it's thought to be an internet provider or a tech company.

BuzzFeed Editor-in-Chief Ben Smith describes a three-year-old meeting that Uber held -- which saw several influencers including actor Ed Norton among attendees -- as the beginning of the ride-hailing company's long slow meltdown. Later today, the company is expected to announce that its CEO Travis Kalanick would be temporarily stepping away, and his closest lieutenant is all set to hand his resignation. On Sunday, the company held a board meeting, which according to several journalists, lasted for nearly seven hours. The meeting capped a difficult stretch for the ride-hailing company, which is trying to weather an investigation into its workplace culture, a lawsuit by Google parent Alphabet over the alleged theft of self-driving car trade secrets, a federal probe into its business practices, and the recent departures of top executives. Back to Ben: At the dinner (which took place three years ago), Emil Michael, the right hand of CEO Travis Kalanick, heatedly complained to me about the press. The company, he told me, could hire a team of opposition researchers to fight fire with fire and attack the media -- specifically to smear a female journalist who has criticized the company. I suggested to him that this plan wouldn't really work because the story would immediately become a story about Uber behaving like maniacs. "Nobody would know it was us," Michael responded. "But you just told me!," I replied. [...] Instead of making any meaningful changes, Uber simply pressed on for years. It found both continued growth and accumulating scandals. Many of its crises, like those remarks to me, were tinged with misogyny, whether sexual harassment of its engineers or pulling a rape victim's medical files. After one of those engineers, Susan Fowler, stepped forward with a blog post detailing systemic sexual harassment and discrimination -- a post that was followed up by a series of devastating stories by The New York Times, Recode, and others -- the company invited former Attorney General Eric Holder to lead an internal investigation. Sunday, the Wall Street Journal reported that Michael is set to resign, and Reuters reported Kalanick will take a leave of absence ahead of what's expected to be a deeply damning Holder report. (Kalanick is also coping with a family tragedy.) They will leave having built the most valuable private company in the world. But it is a company whose cultural darkness is inseparable from its place as the icon of the tech boom. Uber -- and the boom -- have been defined both by massive new conveniences and by a corporate culture that is aggressive, paranoid, and dismissive of, in particular, complaints from women; a culture of enemies lists and cavalier approaches to the law. Emil Michael told Uber employees Monday that he has left the company.

Uber's general counsel Salle Yoo has warned Anthony Levandowski that if he doesn't return the files he's accused of stealing from Google's self-driving car unit and using them to develop similar technology at Uber, or open deny taking them, he could be fired. Gizmodo reports: Uber's general counsel Salle Yoo warned Levandowski in a letter sent Monday and made public last night that, if he didn't return the stolen files or openly deny taking them, he could be fired. The letter is a result of a court order issued Monday, and Levandowski has until the end of the month to comply. "We understand that this letter requires you to turn over information wherever located, including but not limited to, your personal devices, and to waive any Fifth Amendment protection you may have," Yoo wrote. "While we have respected your personal liberties, it is our view that the Court's Order requires us to make these demands of you." Despite the allegations against him, Levandowski's job at Uber has been protected so far by his reputation as a rising star in the self-driving industry and his close friendship with CEO Travis Kalanick, who called Levandowski his brother from another mother. However, Yoo's letter hints that the tide at Uber may be turning against Levandowsk -- in addition to demanding he return Waymo's documents, Yoo also asks Levandowski to return any Uber files he may have and to only use Uber-issued devices for work, where his actions will be monitored. "If you have not fully complied with our prior request to return all Uber-owned documents in your possession, custody, or control, you must immediately return all such documents to us," Yoo wrote.

The virtual-reality company UploadVR is being sued by the company's former Director of Digital and Social Media for rampant sexual harassment. According to Gizmodo, "the lawsuit alleges that the company's employees and founders created a hostile work environment in which sexual harassment, gender discrimination, and retaliation occurred on a regular basis." From the report: In the suit documents, the former Director of Digital and Social Media for UploadVR claims that the office environment was a "boy's club" that employees expressly referred to as a "boy's club." From the suit: "Specifically, the male employees of UploadVR, including Mason and Freeman, would discuss their sexual exploits in graphic detail at the workplace in front of Plaintiff and other female employees. For instance, UploadVR employee [name redacted]'s sex life was a frequent topic of conversation. The other male employees would talk about how he 'refuses to wear a condom' and 'has had sex with over 1000 people.'" The documents also claim that employees were engaged in Silicon Valley's hot new trend of "microdosing" and "using Marijuana in the office." When female employees didn't want to participate, they would be ostracized by the male employees and excluded from important meetings and lunches.

The UK government is planning to push greater surveillance powers that would force internet providers to monitor communications in near-realtime and install backdoor equipment to break encryption, according to a leaked document. From a report on ZDNet: A draft of the proposed new surveillance powers, leaked on Thursday, is part of a "targeted consultation" into the Investigatory Powers Act, brought into law last year, which critics called the "most extreme surveillance law ever passed in a democracy." Provisions in proposals show that the government is asking for powers to compel internet providers to turn over the realtime communications of a person "in an intelligible form," including encrypted content, within one working day. To that end, internet providers will be forced to introduce a backdoor point on their networks to allow intelligence agencies to read anyone's communications.

An anonymous reader quotes a report from Ars Technica: Comparing their actions to the plot this season on the Showtime series Homeland, an attorney for former Fox News host Andrea Tantaros has filed a complaint in federal court against Fox News, current and former Fox executives, Peter Snyder and his financial firm Disruptor Inc., and 50 "John Doe" defendants. The suit alleges that collective participated in a hacking and surveillance campaign against her. Tantaros filed a sexual harassment suit against Roger Ailes and Fox News in August of 2016, after filing internal complaints with the company about harassment dating back to February of 2015. She was fired by the network in April of 2016, as Tantaros continued to press complaints against Fox News' then-Chairman and CEO Roger Ailes, Bill O'Reilly, and others. Tantaros had informed Fox that she would be filing a lawsuit over the alleged sexual harassment. Tantaros claims that as early as February of 2015, a group run out of a "black room" at Fox News engaged in surveillance and electronic harassment of her, including the use of "sock puppet" social media accounts to electronically stalk her. Tantaros' suit identifies Peter Snyder and Disruptor Inc. as the operators of a social influence operation using "sock puppet" accounts on Twitter and other social media.

An anonymous reader quotes a report from Ars Technica: Taser, the company whose electronic stun guns have become a household name, is now offering a groundbreaking deal to all American law enforcement: free body cameras and a year's worth of access to the company's cloud storage service, Evidence.com. In addition, on Wednesday, the company also announced that it would be changing its name to "Axon" to reflect the company's flagship body camera product. Right now, Axon is the single largest vendor of body cameras in America. It vastly outsells smaller competitors, including VieVu and Digital Ally -- the company has profited $90 million from 2012 through 2016. If the move is successful, Axon could quickly crowd out its rivals entirely. In recent years, federal dollars went to police agencies both big (Los Angeles) and small (Village of Spring Valley, New York), encouraging the purchase of body-worn cameras. However, while cameras are rapidly spreading across America, they are still not ubiquitous yet. Axon wants to change that. "Only 20 percent [of cops] have a camera," Rick Smith, the company's CEO, told Ars. "Eighty percent are going out with a gun and no camera. We only need 20- to 30-percent conversion to make it profitable," he added. "We expect 80 percent to become customers." "Our belief is that a body camera is to a cop what a smartphone is to a civilian," Smith said. "Cops spend about two-thirds of their time doing paperwork. We believe, within 10 years, we can automate police reporting. We can effectively triple the world's police force." The offer is only available to American law enforcement, but Smith said the company would consider foreign agencies on a case-by-case basis.

The Chicago Department of Transportation announced a new policy earlier this week that will increase the "grace period" -- the time between when a traffic light turns red to when a ticket is automatically issued. The decision has been made to increase the time from 0.1 seconds to 0.3 seconds, following recommendations part of a recent study of its red-light cameras. Ars Technica reports: This will bring the Windy City in line with other American metropolises, including New York City and Philadelphia. In a statement, the city agency said that this increase would "maintain the safety benefits of the program while ensuring the program's fairness." On Tuesday, the Chicago Tribune reported that the city would lose $17 million in revenue this year alone as a result of the expanded grace period. Michael Claffey, a CDOT spokesman, confirmed that figure to Ars. "We want to emphasize that extending this enforcement threshold is not an invitation to drivers to try to beat the red light," CDOT Commissioner Rebekah Scheinfeld also said in the statement. "By accepting the recommendation of the academic team, we are giving the benefit of the doubt to well-intentioned drivers while remaining focused on the most reckless behaviors."

An anonymous reader quotes a report from Ars Technica: In new filings, prosecutors told a court in Washington, DC that within the coming weeks, they expect to extract all data from the seized cellphones of more than 100 allegedly violent protesters arrested during the inauguration of President Donald Trump. Prosecutors also said that this search is validated by recently issued warrants. The court filing, which was first reported Wednesday by BuzzFeed News, states that approximately half of the protestors prosecuted with rioting or inciting a riot had their phones taken by authorities. Prosecutors hope to uncover any evidence relevant to the case. Under normal judicial procedures, the feds have vowed to share such data with defense attorneys and to delete all irrelevant data. "All of the Rioter Cell Phones were locked, which requires more time-sensitive efforts to try to obtain the data," Jennifer Kerkhoff, an assistant United States attorney, wrote. Such phone extraction is common by law enforcement nationwide using hardware and software created by Cellebrite and other similar firms. Pulling data off phones is likely more difficult under fully updated iPhones and Android devices.

hey! writes: The U.S. Office of Management and Budget has released a budget "blueprint" which outlines substantial cuts in both basic research and applied technology funding. The proposal includes a whopping 18% reduction in National Institutes of Health medical research. NIH does get a new $500 million fund to track emerging infectious agents like Zika in the U.S., but loses its funding to monitor those agents overseas. The Department of Energy's research programs also get an 18% cut in research, potentially affecting basic physics research, high energy physics, fusion research, and supercomputing. Advanced Research Projects Agency (ARPA-E) gets the ax, as does the Advanced Technology Vehicle Manufacturing Program, which enabled Tesla to manufacture its Model S sedan. EPA loses all climate research funding, and about half the research funding targeted at human health impacts of pollution. The Energy Star program is eliminated; Superfund funding is drastically reduced. The Chesapeake Bay and Great Lakes cleanup programs are also eliminated, as is all screening of pesticides for endocrine disruption. In the Department of Commerce, Sea Grant is eliminated, along with all coastal zone research funding. Existing weather satellites GOES and JPSS continue funding, but JPSS-3 and -4 appear to be getting the ax. Support for transfer of federally funded research and technology to small and mid-sized manufacturers is eliminated. NASA gets a slight trim, and a new focus on deep space exploration paid for by an elimination of Earth Science programs. You can read more about this "blueprint" in Nature, Science, and the Washington Post, which broke the story. The Environmental Protection Agency, the State Department and Agriculture Department took the hardest hits, while the Defense Department, Department of Homeland Security, and Department of Veterans Affairs have seen their budgets grow.

According to New York Attorney General Eric Schneiderman, Rex Tillerson used an email alias of "Wayne Tracker" to communicate with other Exxon executives about climate change while serving as CEO of Exxon Mobil. "New York Attorney General Eric Schneiderman has been leading an investigation of Exxon Mobil centered on whether the company misled investors by publicly arguing against the reality of climate change even though its executives knew the science was accurate," reports Ars Technica. "The investigation was triggered by news reports describing climate research the company undertook in the 1970s and 1980s, which affirmed the work of other climate scientists and showed that greenhouse gas emissions were causing climate change. Exxon buried that work and spent the next couple decades claiming that the science was unclear, although it has recently publicly acknowledged reality." From the report: The e-mails that were provided allowed the attorney general to figure out that Tillerson used the account between 2008 and 2015 at least, but it didn't appear on Exxon's list of accounts for which records were preserved. The letter also mentions 34 other e-mail accounts "specifically assigned to top executives, board members, or assistants" that the attorney general thinks should have been included. In a statement, an Exxon spokesperson explained, "The e-mail address, Wayne.Tracker@exxonmobil.com, is part of the company's e-mail system and was put in place for secure and expedited communications between select senior company officials and the former chairman for a broad range of business-related topics." The Office of the Attorney General's letter claims that "Exxon has continuously delayed and obstructed the production of documents from its top executives and board members, which are crucial to OAG's investigation into Exxon's touted risk-management practices regarding climate change."

An anonymous reader writes: Federal prosecutors just dropped charges against a child pornography suspect rather than reveal the source code for their Tor exploit. Of the 200 cases they're prosecuting nationwide, this is only the second one where the FBI has asked that the case be dismissed. "Disclosure is not currently an option," federal prosecutors wrote in a court ruling Friday. The Department of Justice is still prosecuting 135 different people believed to have accessed an illegal child pornography web site. Before shutting it down, the FBI seized the site and operated it themselves for 13 more days, which allowed them to deploy malware to expose the users' real IP addresses.

An anonymous reader quotes a report from The Stack: A federal judge in Chicago has ruled against a government request which would require forced fingerprinting of private citizens in order to open a secure, personal phone or tablet. In the ruling, the judge stated that while fingerprints in and of themselves are not protected, the government's method of obtaining the fingerprints would violate the Fourth and Fifth amendments. The government's request was given as part of a search warrant related to a child pornography ring. The court ruled that the government could seize devices, but that it could not compel people physically present at the time of seizure to provide their fingerprints "onto the Touch ID sensor of any Apple iPhone, iPad, or other Apple brand device in order to gain access to the contents of any such device." The report mentions that the ruling was based on three separate arguments. "The first was that the boilerplate language used in the request was dated, and did not, for example, address vulnerabilities associated with wireless services. Second, the court said that the context in which the fingerprints were intended to be gathered may violate the Fourth Amendment search and seizure rights of the building residents and their visitors, all of whom would have been compelled to provide their fingerprints to open their secure devices. Finally, the court noted that historically the Fifth Amendment, which protects against self-incrimination, does not allow a person to circumvent the fingerprinting process." You can read more about the ruling via Ars Technica.

Three months ago Shiva Ayyadurai won a $750,000 settlement from Gawker (after they'd already gone bankrupt). He'd argued Gawker defamed him by mocking Ayyadurai's claim he'd invented email, and now he's also suing Techdirt founder Michael Masnick -- who is not bankrupt, and is fighting back. Long-time Slashdot reader walterbyrd quotes Ars Technica: In his motion, Masnick claims that Ayyadurai "is seeking to use the muzzle of a defamation action to silence those who question his claim to historical fame." He continues, "The 14 articles and 84 allegedly defamatory statements catalogued in the complaint all say essentially the same thing: that Defendants believe that because the critical elements of electronic mail were developed long before Ayyadurai's 1978 computer program, his claim to be the 'inventor of e-mail' is false"...

The motion skims the history of e-mail and points out that the well-known fields of e-mail messages, like "to," "from," "cc," "subject," "message," and "bcc," were used in ARPANET e-mail messages for years before Ayyadurai made his "EMAIL" program. Ayyadurai focuses on statements calling him a "fake," a "liar," or a "fraud" putting forth "bogus" claims. Masnick counters that such phrases are "rhetorical hyperbole" meant to express opinions and reminds the court that "[t]he law provides no redress for harsh name-calling."
The motion calls the lawsuit "a misbegotten effort to stifle historical debate, silence criticism, and chill others from continuing to question Ayyadurai's grandiose claims." Ray Tomlinson has been dead for less than a year, but in this fascinating 1998 article recalled testing the early email protocols in 1971, remembering that "Most likely the first message was QWERTYIOP."

"President Trump's travel ban is on hold," reports WGN. "A federal judge in Seattle blocked the executive order banning travelers from seven predominately Muslim countries." But Slashdot reader theodp noticed that the judge's temporary restraining order might've been responding to something specific: the motion argued Trump's executive order had been harmful because it impacted major tech companies in the state of Washington, including Microsoft. From the motion: Washington's technology industry relies heavily on the H-1B visa program. Nationwide, Washington ranks ninth in the number of applications for high-tech visas. Microsoft, which is headquartered in Washington, employs nearly 5,000 people through the program. Other Washington companies, including Amazon, Expedia, and Starbucks, employ thousands of H-1B visa holders. Loss of highly skilled workers puts Washington companies at a competitive disadvantage with global competitors.
It was in response to the motion from Washington that the judge ultimately ruled that "the States have met their burden of demonstrating that they face immediate and irreparable injury as a result of signing and implementation of the Executive Order," citing its harm on the state's public universities -- and on its tax base. And Attorney General Bob Ferguson told GeekWire that he gave some credit for the judge's ruling to the declarations of support filed by Amazon and Expedia which specifically say that "Microsoft's U.S. workforce is heavily dependent on immigrants and guest workers. At least 76 employees at Microsoft are citizens of Iran, Iraq, Syria, Somalia, Sudan, Libya, or Yemen and hold U.S. temporary work visas."

"President Trump's travel ban is on hold," reports WGN. "A federal judge in Seattle blocked the executive order banning travelers from seven predominately Muslim countries." But Slashdot reader theodp noticed that the judge's temporary restraining order might've been responding to something specific: the motion argued Trump's executive order had been harmful because it impacted major tech companies in the state of Washington, including Microsoft. From the motion: Washington's technology industry relies heavily on the H-1B visa program. Nationwide, Washington ranks ninth in the number of applications for high-tech visas. Microsoft, which is headquartered in Washington, employs nearly 5,000 people through the program. Other Washington companies, including Amazon, Expedia, and Starbucks, employ thousands of H-1B visa holders. Loss of highly skilled workers puts Washington companies at a competitive disadvantage with global competitors.
It was in response to the motion from Washington that the judge ultimately ruled that "the States have met their burden of demonstrating that they face immediate and irreparable injury as a result of signing and implementation of the Executive Order," citing its harm on the state's public universities -- and on its tax base. And Attorney General Bob Ferguson told GeekWire that he gave some credit for the judge's ruling to the declarations of support filed by Amazon and Expedia which specifically say that "Microsoft's U.S. workforce is heavily dependent on immigrants and guest workers. At least 76 employees at Microsoft are citizens of Iran, Iraq, Syria, Somalia, Sudan, Libya, or Yemen and hold U.S. temporary work visas."

In October 2015, two gamers who used face-scanning tech found in 2K Games' NBA series to create more realistic avatars filed a lawsuit against the company as they were concerned about how 2K would store and use their biometric data. On Monday, however, a New York federal judge ruled that neither games' biometric face scanning tech had established 'sufficient injury' to the plaintiffs, implying that their concerns over privacy were unfounded. Engadget reports: Using your console's camera, the company employs face-scanning tech in its popular NBA series, with both 2K's NBA 2K16 and 2K15 using the data to help players create more accurate avatars. In order to use the tech, players must first agree to 2K's terms and conditions, consenting that after scanning them their face may be made visible to others. While the plaintiffs agreed to the publisher's terms, the court case arose because the gamers claimed that 2K never made clear made clear that scans would be stored indefinitely and biometric data could be shared. With little evidence to suggest how their privacy would be at risk, the judge gave 2K the benefit of the doubt. Still, no matter the outcome, it's a landmark case, with biometric data sure to play an increasingly important role in identifying individuals in the future. While there is certainly nothing that suggests that 2K will use the data for nefarious means, the result of this case does raise some interesting questions about who owns the right to your digital likeness.

schwit1 shares with us a report on a 11-part series led by The Intercept reporter Cora Currier: Secret FBI rules allow agents to obtain journalists' phone records with approval from two internal officials -- far less oversight than under normal judicial procedures. The classified rules dating from 2013, govern the FBI's use of national security letters, which allow the bureau to obtain information about journalists' calls without going to a judge or informing the news organization being targeted. They have previously been released only in heavily redacted form. Media advocates said the documents show that the FBI imposes few constraints on itself when it bypasses the requirement to go to court and obtain subpoenas or search warrants before accessing journalists' information. The rules stipulate that obtaining a journalist's records with a national security letter requires the signoff of the FBI's general counsel and the executive assistant director of the bureau's National Security Branch, in addition to the regular chain of approval. Generally speaking, there are a variety of FBI officials, including the agents in charge of field offices, who can sign off that an NSL is "relevant" to a national security investigation. There is an extra step under the rules if the NSL targets a journalist in order "to identify confidential news media sources." In that case, the general counsel and the executive assistant director must first consult with the assistant attorney general for the Justice Department's National Security Division. But if the NSL is trying to identify a leaker by targeting the records of the potential source, and not the journalist, the Justice Department doesn't need to be involved. The guidelines also specify that the extra oversight layers do not apply if the journalist is believed to be a spy or is part of a news organization "associated with a foreign intelligence service" or "otherwise acting on behalf of a foreign power." Unless, again, the purpose is to identify a leak, in which case the general counsel and executive assistant director must approve the request.

schwit1 shares with us a report on a 11-part series led by The Intercept reporter Cora Currier: Secret FBI rules allow agents to obtain journalists' phone records with approval from two internal officials -- far less oversight than under normal judicial procedures. The classified rules dating from 2013, govern the FBI's use of national security letters, which allow the bureau to obtain information about journalists' calls without going to a judge or informing the news organization being targeted. They have previously been released only in heavily redacted form. Media advocates said the documents show that the FBI imposes few constraints on itself when it bypasses the requirement to go to court and obtain subpoenas or search warrants before accessing journalists' information. The rules stipulate that obtaining a journalist's records with a national security letter requires the signoff of the FBI's general counsel and the executive assistant director of the bureau's National Security Branch, in addition to the regular chain of approval. Generally speaking, there are a variety of FBI officials, including the agents in charge of field offices, who can sign off that an NSL is "relevant" to a national security investigation. There is an extra step under the rules if the NSL targets a journalist in order "to identify confidential news media sources." In that case, the general counsel and the executive assistant director must first consult with the assistant attorney general for the Justice Department's National Security Division. But if the NSL is trying to identify a leaker by targeting the records of the potential source, and not the journalist, the Justice Department doesn't need to be involved. The guidelines also specify that the extra oversight layers do not apply if the journalist is believed to be a spy or is part of a news organization "associated with a foreign intelligence service" or "otherwise acting on behalf of a foreign power." Unless, again, the purpose is to identify a leak, in which case the general counsel and executive assistant director must approve the request.

Long-time Slashdot reader Nova Express shares an epic column by Pulitzer Prize-winning journalist Michael Hiltzik. It details what's happening now as the University of California tries to outsources dozens of IT jobs -- about 20% of their IT workforce -- by February 28th. Some of the highlights:

• The CEO of UCSF's Medical Center says he expects their security to be at least as good as it is now, but acknowledges "there are no guarantees."
• Nine workers have filed a complaint with the state's Department of Fair Employment and Housing arguing they're facing discrimination.
• California Senator Feinstein is already complaining that the university is tapping $8.5 billion in federal funding "to replace Californian IT workers with foreign workers or labor performed abroad."
• Representative Zoe Lofgren (from a district in Silicon Valley) is arguing that the university "is training software engineers at the same time they're outsourcing their own software engineers. What message are they sending their own students?"
• 57-year-old sys-admin Kurt Ho says his replacement spent just two days with him, then "told me he would go back to India and train his team, and would be sending me emails with questions."
• The university's actions will ultimately lower their annual $5.83 billion budget by just 0.1%.

Long-time Slashdot reader Nova Express shares an epic column by Pulitzer Prize-winning journalist Michael Hiltzik. It details what's happening now as the University of California tries to outsources dozens of IT jobs -- about 20% of their IT workforce -- by February 28th. Some of the highlights:

• The CEO of UCSF's Medical Center says he expects their security to be at least as good as it is now, but acknowledges "there are no guarantees."
• Nine workers have filed a complaint with the state's Department of Fair Employment and Housing arguing they're facing discrimination.
• California Senator Feinstein is already complaining that the university is tapping $8.5 billion in federal funding "to replace Californian IT workers with foreign workers or labor performed abroad."
• Representative Zoe Lofgren (from a district in Silicon Valley) is arguing that the university "is training software engineers at the same time they're outsourcing their own software engineers. What message are they sending their own students?"
• 57-year-old sys-admin Kurt Ho says his replacement spent just two days with him, then "told me he would go back to India and train his team, and would be sending me emails with questions."
• The university's actions will ultimately lower their annual $5.83 billion budget by just 0.1%.

An anonymous reader quotes a report from The Guardian: The U.S. Department of Homeland Security (DHS) and FBI have released an analysis of the allegedly Russian government-sponsored hacking groups blamed for breaching several different parts of the Democratic party during the 2016 elections. The 13-page document, released on Thursday and meant for information technology professionals, came as Barack Obama announced sanctions against Russia for interfering in the 2016 elections. The report was criticized by security experts, who said it lacked depth and came too late. "The activity by [Russian intelligence services] is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens," wrote the authors of the government report. "This [joint analysis report] provides technical indicators related to many of these operations, recommended mitigations, suggested actions to take in response to the indicators provided, and information on how to report such incidents to the U.S. government." The government report follows several from the private sector, notably a lengthy section in a Microsoft report from 2015 on a hacking team referred to as "advanced persistent threat 28" (APT 28), which the company's internal nomenclature calls Strontium and others have called Fancy Bear. Also mentioned in the government document is another group called APT 29 or Cozy Bear. The Microsoft report contains a history of the groups' operation; a report by security analysts ThreatConnect describes the team's modus operandi; and competing firm CrowdStrike detailed the attack on the Democratic National Committee shortly before subsequent breaches of the Democratic Congressional Campaign Committee and the Hillary Clinton campaign were discovered.

An anonymous reader quotes a report from CyberScoop: Georgia's secretary of state has claimed the Department of Homeland Security tried to breach his office's firewall and has issued a letter to Homeland Security Secretary Jeh Johnson asking for an explanation. Brian Kemp issued a letter to Johnson on Thursday after the state's third-party cybersecurity provider detected an IP address from the agency's Southwest D.C. office trying to penetrate the state's firewall. According to the letter, the attempt was unsuccessful. The attempt took place on Nov. 15, a few days after the presidential election. The office of the Georgia Secretary of State is responsible for overseeing the state's elections. "At no time has my office agreed to or permitted DHS to conduct penetration testing or security scans of our network," Kemp wrote in the letter, which was also sent to the state's federal representatives and senators. "Moreover, your department has not contacted my office since this unsuccessful incident to alert us of any security event that would require testing or scanning of our network. This is especially odd and concerning since I serve on the Election Cyber Security Working Group that your office created." "The Department of Homeland Security has received Secretary Kemp's letter," a DHS spokesperson told CyberScoop. "We are looking into the matter. DHS takes the trust of our public and private sector partners seriously, and we will respond to Secretary Kemp directly." Georgia was one of two states that refused cyber-hygiene support and penetration testing from DHS in the leadup to the presidential election. The department had made a significant push for it after hackers spent months exposing the Democratic National Committee's internal communications and data.

An anonymous reader quotes a report from Motherboard: In bitcoin-related investigations, authorities will often follow the digital trail of an illegal transaction or suspicious user back to a specific account at a bitcoin trading company. From here, investigators will likely subpoena the company for records about that particular user, so they can then properly identify the person suspected of a crime. The Internal Revenue Service, however, has taken a different approach. Instead of asking for data relating to specific individuals suspected of a crime, it has demanded bitcoin trading site Coinbase to provide the identities of all of the firm's U.S. customers who made transactions over a three year period, because there is a chance they are avoiding paying taxes on their bitcoin reserves. Coinbase has a total of millions of customers. According to court filings, which were first flagged by financial blogger Zerohedge on Twitter, the IRS has launched an investigation to determine the correct amount of tax that those who use virtual currencies such as bitcoin are obligated to pay. But according to the documents, the IRS is asking for the identities of any U.S. Coinbase customer who transferred crypto-currency with the service between 2013 and 2015. "The John Does whose identities are sought by the summons are United States persons who, at any time during the period January 1, 2013, through December 31, 2015, conducted transactions in a convertible virtual currency," reads a memorandum written by Department of Justice attorneys and filed on Thursday, November 17.

An anonymous reader quotes a report from Motherboard: In bitcoin-related investigations, authorities will often follow the digital trail of an illegal transaction or suspicious user back to a specific account at a bitcoin trading company. From here, investigators will likely subpoena the company for records about that particular user, so they can then properly identify the person suspected of a crime. The Internal Revenue Service, however, has taken a different approach. Instead of asking for data relating to specific individuals suspected of a crime, it has demanded bitcoin trading site Coinbase to provide the identities of all of the firm's U.S. customers who made transactions over a three year period, because there is a chance they are avoiding paying taxes on their bitcoin reserves. Coinbase has a total of millions of customers. According to court filings, which were first flagged by financial blogger Zerohedge on Twitter, the IRS has launched an investigation to determine the correct amount of tax that those who use virtual currencies such as bitcoin are obligated to pay. But according to the documents, the IRS is asking for the identities of any U.S. Coinbase customer who transferred crypto-currency with the service between 2013 and 2015. "The John Does whose identities are sought by the summons are United States persons who, at any time during the period January 1, 2013, through December 31, 2015, conducted transactions in a convertible virtual currency," reads a memorandum written by Department of Justice attorneys and filed on Thursday, November 17.

An anonymous reader quotes a report from Ars Technica: Federal investigators temporarily seized a Tor-hidden site known as Playpen in 2015 and operated it for 13 days before shutting it down. The agency then used a "network investigative technique" (NIT) as a way to ensnare site users. However, according to newly unsealed documents recently obtained by the American Civil Liberties Union, the FBI not only temporarily took over one Tor-hidden child pornography website in order to investigate it, the organization was in fact authorized to run a total of 23 other such websites. According to an FBI affidavit among the unsealed documents: "In the normal course of the operation of a web site, a user sends "request data" to the web site in order to access that site. While Websites 1-23 operate at a government facility, such request data associated with a user's actions on Websites 1-23 will be collected. That data collection is not a function of the NIT. Such request data can be paired with data collected by the NIT, however, in order to attempt to identify a particular user and to determine that particular user's actions on Websites 1-23." Security researcher Sarah Jamie Lewis told Ars that "it's a pretty reasonable assumption" that at one point the FBI was running roughly half of the known child porn sites hosted on Tor-hidden servers. Lewis runs OnionScan, an ongoing bot-driven analysis of the Tor-hidden darknet. Her research began in April 2016, and it shows that as of August 2016, there were 29 unique child porn related sites on Tor-hidden servers. That NIT, which many security experts have dubbed as malware, used a Tor exploit of some kind to force the browser to return the user's actual IP address, operating system, MAC address, and other data. As part of the operation that took down Playpen, the FBI was then able to identify and arrest the nearly 200 child porn suspects. (However, nearly 1,000 IP addresses were revealed as a result of the NIT's deployment, which could suggest that even more charges may be filed.)

An anonymous reader quotes a report from Ars Technica: Federal investigators temporarily seized a Tor-hidden site known as Playpen in 2015 and operated it for 13 days before shutting it down. The agency then used a "network investigative technique" (NIT) as a way to ensnare site users. However, according to newly unsealed documents recently obtained by the American Civil Liberties Union, the FBI not only temporarily took over one Tor-hidden child pornography website in order to investigate it, the organization was in fact authorized to run a total of 23 other such websites. According to an FBI affidavit among the unsealed documents: "In the normal course of the operation of a web site, a user sends "request data" to the web site in order to access that site. While Websites 1-23 operate at a government facility, such request data associated with a user's actions on Websites 1-23 will be collected. That data collection is not a function of the NIT. Such request data can be paired with data collected by the NIT, however, in order to attempt to identify a particular user and to determine that particular user's actions on Websites 1-23." Security researcher Sarah Jamie Lewis told Ars that "it's a pretty reasonable assumption" that at one point the FBI was running roughly half of the known child porn sites hosted on Tor-hidden servers. Lewis runs OnionScan, an ongoing bot-driven analysis of the Tor-hidden darknet. Her research began in April 2016, and it shows that as of August 2016, there were 29 unique child porn related sites on Tor-hidden servers. That NIT, which many security experts have dubbed as malware, used a Tor exploit of some kind to force the browser to return the user's actual IP address, operating system, MAC address, and other data. As part of the operation that took down Playpen, the FBI was then able to identify and arrest the nearly 200 child porn suspects. (However, nearly 1,000 IP addresses were revealed as a result of the NIT's deployment, which could suggest that even more charges may be filed.)

An anonymous reader quotes a report from Motherboard: In 2013, the FBI received permission to hack over 300 specific users of dark web email service TorMail. But now, after the warrants and their applications have finally been unsealed, experts say the agency illegally went further, and hacked perfectly legitimate users of the privacy-focused service. "That is, while the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade," Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), told Motherboard in an email. The move comes after the ACLU pushed to unseal the case dockets in September. The Department of Justice recently decided to publish redacted versions of related documents. In 2013, the FBI seized Freedom Hosting, a service that hosted dark web sites, including a large number of child pornography sites and the privacy-focused email service TorMail. The agency then went on to deploy a network investigative technique (NIT) -- a piece of malware -- designed to obtain the real IP address of those visiting Freedom Hosting sites. According to the new documents, the NIT was used against users of 23 separate websites. As for TorMail, officials have maintained that the government obtained a warrant to deploy the NIT against specific users of the service. Now, we do know that to be true: recently unsealed affidavits include a total of over 300 redacted TorMail accounts that the FBI wanted to target. All of these accounts were allegedly linked to child pornography-related crimes, according to court documents. Importantly, the affidavits say that the NIT would only be used to "investigate any user who logs into any of the TARGET ACCOUNTS by entering a username and password." But, according to sources who used TorMail and previous reporting, the NIT was deployed before the TorMail login page was even displayed, raising the question of how the FBI could have possibly targeted specific accounts.

An anonymous reader quotes a report from Motherboard: In 2013, the FBI received permission to hack over 300 specific users of dark web email service TorMail. But now, after the warrants and their applications have finally been unsealed, experts say the agency illegally went further, and hacked perfectly legitimate users of the privacy-focused service. "That is, while the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade," Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), told Motherboard in an email. The move comes after the ACLU pushed to unseal the case dockets in September. The Department of Justice recently decided to publish redacted versions of related documents. In 2013, the FBI seized Freedom Hosting, a service that hosted dark web sites, including a large number of child pornography sites and the privacy-focused email service TorMail. The agency then went on to deploy a network investigative technique (NIT) -- a piece of malware -- designed to obtain the real IP address of those visiting Freedom Hosting sites. According to the new documents, the NIT was used against users of 23 separate websites. As for TorMail, officials have maintained that the government obtained a warrant to deploy the NIT against specific users of the service. Now, we do know that to be true: recently unsealed affidavits include a total of over 300 redacted TorMail accounts that the FBI wanted to target. All of these accounts were allegedly linked to child pornography-related crimes, according to court documents. Importantly, the affidavits say that the NIT would only be used to "investigate any user who logs into any of the TARGET ACCOUNTS by entering a username and password." But, according to sources who used TorMail and previous reporting, the NIT was deployed before the TorMail login page was even displayed, raising the question of how the FBI could have possibly targeted specific accounts.

An anonymous reader quotes a report from Motherboard: In 2013, the FBI received permission to hack over 300 specific users of dark web email service TorMail. But now, after the warrants and their applications have finally been unsealed, experts say the agency illegally went further, and hacked perfectly legitimate users of the privacy-focused service. "That is, while the warrant authorized hacking with a scalpel, the FBI delivered their malware to TorMail users with a grenade," Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU), told Motherboard in an email. The move comes after the ACLU pushed to unseal the case dockets in September. The Department of Justice recently decided to publish redacted versions of related documents. In 2013, the FBI seized Freedom Hosting, a service that hosted dark web sites, including a large number of child pornography sites and the privacy-focused email service TorMail. The agency then went on to deploy a network investigative technique (NIT) -- a piece of malware -- designed to obtain the real IP address of those visiting Freedom Hosting sites. According to the new documents, the NIT was used against users of 23 separate websites. As for TorMail, officials have maintained that the government obtained a warrant to deploy the NIT against specific users of the service. Now, we do know that to be true: recently unsealed affidavits include a total of over 300 redacted TorMail accounts that the FBI wanted to target. All of these accounts were allegedly linked to child pornography-related crimes, according to court documents. Importantly, the affidavits say that the NIT would only be used to "investigate any user who logs into any of the TARGET ACCOUNTS by entering a username and password." But, according to sources who used TorMail and previous reporting, the NIT was deployed before the TorMail login page was even displayed, raising the question of how the FBI could have possibly targeted specific accounts.

In response to a report from ProPublica alleging that Facebook gives advertisers the ability to exclude specific groups it calls "Ethnic Affinities," three Facebook users have filed a lawsuit against the company. They are accusing the social networking giant of violating the Federal Housing Act of 1964 over its alleged discriminatory policies. Ars Technica reports: ProPublica managed to post an ad placed in Facebook's housing categories that excluded anyone with an "affinity" for African-American, Asian-American, or Hispanic people. When the ProPublica reporters showed the ad to prominent civil rights lawyer John Relman, he described it as "horrifying" and "as blatant a violation of the federal Fair Housing Act as one can find." According to the proposed class-action lawsuit, by allowing such ads on its site, Facebook is in violation of the landmark civil rights legislation, which specifically prohibits housing advertisements to discriminate based on race, gender, color, religion, and other factors. "This lawsuit does not seek to end Facebook's Ad Platform, nor even to get rid of the "Exclude People" mechanism. There are legal, desirable uses for such functionalities. Plaintiffs seek to end only the illegal proscribed uses of these functions," the lawyers wrote in the civil complaint, which was filed last Friday. The proposed class, if approved by a federal judge in San Francisco, would include any Facebook user in the United States who has "not seen an employment- or housing-related advertisement on Facebook within the last two years because the ad's buyer used the Ad Platform's 'Exclude People' functionality to exclude the class member based on race, color, religion, sex, familial status, or national origin."

In response to a report from ProPublica alleging that Facebook gives advertisers the ability to exclude specific groups it calls "Ethnic Affinities," three Facebook users have filed a lawsuit against the company. They are accusing the social networking giant of violating the Federal Housing Act of 1964 over its alleged discriminatory policies. Ars Technica reports: ProPublica managed to post an ad placed in Facebook's housing categories that excluded anyone with an "affinity" for African-American, Asian-American, or Hispanic people. When the ProPublica reporters showed the ad to prominent civil rights lawyer John Relman, he described it as "horrifying" and "as blatant a violation of the federal Fair Housing Act as one can find." According to the proposed class-action lawsuit, by allowing such ads on its site, Facebook is in violation of the landmark civil rights legislation, which specifically prohibits housing advertisements to discriminate based on race, gender, color, religion, and other factors. "This lawsuit does not seek to end Facebook's Ad Platform, nor even to get rid of the "Exclude People" mechanism. There are legal, desirable uses for such functionalities. Plaintiffs seek to end only the illegal proscribed uses of these functions," the lawyers wrote in the civil complaint, which was filed last Friday. The proposed class, if approved by a federal judge in San Francisco, would include any Facebook user in the United States who has "not seen an employment- or housing-related advertisement on Facebook within the last two years because the ad's buyer used the Ad Platform's 'Exclude People' functionality to exclude the class member based on race, color, religion, sex, familial status, or national origin."

An anonymous reader quotes a report from Ars Technica: Among a slew on ballot propositions that Californians will be asked to consider on Election Day (Nov. 8) is Proposition 54, a proposed constitutional amendment that seems like a no-brainer. If passed, the law would require that the final text of all proposed legislation be published on the Internet for 72 hours before lawmakers can conduct a final vote. Typically, the text of bills in California is put online as it goes through the committee and voting process, but sometimes those bills can change at the last minute. Accessing those changes isn't always easy. The initiative, which seems all-but-certain to pass, has massive support from Charles T. Munger, Jr., the son of billionaire Charles Munger. The younger Munger, an experimental physicist at the Stanford Linear Accelerator Center and a longtime Republican activist, has donated over $10.6 million to the "Yes on Prop. 54" campaign. The effort supporting the opposing view has taken in just over $27,000. Proposition 54 would also force the Assembly and State Senate to allow the public to record meetings as well, which could potentially be used in political advertising. So why would anyone oppose the bill? According to Steven Maviglio, the director of Californians for an Effective Legislature, a campaign committee formed to oppose Proposition 54. It all comes down to who is behind the initiative, and why. "The first thing you need to do is follow the money," he told Ars, pointing us to Munger, Jr. "He's been the top contributor to the California Republican Party. His goal is to disrupt the power of a legislature that's getting things done."

An anonymous reader quotes a report from ABC News: The NSA contractor accused of stealing a gargantuan amount of sensitive and classified data from the U.S. government was studying Russian before he was arrested and would be a "prime target" for foreign spies should he be released on bail, prosecutors argued ahead of a court hearing for Harold Martin, III, today. The government said it is "readily apparent to every foreign counterintelligence professional and nongovernmental actor that the Defendant has access to highly classified information, whether in his head, in still-hidden physical locations, or stored in cyberspace -- and he has demonstrated absolutely no interest in protecting it. This makes the Defendant a prime target, and his release would seriously endanger the safety of the country and potentially even the Defendant himself." Prosecutors noted that Martin purportedly communicated online "with others in languages other than English, including in Russian" and that he had downloaded information on the Russian language just a couple months before he was arrested in August. Martin's attorneys, however, said in their own court filing Thursday that there is still no evidence he "intended to betray his country" and argued that he was not a flight risk. All the talk of foreign spies and potential getaway plans, the defense said, were "fantastical scenarios." Martin's defense team said in part: "The government concocts fantastical scenarios in which Mr. Martin -- who, by the government's own admission, does not possess a valid passport -- would attempt to flee the country. Mr. Martin's wife is here in Maryland. His home is here in Maryland. He hash served this country honorably as a lieutenant in the United States Navy, and he has devoted his entire career to serving his country. There is no evidence he intended to betray his country. The government simply does not meet its burden of showing that no conditions of release would reasonably assure Mr. Martin's future appearance in court. For these reasons, and additional reasons to be discussed at the detention hearing, Mr. Martin should be released on conditions pending trial."

UPDATE 10/21/16: Slashdot reader chromaexursion writes: "Harold Martin was denied bail. The judge agreed the the prosecution in his decision."

An anonymous reader quotes a report from Ars Technica: Lawyers representing Artem Vaulin have filed their formal legal response to prosecutors' allegations of conspiracy to commit criminal copyright infringement, among other charges. Vaulin is the alleged head of KickassTorrents (KAT). KAT was the world's largest BitTorrent distribution site before it was shuttered by authorities earlier this year. Vaulin was arrested in Poland, where he now awaits extradition to the United States. "Vaulin is charged with running today's most visited illegal file-sharing website, responsible for unlawfully distributing well over $1 billion of copyrighted materials," Assistant Attorney General Leslie Caldwell said in a July 2016 statement. The defense's new 22-page court filing largely relies on the argument that there is no such thing as secondary criminal copyright infringement. While secondary copyright infringement as a matter of civil liability was upheld by the Supreme Court in MGM v. Grokster in 2005, Vaulin and his associates have been charged criminally. "The fundamental flaw in the government's untenable theory of prosecution is that there is no copyright protection for such torrent file instructions and addresses," [the brief's author, Ira Rothken,] argued in his Monday motion to dismiss the charges against Vaulin. "Therefore, given the lack of direct willful copyright infringement, torrent sites do not violate criminal copyright laws." "The extradition procedures have formally been started by the US in Poland," Rothken told Ars. "We are in a submissions or briefing period, and our Polish team is opposing extradition." Rothken also said that he has yet to be allowed to meet or speak directly with his client. For now, Rothken has been required to communicate via his Polish counterpart, Alek Kowzan. "Maybe they are afraid that Artem's extradition defense will be enhanced if American lawyers can assist in defending against the US extradition," Rothken added. No hearings before US District Judge John Z. Lee have been set.

An anonymous reader quotes a report from Ars Technica: Lawyers representing Artem Vaulin have filed their formal legal response to prosecutors' allegations of conspiracy to commit criminal copyright infringement, among other charges. Vaulin is the alleged head of KickassTorrents (KAT). KAT was the world's largest BitTorrent distribution site before it was shuttered by authorities earlier this year. Vaulin was arrested in Poland, where he now awaits extradition to the United States. "Vaulin is charged with running today's most visited illegal file-sharing website, responsible for unlawfully distributing well over $1 billion of copyrighted materials," Assistant Attorney General Leslie Caldwell said in a July 2016 statement. The defense's new 22-page court filing largely relies on the argument that there is no such thing as secondary criminal copyright infringement. While secondary copyright infringement as a matter of civil liability was upheld by the Supreme Court in MGM v. Grokster in 2005, Vaulin and his associates have been charged criminally. "The fundamental flaw in the government's untenable theory of prosecution is that there is no copyright protection for such torrent file instructions and addresses," [the brief's author, Ira Rothken,] argued in his Monday motion to dismiss the charges against Vaulin. "Therefore, given the lack of direct willful copyright infringement, torrent sites do not violate criminal copyright laws." "The extradition procedures have formally been started by the US in Poland," Rothken told Ars. "We are in a submissions or briefing period, and our Polish team is opposing extradition." Rothken also said that he has yet to be allowed to meet or speak directly with his client. For now, Rothken has been required to communicate via his Polish counterpart, Alek Kowzan. "Maybe they are afraid that Artem's extradition defense will be enhanced if American lawyers can assist in defending against the US extradition," Rothken added. No hearings before US District Judge John Z. Lee have been set.

An anonymous reader quotes Ars Technica: A U.S. federal appeals court has found that law enforcement can, without a warrant, swipe credit cards and gift cards to reveal the information encoded on the magnetic stripe. It's the third such federal appellate court to reach this conclusion. Last week, the 5th U.S. Circuit Court of Appeals found in favor of the government in United States v. Turner, establishing that it was entirely reasonable for Texas police officers to scan approximately 100 gift cards found in a car that was pulled over at a traffic stop. Like the previous similar 8th Circuit case that Ars covered in June 2016, the defendants challenged the search of the gift cards as being unreasonable. (The second case was from the 3rd Circuit in July 2015, in a case known as U.S. v. Bah.) In this case, after pulling over the car and running the IDs of both men, police found that there was an outstanding warrant for the passenger, Courtland Turner. When Turner was told to get out of the car and was placed in the patrol car, the officer returned to the stopped car and noticed an "opaque plastic bag partially protruding from the front passenger seat," as if someone had tried to push it under the seat to keep it hidden. The cop then asked the driver, Broderick Henderson, what was in the bag. Henderson replied that they had bought gift cards. When the officer then asked if he had receipts for them, Henderson replied that they had "bought the gift cards from another individual who sells them to make money." Turner's lawyers later challenged the scanning, arguing that this "search" of these gift cards went against their client's "reasonable expectation of privacy," an argument that neither the district court nor the appellate court found convincing. The 5th Circuit summarized: "After conferring with other officers about past experiences with stolen gift cards, the officer seized the gift cards as evidence of suspected criminal activity. Henderson was ticketed for failing to display a driver's license and signed an inventory sheet that had an entry for 143 gift cards. Turner was arrested pursuant to his warrant. The officer, without obtaining a search warrant, swiped the gift cards with his in-car computer. Unable to make use of the information shown, the officer turned the gift cards over to the Secret Service. A subsequent scan of the gift cards revealed that at least forty-three were altered, meaning the numbers encoded in the card did not match the numbers printed on the card. The investigating officer also contacted the stores where the gift cards were purchased -- a grocery store and a Walmart in Bryan, Texas provided photos of Henderson and Turner purchasing gift cards."

An anonymous reader quotes Ars Technica: A U.S. federal appeals court has found that law enforcement can, without a warrant, swipe credit cards and gift cards to reveal the information encoded on the magnetic stripe. It's the third such federal appellate court to reach this conclusion. Last week, the 5th U.S. Circuit Court of Appeals found in favor of the government in United States v. Turner, establishing that it was entirely reasonable for Texas police officers to scan approximately 100 gift cards found in a car that was pulled over at a traffic stop. Like the previous similar 8th Circuit case that Ars covered in June 2016, the defendants challenged the search of the gift cards as being unreasonable. (The second case was from the 3rd Circuit in July 2015, in a case known as U.S. v. Bah.) In this case, after pulling over the car and running the IDs of both men, police found that there was an outstanding warrant for the passenger, Courtland Turner. When Turner was told to get out of the car and was placed in the patrol car, the officer returned to the stopped car and noticed an "opaque plastic bag partially protruding from the front passenger seat," as if someone had tried to push it under the seat to keep it hidden. The cop then asked the driver, Broderick Henderson, what was in the bag. Henderson replied that they had bought gift cards. When the officer then asked if he had receipts for them, Henderson replied that they had "bought the gift cards from another individual who sells them to make money." Turner's lawyers later challenged the scanning, arguing that this "search" of these gift cards went against their client's "reasonable expectation of privacy," an argument that neither the district court nor the appellate court found convincing. The 5th Circuit summarized: "After conferring with other officers about past experiences with stolen gift cards, the officer seized the gift cards as evidence of suspected criminal activity. Henderson was ticketed for failing to display a driver's license and signed an inventory sheet that had an entry for 143 gift cards. Turner was arrested pursuant to his warrant. The officer, without obtaining a search warrant, swiped the gift cards with his in-car computer. Unable to make use of the information shown, the officer turned the gift cards over to the Secret Service. A subsequent scan of the gift cards revealed that at least forty-three were altered, meaning the numbers encoded in the card did not match the numbers printed on the card. The investigating officer also contacted the stores where the gift cards were purchased -- a grocery store and a Walmart in Bryan, Texas provided photos of Henderson and Turner purchasing gift cards."

An anonymous reader quotes a report from Ars Technica: Two lawyers and legal researchers based at Stanford University have formally asked a federal court in San Francisco to unseal numerous records of surveillance-related cases, as a way to better understand how authorities seek such powers from judges. This courthouse is responsible for the entire Northern District of California, which includes the region where tech companies such as Twitter, Apple, and Google, are based. According to the petition, Jennifer Granick and Riana Pfefferkorn were partly inspired by a number of high-profile privacy cases that have unfolded in recent years, ranging from Lavabit to Apple's battle with the Department of Justice. In their 45-page petition, they specifically say that they don't need all sealed surveillance records, simply those that should have been unsealed -- which, unfortunately, doesn't always happen automatically. The researchers wrote in their Wednesday filing: "Most surveillance orders are sealed, however. Therefore, the public does not have a strong understanding of what technical assistance courts may order private entities to provide to law enforcement. There are at least 70 cases, many under seal, in which courts have mandated that Apple and Google unlock mobile phones and potentially many more. The Lavabit district court may not be the only court to have ordered companies to turn over private encryption keys to law enforcement based on novel interpretations of law. Courts today may be granting orders forcing private companies to turn on microphones or cameras in cars, laptops, mobile phones, smart TVs, or other audio- and video-enabled Internet-connected devices in order to conduct wiretapping or visual surveillance. This pervasive sealing cripples public discussion of whether these judicial orders are lawful and appropriate."

An anonymous reader quotes a report from Ars Technica: Two lawyers and legal researchers based at Stanford University have formally asked a federal court in San Francisco to unseal numerous records of surveillance-related cases, as a way to better understand how authorities seek such powers from judges. This courthouse is responsible for the entire Northern District of California, which includes the region where tech companies such as Twitter, Apple, and Google, are based. According to the petition, Jennifer Granick and Riana Pfefferkorn were partly inspired by a number of high-profile privacy cases that have unfolded in recent years, ranging from Lavabit to Apple's battle with the Department of Justice. In their 45-page petition, they specifically say that they don't need all sealed surveillance records, simply those that should have been unsealed -- which, unfortunately, doesn't always happen automatically. The researchers wrote in their Wednesday filing: "Most surveillance orders are sealed, however. Therefore, the public does not have a strong understanding of what technical assistance courts may order private entities to provide to law enforcement. There are at least 70 cases, many under seal, in which courts have mandated that Apple and Google unlock mobile phones and potentially many more. The Lavabit district court may not be the only court to have ordered companies to turn over private encryption keys to law enforcement based on novel interpretations of law. Courts today may be granting orders forcing private companies to turn on microphones or cameras in cars, laptops, mobile phones, smart TVs, or other audio- and video-enabled Internet-connected devices in order to conduct wiretapping or visual surveillance. This pervasive sealing cripples public discussion of whether these judicial orders are lawful and appropriate."

Yesterday, it was reported that journalists attending the presidential debate at Hofstra University were banned from using personal hotspots and were told they had to pay $200 to access the event's Wi-Fi. The journalists were reportedly offered the option to either turn off their personal hotspots or leave the debate. Cyrus Farivar via Ars Technica is now reporting that "one of the members of the Federal Communications Commission, Jessica Rosenworcel, has asked the agency to investigate the Monday evening ban." Ars Technica reports: Earlier, Commissioner Jessica Rosenworcel tweeted, saying that something was "not right" with what Hofstra did. She cited an August 2015 order from the FCC, forcing a company called SmartCity to no longer engage in Wi-Fi blocking and to pay $750,000. Ars has since updated their report with a statement from Karla Schuster, a spokeswoman for Hofstra University: The Commission on Presidential Debates sets the criteria for services and requires that a completely separate network from the University's network be built to support the media and journalists. This is necessary due to the volume of Wi-Fi activity and the need to avoid interference. The Rate Card fee of $200 for Wi-Fi access is to help defray the costs and the charge for the service does not cover the cost of the buildout. For Wi-Fi to perform optimally the system must be tuned with each access point and antenna. When other Wi-Fi access points are placed within the environment the result is poorer service for all. To avoid unauthorized access points that could interfere, anyone who has a device that emits RF frequency must register the device. Whenever a RF-emitting device was located, the technician notified the individual to visit the RF desk located in the Hall. The CPD RF engineer would determine if the device could broadcast without interference.

An anonymous reader quotes a report from U.S. News and World Report: An army of reddit users believes it has found evidence that former Hillary Clinton computer specialist Paul Combetta solicited free advice regarding Clinton's private email server from users of the popular web forum. A collaborative investigation showed a reddit user with the username stonetear requested help in relation to retaining and purging email messages after 60 days, and requested advice on how to remove a "VERY VIP" individual's email address from archived content. The requests match neatly with publicly known dates related to Clinton's use of a private email server while secretary of state. Stonetear has deleted the posts, but before doing so, the pages were archived by other individuals. "ARCHIVE EVERYTHING YOU CAN!!!!" a person wrote on a popular thread on the Donald Trump-supporting subreddit r/The_Donald, as the entries disappeared. There are several reasons to believe the reddit user is indeed Combetta, who was granted immunity by the Justice Department during its investigation of Clinton's private server after he deleted a large number of emails. The evidence connecting Combetta to the account is circumstantial, but also voluminous. The inactive website combetta.com is registered to the email address stonetear@gmail.com, a search of domain registration information using the service whois.com indicates. An account for a person named Paul Combetta on the web bazaar Etsy also has the username stonetear. And, perhaps most damningly, there are the dates. Stonetear posted to reddit on July 24, 2014: "Hello all- I may be facing a very interesting situation where I need to strip out a VIP's (VERY VIP) email address from a bunch of archived email that I have both in a live Exchange mailbox, as well as a PST file. Basically, they don't want the VIP's email address exposed to anyone, and want to be able to either strip out or replace the email address in the to/from fields in all of the emails we want to send out..." U.S. News and World Reports adds: "On July 23, 2014, the House Select Committee on Benghazi had reached an agreement with the State Department on the production of records, according to an FBI report released earlier this month on the bureau's probe of her email use." Stonetear submitted an additional post to reddit on Dec. 10, 2014 that reads: "Hello- I have a client who wants to push out a 60 day email retention policy for certain users. However, they also want these users to have a 'Save Folder' in their Exchange folder list where the users can drop items that they want to hang onto longer than the 60 day window. All email in any other folder in the mailbox should purge anything older than 60 days (should not apply to calendar or contact items of course). How would I go about this? Some combination of retention and managed folder policy?"

UPDATE 9/19/2016: Slashdot reader NotInHere points out that there is a Slashdot user named "StoneTear" as well.

An anonymous reader quotes a report from Motherboard: Typically, cops don't like talking about IMSI catchers, the powerful surveillance technology used to monitor mobile phones en masse. In a recent case, the New York Police Department (NYPD) introduced a novel argument for keeping mum on the subject: Asked about the tools it uses, it argued that revealing the different models of IMSI catchers the force owned would make the devices more vulnerable to hacking. The New York Civil Liberties Union (NYCLU), an affiliate of the ACLU, has been trying to get access to information about the NYPD's IMSI catchers under the Freedom of Information Law. These devices are also commonly referred to as "stingrays," after a particularly popular model from Harris Corporation. Indeed, the NYCLU wants to know which models of IMSI catchers made by Harris the police department has. "Public disclosure of this information, and the amount of taxpayer funds spent to buy the devices, directly advances the Freedom of Information Law's purpose of informing a robust public debate about government actions," the NYCLU writes in a court filing. The group has requested documents that show how much money has been spent on the technology. After the NYPD withheld the records, the FOI request was escalated to a lawsuit, which is where the NYPD's strange argument comes in (among others). "Public disclosure of the specifications of the CSS [cell site simulator] technologies in NYPD's possession from the Withheld Records would make the software vulnerable to hacking and would jeopardize NYPD's ability to keep the technologies secure," an affidavit from NYPD Inspector Gregory Antonsen, dated August 17, reads. Antonsen then imagines a scenario where a "highly sophisticated hacker" could use their knowledge of the NYPD's Stingrays to lure officers into a trap and ambush them.

An anonymous reader quotes a report from Motherboard: Typically, cops don't like talking about IMSI catchers, the powerful surveillance technology used to monitor mobile phones en masse. In a recent case, the New York Police Department (NYPD) introduced a novel argument for keeping mum on the subject: Asked about the tools it uses, it argued that revealing the different models of IMSI catchers the force owned would make the devices more vulnerable to hacking. The New York Civil Liberties Union (NYCLU), an affiliate of the ACLU, has been trying to get access to information about the NYPD's IMSI catchers under the Freedom of Information Law. These devices are also commonly referred to as "stingrays," after a particularly popular model from Harris Corporation. Indeed, the NYCLU wants to know which models of IMSI catchers made by Harris the police department has. "Public disclosure of this information, and the amount of taxpayer funds spent to buy the devices, directly advances the Freedom of Information Law's purpose of informing a robust public debate about government actions," the NYCLU writes in a court filing. The group has requested documents that show how much money has been spent on the technology. After the NYPD withheld the records, the FOI request was escalated to a lawsuit, which is where the NYPD's strange argument comes in (among others). "Public disclosure of the specifications of the CSS [cell site simulator] technologies in NYPD's possession from the Withheld Records would make the software vulnerable to hacking and would jeopardize NYPD's ability to keep the technologies secure," an affidavit from NYPD Inspector Gregory Antonsen, dated August 17, reads. Antonsen then imagines a scenario where a "highly sophisticated hacker" could use their knowledge of the NYPD's Stingrays to lure officers into a trap and ambush them.

A total of three men are said to be operators of file-sharing site KickassTorrents (KAT), according to U.S. prosecutors. Last month, federal authorities arrested the 30-year-old Ukrainian mastermind of KAT, Artem Vaulin, and formally charged him with one count of conspiracy to commit criminal copyright infringement, one count of conspiracy to commit money laundering, and two counts of criminal copyright infringement. Two other Ukrainians were named in the new indictment (PDF): Levgen (Eugene) Kutsenko and Oleksander (Alex) Radostin. While only Vaulin has been arrested, bench warrants have been issue for the arrest of all three men. Ars Technica reports: "Prosecutors say the three men developed and maintained the site together and used it to 'generate millions of dollars from the unlawful distribution of copyright-protected media, including movies, [...] television shows, music, video games, computer software, and electronic books.' They gave out 'Reputation' and 'User Achievement' awards to users who uploaded the most popular files, including a special award for users who had uploaded more than 1,000 torrents. The indictment presents a selection of the evidence that the government intends to use to convict the men, and it isn't just simple downloads of the copyrighted movies. The government combed through Vaulin's e-mails and traced the bitcoins that were given to him via a 'donation' button."

An anonymous reader writes from a report via Baltimore Sun: Civil rights groups have complained to the FCC over the Baltimore Police Department's use of stingray phone tracking devices. They claim that "the way police use it interferes with emergency calls and is racially discriminatory." Baltimore Sun reports: "The complaint argues that the police department doesn't have a proper license to use the devices and is in violation of federal law. It calls on regulators at the Federal Communications Commission to step in and formally remind law enforcement agencies of the rules. 'The public is relying on the Commission to carry out its statutory obligation to do so, to fulfill its public commitment to do so, and to put an end to widespread network interference caused by rampant unlicensed transmissions made by BPD and other departments around the country,' the groups say in the complaint. Police in Baltimore acknowledged in court last year that they had used the devices thousands of times to investigate crimes ranging from violent attacks to the theft of cellphones. Investigators had been concealing the technology from judges and defense lawyers and after the revelations Maryland's second highest court ruled that police should get a warrant before using a Stingray. The groups argue that surveillance using the devices also undermines people's free speech rights and describe the use of Stingrays as an electronic form of the intrusive police practices described in the scathing Justice Department report on the police department's pattern of civil rights violations."