Slashdot Mirror

Google executives are conducting a secret internal assessment of work on a censored search engine for China. "A small group of top managers at the internet giant are conducting a 'performance review' of the controversial effort to build the search platform, known as Dragonfly, which was designed to blacklist information about human rights, democracy, religion, and peaceful protest," reports The Intercept. From the report: Performance reviews at Google are undertaken annually to evaluate employees' output and development. They are usually carried out in an open, peer review-style process: Workers grade each other's projects and the results are then assessed by management, who can reward employees with promotion if they are deemed ready to progress at the company. In the case of Dragonfly, however, the peer review aspect has been removed, subverting the normal procedure. In a move described as highly unusual by two Google sources, executives set up a separate group of closed "review committees," comprised of senior managers who had all previously been briefed about the China search engine.

The existence of the Dragonfly review committees has not been disclosed to rank-and-file Google employees, except for the few who have been evaluated by the committees because they worked on China search. Fewer than a dozen top managers at the company are said to be looped in on the review, which has involved studying documents and technical work related to Dragonfly. "Management has decided to commit to keeping this stuff secret," said a source with knowledge of the review. They are "holding any Dragonfly-specific documents out of [employees'] review tools, so that promotion is decided only by a committee that is read in on Dragonfly." Executives likely feared that following the normal, more open performance review process with Dragonfly would have allowed workers across the company to closely scrutinize it, according to two Google sources.

Google is still pursuing its plan to launch a censored search engine for China, The Intercept reported Monday, citing unnamed employees. From the report: Late last year, bosses moved engineers away from working on the controversial project, known as Dragonfly, and said that there were no current plans to launch it. However, a group of employees at the company was unsatisfied with the lack of information from leadership on the issue -- and took matters into their own hands. The group has identified ongoing work on a batch of code that is associated with the China search engine, according to three Google sources. [...] The employees have been keeping tabs on repositories of code that are stored on Google's computers, which they say is linked to Dragonfly. The code was created for two smartphone search apps -- named Maotai and Longfei -- that Google planned to roll out in China for users of Android and iOS mobile devices.

Google hired gig economy workers to help build out a controversial AI program that the company had paired with the Pentagon to build, according to a new report from The Intercept. "The workers were hired through a crowdsourcing gig company outfit called Figure Eight, which pays as little at $1 an hour for people to perform short, seemingly mindless tasks," reports The Verge. "Whether the individuals were identifying objects in CAPTCHA-like images, or other simple tasks, the workers were helping to train Google's AI that was created as part of a Defense Department initiative known as Project Maven." From the report: Project Maven is a Pentagon project intended to use machine learning and artificial intelligence in order to differentiate people and objects in thousands of hours of drone footage. By employing these crowdsourced microworkers, Google was able to use them to teach the algorithms it was running how to distinguish between human targets and surrounding objects. According to The Intercept, these workers had no idea who their work was benefitting or what they were building.

Figure Eight, which was previously known as Crowdflower, is one of the largest platforms that employs microworkers. On its website, Figure Eight says its platform "combines human intelligence at scale with cutting-edge models to create the highest quality training data for your machine learning (ML) projects." By partnering with these microworker outfits, Google could quickly and cheaply build out its AI. "You upload your data to our platform and we provide the annotations, judgments, and labels you need to create accurate ground truth for your models," the website reads. Google decided against renewing its contract with the Defense Department last June after over 3,000 employees signed a petition in protest of the company's involvement in Project Maven. The deal is set to end in March 2019.

A new website exposes the extent to which Apple cooperates with Chinese government internet censorship, blocking access to Western news sources, information about human rights and religious freedoms, and privacy-enhancing apps that would circumvent the country's pervasive online surveillance regime. The Intercept: The new site, AppleCensorship.com , allows users to check which apps are not accessible to people in China through Apple's app store, indicating those that have been banned. It was created by researchers at GreatFire.org, an organization that monitors Chinese government internet censorship. In late 2017, Apple admitted to U.S. senators that it had removed from its app store in China more than 600 "virtual private network" apps that allow users to evade censorship and online spying. But the company never disclosed which specific apps it removed -- nor did it reveal other services it had pulled from its app store at the behest of China's authoritarian government.

In New York and other states across the country, authorities are acquiring technology to extract and digitize the voices of incarcerated people into unique biometric signatures, known as voice prints. From a report: Prison authorities have quietly enrolled hundreds of thousands of incarcerated people's voice prints into large-scale biometric databases. Computer algorithms then draw on these databases to identify the voices taking part in a call and to search for other calls in which the voices of interest are detected. Some programs, like New York's, even analyze the voices of call recipients outside prisons to track which outsiders speak to multiple prisoners regularly.

Corrections officials representing the states of Texas, Florida, and Arkansas, along with Arizona's Yavapai and Pinal counties; Alachua County, Florida; and Travis County, Texas, also confirmed that they are actively using voice recognition technology today. And a review of contracting documents identified other jurisdictions that have acquired similar voice-print capture capabilities: Connecticut and Georgia state corrections officials have signed contracts for the technology

Authorities and prison technology companies say this mass biometric surveillance supports prison security and fraud prevention efforts. But civil liberties advocates argue that the biometric buildup has been neither transparent nor consensual. Some jurisdictions, for example, limit incarcerated people's phone access if they refuse to enroll in the voice recognition system, while others enroll incarcerated people without their knowledge. Once the data exists, they note, it could potentially be used by other agencies, without any say from the public.

An anonymous reader quotes a report from The Intercept: Most of the data collected by urban planners is messy, complex, and difficult to represent. It looks nothing like the smooth graphs and clean charts of city life in urban simulator games like "SimCity." A new initiative from Sidewalk Labs, the city-building subsidiary of Google's parent company Alphabet, has set out to change that. The program, known as Replica, offers planning agencies the ability to model an entire city's patterns of movement. Like "SimCity," Replica's "user-friendly" tool deploys statistical simulations to give a comprehensive view of how, when, and where people travel in urban areas. It's an appealing prospect for planners making critical decisions about transportation and land use. In recent months, transportation authorities in Kansas City, Portland, and the Chicago area have signed up to glean its insights. The only catch: They're not completely sure where the data is coming from.

Typical urban planners rely on processes like surveys and trip counters that are often time-consuming, labor-intensive, and outdated. Replica, instead, uses real-time mobile location data. As Nick Bowden of Sidewalk Labs has explained, "Replica provides a full set of baseline travel measures that are very difficult to gather and maintain today, including the total number of people on a highway or local street network, what mode they're using (car, transit, bike, or foot), and their trip purpose (commuting to work, going shopping, heading to school)." To make these measurements, the program gathers and de-identifies the location of cellphone users, which it obtains from unspecified third-party vendors. It then models this anonymized data in simulations -- creating a synthetic population that faithfully replicates a city's real-world patterns but that "obscures the real-world travel habits of individual people," as Bowden told The Intercept. The program comes at a time of growing unease with how tech companies use and share our personal data -- and raises new questions about Google's encroachment on the physical world.

In October last year, Bloomberg Businessweek published an alarming story: Operatives working for China's People's Liberation Army had secretly implanted microchips into motherboards made in China and sold by U.S.-based Supermicro. While Bloomberg's story -- which has been challenged by numerous players -- may well be completely (or partly) wrong, the danger of China compromising hardware supply chains is very real, judging from classified intelligence documents, reports The Intercept. From the report: U.S. spy agencies were warned about the threat in stark terms nearly a decade ago and even assessed that China was adept at corrupting the software bundled closest to a computer's hardware at the factory, threatening some of the U.S. government's most sensitive machines, according to documents provided by National Security Agency whistleblower Edward Snowden. The documents also detail how the U.S. and its allies have themselves systematically targeted and subverted tech supply chains, with the NSA conducting its own such operations, including in China, in partnership with the CIA and other intelligence agencies. The documents also disclose supply chain operations by German and French intelligence.

What's clear is that supply chain attacks are a well-established, if underappreciated, method of surveillance -- and much work remains to be done to secure computing devices from this type of compromise. "An increasing number of actors are seeking the capability to target ... supply chains and other components of the U.S. information infrastructure," the intelligence community stated in a secret 2009 report. "Intelligence reporting provides only limited information on efforts to compromise supply chains, in large part because we do not have the access or technology in place necessary for reliable detection of such operations."

On Friday, a coalition of Chinese, Tibetan, Uighur, and human rights groups organized demonstrations outside Google's offices in the U.S., U.K., Canada, India, Mexico, Chile, Argentina, Sweden, Switzerland, and Denmark, protesting the company's plan to launch a censored version of its search engine in China. The Intercept reports: Google designed the Chinese search engine, code-named Dragonfly, to blacklist information about human rights, democracy, religion, and peaceful protest, in accordance with strict rules on censorship in China that are enforced by the country's authoritarian Communist Party government. In December, The Intercept revealed that an internal dispute had forced Google to shut down a data analysis system that it was using to develop the search engine. This had "effectively ended" the project, sources said, because the company's engineers no longer had the tools they needed to build it.

But Google bosses have not publicly stated that they will cease development of Dragonfly. And the company's CEO Sundar Pichai has refused to rule out potentially launching the search engine some time in the future, though he has insisted that there are no current plans to do so. The organizers of Friday's protests -- which were timed to coincide with Internet Freedom Day -- said that they would continue to demonstrate "until Google executives confirm that Project Dragonfly has been canceled, once and for all." Google "should be connecting the world through the sharing of information, not facilitating human rights abuses by a repressive government determined to crush all forms of peaceful online dissent," said Gloria Montgomery, director at Tibet Society UK. "Google's directors must urgently take heed of calls from employees and tens of thousands of global citizens demanding that they immediately halt project Dragonfly. If they don't, Google risks irreversible damage to its reputation."

Amazon-owned Ring allowed employees to access customers' live camera feeds, according to a report from The Intercept. "Ring's engineers and executives have 'highly privileged access' to live camera feeds from customers' devices," reports 9to5Google. "This includes both doorbells facing the outside world, as well as cameras inside a person's home. A team tasked with annotating video to aid in object recognition captured 'people kissing, firing guns, and stealing.'" From the report: U.S. employees specifically had access to a video portal intended for technical support that reportedly allowed "unfiltered, round-the-clock live feeds from some customer cameras." What's surprising is how this support tool was apparently not restricted to only employees that dealt with customers. The Intercept notes that only a Ring customer's email address was required to access any live feed.

According to the report's sources, employees had a blase attitude to this potential privacy violation, but noted that they "never personally witnessed any egregious abuses." Meanwhile, a second group of Ring employees working on R&D in Ukraine had access to a folder housing "every video created by every Ring camera around the world." What's more, these employees had a "corresponding database that linked each specific video file to corresponding specific Ring customers." Also bothersome is Ring's reported stance towards encryption. Videos in that bucket were unencrypted due to the costs associated with implementation and "lost revenue opportunities due to restricted access." In response to the report, Ring said: "We have strict policies in place for all our team members. We implement systems to restrict and audit access to information. We hold our team members to a high ethical standard and anyone in violation of our policies faces discipline, including termination and potential legal and criminal penalties. In addition, we have zero tolerance for abuse of our systems and if we find bad actors who have engaged in this behavior, we will take swift action against them."

Less than five months after Google's plan to build a censored search engine and other tools for the Chinese market became public, the company has "effectively ended" the project, reports The Intercept. From the report: Google has been forced to shut down a data analysis system it was using to develop a censored search engine for China after members of the company's privacy team raised internal complaints that it had been kept secret from them, The Intercept has learned. The internal rift over the system has had massive ramifications, effectively ending work on the censored search engine, known as Dragonfly, according to two sources familiar with the plans. The incident represents a major blow to top Google executives, including CEO Sundar Pichai, who have over the last two years made the China project one of their main priorities.

The dispute began in mid-August, when the The Intercept revealed that Google employees working on Dragonfly had been using a Beijing-based website to help develop blacklists for the censored search engine, which was designed to block out broad categories of information related to democracy, human rights, and peaceful protest, in accordance with strict rules on censorship in China that are enforced by the country's authoritarian Communist Party government.

An anonymous reader quotes a report from The Intercept about Google's secretive plans to build a censor version of its search engine for China: The objective, code-named Dragonfly, was to build a search engine for China that would censor broad categories of information about human rights, democracy, and peaceful protest. Yonatan Zunger, then a 14-year veteran of Google and one of the leading engineers at the company, was among a small group who had been asked to work on Dragonfly. He was present at some of the early meetings and said he pointed out to executives managing the project that Chinese people could be at risk of interrogation or detention if they were found to have used Google to seek out information banned by the government.

Scott Beaumont, Google's head of operations in China and one of the key architects of Dragonfly, did not view Zunger's concerns as significant enough to merit a change of course, according to four people who worked on the project. Beaumont and other executives then shut out members of the company's security and privacy team from key meetings about the search engine, the four people said, and tried to sideline a privacy review of the plan that sought to address potential human rights abuses. Google's leadership considered Dragonfly so sensitive that they would often communicate only verbally about it and would not take written notes during high-level meetings to reduce the paper trail, two sources said. Only a few hundred of Google's 88,000 workforce were briefed about the censorship plan. Some engineers and other staff who were informed about the project were told that they risked losing their jobs if they dared to discuss it with colleagues who were themselves not working on Dragonfly.

Multiple readers have shared a report: Apparently fueled by anti-Semitism and the bogus narrative that outside forces are scheming to exterminate the white race, Robert Bowers murdered 11 Jewish congregants as they gathered inside their Pittsburgh synagogue, federal prosecutors allege. But despite long-running international efforts to debunk the idea of a "white genocide," Facebook was still selling advertisers the ability to market to those with an interest in that myth just days after the bloodshed. Earlier this week, The Intercept was able to select "white genocide conspiracy theory" as a pre-defined "detailed targeting" criterion on the social network to promote two articles to an interest group that Facebook pegged at 168,000 users large and defined as "people who have expressed an interest or like pages related to White genocide conspiracy theory." The paid promotion was approved by Facebook's advertising wing.

After we contacted the company for comment, Facebook promptly deleted the targeting category, apologized, and said it should have never existed in the first place. Our reporting technique was the same as one used by the investigative news outlet ProPublica to report, just over one year ago, that in addition to soccer dads and Arianna Grande fans, "the world's largest social network enabled advertisers to direct their pitches to the news feeds of almost 2,300 people who expressed interest in the topics of 'Jew hater,' 'How to burn jews,' or, 'History of "why jews ruin the world."" The report exposed how little Facebook was doing to vet marketers, who pay the company to leverage personal information and inclinations in order to gain users' attention -- and who provide the foundation for its entire business model.

An anonymous reader quotes a report from The Hill: An Amazon employee is seeking to put new pressure on the company to stop selling its facial recognition technology to law enforcement. An anonymous worker, whose employment at Amazon was verified by Medium, published an op-ed on that platform on Tuesday criticizing the company's facial recognition work and urging the company to respond to an open letter delivered by a group of employees. The employee wrote that the government has used surveillance tools in a way that disproportionately hurts "communities of color, immigrants, and people exercising their First Amendment rights."

"Ignoring these urgent concerns while deploying powerful technologies to government and law enforcement agencies is dangerous and irresponsible," the person wrote. "That's why we were disappointed when Teresa Carlson, vice president of the worldwide public sector of Amazon Web Services, recently said that Amazon 'unwaveringly supports' law enforcement, defense, and intelligence customers, even if we don't 'know everything they're actually utilizing the tool for.'" The op-ed comes one day after Amazon CEO Jeff Bezos defended technology companies working with the federal government on matters of defense during Wired's ongoing summit in San Francisco. "If big tech companies are going to turn their back on the U.S. Department of Defense, this country is going to be in trouble," Bezos said on Monday.

Google CEO Sundar Pichai has refused to answer a list of questions from U.S. lawmakers about the company's secretive plan for a censored search engine in China. From a report: In a letter newly obtained by The Intercept, Pichai told a bipartisan group of six senators that Google could have "broad benefits inside and outside of China," but said he could not share details about the censored search engine because it "remains unclear" whether the company "would or could release a search service" in the country. Pichai's letter contradicts the company's search engine chief, Ben Gomes, who informed staff during a private meeting that the company was aiming to release the platform in China between January and April 2019. Gomes told employees working on the Chinese search engine that they should get it ready to be "brought off the shelf and quickly deployed."

[...] In his letter to the senators, dated August 31, Pichai did not mention the word "censorship" or address human rights concerns. He told the senators that "providing access to information to people around the world is central to our mission," and said he believed Google's tools could "help to facilitate an exchange of information and learning." The company was committed to "promoting access to information, freedom of expression, and user privacy," he wrote, while also "respecting the laws of jurisdictions in which we operate."

Google intends to launch a censored version of its Search app for China sometime in the next six to nine months, according to a leaked transcript from a private employee meeting held last month. The Intercept's Ryan Gallagher today reported the company's Search engine chief, Ben Gomes, held a meeting to congratulate a room full of employees working on the platform, dubbed Project Dragonfly. From a report: According to The Intercept, Gomes talked about the launch timeline: "While we are saying it's going to be six and nine months [to launch], the world is a very dynamic place." He goes on to point out that the current political climate makes it difficult to pinpoint a definite timeline, but indicates employees should be ready to launch whenever a "window opens." These comments come in stark contrast to public statements given recently by both Gomes and Google's chief privacy officer, Kieth Enright.

Speaking to members of Congress last month, Enright tried to skirt the issue of the Dragonfly project by playing dumb. According to Wired he didn't quite deny involvement, and in fact admitted the company had explored the idea, but simply stated Google wasn't "close to launching" the censored Search engine and that he was "not clear on the contours of what is in scope or out of scope for that project." Gomes took the soft-denial a step further when he told the BBC "Right now all we've done is some exploration, but since we don't have any plans to launch something there's nothing much I can say about it."

Google built a prototype of a censored search engine for China that links users' searches to their personal phone numbers, thus making it easier for the Chinese government to monitor people's queries, The Intercept, which first published information about Google's efforts to build a censored search engine in China last month, reported Friday. From the report: The search engine, codenamed Dragonfly, was designed for Android devices, and would remove content deemed sensitive by China's ruling Communist Party regime, such as information about political dissidents, free speech, democracy, human rights, and peaceful protest. Previously undisclosed details about the plan, obtained by The Intercept on Friday, show that Google compiled a censorship blacklist that included terms such as "human rights," "student protest," and "Nobel Prize" in Mandarin. Leading human rights groups have criticized Dragonfly, saying that it could result in the company "directly contributing to, or [becoming] complicit in, human rights violations." A central concern expressed by the groups is that, beyond the censorship, user data stored by Google on the Chinese mainland could be accessible to Chinese authorities, who routinely target political activists and journalists. Sources familiar with the project said that prototypes of the search engine linked the search app on a user's Android smartphone with their phone number. This means individual people's searches could be easily tracked -- and any user seeking out information banned by the government could potentially be at risk of interrogation or detention if security agencies were to obtain the search records from Google.

A senior Google research scientist has quit the company in protest over its plan to launch a censored version of its search engine in China. The Intercept: Jack Poulson worked for Google's research and machine intelligence department, where he was focused on improving the accuracy of the company's search systems. In early August, Poulson raised concerns with his managers at Google after The Intercept revealed that the internet giant was secretly developing a Chinese search app for Android devices. The search system, code-named Dragonfly, was designed to remove content that China's authoritarian government views as sensitive, such as information about political dissidents, free speech, democracy, human rights, and peaceful protest. After entering into discussions with his bosses, Poulson decided in mid-August that he could no longer work for Google. He tendered his resignation and his last day at the company was August 31. He told The Intercept in an interview that he believes he is one of about five of the company's employees to resign over Dragonfly. He felt it was his "ethical responsibility to resign in protest of the forfeiture of our public human rights commitments," he said.

TuballoyThunder writes: According to The Intercept, it appears that the LinkNYC free Wi-Fi might be designed to track users. This and other concerns were raised during a 2015 discussion on Slashdot. While many people are comfortable in trading their privacy for ostensibly free services, it is disheartening when municipalities collaborate with business to make it happen. "In May of this year, Charles Meyers, an undergraduate at New York City College of Technology, came across folders in LinkNYC's public library on GitHub, a platform for managing files and software, that appear to raise further questions about location tracking and the platform's protection of its users' data," reports The Intercept. "Meyers made copies of the codebases in question -- 'LinkNYC Mobile Observation' and 'RxLocation' -- and shared both folders with The Intercept."

Meyers says the "LinkNYC Mobile Observation" code collects the user's longitude and latitude, browser type, OS, device type, device identifiers, and full URL clickstreams (including data and time) and "aggregates this information into a database," the report says. Meyer's believes the company is interested in tracking the location of Wi-Fi users in real time. "If such code were run on a mobile app or kiosk, he said, the company would be able to make advertisements available in real time based on where and who someone was, and that this would constitute a potential violation of the company's privacy policy," reports The Intercept.

Following the revelations, LinkNYC said the code was never intended to be released and was part of a longer-term R&D process. "In this instance, David Mitchell, Intersection's CTO, told the Intercept in an email. "Intersection was prototyping and testing some ideas internally, using employee data only, and mistakenly made source code public on Github. This code is not in use on the LinkNYC network." [Intersection is the "key player" in CityBridge, "a chameleon-like consortium of private companies" that New York City contracted to turn the city's payphone booth network into Wi-Fi-enabled kiosks.]

Three months after the American Civil Liberties Union revealed that Amazon provided facial recognition technology to local law enforcement, a new report by The Intercept says that IBM collaborated with the New York City Police Department to develop a system that allowed officials to search for people by skin color, hair color, gender, age, and various facial features. VentureBeat: The Intercept and the National Institute's nonprofit Investigative Fund, citing "confidential corporate documents" and interviews with engineers involved with the project, write that IBM began developing the analytics platform roughly 10 years ago in partnership with New York's Lower Manhattan Security Initiative counterterrorist center, after an earlier experiment with the city of Chicago. Using "thousands" of photographs from roughly 50 cameras provided by the NYPD, its computer vision system learned from 16,000 points to identify clothing color and other bodily characteristics, in addition to potential threats like unattended packages, people entering off-limits areas, and cars speeding up against the flow of traffic.

An anonymous reader quotes a report from The Intercept: The National Security Agency successfully broke the encryption on a number of "high potential" virtual private networks, including those of media organization Al Jazeera, the Iraqi military and internet service organizations, and a number of airline reservation systems, according to a March 2006 NSA document. The fact that the NSA spied on Al Jazeera's communications was reported by the German newsmagazine Der Spiegel in 2013, but that reporting did not mention that the spying was accomplished through the NSA's compromise of Al Jazeera's VPN. During the Bush administration, high-ranking U.S. officials criticized Al Jazeera, accusing the Qatar-based news organization of having an anti-American bias, including because it broadcasted taped messages from Osama bin Laden.

According to the document, contained in the cache of materials provided by NSA whistleblower Edward Snowden, the NSA also compromised VPNs used by airline reservation systems Iran Air, "Paraguayan SABRE," Russian airline Aeroflot, and "Russian Galileo." Sabre and Galileo are both privately operated, centralized computer systems that facilitate travel transactions like booking airline tickets. Collectively, they are used by hundreds of airlines around the world. In Iraq, the NSA compromised VPNs at the Ministries of Defense and the Interior; the Ministry of Defense had been established by the U.S. in 2004 after the prior iteration was dissolved. Exploitation against the ministries' VPNs appears to have occurred at roughly the same time as a broader "all-out campaign to penetrate Iraqi networks," described by an NSA staffer in 2005.

An anonymous reader quotes a report from The Intercept: The National Security Agency successfully broke the encryption on a number of "high potential" virtual private networks, including those of media organization Al Jazeera, the Iraqi military and internet service organizations, and a number of airline reservation systems, according to a March 2006 NSA document. The fact that the NSA spied on Al Jazeera's communications was reported by the German newsmagazine Der Spiegel in 2013, but that reporting did not mention that the spying was accomplished through the NSA's compromise of Al Jazeera's VPN. During the Bush administration, high-ranking U.S. officials criticized Al Jazeera, accusing the Qatar-based news organization of having an anti-American bias, including because it broadcasted taped messages from Osama bin Laden.

According to the document, contained in the cache of materials provided by NSA whistleblower Edward Snowden, the NSA also compromised VPNs used by airline reservation systems Iran Air, "Paraguayan SABRE," Russian airline Aeroflot, and "Russian Galileo." Sabre and Galileo are both privately operated, centralized computer systems that facilitate travel transactions like booking airline tickets. Collectively, they are used by hundreds of airlines around the world. In Iraq, the NSA compromised VPNs at the Ministries of Defense and the Interior; the Ministry of Defense had been established by the U.S. in 2004 after the prior iteration was dissolved. Exploitation against the ministries' VPNs appears to have occurred at roughly the same time as a broader "all-out campaign to penetrate Iraqi networks," described by an NSA staffer in 2005.

Google is using search samples from a Beijing-based website it owns to make blacklists for the censored search engine it is developing for China. Google's website 265.com redirects to China's dominant search engine, Baidu, by default, "but Google can apparently see the queries that users are typing in," reports The Verge. From the report: Google engineers are reportedly sampling those search queries in order to develop a list of thousands of blocked websites it should hide on its upcoming search engine in China. Blacklisted results, which include topics like the Tiananmen Square massacre, will result in users seeing a blank page, The Intercept reports. On Baidu, if you search for something less specific, like Taiwan or Xinjiang, you'll get a partial blackout where you can only see tourist information and not politically sensitive news reports. It could be possible that Google is taking a similar tack.

Originally, 265.com was founded in 2003 by Chinese entrepreneur Cai Wensheng, who's also the founder of Chinese beauty app Meitu. Google bought the site in 2008, while it was still operating its search engine within China. Google has essentially been using the site to figure out what Chinese users are searching for since 2008, and now that it is working on an Android search app, it will finally have a use for that data. The Intercept first reported this news.

Google is planning to launch a censored version of its search engine in China that will blacklist websites and search terms about human rights, democracy, religion, and peaceful protest, The Intercept reported Wednesday, citing leaked documents and people familiar with the matter. From the report: The project -- code-named Dragonfly -- has been underway since spring of last year, and accelerated following a December 2017 meeting between Google's CEO Sundar Pichai and a top Chinese government official, according to internal Google documents and people familiar with the plans. Teams of programmers and engineers at Google have created a custom Android app, different versions of which have been named "Maotai" and "Longfei." The app has already been demonstrated to the Chinese government; the finalized version could be launched in the next six to nine months, pending approval from Chinese officials.

The planned move represents a dramatic shift in Google's policy on China and will mark the first time in almost a decade that the internet giant has operated its search engine in the country. Google's search service cannot currently be accessed by most internet users in China because it is blocked by the country's so-called Great Firewall. The app Google is building for China will comply with the country's strict censorship laws, restricting access to content that Xi Jinping's Communist Party regime deems unfavorable. [...] When a person carries out a search, banned websites will be removed from the first page of results, and a disclaimer will be displayed stating that "some results may have been removed due to statutory requirements." Examples cited in the documents of websites that will be subject to the censorship include those of British news broadcaster BBC and the online encyclopedia Wikipedia.

Ecuador is planning to hand over WikiLeaks founder Julian Assange to UK authorities in the "coming weeks or even days," RT editor-in-chief Margarita Simonyan said, citing her own sources. Simonyan reported the news in a recent tweet, which was reposted by WikiLeaks. Slashdot reader Okian Warrior first shared the news. Daily Express reports: Foreign Office minister Sir Alan Duncan is said to be involved in the diplomatic effort, which has come weeks ahead of a visit by new Ecuadorian president, Lenin Moreno, who called Mr Assange an "inherited problem." He also referred to the exiled WikiLeaks founder as a "stone in the shoe." Sources close to Assange claim he was not aware of the talks, but believe America is piling "significant pressure" on Ecuador to give him up, according to the Sunday Times. The sources claim that America has threatened to block a loan from the International Monetary Fund (IMF) if he is not removed from the embassy, based in Knightsbridge, west London. UPDATE 7/21/18: The Intercept also confirmed the news. Glen Greenwald, former reporter for The Guardian, writes: "A source close to the Ecuadorian Foreign Ministry and the President's office, unauthorized to speak publicly, has confirmed to the Intercept that Moreno is close to finalizing, if he has not already finalized, an agreement to hand over Assange to the UK within the next several weeks. The withdrawal of asylum and physical ejection of Assange could come as early as this week."

News outlet The Intercept on Monday published a report that reveals eight AT&T-owned locations: two in California, one in Washington, another in Washington, D.C., one in New York, one in Texas, one in Illinois, and one in Georgia, that serve as backbone or "peering" facilities that the NSA has secretly been using for eavesdropping purposes. Spokespeople of AT&T, which refers to the aforementioned peering sites as "Service Node Routing Complexes", and NSA, could neither confirm or deny the report's findings. From the report: The NSA considers AT&T to be one of its most trusted partners and has lauded the company's "extreme willingness to help." It is a collaboration that dates back decades. Little known, however, is that its scope is not restricted to AT&T's customers. According to the NSA's documents, it values AT&T not only because it "has access to information that transits the nation," but also because it maintains unique relationships with other phone and internet providers. The NSA exploits these relationships for surveillance purposes, commandeering AT&T's massive infrastructure and using it as a platform to covertly tap into communications processed by other companies.

[...] While network operators would usually prefer to send data through their own networks, often a more direct and cost-efficient path is provided by other providers' infrastructure. If one network in a specific area of the country is overloaded with data traffic, another operator with capacity to spare can sell or exchange bandwidth, reducing the strain on the congested region. This exchange of traffic is called "peering" and is an essential feature of the internet.

Because of AT&T's position as one of the U.S.'s leading telecommunications companies, it has a large network that is frequently used by other providers to transport their customers' data. Companies that "peer" with AT&T include the American telecommunications giants Sprint, Cogent Communications, and Level 3, as well as foreign companies such as Sweden's Telia, India's Tata Communications, Italy's Telecom Italia, and Germany's Deutsche Telekom.

News outlet The Intercept on Monday published a report that reveals eight AT&T-owned locations: two in California, one in Washington, another in Washington, D.C., one in New York, one in Texas, one in Illinois, and one in Georgia, that serve as backbone or "peering" facilities that the NSA has secretly been using for eavesdropping purposes. Spokespeople of AT&T, which refers to the aforementioned peering sites as "Service Node Routing Complexes", and NSA, could neither confirm or deny the report's findings. From the report: The NSA considers AT&T to be one of its most trusted partners and has lauded the company's "extreme willingness to help." It is a collaboration that dates back decades. Little known, however, is that its scope is not restricted to AT&T's customers. According to the NSA's documents, it values AT&T not only because it "has access to information that transits the nation," but also because it maintains unique relationships with other phone and internet providers. The NSA exploits these relationships for surveillance purposes, commandeering AT&T's massive infrastructure and using it as a platform to covertly tap into communications processed by other companies.

[...] While network operators would usually prefer to send data through their own networks, often a more direct and cost-efficient path is provided by other providers' infrastructure. If one network in a specific area of the country is overloaded with data traffic, another operator with capacity to spare can sell or exchange bandwidth, reducing the strain on the congested region. This exchange of traffic is called "peering" and is an essential feature of the internet.

Because of AT&T's position as one of the U.S.'s leading telecommunications companies, it has a large network that is frequently used by other providers to transport their customers' data. Companies that "peer" with AT&T include the American telecommunications giants Sprint, Cogent Communications, and Level 3, as well as foreign companies such as Sweden's Telia, India's Tata Communications, Italy's Telecom Italia, and Germany's Deutsche Telekom.

Facial recognition technology is making its way into schools, raising privacy concerns among parents and officials. The New York Civil Liberties Union issued a report on the matter that focuses on one public school district in particular: Western New York's Lockport School District. "News reports indicate the district plans to have the invasive and error-prone technology installed by next school year," reports NYCLU. The Union sent a letter (PDF) to the New York State Education Department urging it to consider students' and teachers' privacy in reviewing the use of surveillance technology by school districts. They also "sent a freedom of information request to the district seeking details of how and where the technology will be used as well as who will have access to the sensitive data that gets collected."

The report highlights some of the concerns/negatives of such a system. For starters, it costs millions of dollars (Lockport spent almost $4 million), which could be used for things like Wi-Fi, new computers, or 3D printers. It has the "potential to turn every step a student takes into evidence of a crime." The databases could include those used for immigration enforcement, making parents of immigrant students afraid to send their children to school for fear that they or their children could end up on ICE's radar. Last but not least, since facial recognition is notoriously inaccurate, "innocent students are likely to be misidentified and punished for things they didn't do."

Of course, it isn't all bad. Proponents of the system say it can be used to alert officials to whenever sex offenders, suspended students, fired employees, suspected gang members, or anyone else placed on a school's "blacklist" enters the premises. Do you think facial recognition cameras belong in schools?

In March, Google secretly signed an agreement with the Pentagon to provide cutting edge AI technology for drone warfare, causing about a dozen Google employees to resign in protest and thousands to sign a petition calling for an end to the contract. Google has since tried to quash the dissent, claiming that the contract was "only" for $9 million, according to the New York Times. Internal company emails obtained by The Intercept tell a different story: The September emails show that Google's business development arm expected the military drone artificial intelligence revenue to ramp up from an initial $15 million to an eventual $250 million per year. In fact, one month after news of the contract broke, the Pentagon allocated an additional $100 million to Project Maven [the endeavor designed to help drone operators recognize images captured on the battlefield]. The internal Google email chain also notes that several big tech players competed to win the Project Maven contract. Other tech firms such as Amazon were in the running, one Google executive involved in negotiations wrote. (Amazon did not respond to a request for comment.) Rather than serving solely as a minor experiment for the military, Google executives on the thread stated that Project Maven was "directly related" to a major cloud computing contract worth billions of dollars that other Silicon Valley firms are competing to win. The emails further note that Amazon Web Services, the cloud computing arm of Amazon, "has some work loads" related to Project Maven.

Presto Vivace shares a report from The Intercept: Officials at the Lockport, New York, school district have purchased face recognition technology as part of a purported effort to prevent school shootings. Starting in September, all 10 of Lockport District's school buildings, just north of Buffalo, will be outfitted with a surveillance system that can identify faces and objects. The software, known as Aegis, was developed by SN Technologies Corp., a Canadian biometrics firm that specifically advertises to schools. It can be used to alert officials to whenever sex offenders, suspended students, fired employees, suspected gang members, or anyone else placed on a school's "blacklist" enters the premises. Aegis also sends alerts any time one of the "top 10" most popular guns used in school shootings appears in view of a camera. The district is spending most of its recent $4 million state "Smart School" grant on these and other enhancements to its security systems, including bullet-proof greeter windows and a mass notification system, according to the Niagra Gazette. Slashdot reader Presto Vivace adds: "This is why municipal elections are so important. Just because this stuff is on the market, does not mean your local school system has to buy it."

The report notes that "all the major school shootings in the last five years in the U.S. have been carried out by current students or alumnae of the school in question." These students wouldn't have their face entered into the face recognition system's blacklist. Furthermore, "Most shooters don't brandish their guns before opening fire; and by the time they do, an object-detection algorithm that could specify the exact type of weapon they're firing would not be of much use," reports The Intercept. "... the technology would give a school, at best, only a few extra seconds in response time to a shooting."

It has been nearly two weeks since researchers unveiled "EFAIL," a set of critical software vulnerabilities that allow encrypted email messages to be stolen from within the inbox. The Intercept reports that developers of email clients and encryption plugins are still scrambling to come up with a permanent fix. From the report: Apple Mail is the email client that comes free with every Mac computer, and an open source project called GPGTools allows Apple Mail to smoothly encrypt and decrypt messages using the 23-year-old PGP standard. The day the EFAIL paper was published, GPGTools instructed users to workaround EFAIL by changing a setting in Apple Mail to disable loading remote content. Similarly, the creator of PGP, Phil Zimmermann, co-signed a blog post Thursday stating that EFAIL was "easy to mitigate" by disabling the loading of remote content in GPGTools. But even if you follow this advice and disable remote content, Apple Mail and GPGTools are still vulnerable to EFAIL.

I developed a proof-of-concept exploit that works against Apple Mail and GPGTools even when remote content loading is disabled (German security researcher Hanno Bock also deserves much of the credit for this exploit, more on that below). I have reported the vulnerability to the GPGTools developers, and they are actively working on an update that they plan on releasing soon.

Many of Amazon's warehouse workers have to buy their groceries with food stamps through America's Supplemental Nutrition Assistance Program, reports the Intercept. In Arizona, new data suggests that one in three of the company's own employees depend on SNAP to put food on the table. In Pennsylvania and Ohio, the figure appears to be around one in 10. Overall, of five states that responded to a public records request for a list of their top employers of SNAP recipients, Amazon cracked the top 20 in four.

Though the company now employs 200,000 people in the United States, many of its workers are not making enough money to put food on the table... "The average warehouse worker at Walmart makes just under $40,000 annually, while at Amazon would take home about $24,300 a year," CNN reported in 2013. "That's less than $1,000 above the official federal poverty line for a family of four."
In addition Amazon uses temp workers who may also be on food stamps, notes the article, adding that in 2017 Amazon received $1.2 billion in state and local subsidies, while effectively paying no federal income tax.

"The American people are financing Amazon's pursuit of an e-commerce monopoly every step of the way: first, with tax breaks, subsidies, and infrastructure improvements meant to lure fulfillment centers into town, and later with federal transfers to pay for warehouse workers' food."

An anonymous reader quotes a report from The Intercept: ICE, the federal agency tasked with Trump's program of mass deportation, uses backend Facebook data to locate and track immigrants that it is working to round up, according to a string of emails and documents obtained by The Intercept through a public records request. The hunt for one particular immigrant in New Mexico provides a rare window into how ICE agents use social media and powerful data analytics tools to find suspects. In February and March of 2017, several ICE agents were in communication with a detective from Las Cruces, New Mexico, to find information about a particular person. They were ultimately able to obtain backend Facebook data revealing a log of when the account was accessed and the IP addresses corresponding to each login. Lea Whitis, an agent with Homeland Security Investigations, the investigative arm of ICE, emailed the team a "Facebook Business Record" revealing the suspect's phone number and the locations of each login into his account during a date range. Law enforcement agents routinely use bank, telephone, and internet records for investigations, but the extent to which ICE uses social media is not well known.

An anonymous reader shares a report: Classified documents provided by the whistleblower Edward Snowden show the National Security Agency worked urgently to target Bitcoin users around the world -- and wielded at least one mysterious source of information to "help track down senders and receivers of Bitcoins," according to a top-secret passage in an internal NSA report dating to March 2013. The data source appears to have leveraged NSA's ability to harvest and analyze raw, global internet traffic while also exploiting an unnamed software program that purported to offer anonymity to users, according to other documents.

Although the agency was interested in surveilling some competing cryptocurrencies, "Bitcoin is #1 priority," a March 15, 2013 internal NSA report stated. The documents indicate that "tracking down" Bitcoin users went well beyond closely examining Bitcoin's public transaction ledger, known as the Blockchain, where users are typically referred to through anonymous identifiers; the tracking may also have involved gathering intimate details of these users' computers. The NSA collected some Bitcoin users' password information, internet activity, and a type of unique device identification number known as a MAC address, a March 29, 2013 NSA memo suggested. In the same document, analysts also discussed tracking internet users' internet addresses, network ports, and timestamps to identify "BITCOIN Targets."

An anonymous reader writes: Even if Twitter hasn't invested much in anti-bot software, some of its most technically proficient users have. They're writing and refining code that can use Twitter's public application programming interface, or API, as well as Google and other online interfaces, to ferret out fake accounts and bad actors. The effort, at least among the researchers I spoke with, has begun with hunting bots designed to promote pornographic material -- a type of fake account that is particularly easy to spot -- but the plan is to eventually broaden the hunt to other types of bots. The bot-hunting programming and research has been a strictly volunteer, part-time endeavor, but the efforts have collectively identified tens of thousands of fake accounts, underlining just how much low-hanging fruit remains for Twitter to prune.

Among the part-time bot-hunters is French security researcher and freelance Android developer Baptiste Robert, who in February of this year noticed that Twitter accounts with profile photos of scantily clad women were liking his tweets or following him on Twitter. Aside from the sexually suggestive images, the bots had similarities. Not only did these Twitter accounts typically include profile photos of adult actresses, but they also had similar bios, followed similar accounts, liked more tweets than they retweeted, had fewer than 1,000 followers, and directed readers to click the link in their bios.

Sam Biddle, reporting for The Intercept: When Mark Zuckerberg was asked if Facebook had influenced the outcome of the 2016 presidential election, the founder and CEO dismissed the notion that the site even had such power as "crazy." It was a disingenuous remark. Facebook's website had an entire section devoted to touting the "success stories" of political campaigns that used the social network to influence electoral outcomes. That page, however, is now gone, even as the 2018 congressional primaries get underway.

In the wake of a public reckoning with Facebook's unparalleled ability to distribute information and global anxiety over election meddling, bragging about the company's ability to run highly effective influence campaigns probably doesn't look so great. Facebook's "success stories" page is a monument to the company's dominance of online advertising, providing examples from almost every imaginable industry of how use of the social network gave certain players an advantage. "Case studies like these inspire and motivate us," the page crows.

An analysis of leaked tools believed to have been developed by the U.S. National Security Agency (NSA) gives us a glimpse into the methods used by the organization to detect the presence of other state-sponsored actors on hacked devices, and it could also help the cybersecurity community discover previously unknown threats. The Intercept: When the mysterious entity known as the "Shadow Brokers" released a tranche of stolen NSA hacking tools to the internet a year ago, most experts who studied the material honed in on the most potent tools, so-called zero-day exploits that could be used to install malware and take over machines. But a group of Hungarian security researchers spotted something else in the data, a collection of scripts and scanning tools the National Security Agency uses to detect other nation-state hackers on the machines it infects. It turns out those scripts and tools are just as interesting as the exploits. They show that in 2013 -- the year the NSA tools were believed to have been stolen by the Shadow Brokers -- the agency was tracking at least 45 different nation-state operations, known in the security community as Advanced Persistent Threats, or APTs. Some of these appear to be operations known by the broader security community -- but some may be threat actors and operations currently unknown to researchers.

The scripts and scanning tools dumped by Shadow Brokers and studied by the Hungarians were created by an NSA team known as Territorial Dispute, or TeDi. Intelligence sources told The Intercept the NSA established the team after hackers, believed to be from China, stole designs for the military's Joint Strike Fighter plane, along with other sensitive data, from U.S. defense contractors in 2007; the team was supposed to detect and counter sophisticated nation-state attackers more quickly, when they first began to emerge online. "As opposed to the U.S. only finding out in five years that everything was stolen, their goal was to try to figure out when it was being stolen in real time," one intelligence source told The Intercept. But their mission evolved to also provide situational awareness for NSA hackers to help them know when other nation-state actors are in machines they're trying to hack.

Matt Novak reports via Gizmodo: During the first Cold War, American and British spies would sometimes place coded messages in newspaper classified ads to communicate with each other. And according to new reports in the New York Times and The Intercept, the National Security Agency (NSA) has updated the tactic, using its public Twitter account to send secret messages to at least one Russian spy. That's just one relatively small detail in much more salacious articles about NSA and CIA agents traveling to Germany in an effort to recover cyberweapons that had been stolen from U.S. intelligence agencies. A Russian spy allegedly offered up the stolen cyber tools to the Americans in exchange for $10 million, eventually lowering his price to just $1 million. The Russian spy allegedly claimed to even have dirt on President Trump.

According to the reports, the unnamed Russian met with U.S. spies in person in Germany, and the NSA sometimes communicated with the Russian spy by sending roughly a dozen coded messages from the NSA's Twitter account. The one important question: Were the messages sent via direct message or were they sent out as public tweets? The New York Times report leaves some ambiguity, but according to James Risen in The Intercept they were very public.

Mark Wilson writes: Judges have ruled that the UK government's digital surveillance program -- known variously as the Snooper's Charter and the Investigatory Powers Act -- is illegal.

In the case brought by human rights group Liberty, appeal judges found that the preceding Data Retention and Investigatory Powers Act 2014 (DRIPA) -- which ultimately became the Snooper's Charter -- failed to offer adequate protection to people's data. Of particular concern was the fact that private data could be shared between different agencies without sufficient oversight. Further reading: The Intercept.

An anonymous shares a report: The National Security Agency maintains a page on its website that outlines its mission statement. But earlier this month, the agency made a discreet change: It removed "honesty" as its top priority. Since at least May 2016, the surveillance agency had featured honesty as the first of four "core values" listed on NSA.gov, alongside "respect for the law," "integrity," and "transparency." The agency vowed on the site to "be truthful with each other." On January 12, however, the NSA removed the mission statement page -- which can still be viewed through the Internet Archive -- and replaced it with a new version. Now, the parts about honesty and the pledge to be truthful have been deleted. The agency's new top value is "commitment to service," which it says means "excellence in the pursuit of our critical mission." Those are not the only striking alterations. In its old core values, the NSA explained that it would strive to be deserving of the "great trust" placed in it by national leaders and American citizens. It said that it would "honor the public's need for openness." But those phrases are now gone; all references to "trust," "honor," and "openness" have disappeared.

An anonymous reader shares a report: The NSA whistleblower and a team of collaborators have been working on a new open source Android app called Haven that you install on a spare smartphone, turning the device into a sort of sentry to watch over your laptop. Haven uses the smartphone's many sensors -- microphone, motion detector, light detector, and cameras -- to monitor the room for changes, and it logs everything it notices. The first public beta version of Haven has officially been released; it's available in the Play Store and on F-Droid, an open source app store for Android.

David Gilbert, writing for Vice: The White House is reportedly looking at a proposal to create a ghost network of private spies in hostile countries -- a way of bypassing the intelligence community's "deep state," which Donald Trump believes is a threat to his administration. The network would report directly to the president and CIA Director Mike Pompeo, and would be developed by Blackwater founder Erik Prince, according to multiple current and former officials speaking to The Intercept. "Pompeo can't trust the CIA bureaucracy, so we need to create this thing that reports just directly to him," a former senior U.S. intelligence official with firsthand knowledge of the proposals told the website. Described as "totally off the books," the network would be run by intelligence contractor Amyntor Group and would not share any data with the traditional intelligence community.

schwit1 shares a report from The Hill: The amendment, Section 801 of the National Defense Authorization Act (NDAA), would help Amazon establish a tight grip on the lucrative, $53 billion government acquisitions market, experts say. The provision, dubbed the "Amazon amendment" by experts, according to an article in The Intercept, would allow for the creation of an online portal that government employees could use to purchase everyday items such as office supplies or furniture. This government-only version of Amazon, which could potentially include a few other websites, would give participating companies direct access to the $53 billion market for government acquisitions of commercial products. "It hands an enormous amount of power over to Amazon," said Stacy Mitchell of the Institute for Local Self-Reliance, a research group that advocates for local businesses. Mitchell said that the provision could allow Amazon to gain a monopoly or duopoly on the profitable world of commercial government purchases, leaving smaller businesses behind and further consolidating the behemoth tech firm's power.

schwit1 adds: "Well, this is a two-edged sword, isn't it? Government spends too much and takes too long to buy its simple office needs, but streamlining that process and cutting costs puts more money in the pocket of Jeff Bezos."

An anonymous reader shares a report: Sarahah, a new app that lets people sign up to receive anonymized, candid messages, has been surging in popularity; somewhere north of 18 million people are estimated to have downloaded it from Apple and Google's online stores, making it the No. 3 most downloaded free software title for iPhones and iPads. Sarahah bills itself as a way to "receive honest feedback" from friends and employees. But the app is collecting more than just feedback messages. When launched for the first time, it immediately harvests and uploads all phone numbers and email addresses in your address book. Although Sarahah does in some cases ask for permission to access contacts, it does not disclose that it uploads such data, nor does it seem to make any functional use of the information. Zachary Julian, a senior security analyst at Bishop Fox, discovered Sarahah is uploading of private information when he installed the app on his Android phone, a Galaxy S5 running Android 5.1.1. The phone was outfitted with monitoring software, known as Burp Suite, which intercepts internet traffic entering and leaving the device, allowing the owner to see what data is sent to remote servers. When Julian launched Sarahah on the device, Burp Suite caught the app in the act of uploading his private data.

On Saturday author/blogger Cory Doctorow launched a new barrage of criticism towards Wells Fargo: It's been a whole day since we learned about another example of systematic, widespread fraud by America's largest bank Wells Fargo (ripping off small merchants with credit card fees), so it's definitely time to learn about another one: scamming mortgage borrowers out of $43/month for an unrequested and pointless "home warranty service" from American Home Shield, a billion-dollar scam-factory that considers you a customer if you throw away its junk-mail instead of ticking the "no" box and sending it back.

$43/month gets you pretty much nothing: people who tried to actually use their AHS insurance found it impossible to get them to actually do anything in exchange for this money. Here's a quick Wells Fargo fraud scorecard: stealing thousand of cars with fraudulent repos; defrauding mortgage borrowers; blackballing whistelblowers; creating 2,000,000+ fraudulent accounts, and stealing millions with fraudulent fees and penalties.
Life Pro Tip: if you don't like banks, join a credit union.

New submitter evolutionary writes: CNN appears to be giving veiled threats at a Reddit user who posted critical comments about the media giant. After an apology was given by the Reddit user (possibly under fear upon discovering CNN had his identity), CNN stated: "CNN reserves the right to publish his identity should any of that change." The story stems around Trump's July 2nd tweet, which includes a video showing him wrestle and takedown someone with a photoshopped CNN logo on their head. The video was accompanied by the hashtags #FraudNewsCNN and #FNN. CNN reportedly tracked down the Reddit user who claimed credit for the tweet and announced they would not publicize the user's identity since they issued a lengthy public apology, promised not to repeat the behavior, and claimed status as a private citizen. However, as The Intercept reports, "the network explicitly threatened that it could change its mind about withholding the user's real name if this behavior changes in the future: 'CNN is not publishing HanA**holeSolo's name because he is a private citizen who has issued an extensive statement of apology, showed his remorse by saying he has taken down all his offending posts, and because he said he is not going to repeat this ugly behavior on social media again. In addition, he said his statement could serve as an example to others not to do the same. CNN reserves the right to publish his identity should any of that change.'"

Political data gathered on more than 198 million US citizens was exposed this month after a marketing firm contracted by the Republican National Committee stored internal documents on a publicly accessible Amazon server, reports say. From a ZDNet article: It's believed to be the largest ever known exposure of voter information to date. The various databases containing 198 million records on American voters from all political parties were found stored on an open Amazon S3 storage server owned by a Republican data analytics firm, Deep Root Analytics. UpGuard cyber risk analyst Chris Vickery, who found the exposed server, verified the data. Through his responsible disclosure, the server was secured late last week, and prior to publication. This leak shines a spotlight on the Republicans' multi-million dollar effort to better target potential voters by utilizing big data. The move largely a response to the successes of the Barack Obama campaign in 2008, thought to have been the first data-driven campaign. Further reading: Republican Data-Mining Firm Exposed Personal Information for Virtually Every American Voter - The Intercept; The RNC Files: Inside the Largest US Voter Data Leak - Upguard; Data on 198M voters exposed by GOP contractor Data On 198M Voters Exposed By GOP Contractor - The Hill.

Russian hacking groups played a larger role in the 2016 election than anyone realized, according to a highly-classified NSA document published today in The Intercept. The document reveals that a Russian intelligence operation sent spear-phishing emails to more than 100 local election officials days before the election, which ran through a hack of a U.S. voting software supplier. The Russian cyber espionage operation was functional for months before the 2016 U.S. election. From the report: It states unequivocally in its summary statement that it was Russian military intelligence, specifically the Russian General Staff Main Intelligence Directorate, or GRU, that conducted the cyber attacks described in the document: "Russian General Staff Main Intelligence Directorate actors ... executed cyber espionage operations against a named U.S. company in August 2016, evidently to obtain information on elections-related software and hardware solutions. ... The actors likely used data obtained from that operation to ... launch a voter registration-themed spear-phishing campaign targeting U.S. local government organizations." This NSA summary judgment is sharply at odds with Russian President Vladimir Putin's denial last week that Russia had interfered in foreign elections: "We never engaged in that on a state level, and have no intention of doing so." Putin, who had previously issued blanket denials that any such Russian meddling occurred, for the first time floated the possibility that freelance Russian hackers with "patriotic leanings" may have been responsible. The NSA report, on the contrary, displays no doubt that the cyber assault was carried out by the GRU.

An anonymous reader writes: "A shadowy international mercenary and security firm known as TigerSwan targeted the movement opposed to the Dakota Access Pipeline with military-style counterterrorism measures," reports The Intercept, decrying "the fusion of public and private intelligence operations." Saying the private firm started as a war-on-terror contractor for the U.S. military and State Department, the site details "sweeping and invasive" surveillance of protesters, citing over 100 documents leaked by one of the firm's contractors.

The documents show TigerSwan even havested information about the protesters from social media, and "provide extensive evidence of aerial surveillance and radio eavesdropping, as well as infiltration of camps and activist circles... The leaked materials not only highlight TigerSwan's militaristic approach to protecting its client's interests but also the company's profit-driven imperative to portray the nonviolent water protector movement as unpredictable and menacing enough to justify the continued need for extraordinary security measures... Internal TigerSwan communications describe the movement as 'an ideologically driven insurgency with a strong religious component' and compare the anti-pipeline water protectors to jihadist fighters."
The Intercept reports that recently "the company's role has expanded to include the surveillance of activist networks marginally related to the pipeline, with TigerSwan agents monitoring 'anti-Trump' protests from Chicago to Washington, D.C., as well as warning its client of growing dissent around other pipelines across the country." They also report that TigerSwan "has operated without a license in North Dakota for the entirety of the pipeline security operation."

An anonymous reader writes: A confidential computer project designed to break military codes was accidentally made public by New York University engineers. An anonymous digital security researcher identified files related to the project while hunting for things on the internet that shouldn't be, The Intercept reported. He used a program called Shodan, a search engine for internet-connected devices, to locate the project. It is the product of a joint initiative by NYU's Institute for Mathematics and Advanced Supercomputing, headed by the world-renowned Chudnovsky brothers, David and Gregory, the Department of Defense, and IBM. Information on an exposed backup drive described the supercomputer, called -- WindsorGreen -- as a system capable of cracking passwords.

Presto Vivace quotes a report from The Intercept: With an estimated one-third of departments using body cameras, police officers have been generating millions of hours of video footage. Taser stores terabytes of such video on Evidence.com, in private servers to which police agencies must continuously subscribe for a monthly fee. Data from these recordings is rarely analyzed for investigative purposes, though, and Taser -- which recently rebranded itself as a technology company and renamed itself "Axon" -- is hoping to change that. Taser has started to get into the business of making sense of its enormous archive of video footage by building an in-house "AI team." In February, the company acquired two computer vision startups, Dextro and Fossil Group Inc. Taser says the companies will allow agencies to automatically redact faces to protect privacy, extract important information, and detect emotions and objects -- all without human intervention. This will free officers from the grunt work of manually writing reports and tagging videos, a Taser spokesperson wrote in an email. "Our prediction for the next few years is that the process of doing paperwork by hand will begin to disappear from the world of law enforcement, along with many other tedious manual tasks." Analytics will also allow departments to observe historical patterns in behavior for officer training, the spokesperson added. "Police departments are now sitting on a vast trove of body-worn footage that gives them insight for the first time into which interactions with the public have been positive versus negative, and how individuals' actions led to it." But looking to the past is just the beginning: Taser is betting that its artificial intelligence tools might be useful not just to determine what happened, but to anticipate what might happen in the future.