EU

New EU Consumer Protection Law Contains a Vague Website Blocking Clause (bleepingcomputer.com) 44

An anonymous reader quotes a report from Bleeping Computer: The European Union (EU) has voted on Tuesday, November 14, to pass the new Consumer Protection Cooperation regulation, a new EU-wide applicable law that gives extra power to national consumer protection agencies, but which also contains a vaguely worded clause that also grants them the power to block and take down websites without judicial oversight. The new law "establishes overreaching Internet blocking measures that are neither proportionate nor suitable for the goal of protecting consumers and come without mandatory judicial oversight," Member of the European Parliament Julia Reda said in a speech in the European Parliament Plenary during a last ditch effort to amend the law. "According to the new rules, national consumer protection authorities can order any unspecified third party to block access to websites without requiring judicial authorization," Reda added later in the day on her blog. This new law is an EU regulation and not a directive, meaning its obligatory for all EU states, which do not have to individually adopt it.
Encryption

Mozilla Might Distrust Dutch Government Certs Over 'False Keys' (bleepingcomputer.com) 112

Long-time Slashdot reader Artem Tashkinov quotes BleepingComputer: Mozilla engineers are discussing plans to remove support for a state-operated Dutch TLS/HTTPS provider after the Dutch government has voted a new law that grants local authorities the power to intercept Internet communications using "false keys". If the plan is approved, Firefox will not trust certificates issued by the Staat der Nederlanden (State of the Netherlands) Certificate Authority (CA)...

This new law gives Dutch authorities the powers to intercept and analyze Internet traffic. While other countries have similar laws, what makes this one special is that authorities will have authorization to carry out covert technical attacks to access encrypted traffic. Such covert technical capabilities include the use of "false keys," as mentioned in Article 45 1.b, a broad term that includes TLS certificates.

"Fears arise of mass Dutch Internet surveillance," reads a subhead on the article, citing a bug report which notes, among other things, the potential for man-in-the-middle attacks and the fact that the Netherlands hosts a major internet transit point.
Power

Four Automakers Team Up To Create an Electric Car Charging Network Across Europe (theverge.com) 62

An anonymous reader quotes a report from The Verge: A group of automakers has created a new company to build a network of 400 fast chargers across Europe ahead of the wave of new electric cars they've promised in the next few years, as countries push EVs as a way to meet emissions goals. Ionity, announced Friday by BMW Group, Daimler AG, Ford Motor Company and the Volkswagen Group, will install a network of 400 high-power EV chargers across Europe by 2020. There are already 20 chargers under the Ionity network that are being installed this year in Germany, Austria, and Norway at 75-mile intervals, the companies said. Those chargers would also be maintained through partnerships with stores such as Tank & Rast, Circle K, and OMV. Such a network is also necessary to compete with the efforts from Tesla's Supercharger network, which is now 7,000 strong worldwide. It uses the company's own connector and started a major European expansion three years ago. To that, Ionity has invited other companies to join the venture in which the four initial automakers have an equal share.
Security

Hilton Paid a $700K Fine For 2015 Breach; Under GDPR, It Would Be $420 Million (digitalguardian.com) 110

chicksdaddy writes from a report via Digital Guardian: If you want to understand the ground shaking change that the EU's General Data Protection Rule (GDPR) will have when it comes into force in May of 2018, look no further than hotel giant Hilton Domestic Operating Company, Inc., formerly known as Hilton Worldwide, Inc (a.k.a. "Hilton."). On Tuesday, the New York Attorney General Eric T. Schneiderman slapped a $700,000 fine on the hotel giant for two 2015 incidents in which the company was hacked, spilling credit card and other information for 350,000 customers. Schneiderman also punished Hilton for its response to the incident. The company first learned in February 2015 that its customer data had been exposed through a UK-based system belonging to the company, which was observed by a contractor communicating with "a suspicious computer outside Hilton's computer network." Still, it took Hilton until November 24, 2015 -- over nine months after the first intrusion was discovered -- to notify the public. That kind of lackluster response has become pretty typical among Fortune 500 companies (see also: Equifax). And why not? The $700,000 fine from the NY AG is a palatable $2 per lost record -- and a mere rounding error for Hilton, which reported revenues of $11.2 billion in 2015, the year of the breach. That means the $700,000 fine was just %.00006 of Hilton's annual revenue in the year of the breach. Schneiderman's fine was less "bringing down the hammer" than a butterfly kiss for Hilton's C-suite, board and shareholders.

But things are going to be different for Hilton and other companies like it come May 2018 when provisions of the EU's General Data Protection Rule (or GDPR) go into effect, as Digital Guardian points out on their blog. Under that new law, data "controllers" like Hilton (in other words: organizations that collect data on customers or employees) can be fined up to 4% of annual turnover in the year preceding the incident for failing to meet the law's charge to protect that data. What does that mean practically for a company like Hilton? Well, the company's FY 2014 revenue (or "turnover") was $10.5 billion. Four percent of that is a cool $420 million dollars -- or $1,200, rather than $2, for every customer record lost. Needless to say, that's a number that will get the attention of the company's Board of Directors and shareholders.

Government

Portuguese ISP Shows What The Net Looks Like Without Net Neutrality (boingboing.net) 244

"In Portugal, with no net neutrality, internet providers are starting to split the net into packages," argues a California congressman -- retweeting a stunning graphic. An anonymous reader quotes BoingBoing's Cory Doctorow: Since 2006, Net Neutrality activists have been warning that a non-Neutral internet will be an invitation to ISPs to create "plans" where you have to choose which established services you can access, shutting out new entrants to the market and allowing the companies with the deepest pockets to permanently dominate the internet... the Portuguese non-neutral ISP MEO has mistaken a warning for a suggestion, and offers a series of "plans" for its mobile data service where you pay €5 to access a handful of messaging services, €5 more to use social media; and €5 more for video-streaming services.
The congressman notes this arrangement offers "a huge advantage for entrenched companies, but it totally ices out startups trying to get in front of people, which stifles innovation."
Transportation

Electric Cars Emit 50 Percent Less Greenhouse Gas Than Diesel, Study Finds (theguardian.com) 239

entirely_fluffy shares a report from The Guardian: Electric cars emit significantly less greenhouse gases over their lifetimes than diesel engines even when they are powered by the most carbon intensive energy, a new report has found. In Poland, which uses high volumes of coal, electric vehicles produced a quarter less emissions than diesels when put through a full lifecycle modeling study by Belgium's VUB University. CO2 reductions on Europe's cleanest grid in Sweden were a remarkable 85%, falling to around one half for countries such as the UK. The new study uses an EU estimate of Poland's emissions -- at 650gCO2/kWh -- which is significantly lower than calculations by the European commission's Joint Research Centre science wing last year. The VUB study says that while the supply of critical metals -- lithium, cobalt, nickel and graphite -- and rare earths would have to be closely monitored and diversified, it should not constrain the clean transport transition. As battery technology improves and more renewables enter the electricity grid, emissions from battery production itself could be cut by 65%, the study found.
Botnet

2 Million IoT Devices Enslaved By Fast-Growing BotNet (bleepingcomputer.com) 69

An anonymous reader writes: Since mid-September, a new IoT botnet has grown to massive proportions. Codenamed IoT_reaper, researchers estimate its current size at nearly two million infected devices. According to researchers, the botnet is mainly made up of IP-based security cameras, routers, network-attached storage (NAS) devices, network video recorders (NVRs), and digital video recorders (DVRs), primarily from vendors such as Netgear, D-Link, Linksys, GoAhead, JAWS, Vacron, AVTECH, MicroTik, TP-Link, and Synology.

The botnet reuses some Mirai source code, but it's unique in its own right. Unlike Mirai, which relied on scanning for devices with weak or default passwords, this botnet was put together using exploits for unpatched vulnerabilities. The botnet's author is still struggling to control his botnet, as researchers spotted over two million infected devices sitting in the botnet's C&C servers' queue, waiting to be processed. As of now, the botnet has not been used in live DDoS attacks, but the capability is in there.

Today is the one-year anniversary of the Dyn DDoS attack, the article points out, adding that "This week both the FBI and Europol warned about the dangers of leaving Internet of Things devices exposed online."
EU

EU: No Encryption Backdoors But, Let's Help Each Other Crack That Crypto (theregister.co.uk) 83

The European Commission has proposed that member states help each other break into encrypted devices by sharing expertise around the bloc. From a report: In an attempt to tackle the rise of citizens using encryption and its effects on solving crimes, the commission decided to sidestep the well-worn, and well-ridiculed, path of demanding decryption backdoors in the stuff we all use. Instead, the plans set out in its antiterrorism measures on Wednesday take a more collegiate approach -- by offering member states more support when they actually get their hands on an encrypted device. "The commission's position is very clear -- we are not in favour of so-called backdoors, the utilisation of systemic vulnerabilities, because it weakens the overall security of our cyberspace, which we rely upon," security commissioner Julian King told a press briefing. "We're trying to move beyond a sometimes sterile debate between backdoors or no backdoors, and address some of the concrete law enforcement challenges. For instance, when [a member state] gets a device, how do they get information that might be encrypted on the device." [...] Share the wealth. "Some member states are more equipped technically to do that [extract information from a seized device] than others," King said. "We want to make sure no member state is at a disadvantage, by sharing the tech expertise among the member states and reinforcing the support that Europol can offer."
Windows

Munich Plans New Vote on Dumping Linux For Windows 10 (techrepublic.com) 412

An anonymous reader quotes TechRepublic: The city of Munich has suggested it will cost too much to carry on using Linux alongside Windows, despite having spent millions of euros switching PCs to open-source software... "Today, with a Linux client-centric environment, we are often confronted with major difficulties and additional costs when it comes to acquiring and operating professional application software," the city council told the German Federation of Taxpayers. Running Linux will ultimately prove unsustainable, suggests the council, due to the need to also keep a minority of Windows machines to run line-of-business software incompatible with Linux. "In the long term, this situation means that the operation of the non-uniform client landscape can no longer be made cost-efficient"... Since completing the multi-year move to LiMux, a custom-version of the Linux-based OS Ubuntu, the city always kept a smaller number of Windows machines to run incompatible software. As of last year it had about 4,163 Windows-based PCs, compared to about 20,000 Linux-based PCs.

The assessment is at odds with a wide-ranging review of the city's IT systems by Accenture last year, which found that most of the problems stem not from the use of open-source software, but from inefficiencies in how Munich co-ordinates the efforts of IT teams scattered throughout different departments. Dr. Florian Roth, leader of the Green Party at Munich City Council, said the review had also not recommended a wholesale shift to Windows. "The Accenture report suggested to run both systems because the complete 'rollback' to Windows and MS Office would mean a waste of experience, technology, work and money," he said... The city's administration is investigating how long it would take and how much it would cost to build a Windows 10 client for use by the city's employees. Once this work is complete, the council will vote again in November on whether this Windows client should replace LiMux across the authority from 2021.

A taxpayer's federation post urged "Penguin, adieu!" -- while also admitting that returning to Windows "will devour further tax money in the millions," according to TechRepublic.

"The federation's post also makes no mention of the licensing and other savings achieved by switching to LiMux, estimated to stand at about €10m."
Crime

Dutch Police Build a Pokemon Go-Style App For Hunting Wanted Criminals (csoonline.com) 62

"How can the police induce citizens to help investigate crime? By trying to make it 'cool' and turning it into a game that awards points for hits," reports CSO. mrwireless writes: Through their 'police of the future' innovation initiative, and inspired by Pokemon Go, the Dutch police are building an app where you can score points by photographing the license plates of stolen cars. When a car is reported stolen the app will notify people in the neighbourhood, and then the game is on! Privacy activists are worried this creates a whole new relationship with the police, as a deputization of citizens blurs boundaries, and institutionalizes 'coveillance' -- citizens spying on citizens. It could be a slippery slope to situations that more resemble the Stasi regime's, which famously used this form of neighborly surveillance as its preferred method of control.
CSO cites Spiegel Online's description of the unofficial 189,000 Stasi informants as "totally normal citizens of East Germany who betrayed others: neighbors reporting on neighbors, schoolchildren informing on classmates, university students passing along information on other students, managers spying on employees and Communist bosses denouncing party members."

The Dutch police are also building another app that allows citizens to search for missing persons.
EU

Three-Quarters of All Honey On Earth Has Pesticides In It (theverge.com) 103

An anonymous reader quotes a report from The Verge: About three quarters of all honey worldwide is contaminated with pesticides known to harm bees, according to a new study. Though the pesticide levels were below the limit deemed safe for human consumption, there was still enough insecticide in there to harm pollinators. The finding suggests that, as one of the study authors said, "there's almost no safe place for a bee to exist." Scientists analyzed 198 honey samples from all continents, except Antarctica, for five types of pesticides called neonicotinoids, which are known to harm bees. They found at least one of the five compounds in most samples, with the highest contamination in North America, Asia, and Europe. The results are published today in the journal Science.

To get a better sense of just how widespread neonic contamination is, Mitchell and his colleagues analyzed 198 worldwide honey samples collected as a citizen science project between 2012 and 2016. They found that 75 percent of honey contained at least one of the five tested neonics, and 45 percent of samples had two or more. Honey from North America, Asia, and Europe was most contaminated, while the lowest contamination was in South America. Neonic concentrations were relatively low: on average, 1.8 nanograms per gram in contaminated honey -- below the limits set as safe for people by the EU.

EU

EU Takes Ireland To Court For Not Claiming Apple Tax Windfall (reuters.com) 192

Philip Blenkinsop, reporting for Reuters: The European Commission said on Wednesday it was taking Ireland to the European Court of Justice for its failure to recover up to 13 billion euros ($15.3 billion) of tax due from Apple, a move labeled as "regrettable" by Dublin. The Commission ordered the U.S. tech giant in August 2016 to pay the unpaid taxes as it ruled the firm had received illegal state aid, one of a number of deals the EU has targeted between multinationals and usually smaller EU states. "More than one year after the Commission adopted this decision, Ireland has still not recovered the money," EU Competition Commissioner Margrethe Vestager said, adding that Dublin had not even sought a portion of the sum.
EU

EU Gives Ultimatum To Facebook and Twitter: Obey Us Or We'll Start Regulating (theregister.co.uk) 335

An anonymous reader quotes a report from The Register: The EU Commission has fired a shot across Facebook and Twitter's bows, having issued a proclamation decreeing that "social media platforms" must do more to remove "illegal content inciting hatred, violence and terrorism online." Although what is said in the EU proclamation is nothing new -- indeed, in the UK, the measures proposed by the EU's talking heads have been standard practice for years -- what matters here is not what is being said publicly, but instead the threat of what might happen unless Facebook appeases the bloc's leaders. The EU said that platforms should appoint dedicated points of contact for police forces and other State agencies to talk to about illegal content; appoint trusted content moderators ("flaggers," in EU-ese); and invest in "automatic detection technologies." In addition, illegal content should be deleted within "specific timeframes."

All straightforward; nothing new there, at least from the British perspective. Yet the threat is in the EU's later words: "Today's communication is a first step and follow-up initiatives will depend on the online platforms' actions to proactively implement the guidelines. The Commission will carefully monitor progress made by the online platforms over the next months and assess whether additional measures are needed."

EU

EU Paid For Report That Said Piracy Isn't Harmful -- And Tried To Hide Findings (thenextweb.com) 169

According to Julia Reda's blog, the only Pirate in the EU Parliament, the European Commission in 2014 paid the Dutch consulting firm Ecorys 360,000 euros (about $428,000) to research the effect piracy had on sales of copyrighted content. The final report was finished in May 2015, but was never published because the report concluded that piracy isn't harmful. The Next Web reports: The 300-page report seems to suggest that there's no evidence that supports the idea that piracy has a negative effect on sales of copyrighted content (with some exceptions for recently released blockbusters). The report states: "In general, the results do not show robust statistical evidence of displacement of sales by online copyright infringements. That does not necessarily mean that piracy has no effect but only that the statistical analysis does not prove with sufficient reliability that there is an effect. An exception is the displacement of recent top films. The results show a displacement rate of 40 per cent which means that for every ten recent top films watched illegally, four fewer films are consumed legally."

On her blog, Julia Reda says that a report like this is fundamental to discussions about copyright policies -- where the general assumption is usually that piracy has a negative effect on rightsholders' revenues. She also criticizes the Commissions reluctance to publish the report and says it probably wouldn't have released it for several more years if it wasn't for the access to documents request she filed in July.
As for why the Commission hadn't published the report earlier, Reda says: "all available evidence suggests that the Commission actively chose to ignore the study except for the part that suited their agenda: In an academic article published in 2016, two European Commission officials reported a link between lost sales for blockbusters and illegal downloads of those films. They failed to disclose, however, that the study this was based on also looked at music, ebooks and games, where it found no such connection. On the contrary, in the case of video games, the study found the opposite link, indicating a positive influence of illegal game downloads on legal sales. That demonstrates that the study wasn't forgotten by the Commission altogether..."
Google

Google Offers To Treat Rivals Equally Via Auction (reuters.com) 28

Google has offered to display rival comparison shopping sites via an auction, as it aims to stave off further EU antitrust fines, four people familiar with the matter told Reuters. From a report: Google is under pressure to come up with a big initiative to level the playing field in comparison shopping, but its proposal was roundly criticized by competitors as inadequate, the sources said. EU enforcers see the antitrust case as a benchmark for investigations into other areas dominated by the U.S. search giant such as travel and online mapping. Google has already been fined a record 2.4 billion euros ($2.9 bln) by the European Commission for favoring its own service, and could face millions of euros in fresh fines if it fails to treat rivals and its own service equally.
The Almighty Buck

Flush With Cash: Swiss Toilets Mysteriously Stuffed With 500-Euro Bills (npr.org) 184

Someone in the Swiss city of Geneva has been trying to flush tens of thousands of euros down toilets. From a report: The bathrooms at a branch of the UBS bank in Geneva, as well as in three nearby restaurants, had pipes stuffed with 500-euro bills that had apparently been cut up with scissors and flushed down the toilets. The mysterious misplaced funds were first reported by a Swiss newspaper, and local authorities have confirmed the incident to multiple media outlets. Each individual bill is worth nearly $600. Collectively, the destroyed bank notes were worth tens of thousands of dollars. The Geneva Prosecutor's Office tells Bloomberg it has launched an investigation into the bathroom bills. Switzerland is not in the European Union, although it is entirely surrounded by EU member countries, and the nation's currency is the Swiss franc.
Earth

Trump's Officials Suggest Re-Negotiating The Paris Climate Accord (msn.com) 244

Slashdot reader whh3 brings surprising news from the Wall Street Journal. "Trump administration officials said Saturday the U.S. wouldn't pull out of the Paris Agreement, offering to re-engage in the international deal to fight climate change, according to multiple officials at a global warming summit." Today an anonymous reader writes: Even an official White House statement in response to the article insisted only that the U.S. would withdraw "unless we can re-enter on terms that are more favorable to our country." On Sunday White House National Security Adviser H.R. McMaster "said President Donald Trump could decide to keep the U.S. in the Paris Climate Accord if there is a better agreement that benefits the American people," according to ABC News, while CNBC reports that Secretary of State Rex Tillerson also "said the United States could remain in the Paris climate accord under the right conditions. 'The president said he is open to finding those conditions where we can remain engaged with others on what we all agree is still a challenging issue.'"
Facebook

Spain Fines Facebook Over Tracking Users Without Consent (tomshardware.com) 41

Spain's Data Protection Authority has issued a 1.2 million euro fine against Facebook after it found three instances when the company collected data without informing users, as required by European Union privacy laws. Tom's Hardware reports: The AEPD found multiple issues with how Facebook gathered data on Spanish users. One of the issues was that Facebook collects data on ideology, sex, and religious beliefs, as well as personal tastes and web surfing habits without informing the users about how that data will be used. A second issue was that Facebook wasn't obtaining specific and informed consent from the users because the data it was offering them about the collection was not sufficiently clear. The company has been tracking both users and non-users of the service through the Like button across the web without informing them about this sort of tracking, nor about what it plans to do with the data. The company has said that the collection is done for advertising purposes before, but some purposes remain secret, according to the Spanish Data Protection Authority. The AEPD said this sort of collection doesn't comply with the EU's data protection regulations.

Finally, the AEPD also noticed that Facebook has not been completely purging the data about users who had already deleted their accounts and that Facebook was making use of accounts' data that have been deleted for more than 17 months. Considering the data that has remained behind is no longer useful for the purpose for which it was collected, the agency considered this another serious infringement of EU privacy laws.

EU

EU Set To Demand Internet Firms Act Faster To Remove Illegal Content (reuters.com) 60

Companies including Google, Facebook and Twitter could face European Union laws forcing them to be more proactive in removing illegal content if they do not do more to police what is available on the Internet. From a report: The European Union executive outlines in draft guidelines reviewed by Reuters how Internet firms should step up efforts with measures such as establishing trusted flaggers and taking voluntary measures to detect and remove illegal content. Proliferating illegal content, whether because it infringes copyright or incites terrorism, has sparked heated debate in Europe between those who want online platforms to do more to tackle it and those who fear it could impinge on free speech. The companies have significantly stepped up efforts to tackle the problem of late, agreeing to an EU code of conduct to remove hate speech within 24 hours and forming a global working group to combine their efforts remove terrorist content from their platforms.
Google

Google Challenges Record EU Antitrust Fine in Court (reuters.com) 52

Google appealed on Monday against a record 2.4-billion-euro ($2.9 billion) EU antitrust fine, with its chances of success boosted by Intel's partial victory last week against another EU sanction. From a report: The world's most popular Internet search engine, a unit of the U.S. firm Alphabet, launched its appeal two months after it was fined by the European Commission for abusing its dominance in Europe by giving prominent placement in searches to its comparison shopping service and demoting rival offerings.

Slashdot Top Deals