United States

The Trump Administration Just Voted To Repeal the US Government's Net Neutrality Rules (recode.net) 417

The Federal Communications Commission voted on Thursday to dismantle landmark rules regulating the businesses that connect consumers to the internet, granting broadband companies power to potentially reshape Americans' online experiences. The agency scrapped so-called net neutrality regulations that prohibited broadband providers from blocking websites or charging for higher-quality service or certain content. The federal government will also no longer regulate high-speed internet delivery as if it were a utility, like phone services. From a report: Under the leadership of Chairman Ajit Pai -- and with only the backing of the agency's Republican members -- the repeal newly frees telecom companies from federal regulation, unravels a signature accomplishment of the Obama administration and shifts the responsibility of overseeing the web to another federal agency that some critics see as too weak to be effective. In practice, it means the U.S. government no longer will have rules on its books that require internet providers to treat all web traffic equally. The likes of AT&T and Verizon will be limited in some ways -- they can face penalties if they try to undermine their rivals, for example -- but they won't be subject to preemptive, bright-line restrictions on how they manage their networks. Meanwhile, the FCC's repeal will open the door for broadband providers to charge third parties, like tech giants, for faster delivery of their web content.
Security

Author of BrickerBot Malware Retires, Says He Bricked 10 Million IoT Devices (bleepingcomputer.com) 131

An anonymous reader writes: The author of BrickerBot -- the malware that bricks IoT devices -- has announced his retirement in an email to Bleeping Computer, also claiming to have bricked over 10 million devices since he started the "Internet Chemotherapy" project in November 2016. Similar to the authors of the Mirai malware, the BrickerBot developer dumped his malware's source code online, allowing other crooks to profit from his code. The code is said to contain at least one zero-day. In a farewell message left on hundreds of hacked routers, the BrickerBot author also published a list of incidents (ISP downtimes) he caused, while also admitting he is likely to have drawn the attention of law enforcement agencies. "There's also only so long that I can keep doing something like this before the government types are able to correlate my likely network routes (I have already been active for far too long to remain safe). For a while now my worst-case scenario hasn't been going to jail, but simply vanishing in the middle of the night as soon as some unpleasant government figures out who I am," the hacker said.
Cloud

Trump Administration Calls For Government IT To Adopt Cloud Services (reuters.com) 198

According to Reuters, The White House said Wednesday the U.S. government needs a major overhaul of information technology systems and should take steps to better protect data and accelerate efforts to use cloud-based technology. The report outlined a timeline over the next year for IT reforms and a detailed implementation plan. One unnamed cloud-based email provider has agreed to assist in keeping track of government spending on cloud-based email migration. From the report: The report said the federal government must eliminate barriers to using commercial cloud-based technology. "Federal agencies must consolidate their IT investments and place more trust in services and infrastructure operated by others," the report found. Government agencies often pay dramatically different prices for the same IT item, the report said, sometimes three or four times as much. A 2016 U.S. Government Accountability Office report estimated the U.S. government spends more than $80 billion on IT annually but said spending has fallen by $7.3 billion since 2010. In 2015, there were at least 7,000 separate IT investments by the U.S. government. The $80 billion figure does not include Defense Department classified IT systems and 58 independent executive branch agencies, including the Central Intelligence Agency. The GAO report found some agencies are using systems that have components that are at least 50 years old.
AI

What Does Artificial Intelligence Actually Mean? (qz.com) 125

An anonymous reader writes: A new bill (pdf) drafted by senator Maria Cantwell asks the Department of Commerce to establish a committee on artificial intelligence to advise the federal government on how AI should be implemented and regulated. Passing of the bill would trigger a process in which the secretary of commerce would be required to release guidelines for legislation of AI within a year and a half. As with any legislation, the proposed bill defines key terms. In this, we have a look at how the federal government might one day classify artificial intelligence. Here are the five definitions given:

A) Any artificial systems that perform tasks under varying and unpredictable circumstances, without significant human oversight, or that can learn from their experience and improve their performance. Such systems may be developed in computer software, physical hardware, or other contexts not yet contemplated. They may solve tasks requiring human-like perception, cognition, planning, learning, communication, or physical action. In general, the more human-like the system within the context of its tasks, the more it can be said to use artificial intelligence.
B) Systems that think like humans, such as cognitive architectures and neural networks.
C) Systems that act like humans, such as systems that can pass the Turing test or other comparable test via natural language processing, knowledge representation, automated reasoning, and learning.
D) A set of techniques, including machine learning, that seek to approximate some cognitive task.
E) Systems that act rationally, such as intelligent software agents and embodied robots that achieve goals via perception, planning, reasoning, learning, communicating, decision-making, and acting.

Government

Trump Signs Law Forcing Drone Users To Register With Government (thehill.com) 460

President Trump signed a sweeping defense policy bill into law on Tuesday that will allow the government to require recreational drone users to register their model aircraft. This comes after a federal court ruled in May that Americans no longer have to register non-commercial drones with the Federal Aviation Administration (FAA) "because Congress had said in a previous law that the FAA can't regulate model aircraft," reports The Hill. From the report: In December 2015, the FAA issued an interim rule requiring drone hobbyists to register their recreational aircraft with the agency. The rule -- which had not been formally finalized -- requires model aircraft owners to provide their name, email address and physical address; pay a $5 registration fee; and display a unique drone ID number at all times. Those who fail to comply could face civil and criminal penalties. While Congress directed the FAA to safely integrate drones into the national airspace in a 2012 aviation law, lawmakers also included a special exemption to prevent model aircraft from being regulated. A D.C.-based appeals court cited the 2012 law in its ruling striking down the FAA drone registry, arguing that recreational drones count as model aircraft and that the registry counts as a rule or regulation.
Businesses

Trump Signs Into Law US Government Ban on Kaspersky Lab Software (reuters.com) 138

President Donald Trump signed into law on Tuesday legislation that bans the use of Kaspersky Lab within the U.S. government, capping a months-long effort to purge the Moscow-based antivirus firm from federal agencies amid concerns it was vulnerable to Kremlin influence. From a report: The ban, included as part of a broader defense policy spending bill that Trump signed, reinforces a directive issued by the Trump administration in September that civilian agencies remove Kaspersky Lab software within 90 days. The law applies to both civilian and military networks. "The case against Kaspersky is well-documented and deeply concerning. This law is long overdue," said Democratic Senator Jeanne Shaheen, who led calls in Congress to scrub the software from government computers. She added that the company's software represented a "grave risk" to U.S. national security.
Bitcoin

SEC Shuts Down Munchee ICO (techcrunch.com) 43

The Securities and Exchange Commission has shut down Munchee, a company that built a $15 million token sale. According to TechCrunch, "The Munchee ICO aimed to fund the MUN coin, a payment system for restaurant reviews." However, the company "received a cease and desist from the SEC on December 11" because it constituted the offer and sale of unregistered securities. From the report: Within the SECs findings they noted that Munchee touted itself as a "utility" token which means that the company believed the MUN token would be primarily used within the Munchee ecosystem and not be used to fund operations. However, thanks to an application of the Howey Test (a Supreme Court finding that essentially states that any instrument with the expectation of return is an investment vehicle), the SEC found the Munchee was actually releasing a security masquerading as a utility. "Munchee offered MUN tokens in order to raise capital to build a profitable enterprise," read the SEC notice. "Munchee said that it would use the offering proceeds to run its business, including hiring people to develop its product, promoting the Munchee App, and ensuring 'the smooth operation of the MUN token ecosystem.'" The stickiest part? Munchee claimed that its coins would increase in value thanks to a convoluted process of growth.

In short, Munchee was undone by two things: depending on the token sale as a vehicle to raise cash for operations and using the typically spammy and scammy marketing efforts most ICO floggers use now, tactics taken directly from affiliate marketing handbooks. Fortunately, Munchee was able to return all $15 million to the 40 investors that dumped their coins into scheme.

The Internet

129 Million Americans Can Only Get Internet Service From Companies That Have Violated Net Neutrality (vice.com) 142

An anonymous reader quotes a report from Motherboard: Based on the Federal Communications Commission's own data, the Institute for Local Self Reliance found that 129 million Americans only have one option for broadband internet service in their area, which equals about 40 percent of the country. Of those who only have one option, roughly 50 million are limited to a company that has violated net neutrality in some way. Of Americans who do have more than one option, 50 million of them are left choosing between two companies that have both got shady behavior on their records, from blocking certain access to actively campaigning against net neutrality.

Aside from being a non-ideal situation for consumers like me, this lack of competition is another dock against the FCC's plan to repeal net neutrality rules later this week. In arguing against net neutrality rules, FCC Chairman Ajit Pai has repeatedly cited a free market as just as capable of ensuring internet freedom as government regulations. "All we are simply doing is putting engineers and entrepreneurs, instead of bureaucrats and lawyers, back in charge of the internet," Pai said on Fox News's "Fox & Friends," in November. "What we wanted to do is return to the free market consensus that started in the Clinton administration and that served the internet economy in America very well for many years." But how can market competition regulate an industry when more than a third of the market has no competition at all, and even those that do have to choose between options that don't uphold net neutrality?

Education

France To Ban Mobile Phones In Schools (theguardian.com) 190

The French government is planning to ban students from using mobile phones in the country's primary, junior and middle schools. While children will be permitted to bring their phones to school, they will not be allowed to get them out at any time until they leave, even during breaks. The Guardian reports: Jean-Michel Blanquer, the French education minister, said the measure would come into effect from the start of the next school year in September 2018. It will apply to all pupils from the time they start school at age of six -- up to about 15 when they start secondary school. Blanquer said some education establishments already prohibited pupils from using their mobiles. "Sometimes you need a mobile for teaching reasons [...] for urgent situations, but their use has to be somehow controlled," he told RTL radio. The minister said the ban was also a "public health message to families," adding: "It's good that children are not too often, or even at all, in front of a screen before the age of seven." The French headteachers' union was skeptical that the ban could be enforced.
Businesses

The First Women in Tech Didn't Leave -- Men Pushed Them Out (wsj.com) 422

An anonymous reader writes: A column on the Wall Street Journal argues that sexism in the tech industry is as old as the tech industry itself. At its genesis, computer programming faced a double stigma -- it was thought of as menial labor, like factory work, and it was feminized, a kind of "women's work" that wasn't considered intellectual (Editor's note: the link could be paywalled; alternative source). In the U.K., women in the government's low-paid "Machine Operator Class" performed knowledge work including programming systems for everything from tax collection and social services to code-breaking and scientific research. Later, they would be pushed out of the field, as government leaders in the postwar era held a then-common belief that women shouldn't be allowed into higher-paid professions with long-term prospects because they would leave as soon as they were married. Today, in the U.S., about a quarter of computing and mathematics jobs are held by women, and that proportion has been declining over the past 20 years. A string of recent events suggest the steps currently being taken by tech firms to address these issues are inadequate.
China

German Intelligence Warns of Increased Chinese Cyberspying (apnews.com) 74

The head of Germany's domestic intelligence agency has warned that China allegedly is using social networks to try to cultivate lawmakers and other officials as sources. From a report: Hans-Georg Maassen said his agency, known by its German acronym BfV, believes more than 10,000 Germans have been targeted by Chinese intelligence agents posing as consultants, headhunters or researchers, primarily on the social networking site LinkedIn. "This is a broad-based attempt to infiltrate in particular parliaments, ministries and government agencies," Maassen said.
United States

FCC Refuses Records For Investigation Into Fake Net Neutrality Comments (variety.com) 164

"FCC general counsel Tom Johnson has told the New York State attorney general that the FCC is not providing information for his investigation into fake net-neutrality comments, saying those comments did not affect the review, and challenging the state's ability to investigate the feds." Variety has more: The FCC's general counsel, in a letter to New York Attorney General Eric Schneiderman, also dismissed his concerns that the volume of fake comments or those made with stolen identities have "corrupted" the rule-making process... He added that Schneiderman's request for logs of IP addresses would be "unduly burdensome" to the commission, and would "raise significant personal privacy concerns."

Amy Spitalnick, Schneiderman's press secretary, said in a statement that the FCC "made clear that it will continue to obstruct a law enforcement investigation. It's easy for the FCC to claim that there's no problem with the process, when they're hiding the very information that would allow us to determine if there was a problem. To be clear, impersonation is a violation of New York law," she said... "The only privacy jeopardized by the FCC's continued obstruction of this investigation is that of the perpetrators who impersonated real Americans."

One of the FCC's Democratic commissioners claimed that this response "shows the FCC's sheer contempt for public input and unreasonable failure to support integrity in its process... Moreover, the FCC refuses to look into how nearly half a million comments came from Russian sources."
Security

Touting Government/Industry 'Partnership' on Security Practices, NIST Drafts Cybersecurity Framework Update (scmagazine.com) 15

Remember NIST, the non-regulatory agency of the U.S. Department of Commerce? Their mission expanded over the years to protecting businesses from cyberthreats, including a "Cybersecurty Framework" first published in 2014. "The original goal was to develop a voluntary framework to help organizations manage cybersecurity risk in the nation's critical infrastructure, such as bridges and the electric power grid," NIST wrote in January, "but the framework has been widely adopted by many types of organizations across the country and around the world." Now SC Media reports: The second draft of the update to the National Institute of Standards and Technology's cybersecurity framework, NIST 1.1, is meant "to clarify, refine, and enhance the Cybersecurity Framework, amplifying its value and making it easier to use," according to NIST. Specifically, it brings clarity to cybersecurity measurement language and tackles improving security of the supply chain. Calling the initial NIST CSF "a landmark effort" that delivered "important benefits, such as providing common language for different models" of standards and best practices already in use, Larry Clinton, president and CEO of the Internet Security Alliance, said "it fell short of some of the most critical demands of Presidential Executive Order 13636, which generated its development...

"To begin with, the new draft makes it clear that our goal is not some undefined metric for use of the Framework, but for effective use of the Framework. Moreover, this use-metric needs to be tied not to some generic standard, but to be calibrated to the unique threat picture, risk appetite and business objective of a particular organization"... Clinton praised the process used by NIST as "a model 'use case' for how government needs to engage with its industry partners to address the cybersecurity issue." The internet's inherent interconnectedness makes it impossible for sustainable security to be achieved through anything other than true partnership, he contended.

Slashdot reader Presto Vivace reminds you that public comments on the draft Framework and Roadmap are due to NIST by 11:59 p.m. EST on January 19, 2018. "If you have an opinion about this, NOW is the time to express it."
Government

Autocratic Governments Can Now 'Buy Their Own NSA' (wired.com) 109

Citizen Lab has been studying information controls since 2001, and this week their director -- a Toronto political science professor -- revealed how governments (including Ethiopia's) are using powerful commercial spyware. Slashdot reader mspohr shared their report: We monitored the command and control servers used in the campaign and in doing so discovered a public log file that the operators mistakenly left open... We were also able to identify the IP addresses of those who were targeted and successfully infected: a group that includes journalists, a lawyer, activists, and academics... Many of the countries in which the targets live -- the United States, Canada, and Germany, among others -- have strict wiretapping laws that make it illegal to eavesdrop without a warrant... Our team reverse-engineered the malware used in this instance, and over time this allowed us to positively identify the company whose spyware was being employed by Ethiopia: Cyberbit Solutions, a subsidiary of the Israel-based homeland security company Elbit Systems. Notably, Cyberbit is the fourth company we have identified, alongside Hacking Team, Finfisher, and NSO Group, whose products and services have been abused by autocratic regimes to target dissidents, journalists, and others...

Remarkably, by analyzing the command and control servers of the cyber espionage campaign, we were also able to monitor Cyberbit employees as they traveled the world with infected laptops that checked in to those servers, apparently demonstrating Cyberbit's products to prospective clients. Those clients include the Royal Thai Army, Uzbekistan's National Security Service, Zambia's Financial Intelligence Centre, and the Philippine president's Malacañang Palace. Outlining the human rights abuses associated with those government entities would fill volumes.... Governments like Ethiopia no longer depend on their own in-country advanced computer science, engineering, and mathematical capacity in order to build a globe-spanning cyber espionage operation. They can simply buy it off the shelf from a company like Cyberbit. Thanks to companies like these, an autocrat whose country has poor national infrastructure but whose regime has billions of dollars, can order up their own NSA. To wit: Elbit Systems, the parent company of Cyberbit, says it has a backlog of orders valuing $7 billion.

Reached for comment, Cyberbit said they were not responsible with what others do with their software, arguing that "governmental authorities and law enforcement agencies are responsible to ensure that they are legally authorized to use the products in their jurisdictions."
Electronic Frontier Foundation

"The FCC Still Doesn't Know How the Internet Works" (eff.org) 289

An anonymous reader writes: The EFF describes the FCC's official plan to kill net neutrality as "riddled with technical errors and factual inaccuracies," including, for example, a false distinction between "Internet access service" and "a distinct transmission service" which the EFF calls "utterly ridiculous and completely ungrounded from reality."

"Besides not understanding how Internet access works, the FCC also has a troublingly limited knowledge of how the Domain Name System (DNS) works -- even though hundreds of engineers tried to explain it to them this past summer... As the FCC would have it, an Internet user actively expects their ISP to provide DNS to them." And in addition, "Like DNS, it treats caching as if it were some specialized service rather than an implementation detail and general-purpose computing technique."

"There are at least two possible explanations for all of these misunderstandings and technical errors. One is that, as we've suggested, the FCC doesn't understand how the Internet works. The second is that it doesn't care, because its real goal is simply to cobble together some technical justification for its plan to kill net neutrality. A linchpin of that plan is to reclassify broadband as an 'information service,' (rather than a 'telecommunications service,' or common carrier) and the FCC needs to offer some basis for it. So, we fear, it's making one up, and hoping no one will notice."

"We noticed," their editorial ends, urging Americans "to tell your lawmakers: Don't let the FCC sell the Internet out."
Technology

Sexual Harassment In Tech Is As Old As the Computer Age (ieee.org) 414

Tekla Perry writes: Historian Marie Hicks, speaking at the Computer History Museum talks about how women computer operators and programmers were driven out of the industry, gives examples of sexual harassment dating back to the days of the Colossus era, and previews her next research. "It's all a matter of power, Hicks pointed out -- and women have never had their share of it," reports IEEE Spectrum. "Women dominated computer programming in its early days because the field wasn't seen as a career, just a something someone could do without a lot of training and would do for only a short period of time. Computer jobs had no room for advancement, so having women 'retire' in their 20s was not seen as a bad thing. And since women, of course, could never supervise men, Hicks said, women who were good at computing ended up training the men who ended up as their managers. But when it became clear that computers -- and computer work -- were important, women were suddenly pushed out of the field."

Hicks has also started looking at the bias baked into algorithms, specifically at when it first crossed from human to computer. The first example she turned up had "something to do with transgender people and the government's main pension computer." She says that when humans were in the loop, petitions to change gender on national insurance cards generally went through, but when the computer came in, the system was "specifically designed to no longer accommodate them, instead, to literally cause an error code to kick out of the processing chain any account of a 'known transsexual.'"

The Internet

Zimbabwe's Internet Went Down for About Five Hours. The Culprit Was Reportedly a Tractor. (slate.com) 63

Zimbabweans lost internet access en masse on Tuesday when a tractor reportedly cut through key fiber-optic cables in South Africa and another internet provider experienced simultaneous issues with its primary internet conduits. From a report: The outage began shortly before noon local time and persisted for more than five hours, affecting not only citizens' day-to-day internet usage but businesses that rely upon web access. And while five internet-free hours might sound unfathomable to those of us accustomed to having the web constantly at our fingertips, large-scale internet outages -- from inadvertent lapses caused by ship anchors to government-calculated blackouts designed to showcase political power -- do happen, and maybe more frequently than you'd thought. According to local news sources, a tractor in South Africa damaged cables belonging to Liquid Telecom, which has an 81.5 percent market share of Zimbabwe's international-equipped internet bandwidth as of the second quarter of 2017 and leases capacity to other internet providers. In a bad coincidence, city council employees in Kuwadzana, a suburb of Zimbabwe's capitol city of Harare, cut an additional TelOne cable around the same time. (According to NewsDay Zimbabwe, it was an accident. The company blamed "faults that occurred on our main links through South Africa and Botswana" in a statement.)
Government

Volkswagen Executive Sentenced To Maximum Prison Term For His Role In Dieselgate (arstechnica.com) 101

An anonymous reader quotes a report from Ars Technica: On Wednesday, a U.S. District judge in Detroit sentenced Oliver Schmidt, a former Volkswagen executive, to seven years in prison for his role in the Volkswagen diesel emissions scandal of 2015. Schmidt was also ordered to pay a criminal penalty of $400,000, according to a U.S. Department of Justice (DOJ) press release. The prison term and the fine together represent the maximum sentence that Schmidt could have received under the plea deal he signed in August. Schmidt, a German citizen who lived in Detroit as an emissions compliance executive for VW, was arrested in Miami on vacation last January. In August, he pleaded guilty to conspiracy and to making a false statement under the Clean Air Act. Schmidt's plea deal stated that the former executive could face up to seven years in prison and between $40,000 and $400,000 in fines.

Last week, Schmidt's attorneys made a last-minute bid requesting a lighter sentence for Schmidt: 40 months of supervised release and a $100,000 fine. Schmidt also wrote a letter to the judge, which surfaced over the weekend, in which the executive said he felt "misused" by his own company and claimed that higher-ranked VW executives coached him on a script to help him lie to a California Air Resources Board (CARB) official. Instead, Schmidt was sentenced to the maximum penalties outlined in the plea deal. Only one other VW employee has been sentenced in connection with the emissions scandal: former engineer James Liang, who received 40 months in prison and two years of supervised release as the result of his plea deal. Although six other VW Group executives have been indicted, none is in U.S. custody.

Businesses

Kaspersky To Close Washington Office But Expand Non-State Sales (bloomberg.com) 65

An anonymous reader shares a report: A Russian software-maker, whose products are banned for use in federal information systems by the U.S. government, is seeking to remain in the North American market and prove its products have no hidden capabilities. Kaspersky Lab Inc. will close its Washington D.C. office that was selling to the government and will keep working with non-federal customers in the U.S. via its remaining offices in the country, vice-president Anton Shingarev said in an interview in Moscow. The company also committed in October to open its product's source code to an independent third-party review and plans to open new offices in Chicago, Los Angeles and Toronto next year. "This allows independent experts to verify that our software has no hidden functionality, that it doesn't send your files to third parties, doesn't spy on you and fully complies with the end-user agreement," Shingarev said. The U.S. banned government use of Kaspersky software in September, citing founder Eugene Kaspersky's alleged ties to Russian intelligence and the possibility its products could function as "malicious actors" to compromise federal information systems. The move caused concern about the company's products in other markets, including the U.K.
The Almighty Buck

'We Could Fund a Universal Basic Income With the Data We Give Away To Facebook and Google' (thenextweb.com) 584

Tristan Greene reports via The Next Web: A universal basic income (UBI), wherein government provides a monthly stipend so citizens can afford a home and basic necessities, is something experts believe would directly address the issue of unemployment and poverty, and possibly even eliminate hundreds of other welfare programs. It may also be the only real solution to the impending automation bonanza. According to AI expert Steve Fuller, the problem is, giving people money when they lose jobs won't fix the issue, it's a temporary solution and we need permanent ones. Sounds fair, and he even has some ideas on how to accomplish this end: "We could hold Google and Facebook and all those big multinationals accountable; we could make sure that people, like those who are currently 'voluntarily' contributing their data to pump up companies' profits, are given something that is adequate to support their livelihoods in exchange."

It's an interesting idea, but difficult to imagine it's implementation. If the government isn't assigning a specific stipend value, we'll have to be compensated individually by companies. One way to do this, is by emulating the old coal mining company scrip scams of early last century. Employees working for companies would be paid in currency only redeemable at the company store. This basically created a system where a company could tax its own workers for profit. Google, for example, could use a system like that and say "opt-in for $10 worth of Google Play music for free," if they wanted to. Which doesn't help pay the bills when machines replace you at work, but at least you'll be able to voice search for your favorite songs. Another idea is to charge companies an automation tax, but again there's concerns as to how this would be implemented. A solution that combines government oversight with a tax on AI companies -- a UBI funded by the dividends of our data -- may be the best option. To be blunt: we should make Google, Microsoft, Facebook and other such AI companies pay for it with a simple data tax.

Slashdot Top Deals