Slashdot Mirror

Facebook is preparing to announce that it has identified a coordinated political influence campaign, with dozens of inauthentic accounts and pages that are believed to be engaging in political activity ahead of November's midterm elections, The New York Times reported Tuesday, citing three people briefed on the matter. From the report: In a series of briefings on Capitol Hill this week, the company told lawmakers that it detected the influence campaign as part of its investigations into election interference. It has been unable to tie the accounts to Russia, whose Internet Research Agency was at the center of an indictment earlier this year for interfering in the 2016 election, but company officials told Capitol Hill that Russia was possibly involved, according to two of the officials. Facebook is expected to announce its findings on Tuesday afternoon. The company has been working with the F.B.I. to investigate the activity. Like the Russian interference campaign in 2016, the recently detected campaign dealt with divisive social issues. Update: Facebook has confirmed the story, adding: Today we removed 32 Pages and accounts from Facebook and Instagram because they were involved in coordinated inauthentic behavior. This kind of behavior is not allowed on Facebook because we don't want people or organizations creating networks of accounts to mislead others about who they are, or what they're doing. We're still in the very early stages of our investigation and don't have all the facts -- including who may be behind this. But we are sharing what we know today given the connection between these bad actors and protests that are planned in Washington next week. We will update this post with more details when we have them, or if the facts we have change. It's clear that whoever set up these accounts went to much greater lengths to obscure their true identities than the Russian-based Internet Research Agency (IRA) has in the past. We believe this could be partly due to changes we've made over the last year to make this kind of abuse much harder.

The race is on to become the go-to destination for cryptocurrency companies that are looking for shelter from regulatory uncertainty in the United States and Asia, the New York Times reports. From the report: In Malta, the government passed three laws on July 4 so companies can easily issue new cryptocurrencies and trade existing ones. In Bermuda this year, the legislature passed a law that lets start-ups doing initial coin offerings apply to the minister of finance for speedy approval. "We are 65,000 people, and 20 square miles, but we have a very advanced economy," the premier of Bermuda, E. David Burt, said in an interview at a cryptocurrency conference in May in New York, where he was trying to pitch companies on the island's charms. "We want to position Bermuda as the incubator for this industry."

The competition for cryptocurrency companies is part of a broader rush by governments to figure out how to approach a new industry that took on outsize prominence over the last year. Becoming a crypto center has many potential upsides, including jobs and tax revenue. But the drive to be a crypto nexus also comes with significant risk. Hackings and scams have followed the industry everywhere it has gone. They have been aided by the underlying technology introduced by Bitcoin, known as the blockchain, which was built to make it possible to send money without requiring approval from government agencies or existing financial institutions.

New York City may become the first major U.S. city to cap the number of Uber and other ride-sharing vehicles on the road. According to Engadget, "The City Council is looking at proposed legislation that would largely freeze the issuance of ridesharing vehicle licenses while officials work on a year-long study of the cars' effects." Wheelchair-accessible vehicles would be exempt from any cap. From the report: This wouldn't be the first time the city tried a cap -- it abandoned an attempt in 2015. There's greater pressure to consider a limit this time, though. NYC now has over 100,000 ride-hailing cars (up from 63,000 back in 2015), and a string of suicides by both ridesharing and taxi drivers has raised questions about working conditions that can include low pay, long hours and poor compensation for time off. On top of the cap, the Council is looking at raising minimum pay and otherwise regulating on-demand transportation services. NYC is concerned that the growth of ridesharing is coming at the expense of drivers' well-being (regardless of who they work for), and it's unlikely to back down until it's satisfied these workers are receiving fair treatment. Uber argues the cap would "leave New Yorkers stranded" without solving issues like congestion, taxi medallion ownership and mass transit. It claimed it would hinder passengers who live outside of Manhattan and don't have reliable alternatives to cabs or public transportation. The company even posted a commercial underscoring how difficult it was for some residents to hail taxis.

"BuzzFeed has this story about proposals to make social media bots identify themselves as fake people," writes an anonymous Slashdot reader. "[It's] based on a paper by a law professor and a fellow researcher." From the report: General concerns about the ethical implications of misleading people with convincingly humanlike bots, as well as specific concerns about the extensive use of bots in the 2016 election, have led many to call for rules regulating the manner in which bots interact with the world. "An AI system must clearly disclose that it is not human," the president of the Allen Institute on Artificial Intelligence, hardly a Luddite, argued in the New York Times. Legislators in California and elsewhere have taken up such calls. SB-1001, a bill that comfortably passed the California Senate, would effectively require bots to disclose that they are not people in many settings. Sen. Dianne Feinstein has introduced a similar bill for consideration in the United States Senate.

In our essay, we outline several principles for regulating bot speech. Free from the formal limits of the First Amendment, online platforms such as Twitter and Facebook have more leeway to regulate automated misbehavior. These platforms may be better positioned to address bots' unique and systematic impacts. Browser extensions, platform settings, and other tools could be used to filter or minimize undesirable bot speech more effectively and without requiring government intervention that could potentially run afoul of the First Amendment. A better role for government might be to hold platforms accountable for doing too little to address legitimate societal concerns over automated speech. [A]ny regulatory effort to domesticate the problem of bots must be sensitive to free speech concerns and justified in reference to the harms bots present. Blanket calls for bot disclosure to date lack the subtlety needed to address bot speech effectively without raising the specter of censorship.

Representative John Lewis of Georgia and Representative Bobby L. Rush of Illinois are both Democrats, members of the Congressional Black Caucus and civil rights leaders. But facial recognition technology made by Amazon, which is being used by some police departments and other organizations, incorrectly matched the lawmakers with people who had been arrested for a crime, the American Civil Liberties Union reported on Thursday morning. From a report: The errors emerged as part of a larger test in which the civil liberties group used Amazon's facial software to compare the photos of all federal lawmakers against a database of 25,000 publicly available mug shots. In the test, the Amazon technology incorrectly matched 28 members of Congress with people who had been arrested, amounting to a 5 percent error rate among legislators. The test disproportionally misidentified African-American and Latino members of Congress as the people in mug shots.

"This test confirms that facial recognition is flawed, biased and dangerous," said Jacob Snow, a technology and civil liberties lawyer with the A.C.L.U. of Northern California. Nina Lindsey, an Amazon Web Services spokeswoman, said in a statement that the company's customers had used its facial recognition technology for various beneficial purposes, including preventing human trafficking and reuniting missing children with their families. She added that the A.C.L.U. had used the company's face-matching technology, called Amazon Rekognition, differently during its test than the company recommended for law enforcement customers.

An anonymous reader shares a report: The Endangered Species Act, which for 45 years has safeguarded fragile wildlife while blocking ranching, logging and oil drilling on protected habitats, is coming under attack from lawmakers, the White House and industry on a scale not seen in decades, driven partly by fears that the Republicans will lose ground in November's midterm elections. In the past two weeks, more than two dozen pieces of legislation, policy initiatives and amendments designed to weaken the law have been either introduced or voted on in Congress or proposed by the Trump administration.

The actions included a bill to strip protections from the gray wolf in Wyoming and along the western Great Lakes; a plan to keep the sage grouse, a chicken-size bird that inhabits millions of oil-rich acres in the West, from being listed as endangered for the next decade; and a measure to remove from the endangered list the American burying beetle, an orange-flecked insect that has long been the bane of oil companies that would like to drill on the land where it lives. [...] The new push to undo the wildlife protection law comes as Republicans control the White House and both chambers of Congress, and is led by a president who has made deregulation -- the loosening of not only environmental protections but banking rules, car fuel efficiency standards and fair housing enforcement -- a centerpiece of his administration.

Comic book publishers are facing a growing crisis: Flagging interest from readers and competition from digital entertainment are dragging down sales. Hoping to reverse the trend, publishers are creating their own digital platforms to directly connect with readers and encourage more engagement from fans. From a report: One of the biggest direct-to-consumer efforts is DC Universe, a platform from DC Entertainment and Warner Bros. Digital Studios that will offer streaming content, including original and classic TV series. DC Universe is "a huge opportunity" that offers "ultimate creative control," said Jim Lee, a co-publisher of DC Entertainment. "It allows you to look at wider adaptations of the source material."

[...] The Walt Disney Company, which owns Marvel Entertainment, said last year that it would create a streaming platform that would include Marvel movies like "The Avengers" and "Guardians of the Galaxy." Smaller comic book publishers are testing their own direct-to-consumer platforms. Image Comics, the publisher of popular titles like The Walking Dead and Saga, started a direct-to-consumer platform in 2015 to sell comic book subscriptions and apparel.

From a report: O.K., it's not that surprising. But what did surprise two psychologist as they attempted to get to bottom of why so few people actually send thank yous is that many people totally "miscalibrate" the effect of an appreciative email. They underestimate the positive feelings it will bring. "They think it's not going to be that big a deal," said Amit Kumar, a professor at the University of Texas at Austin who studies well-being. They also overestimate how insincere the note may appear and how uncomfortable it will make the recipient feel, their study found.

But after receiving thank-you notes and filling out questionnaires about how it felt to get them, many said they were "ecstatic," scoring the happiness rating at 4 of 5. The senders typically guessed they'd evoke a 3. To be clear -- the notes in question were not your typical "thanks for the Amazon gift card." Rather, the 100 or so participants in each of the four experiments were asked to write a short "gratitude letter" to a person who had affected them in some way. Sample letters included missives of appreciation to fellow students and friends who offered guidance through the college admissions process, job searches and tough times. In lab experiments, Dr. Kumar observed that it took most subjects less than five minutes to write the letters. Further reading: Finding Emails With Certain Variation Of Thank You Vastly Improves Response Rate, Study Finds; and Apparently, People Say 'Thank You' To Self-Driving Pizza Delivery Vehicles.

Last year, Nike released a new pair of running shoes that claim to make you run 4% faster, thanks to its proprietary sole technology. The new "Vaporfly 4%" shoes would, in theory, "be enough to help a runner break the mythical two-hour marathon barrier for the first time," Fast Company points out. The New York Times decided to put the shoes to the test through an intensive analysis of 500,000 marathon and half marathon running times, culled from the social network Strava. Nike's claims apparently check out. Fast Company reports the findings: We know a lot about the runners in our data set, including their age, gender, race history and, in some cases, how much training they've done in the months before a race. We also know about the races themselves, including the distribution of runners' times and the weather that day. We can put all of this information into a model to try to estimate the change in runners' time from their previous races. After controlling for all of these variables, our model estimates that the shoes account for an expected improvement of about 4 percent over a runner's previous time. Including the uncertainty around the estimates, the Vaporflys are a clear outlier, one of the only popular shoes we can really say makes any difference at all.

Zorro shares a report from Defense One: Four days before U.S. and Russian leaders met in Helsinki, hackers from China launched a wave of brute-force attacks on internet-connected devices in Finland, seeking to gain control of gear that could collect audio or visual intelligence, a new report says. Traffic aimed at remote command-and-control features for Finnish internet-connected devices began to spike July 12, according to a July 19 report by Seattle-based cybersecurity company F5.

China generally originates the largest chunk of such attacks; in May, Chinese attacks accounted for 29 percent of the total. But as attacks began to spike on July 12, China's share rose to 34 percent, the report said. Attacks jumped 2,800 percent. The China-based hackers' primary target was SSH (or Secure Shell) Port 22 -- not a physical destination but a specific set of instructions for routing a message to the right destination when the message hits the server. "SSH brute force attacks are commonly used to exploit systems and [internet of things, or IOT] devices online," the report says. "SSH is often used by IoT devices for 'secure' remote administration." The report notes that attack traffic came from the U.S., France, and Italy as well, but the U.S. and French traffic kept with its averages. "Russian attack traffic dropped considerably from third, its usual spot, to fifth," reports Defense One. "German attack traffic jumped."

Kim Zetter, reporting for Motherboard: The nation's top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them. In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had "provided pcAnywhere remote connection software ... to a small number of customers between 2000 and 2006," which was installed on the election-management system ES&S sold them.

The statement contradicts what the company told me and fact checkers for a story I wrote for the New York Times in February. At that time, a spokesperson said ES&S had never installed pcAnywhere on any election system it sold. "None of the employees -- including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software," the spokesperson said. ES&S did not respond on Monday to questions from Motherboard, and it's not clear why the company changed its response between February and April. Lawmakers, however, have subpoena powers that can compel a company to hand over documents or provide sworn testimony on a matter lawmakers are investigating, and a statement made to lawmakers that is later proven false can have greater consequence for a company than one made to reporters.

Many booksellers on Amazon strive to sell their wares as cheaply as possible. That, after all, is usually how you make a sale in a competitive marketplace. Other merchants favor a counterintuitive approach: Mark the price up to the moon. From a report: "Zowie," the romance author Deborah Macgillivray wrote on Twitter last month after she discovered copies of her 2009 novel, "One Snowy Knight," being offered for four figures. One was going for "$2,630.52 & FREE Shipping," she noted. Since other copies of the paperback were being sold elsewhere on Amazon for as little as 99 cents, she was perplexed. "How many really sell at that price? Are they just hoping to snooker some poor soul?" Ms. Macgillivray wrote in an email. She noted that her blog had gotten an explosion in traffic from Russia. "Maybe Russian hackers do this in their spare time, making money on the side," she said.

Amazon is by far the largest marketplace for both new and used books the world has ever seen, and is also one of the most inscrutable. The retailer directly sells some books, while others are sold by third parties. The wild pricing happens with the latter. [...] Third-party sellers, Guru Hariharan, chief executive of Boomerang Commerce, said, come in all shapes and sizes -- from well-respected national brands that are trying to maintain some independence from Amazon to entrepreneurial individuals who use Amazon's marketplace as an arbitrage opportunity. These sellers list products they have access to, adjusting price and inventory to drive profits. Then there are the wild pricing specialists, who sell both new and secondhand copies.

"By making these books appear scarce, they are trying to justify the exorbitant price that they have set," said Mr. Hariharan, who led a team responsible for 15,000 online sellers when he worked at Amazon a decade ago. [...] A decade ago, Elisabeth Petry wrote a tribute to her mother, the renowned novelist Ann Petry. "At Home Inside," published by the University of Mississippi Press, is now out of print, but late last week secondhand copies were for sale on Amazon. A discarded library copy was $1,900. One seller offered two copies, each for $1,967, although only one was described as "Nice!" All these were a bargain compared with the copy that cost $2,464.

theodp writes: In a Monday blog post, the outgoing Head of Education for Facebook CEO Mark Zuckerberg's Chan Zuckerberg Initiative made the claim that "we've made investments that enabled our partners to double the number of Black and Latinx students and girls taking AP Computer Science." The claim is an apparent reference to the highly-promoted and wildly-successful new AP Computer Science Principles course (dubbed "Coding Lite" by the NY Times), which the NSF and College Board began development on in 2009. Zuckerberg's CZI LLC was created in late 2015.

Twitter will begin removing tens of millions of suspicious accounts from users' followers on Thursday, signaling a major new effort to restore trust on the popular but embattled platform. From a report: The reform takes aim at a pervasive form of social media fraud. Many users have inflated their followers on Twitter or other services with automated or fake accounts, buying the appearance of social influence to bolster their political activism, business endeavors or entertainment careers. Twitter's decision will have an immediate impact: Beginning on Thursday, many users, including those who have bought fake followers and any others who are followed by suspicious accounts, will see their follower numbers fall. While Twitter declined to provide an exact number of affected users, the company said it would strip tens of millions of questionable accounts from users' followers.

AT&T recently acquired HBO, as part of the Time Warner acquisition, "and it is already considering an overhaul that would see HBO produce more video that can compete for the attention of smartphone users," reports Ars Technica. "AT&T wants to boost revenue both in advertising and subscriptions, even if that means upending HBO's longtime strategy of producing a relatively small number of high-quality shows."

At a recent corporate town hall meeting, John Stankey, the longtime AT&T executive and new head of Warner Media, laid out the challenges and opportunities he saw for the network to around 150 employees. He said, in part: "It's going to be a tough year. It's going to be a lot of work to alter and change direction a little bit. [...] You will work very hard, and this next year will -- my wife hates it when I say this -- feel like childbirth... You'll look back on it and be very fond of it, but it's not going to feel great while you're in the middle of it. She says, 'What do you know about this?' I just observe, 'Honey. We love our kids.'" Audio of the meeting was obtained by The New York Times. From the report: The talk, held at HBO headquarters in New York City, was hosted by HBO CEO Richard Plepler. HBO must compete with smartphones for people's attention, Stankey said in this exchange with Plepler: "We need hours a day," Mr. Stankey said, referring to the time viewers spend watching HBO programs. "It's not hours a week, and it's not hours a month. We need hours a day. You are competing with devices that sit in people's hands that capture their attention every 15 minutes." Continuing the theme, he added: "I want more hours of engagement. Why are more hours of engagement important? Because you get more data and information about a customer that then allows you to do things like monetize through alternate models of advertising as well as subscriptions, which I think is very important to play in tomorrow's world."

An anonymous reader quotes a report from The New York Times: Nissan Motor has become the latest Japanese automaker to admit to falsifying product-quality data (Warning: source may be paywalled; alternative source), dealing a further blow to Japan Inc.'s reputation for dependable quality. An internal review of emissions and fuel economy tests at Nissan's production plants in Japan showed that company inspectors used "altered measurement values" on emissions inspection reports, the company said in a statement on Monday. The tests also "deviated from the prescribed testing environment," it said.

The review found that all models complied with Japanese safety and emissions standards, it said. The exception was the Nissan GT-R, a two-door sports car, which the company produces too few of to comprehensively review its record, said Nick Maxfield, a Nissan spokesman, in an email. The company said the falsification problems ultimately did not affect fuel-economy findings. Nissan said that it had already started investigating the falsifications and that it had retained a Japanese law firm, Nishimura & Asahi, to lead the effort. The investigation is likely to take one month, Mr. Maxfield said. "Nissan understands and regrets the concern and inconvenience caused to stakeholders," the company said in a statement.

The growing concern over online data and user privacy has been focused on tech giants like Facebook and devices like smartphones. But people's data is also increasingly being vacuumed right out of their living rooms via their televisions, sometimes without their knowledge. From a report: In recent years, data companies have harnessed new technology to immediately identify what people are watching on internet-connected TVs, then using that information to send targeted advertisements to other devices in their homes. Marketers, forever hungry to get their products in front of the people most likely to buy them, have eagerly embraced such practices. But the companies watching what people watch have also faced scrutiny from regulators and privacy advocates over how transparent they are being with users.

Samba TV is one of the bigger companies that track viewer information to make personalized show recommendations. The company said it collected viewing data from 13.5 million smart TVs in the United States, and it has raised $40 million in venture funding from investors including Time Warner, the cable operator Liberty Global and the billionaire Mark Cuban. Samba TV has struck deals with roughly a dozen TV brands -- including Sony, Sharp, TCL and Philips -- to place its software on certain sets. When people set up their TVs, a screen urges them to enable a service called Samba Interactive TV, saying it recommends shows and provides special offers "by cleverly recognizing onscreen content." But the screen, which contains the enable button, does not detail how much information Samba TV collects to make those recommendations.... Once enabled, Samba TV can track nearly everything that appears on the TV on a second-by-second basis, essentially reading pixels to identify network shows and ads, as well as programs on Netflix and HBO and even video games played on the TV.

An anonymous reader shares a report: MoviePass, the subscription-based movie ticket service, is struggling to stay afloat. But the payment model it has popularized appears to be here to stay. AMC Theaters, the largest multiplex chain in the United States, rolled out its own MoviePass-style service on Tuesday. For $20 a month, subscribers to AMC Stubs A-List can see up to three movies a week. Also last week, the Alamo Drafthouse chain said it would begin testing a service called Season Pass that would offer unlimited movies for one monthly price.

[...] AMC also said that its service was "sustainable" -- a not-so-subtle shot at MoviePass, which has three million members, most of whom pay $10 a month for the ability to see a movie a day. Many people in Hollywood and on Wall Street think that MoviePass will fail because it loses money on heavy users; Helios and Matheson Analytics, which owns MoviePass, has seen its publicly traded shares fall from $38.86 last year to 31 cents on Friday.

Cinemark, a chain that has 4,566 movie screens in 41 states, began offering this subscription in December. It's very basic: for $9 a month members can see one movie a month (no 3-D) and receive a 20 percent discount on concessions, among other perks. Unused tickets roll over and never expire for paying members. There is no debit card involved, and members can reserve seats online. Sinemia: Started in 2015 in Turkey, this under-the-radar service bears the most similarity to MoviePass. Sinemia operates independently of theaters and involves a two-step process, with members selecting movies with an app and paying for them with a special debit card.

A team of former FBI investigators is claiming to have proof of the real identity of D.B. Cooper, the notorious airplane hijacker who has remained at large since he parachuted out of a Seattle-bound plane with $200,000 in November 1971. From a report: According to filmmaker and author Thomas Colbert -- who has led the independent investigation into the cold case for the last seven years -- the real Cooper is a 74-year-old Vietnam veteran named Robert Rackstraw. And the proof is hidden in a series of letters allegedly written by Cooper in the months after the hijacking and his disappearance. Rackstraw -- a former Special Forces paratrooper, explosives expert and pilot with about 22 different aliases -- was once a person of interest in the case, but was eliminated as a suspect by the FBI in 1979. His elimination was controversial amongst the investigating agents, and he remained, for many, the most viable suspect in what remains the only unsolved case of air piracy in the United States. In 2016, the FBI announced they were ending their investigation into the case.

Vindu Goel, writing for The New York Times: Perched high in the Himalayas, near India's border with China, the tiny town of Leh sometimes seems as if it has been left behind by modern technology. Internet and cellphone service is spotty, the two roads to the outside world are snowed in every winter, and Buddhist monasteries compete with military outposts for prime mountaintop locations. But early each morning, the convenience of the digital age arrives, by way of a plane carrying 15 to 20 bags of packages from Amazon. At an elevation of 11,562 feet, Leh is the highest spot in the world where the company offers speedy delivery.

When the plane arrives from New Delhi, it is met by employees from Amazon's local delivery partner, Incredible Himalaya, who then shuttle the packages by van to a modest warehouse nearby. Eshay Rangdol, 26, the nephew of the owner, helps oversee the sorting of the packages and delivers many of them himself. The couriers must follow exacting standards set by Amazon, from wearing closed-toe shoes and being neatly groomed to displaying their ID cards and carrying a fully charged cellphone. Amazon began offering doorstep delivery in this region last fall, as part of an effort to better serve the remotest corners of India. Sales volume in Leh is up twelvefold since Incredible Himalaya took over deliveries from the postal service, which was much slower and required customers to pick up packages at the post office.

Vindu Goel, writing for The New York Times: Perched high in the Himalayas, near India's border with China, the tiny town of Leh sometimes seems as if it has been left behind by modern technology. Internet and cellphone service is spotty, the two roads to the outside world are snowed in every winter, and Buddhist monasteries compete with military outposts for prime mountaintop locations. But early each morning, the convenience of the digital age arrives, by way of a plane carrying 15 to 20 bags of packages from Amazon. At an elevation of 11,562 feet, Leh is the highest spot in the world where the company offers speedy delivery.

When the plane arrives from New Delhi, it is met by employees from Amazon's local delivery partner, Incredible Himalaya, who then shuttle the packages by van to a modest warehouse nearby. Eshay Rangdol, 26, the nephew of the owner, helps oversee the sorting of the packages and delivers many of them himself. The couriers must follow exacting standards set by Amazon, from wearing closed-toe shoes and being neatly groomed to displaying their ID cards and carrying a fully charged cellphone. Amazon began offering doorstep delivery in this region last fall, as part of an effort to better serve the remotest corners of India. Sales volume in Leh is up twelvefold since Incredible Himalaya took over deliveries from the postal service, which was much slower and required customers to pick up packages at the post office.

schwit1 shares a report: The National Security Agency has purged hundreds of millions of records logging phone calls and texts that it had gathered from American telecommunications companies since 2015, the agency has disclosed. It had realized that its database was contaminated with some files the agency had no authority to receive. The agency began destroying the records on May 23, it said in a statement. Officials had discovered "technical irregularities" this year in its collection from phone companies of so-called call record details, or metadata showing who called or texted whom and when, but not what they said. The agency had collected the data from a system it created under the USA Freedom Act. Congress enacted that law in 2015 to end and replace a once-secret program that had systematically collected Americans' domestic calling records in bulk. The National Security Agency uses the data to analyze social links between people in a hunt for hidden associates of known terrorism suspects.

"Computer scientists at Stanford University and Google have created technology that can track time down to 100 billionths of a second," reports The New York Times. "It could be just what Wall Street is looking for." Form the report: System engineers at Nasdaq, the New York-based stock exchange, recently began testing an algorithm and software that they hope can synchronize a giant network of computers with that nanosecond precision. They say they have built a prototype, and are in the process of deploying a bigger version. For an exchange like Nasdaq, such refinement is essential to accurately order the millions of stock trades that are placed on their computer systems every second. Ultimately, this is about money. With stock trading now dominated by computers that make buying and selling decisions and execute them with blazing speed, keeping that order also means protecting profits. So-called high frequency trading firms place trades in a fraction of a second, sometimes in a bet that they can move faster than bigger competitors.

In a blow to NASA's prestige and its budget, America's next great space telescope has been postponed again. From a report: NASA announced on Wednesday that the James Webb Space Telescope, once scheduled to be launched into orbit around the sun this fall, will take three more years and another billion dollars to complete. A report delivered to NASA by an independent review board estimated that the cost of the troubled Webb telescope would now be $9.66 billion, and that it would not be ready to launch until March 30, 2021.

Smart home devices are supposed to bring convenience to people's lives, but increasingly, their unintended consequences are surfacing, and are being exploited to harass others, an investigation by The New York Times has found. [Editor's note: the link maybe paywalled; syndicated source.] From the report: In more than 30 interviews with The New York Times, domestic abuse victims, their lawyers, shelter workers and emergency responders described how the technology was becoming an alarming new tool. Abusers -- using apps on their smartphones, which are connected to the internet-enabled devices -- would remotely control everyday objects in the home, sometimes to watch and listen, other times to scare or show power. Even after a partner had left the home, the devices often stayed and continued to be used to intimidate and confuse.

For victims and emergency responders, the experiences were often aggravated by a lack of knowledge about how smart technology works, how much power the other person had over the devices, how to legally deal with the behavior and how to make it stop. "People have started to raise their hands in trainings and ask what to do about this," Erica Olsen, director of the Safety Net Project at the National Network to End Domestic Violence, said of sessions she holds about technology and abuse. She said she was wary of discussing the misuse of emerging technologies because "we don't want to introduce the idea to the world, but now that it's become so prevalent, the cat's out of the bag."

Another high-profile endorsement for Firefox -- this time from the lead consumer technology writer for The New York Times. (Alternate link here). The web has reached a new low. It has become an annoying, often toxic and occasionally unsafe place to hang out. More important, it has become an unfair trade: You give up your privacy online, and what you get in return are somewhat convenient services and hyper-targeted ads. That's why it may be time to try a different browser.

Remember Firefox...? About two years ago, six Mozilla employees were huddled around a bonfire one night in Santa Cruz, Calif., when they began discussing the state of web browsers. Eventually, they concluded there was a "crisis of confidence" in the web. "If they don't trust the web, they won't use the web," Mark Mayo, Mozilla's chief product officer, said in an interview.... After testing Firefox for the last three months, I found it to be on a par with Chrome in most categories. In the end, Firefox's thoughtful privacy features persuaded me to make the switch and make it my primary browser.
The Times cites privacy features like Firefox's "Facebook Container," which prevents Facebook from tracking you after you've left their site.

While both Chrome and Firefox have tough security (including sandboxing), Cooper Quintin, a security researcher for the Electronic Frontier Foundation, tells the Times that Google "is fundamentally an advertising company, so it's unlikely that they will ever have a business interest in making Chrome more privacy friendly."

Chinese raids of U.S. intellectual property have helped China build a solid high-tech economy. But the U.S. semiconductor industry is still far ahead -- and China is desperate to catch up. From a report: Semiconductor manufacturers are fighting to protect IP from the Chinese, fearing that, without coherent action from the Trump administration, Beijing could bulldoze their industries. Three weeks ago, Micron and South Korean chipmakers Samsung and SK Hynix all reported that the Chinese government had launched antitrust probes into their firms, and accused them of setting artificially high prices for memory chips. American companies and the U.S. government have long been suspicious about the link between China's anti-monopoly policies and its industrial goals. "They want access to the intellectual property. They need us to teach them how to do it. Once they have the industry, they want to push us out," an industry source familiar with China's investigation into Micron tells Axios. The price hikes, the source says, are largely due to a boom in demand for memory chips in everything from smartphones to autonomous vehicles. China's investigation is "a clear indication that they're not ready to make [semiconductors] work," says the source. The New York Times has a story which also details the lawsuit of how a Fujian govt-backed chipmaker allegedly stole secrets from Micron. Then Micron got sued for patent infringement in Fujian.

Or as the Times reporter describes it, "This is how you lose a major tech company. First, a Beijing-backed buyout offer. Then friendly Chinese partnership proposals. Then the tech gets stolen. Then when you file a complaint in court, you get hit with investigations in China, your biggest market."

An anonymous reader shares an excerpt from a report written by behavioral scientists Kathleen D. Vohs and Andrew C. Hafenbrack: The practical payoff of mindfulness [meditation] is backed by dozens of studies linking it to job satisfaction, rational thinking and emotional resilience. But on the face of it, mindfulness might seem counterproductive in a workplace setting. To test this hunch, we recently conducted five studies, involving hundreds of people, to see whether there was a tension between mindfulness and motivation. As we report in a forthcoming article in the journal Organizational Behavior and Human Decision Processes, we found strong evidence that meditation is demotivating.

Some of the participants in our studies were trained in a few of the most common mindfulness meditation techniques. They were instructed by a professional meditation coach to focus on their breathing or mentally scan their bodies for physical sensations, being gently reminded throughout that there was no right or wrong way to do the exercise. Other participants were led through a different exercise. Some were encouraged to let their thoughts wander; some were instructed to read the news or write about recent activities they had done. Then we gave everyone a task to do. Among those who had meditated, motivation levels were lower on average. Those people didn't feel as much like working on the assignments, nor did they want to spend as much time or effort to complete them. Meditation was correlated with reduced thoughts about the future and greater feelings of calm and serenity -- states seemingly not conducive to wanting to tackle a work project. The studies also found that meditation "neither benefited nor detracted from a participant's quality of work." Furthermore, Vohs and Hafenbrack found that a financial bonus for outstanding performance did not overcome the demotivating effect of mindfulness. "While the promise of material rewards will always be a useful tool for motivating employees, it is no substitute for internal motivation," the report reads.

Joseph Cox, and Lorenzo Franceschi-Bicchierai, reporting for Motherboard: Apple confirmed to The New York Times Wednesday it was going to introduce a new security feature, first reported by Motherboard. USB Restricted Mode, as the new feature is called, essentially turns the iPhone's lightning cable port into a charge-only interface if someone hasn't unlocked the device with its passcode within the last hour, meaning phone forensic tools shouldn't be able to unlock phones. Naturally, this feature has sent waves throughout the mobile phone forensics and law enforcement communities, as accessing iPhones may now be substantially harder, with investigators having to rush a seized phone to an unlocking device as quickly as possible.

That includes GrayKey, a relatively new and increasingly popular iPhone cracking tool. But forensics experts suggest that Grayshift, the company behind the tech, is not giving up yet. "Grayshift has gone to great lengths to future proof their technology and stated that they have already defeated this security feature in the beta build. Additionally, the GrayKey has built in future capabilities that will begin to be leveraged as time goes on,' a June email from a forensic expert who planned to meet with Grayshift, and seen by Motherboard, reads, although it is unclear from the email itself how much of this may be marketing bluff. "They seem very confident in their staying power for the future right now," the email adds. A second person, responding to the first email, said that Grayshift addressed USB Restricted Mode in a webinar several weeks ago.

An anonymous reader writes: Between 60 and 90 percent of the world's fresh water is frozen in the ice sheets of Antarctica, a continent roughly the size of the United States and Mexico combined. If all that ice melted, it would be enough to raise the world's sea levels by roughly 200 feet. While that won't happen overnight, Antarctica is indeed melting, and a study published Wednesday in the journal Nature shows that the melting is speeding up. The rate at which Antarctica is losing ice has tripled since 2007, according to the latest available data. The continent is now melting so fast, scientists say, that it will contribute six inches (15 centimeters) to sea-level rise by 2100. That is at the upper end of what the Intergovernmental Panel on Climate Change has estimated Antarctica alone could contribute to sea level rise this century.

"Around Brooklyn you get flooding once a year or so, but if you raise sea level by 15 centimeters then that's going to happen 20 times a year," said Andrew Shepherd, a professor of earth observation at the University of Leeds and the lead author of the study. Even under ordinary conditions, Antarctica's landscape is perpetually changing as icebergs calve, snow falls and ice melts on the surface, forming glacial sinkholes known as moulins. But what concerns scientists is the balance of how much snow and ice accumulates in a given year versus the amount that is lost.

A concentrated campaign of price manipulation may have accounted for at least half of the increase in the price of Bitcoin and other big cryptocurrencies last year, according to a paper released on Wednesday by an academic with a history of spotting fraud in financial markets. From a report, first shared to us by reader davidwr: The paper by John Griffin, a finance professor at the University of Texas, and Amin Shams, a graduate student, is likely to stoke a debate about how much of Bitcoin's skyrocketing gain last year was caused by the covert actions of a few big players, rather than real demand from investors. Many industry players expressed concern at the time that the prices were being pushed up at least partly by activity at Bitfinex, one of the largest and least regulated exchanges in the industry. The exchange, which is registered in the Caribbean with offices in Asia, was subpoenaed by American regulators shortly after articles about the concerns appeared in The New York Times and other publications. Mr. Griffin looked at the flow of digital tokens going in and out of Bitfinex and identified several distinct patterns that suggest that someone or some people at the exchange successfully worked to push up prices when they sagged at other exchanges. To do that, the person or people used a secondary virtual currency, known as Tether, which was created and sold by the owners of Bitfinex, to buy up those other cryptocurrencies.

Anonymous readers share a report: As President Trump prepares to meet Kim Jong-un of North Korea to negotiate denuclearization, a challenge that has bedeviled the world for years, he is doing so without the help of a White House science adviser or senior counselor trained in nuclear physics. Mr. Trump is the first president since 1941 not to name a science adviser, a position created during World War II to guide the Oval Office on technical matters ranging from nuclear warfare to global pandemics. As a businessman and president, Mr. Trump has proudly been guided by his instincts. Nevertheless, people who have participated in past nuclear negotiations say the absence of such high-level expertise could put him at a tactical disadvantage in one of the weightiest diplomatic matters of his presidency.

"You need to have an empowered senior science adviser at the table," said R. Nicholas Burns, who led negotiations with India over a civilian nuclear deal during the George W. Bush administration. "You can be sure the other side will have that." The lack of traditional scientific advisory leadership in the White House is one example of a significant change in the Trump administration: the marginalization of science in shaping United States policy. There is no chief scientist at the State Department, where science is central to foreign policy matters such as cybersecurity and global warming. Nor is there a chief scientist at the Department of Agriculture: Mr. Trump last year nominated Sam Clovis, a former talk-show host with no scientific background, to the position, but he withdrew his name and no new nomination has been made.

According to The New York Times, the Department of Justice seized a New York Times reporter's phone and email records this year in an effort to probe the leaking of classified information, the first known instance of the DOJ going after a journalist's data under President Trump. The Hill reports: The Times reported Thursday that the DOJ seized years' worth of records from journalist Ali Watkins's time as a reporter at BuzzFeed News and Politico before she joined The Times in 2017 as a federal law enforcement reporter, according to the report Thursday. Watkins was alerted by a prosecutor in February that the DOJ had years of records and subscriber information from telecommunications companies such as Google and Verizon for two email accounts and a phone number belonging to her. Investigators did not receive the content of the records, according to The Times. The newspaper reported that it learned of the letter on Thursday.

An anonymous reader quotes a report from The New York Times: Google, reeling from an employee protest over the use of artificial intelligence for military purposes, said Thursday that it would not use A.I. for weapons or for surveillance that violates human rights (Warning: source may be paywalled; alternative source). But it will continue to work with governments and the military. The new rules were part of a set of principles Google unveiled relating to the use of artificial intelligence. In a company blog post, Sundar Pichai, the chief executive, laid out seven objectives for its A.I. technology, including "avoid creating or reinforcing unfair bias" and "be socially beneficial."

Google also detailed applications of the technology that the company will not pursue, including A.I. for "weapons or other technologies whose principal purpose or implementation is to cause or directly facilitate injury to people" and "technologies that gather or use information for surveillance violating internationally accepted norms of human rights." But Google said it would continue to work with governments and military using A.I. in areas including cybersecurity, training and military recruitment. "We recognize that such powerful technology raises equally powerful questions about its use. How A.I. is developed and used will have a significant impact on society for many years to come," Mr. Pichai wrote.

According to a report from The New York Times, Facebook formed data-sharing partnerships with Apple, Samsung, and dozens of other device makers, allowing them to access vast amounts of its users' personal information (Warning: source may be paywalled; alternative source). From the report: Facebook has reached data-sharing partnerships with at least 60 device makers -- including Apple, Amazon, BlackBerry, Microsoft and Samsung -- over the last decade, starting before Facebook apps were widely available on smartphones, company officials said. The deals allowed Facebook to expand its reach and let device makers offer customers popular features of the social network, such as messaging, "like" buttons and address books.

But the partnerships, whose scope has not previously been reported, raise concerns about the company's privacy protections and compliance with a 2011 consent decree with the Federal Trade Commission. Facebook allowed the device companies access to the data of users' friends without their explicit consent, even after declaring that it would no longer share such information with outsiders. Some device makers could retrieve personal information even from users' friends who believed they had barred any sharing, The New York Times found. Most of the partnerships remain in effect, though Facebook began winding them down in April.

According to The New York Times, President Trump has ordered Energy Secretary Rick Perry to "prepare immediate steps" to stop the closure of unprofitable coal and nuclear plants around the country. From the report: Under one proposal outlined in the memo, which was reported by Bloomberg, the Department of Energy would order grid operators to buy electricity from struggling coal and nuclear plants for two years, using emergency authority that is normally reserved for exceptional crises like natural disasters. That idea triggered immediate blowback from a broad alliance of energy companies, consumer groups and environmentalists. On Friday, oil and gas companies joined with wind and solar organizations in a joint statement condemning the plan, saying that it was "legally indefensible" and would force consumers to pay more for electricity.

The administration has also discussed invoking the Defense Production Act of 1950, which allows the federal government to intervene in private industry in the name of national security. (Harry S. Truman used the law to impose price controls on the steel industry during the Korean War.) If the Trump administration were to invoke these two statutes, the move would almost certainly be challenged in federal court by natural gas and renewable energy companies, which could stand to lose market share. Such an intervention could cost consumers between $311 million to $11.8 billion pear year, according to a preliminary estimate (PDF) by Robbie Orvis, director of energy policy design at Energy Innovation.

An anonymous reader quotes a report from The Verge: Google is drawing up a set of guidelines that will steer its involvement in developing AI tools for the military, according to a report from The New York Times. What exactly these guidelines will stipulate isn't clear, but Google says they will include a ban on the use of artificial intelligence in weaponry. The principles are expected to be announced in full in the coming weeks. They are a response to the controversy over the company's decision to develop AI tools for the Pentagon that analyze drone surveillance footage.

Internal emails obtained by the Times show that Google was aware of the upset this news might cause. Chief scientist at Google Cloud, Fei-Fei Li, told colleagues that they should "avoid at ALL COSTS any mention or implication of AI" when announcing the Pentagon contract. "Weaponized AI is probably one of the most sensitized topics of AI -- if not THE most. This is red meat to the media to find all ways to damage Google," said Li. But Google never ended up making the announcement, and it has since been on the back foot defending its decision. The company says the technology it's helping to build for the Pentagon simply "flags images for human review" and is for "non-offensive uses only." The contract is also small by industry standards -- worth just $9 million to Google, according to the Times.

New Bedford hopes to soon be the operations center for the first major offshore wind farm in the United States, bringing billions of dollars of investment and thousands of jobs to the town and other ports on the East Coast. The New York Times: On Wednesday, that effort took a major step forward as the State of Massachusetts, after holding an auction, selected a group made up of a Danish investment firm and a Spanish utility to erect giant turbines on the ocean bottom, beginning about 15 miles off Martha's Vineyard. This initial project will generate 800 megawatts of electricity, roughly enough to power a half a million homes. At the same time, Rhode Island announced it would award a 400-megawatt offshore wind project to another bidder in the auction.

The groups must now work out the details of their contracts with the states' utilities. "We see this not just as a project but as the beginning of an industry," Lars Thaaning Pedersen, the chief executive of Vineyard Wind, which was awarded the Massachusetts contract, said in an interview. Offshore wind farms have increasingly become mainstream sources of power in Northern Europe, and are fast becoming among the cheapest sources of electricity in countries like Britain and Germany. Those power sources in those two countries already account for more than 12 gigawatts of electricity generation capacity.

Apple has reportedly signed a deal with Volkswagen (Warning: source may be paywalled; alternative source) to turn some of the carmaker's new T6 Transporter vans into Apple's self-driving shuttles for employees. The deal comes after the tech giant failed to partner with luxury carmakers BMW and Mercedes-Benz to develop an all-electric self-driving car. "[T]talks with those companies have ended after each rebuffed Apple's requirements to hand over control of the data and design," reports The New York Times. From the report: Apple's deal with Volkswagen, which hasn't been previously reported, and the failure of its talks with other automakers reflect the continuing travails and diminished scope of the company's four-year-old car program. The project has suffered from repeated changes in direction that have hurt morale and led to hundreds of departures from its peak of more than 1,000 members two years ago, five former Apple employees said. They added that the team was now mostly consumed with developing the self-driving shuttle but the project lacks a clear plan beyond the vans.

The Internet Archive's Wayback Machine is a service that preserves web pages. But the site has been deleting evidence of companies selling malware to illegally spy on spouses, Motherboard reported Tuesday. From the report: The company in question is FlexiSpy, a Thailand-based firm which offers desktop and mobile malware. The spyware can intercept phone calls, remotely turn on a device's microphone and camera, steal emails and social media messages, as well as track a target's GPS location. Previously, pages from FlexiSpy's website saved to the Wayback Machine showed a customer survey, with over 50 percent of respondents saying they were interested in a spy phone product because they believe their partner may be cheating. That particular graphic was mentioned in a recent New York Times piece on the consumer spyware market.

In another example, a Wayback Machine archive of FlexiSpy's homepage showed one of the company's catchphrases: "Many spouses cheat. They all use cell phones. Their cell phone will tell you what they won't." Now, those pages are no longer on the Wayback Machine. Instead, when trying to view seemingly any page from FlexiSpy's domain on the archiving service, the page reads "This URL has been excluded from the Wayback Machine."

Nick Wingfield, reporting for The New York Times: In late 2016, Amazon introduced a new online service that could help identify faces and other objects in images, offering it to anyone at a low cost through its giant cloud computing division, Amazon Web Services. Not long after, it began pitching the technology to law enforcement agencies, saying the program could aid criminal investigations by recognizing suspects in photos and videos. It used a couple of early customers, like the Orlando Police Department in Florida and the Washington County Sheriff's Office in Oregon, to encourage other officials to sign up.

But now that aggressive push is putting the giant tech company at the center of an increasingly heated debate around the role of facial recognition in law enforcement. Fans of the technology see a powerful new tool for catching criminals, but detractors see an instrument of mass surveillance. On Tuesday, the American Civil Liberties Union led a group of more than two dozen civil rights organizations that asked Amazon to stop selling its image recognition system, called Rekognition, to law enforcement. The group says that the police could use it to track protesters or others whom authorities deem suspicious, rather than limiting it to people committing crimes.

Nick Wingfield, reporting for The New York Times: In late 2016, Amazon introduced a new online service that could help identify faces and other objects in images, offering it to anyone at a low cost through its giant cloud computing division, Amazon Web Services. Not long after, it began pitching the technology to law enforcement agencies, saying the program could aid criminal investigations by recognizing suspects in photos and videos. It used a couple of early customers, like the Orlando Police Department in Florida and the Washington County Sheriff's Office in Oregon, to encourage other officials to sign up.

But now that aggressive push is putting the giant tech company at the center of an increasingly heated debate around the role of facial recognition in law enforcement. Fans of the technology see a powerful new tool for catching criminals, but detractors see an instrument of mass surveillance. On Tuesday, the American Civil Liberties Union led a group of more than two dozen civil rights organizations that asked Amazon to stop selling its image recognition system, called Rekognition, to law enforcement. The group says that the police could use it to track protesters or others whom authorities deem suspicious, rather than limiting it to people committing crimes.

The Supreme Court on Monday ruled that companies can use arbitration clauses in employment contracts to prohibit workers from banding together to take legal action over workplace issues. From a report: The vote was 5 to 4, with the court's more conservative justices in the majority. The court's decision could affect some 25 million employment contracts. Writing for the majority, Justice Neil M. Gorsuch said the court's conclusion was dictated by a federal law favoring arbitration and the court's precedents. If workers were allowed to band together to press their claims, he wrote, "the virtues Congress originally saw in arbitration, its speed and simplicity and inexpensiveness, would be shorn away and arbitration would wind up looking like the litigation it was meant to displace." Justice Ruth Bader Ginsburg read her dissent from the bench, a sign of profound disagreement. In her written dissent, she called the majority opinion "egregiously wrong." In her oral statement, she said the upshot of the decision "will be huge under-enforcement of federal and state statutes designed to advance the well being of vulnerable workers."

An anonymous reader quotes a report from The New York Times: Will it soon be possible to simulate the feeling of a spirit not attached to any particular physical form using virtual or augmented reality? If so, a good place to start would be to figure out the minimal amount of body we need to feel a sense of self, especially in digital environments where more and more people may find themselves for work or play. It might be as little as a pair of hands and feet, report Dr. Michiteru Kitazaki and a Ph.D. student, Ryota Kondo. In a paper published Tuesday in Scientific Reports, they showed that animating virtual hands and feet alone is enough to make people feel their sense of body drift toward an invisible avatar (Warning: source may be paywalled; alternative source). Their work fits into a corpus of research on illusory body ownership, which has challenged understandings of perception and contributed to therapies like treating pain for amputees who experience phantom limb.

Using an Oculus Rift virtual reality headset and a motion sensor, Dr. Kitazaki's team performed a series of experiments in which volunteers watched disembodied hands and feet move two meters in front of them in a virtual room. In one experiment, when the hands and feet mirrored the participants' own movements, people reported feeling as if the space between the appendages were their own bodies. In another experiment, the scientists induced illusory ownership of an invisible body, then blacked out the headset display, effectively blindfolding the subjects. The researchers then pulled them a random distance back and asked them to return to their original position, still virtually blindfolded. Consistently, the participants overshot their starting point, suggesting that their sense of body had drifted or "projected" forward, toward the transparent avatar.

Unless you've been living under a rock for the past few days, you've probably heard about the controversy over "Yanny" and "Laurel." The internet has been abuzz over an audio clip in which the name being said depends on the listener. Some hear "Laurel" while others hear "Yanny." Ian Vargo, an audio enthusiast who spends most of his working hours of the day listening to and editing audio, helps explain why we hear the name that we do: Human speech is actually composed of many frequencies, in part because we have a resonant chest cavity which creates lower frequencies, and the throat and mouth which creates higher frequencies. The word "laurel" contains a combination of both which are therefore present in the original recording at vocabulary.com, but the clip that you most likely heard has accentuated higher frequencies due to imperfections in the audio that were created by data compression. To make it worse, the playback device that many people first heard the audio clip playing out of was probably a speaker system built into a cellular phone, which is too small to accurately recreate low frequencies.

This helpful interactive tool from The New York Times allows you to use a slider to more clearly hear one or the other. Pitch shifting the audio clip up seems to accentuate "laurel" whereas shifting it down accentuates "yanny." In summary, this perfect storm of the human voice creating both low and high frequencies, the audio clip having been subject to data compression used to create smaller, more convenient files, and our tendency to listen out of devices with subpar playback components lead to an apparent near-even split of the population hearing "laurel" or "yanny."

An anonymous reader quotes a report from The New York Times: The Kilauea volcano erupted from its summit on Thursday morning (Warning: source may be paywalled; alternative source), spewing an ash plume that reached 30,000 feet above the island of Hawaii, the authorities said. The eruption was the most forceful new explosion so far at Kilauea, one of the world's most active volcanoes. Kilauea has already been triggering small earthquakes, creating gas-emitting fissures and releasing flows of lava that have destroyed dozens of homes this month. The Hawaiian Volcano Observatory issued a "code red" warning that additional activity could be expected. "At any time, activity may again become more explosive, increasing the intensity of ash production and producing ballistic projectiles near the vent," the observatory said. But Dr. Michelle Coombs of the United States Geological Survey said that ash fall from the eruption, which occurred shortly after 4 a.m., was "pretty limited" to the area around Hawaii Volcanoes National Park. She emphasized that the new eruption wasn't the "big one" that some are fearing, drawing a contrast with the eruption in 1980 of Mount St. Helens in Washington State that killed 57 people.

Earlier this week, ZDNet shed some light on a company called LocationSmart that is buying your real-time location data from four of the largest U.S. carriers in the United States. The story blew up because a former police sheriff snooped on phone location data without a warrant, according to The New York Times. ZDNet is now reporting that the company "had a bug in its website that allowed anyone to see where a person is located -- without obtaining their consent." An anonymous reader shares an excerpt: "Due to a very elementary bug in the website, you can just skip that consent part and go straight to the location," said Robert Xiao, a PhD. student at the Human-Computer Interaction Institute at Carnegie Mellon University, in a phone call. "The implication of this is that LocationSmart never required consent in the first place," he said. "There seems to be no security oversight here." The "try" website was pulled offline after Xiao privately disclosed the bug to the company, with help from CERT, a public vulnerability database, also at Carnegie Mellon. Xiao said the bug may have exposed nearly every cell phone customer in the U.S. and Canada, some 200 million customers.

The researcher said he started looking at LocationSmart's website following ZDNet's report this week, which followed from a story from The New York Times, which revealed how a former police sheriff snooped on phone location data without a warrant. The sheriff has pleaded not guilty to charges of unlawful surveillance. He said one of the APIs used in the "try" page that allows users to try the location feature out was not validating the consent response properly. Xiao said it was "trivially easy" to skip the part where the API sends the text message to the user to obtain their consent. "It's a surprisingly simple bug," he said.

An anonymous reader quotes a report from CBS News: The Justice Department and FBI are investigating Cambridge Analytica, the now-shuttered political data firm that was once used by the Trump campaign and came under scrutiny for harvesting data of millions of users, The New York Times reported on Tuesday. The Times, citing a U.S. official and people familiar with the inquiry, reported federal investigators have looked to question former employees and banks connected to the firm.

The Times reports prosecutors have informed potential witnesses there is an open investigation into the firm, whose profiles of voters were intended to help with elections. One source tells CBS News correspondent Paula Reid prosecutors are investigating the firm for possible financial crimes. A company that has that much regulatory scrutiny is almost guaranteed to have federal prosecutors interested, Reid was told. Christopher Wylie, a former Cambridge Analytica employee who spoke out about the data sharing practices, told the Times federal investigators had contacted him. The American official told the Times investigators have also contacted Facebook as a part of the probe.

An anonymous reader quotes a report from The New York Times: In weekly online posts last year, WikiLeaks released a stolen archive of secret documents about the Central Intelligence Agency's hacking operations, including software exploits designed to take over iPhones and turn smart television sets into surveillance devices. It was the largest loss of classified documents in the agency's history and a huge embarrassment for C.I.A. officials. Now, The New York Times has learned the identity of the prime suspect in the breach (Warning: source may be paywalled; alternative source): a 29-year-old former C.I.A. software engineer who had designed malware used to break into the computers of terrorism suspects and other targets.

F.B.I. agents searched the Manhattan apartment of the suspect, Joshua A. Schulte, one week after WikiLeaks released the first of the C.I.A. documents in March last year, and then stopped him from flying to Mexico on vacation, taking his passport, according to court records and family members. The search warrant application said Mr. Schulte was suspected of "distribution of national defense information," and agents told the court they had retrieved "N.S.A. and C.I.A. paperwork" in addition to a computer, tablet, phone and other electronics. But instead of charging Mr. Schulte in the breach, referred to as the Vault 7 leak, prosecutors charged him last August with possessing child pornography, saying agents had found the material on a server he created as a business in 2009 while he was a student at the University of Texas.

Four of the largest cell giants in the US are selling your real-time location data to a company that you've probably never heard about before. ZDNet: In case you missed it, a senator last week sent a letter demanding the Federal Communications Commission (FCC) investigate why Securus, a prison technology company, can track any phone "within seconds" by using data obtained from the country's largest cell giants, including AT&T, Verizon, T-Mobile, and Sprint, through an intermediary, LocationSmart. The story blew up because a former police sheriff snooped on phone location data without a warrant, according The New York Times. The sheriff has pleaded not guilty to charges of unlawful surveillance.

Yet little is known about how LocationSmart obtained the real-time location data on millions of Americans, how the required consent from cell user owners was obtained, and who else has access to the data. Kevin Bankston, director of New America's Open Technology Institute, explained in a phone call that the Electronic Communications Privacy Act only restricts telecom companies from disclosing data to the government. It doesn't restrict disclosure to other companies, who then may disclose that same data to the government. He called that loophole "one of the biggest gaps in US privacy law. The issue doesn't appear to have been directly litigated before, but because of the way that the law only restricts disclosures by these types of companies to government, my fear is that they would argue that they can do a pass-through arrangement like this," he said. Further reading: The Tech Used To Monitor Inmate Calls Is Able To Track Civilians Too.