The NSA Worked To 'Track Down' Bitcoin Users, Snowden Documents Reveal ( 4

An anonymous reader shares a report: Classified documents provided by the whistleblower Edward Snowden show the National Security Agency worked urgently to target Bitcoin users around the world -- and wielded at least one mysterious source of information to "help track down senders and receivers of Bitcoins," according to a top-secret passage in an internal NSA report dating to March 2013. The data source appears to have leveraged NSA's ability to harvest and analyze raw, global internet traffic while also exploiting an unnamed software program that purported to offer anonymity to users, according to other documents.

Although the agency was interested in surveilling some competing cryptocurrencies, "Bitcoin is #1 priority," a March 15, 2013 internal NSA report stated. The documents indicate that "tracking down" Bitcoin users went well beyond closely examining Bitcoin's public transaction ledger, known as the Blockchain, where users are typically referred to through anonymous identifiers; the tracking may also have involved gathering intimate details of these users' computers. The NSA collected some Bitcoin users' password information, internet activity, and a type of unique device identification number known as a MAC address, a March 29, 2013 NSA memo suggested. In the same document, analysts also discussed tracking internet users' internet addresses, network ports, and timestamps to identify "BITCOIN Targets."


FTC Probing Facebook For Use of Personal Data: Bloomberg ( 46

An anonymous reader shares a report: Facebook is under investigation by a U.S. privacy watchdog over the use of personal data of 50 million users by a data analytics firm to help elect President Donald Trump. The U.S. Federal Trade Commission is probing whether Facebook violated terms of a 2011 consent decree of its handing of user data that was transferred to Cambridge Analytica without their knowledge, according to a person familiar with the matter. Under the 2011 settlement, Facebook agreed to get user consent for certain changes to privacy settings as part of a settlement of federal charges that it deceived consumers and forced them to share more personal information than they intended. That complaint arose after the company changed some user settings without notifying its customers, according to an FTC statement at the time. If the FTC finds Facebook violated terms of the consent decree, it has the power to fine the company thousands of dollars a day per violation.

China Approves Giant Propaganda Machine To Improve Global Image ( 96

China has approved the creation of one of the world's largest propaganda machines as it looks to improve its global image, Bloomberg reported on Tuesday, citing a person familiar with the matter. From the report: The new broadcaster will be called "Voice of China," the person said, mimicking the U.S. government-funded Voice of America that started up during World War II to advance American interests. Bloomberg News had previously reported the new entity would be created through merging China Central Television, China Radio International and China National Radio. The combined group was designed to strengthen the party's ability to shape public opinion and would serve as a key vehicle for China to project its image to the world.

Sierra Leone Government Denies the Role of Blockchain In Its Recent Election ( 18

The National Electoral Commission Sierra Leone is denying the news that theirs was one of the first elections recorded to the blockchain. "While the blockchain voting company Agora claimed to have run the first blockchain-based election, it appears that the company did little more than observe the voting and store some of the results," reports TechCrunch. From the report: "The NEC [National Electoral Commission] has not used and is not using blockchain technology in any part of the electoral process," said NEC head Mohamed Conteh. Why he is adamant about this fact is unclear -- questions I asked went unanswered -- but he and his team have created a set of machine readable election results and posted [a] clarification. "Anonymized votes/ballots are being recorded on Agora's blockchain, which will be publicly available for any interested party to review, count and validate," said Agora's Leonardo Gammar. "This is the first time a government election is using blockchain technology." In Africa the reactions were mixed. "It would be like me showing up to the UK election with my computer and saying, 'let me enter your counting room, let me plug-in and count your results,'" said Morris Marah to RFI. "Agora's results for the two districts they tallied differed considerably from the official results, according to an analysis of the two sets of statistics carried out by RFI," wrote RFI's Daniel Finnan.

Facebook Security Chief Said To Leave After Clashes Over Disinformation ( 37

Facebook's chief information security officer, Alex Stamos, will leave the company after internal disagreements over how the social network should deal with its role in spreading disinformation. The New York Times reports (Warning: source may be paywalled; alternative source): Mr. Stamos had been a strong advocate inside the company for investigating and disclosing Russian activity on Facebook, often to the consternation of other top executives, including Sheryl Sandberg, the social network's chief operating officer, according to the current and former employees, who asked not to be identified discussing internal matters. After his day-to-day responsibilities were reassigned to others in December, Mr. Stamos said he would leave the company. He was persuaded to stay through August to oversee the transition of his duties because executives thought his departure would look bad, the current and former employees said. He has been overseeing the transfer of his security team to Facebook's product and infrastructure divisions. His group, which once had 120 people, now has three, the current and former employees said. Mr. Stamos would be the first high-ranking employee to leave Facebook since controversy erupted over disinformation on its site. His departure is a sign of heightened leadership tensions at the company.

Ajit Pai Celebrates After Court Strikes Down Obama-Era Robocall Rule ( 152

An anonymous reader quotes a report from Ars Technica: Federal judges have struck down an anti-robocall rule, saying that the Federal Communications Commission improperly treated every American who owns a smartphone as a potential robocaller. The FCC won't be appealing the court decision, as Chairman Ajit Pai opposed the rule changes when they were implemented by the commission's then-Democratic majority in 2015. Pai issued a statement praising the judges for the decision Friday, calling the now-vacated rule "yet another example of the prior FCC's disregard for the law and regulatory overreach." The FCC's 2015 decision said that a device meets the Telephone Consumer Protection Act (TCPA) definition of an "autodialer" if it can be modified to make robocalls, even if the smartphone user hasn't actually downloaded an autodialing app. That interpretation treats all smartphones as autodialers because any smartphone has the capability of downloading an autodialing app, judges ruled. Since any call made by an autodialer could violate anti-robocall rules, this led to a troubling conclusion: judges said that an unwanted call from a smartphone could violate anti-robocall rules even if the smartphone user hasn't downloaded an autodialing app.

"The Commission's understanding would appear to subject ordinary calls from any conventional smartphone to the Act's coverage, an unreasonably expansive interpretation of the statute," a three-judge panel of the U.S. Court of Appeals for the District of Columbia Circuit said in a unanimous ruling Friday. The ruling came in a case filed against the FCC by the Association of Credit and Collection Professionals, which says it represents "third-party collection agencies, law firms, asset buying companies, creditors, and vendor affiliates." Judges also invalidated an FCC rule that helped protect consumers from robocalls to reassigned phone numbers.


Facebook Hires Firm To Conduct Forensic Audit of Cambridge Analytica Data ( 113

After it was revealed that political data analytics firm, Cambridge Analytica, harvested personal data from more than 50 million Facebook users, the social media company has been scrutinized for not better protecting its users. Today, CBS News reports that Facebook has recently hired Stroz Friedberg, a digital forensics firm, to conduct an audit of Cambridge Analytica. According to a press release issued by Facebook on Monday, Cambridge Analytica has agreed to "comply and afford the firm complete access to their servers and systems." From the report: The social network said it asked Christopher Wylie and University of Cambridge professor Aleksandr Kogan to submit to an audit. Facebook says Kogan has verbally agreed to participate, but Wylie has declined. Wylie is a former employee of Cambridge Analytica who described the company's use of illicit data in interviews late last week. Cambridge Analytica, Kogan and Wylie were banned from Facebook on Friday. Cambridge Analytica did not immediately confirm that it had agreed to comply with the audit. The firm has denied the allegations that it improperly collected and used the data. A spokeswoman for Stroz Friedberg declined to comment on the firm's involvement with an audit.

"We are moving aggressively to determine the accuracy of these claims," Facebook officials said in a statement. "We remain committed to vigorously enforcing our policies to protect people's information. We also want to be clear that today when developers create apps that ask for certain information from people, we conduct a robust review to identify potential policy violations and to assess whether the app has a legitimate use for the data. We actually reject a significant number of apps through this process. This is part of a comprehensive internal and external review that we are conducting to determine the accuracy of the claims that the Facebook data in question still exists. If this data still exists, it would be a grave violation of Facebook's policies and an unacceptable violation of trust and the commitments these groups made."


Trump Bans Venezuela's New National Cryptocurrency ( 153

An anonymous reader quotes a report from CNBC: President Donald Trump issued an executive order Monday banning any transactions within the United States involving any digital currency issued by, for, or on behalf of the Government of Venezuela. The order applies to U.S. citizens as well as anyone within the United States, and includes cryptocurrency issued on or after January 9. President Trump's order is in response to recent attempts by Venezuelan President Nicolas Maduro's regime to "circumvent U.S. sanctions by issuing a digital currency," the White House said in a statement. Venezuela launched its oil-backed cryptocurrency in February to help pull the country out of a continuing economic crisis. President Maduro said each petro token will be backed by one barrel of the state's national petroleum. Maduro also said roughly 100 million tokens would be issued -- estimated to be worth around $6 billion. Bitcoin prices dropped about $200 to around $8,388, according to Coinbase, following the order.
United States

Entrepreneur Andrew Yang, a Big Supporter Of Universal Basic Income, is Running For President ( 403

In a recently published podcast, Andrew Yang, tech entrepreneur and founder of Venture for America, said he is vying for the Democratic party nomination to run for President of the United States. From a report: Yang outlines his radical policy agenda, which focuses on Universal Basic Income and includes a "freedom dividend." He talks about the very real and immediate threat of artificial intelligence, how new technologies are erasing millions of jobs before our eyes, and why we need to put humanity first. He also addresses "the big four" and what he plans to do about Amazon.

During the interview, Yang called out governments inability to address large scale problems and the challenges that technology is creating in modern American society. "I believe that we need to start owning these realities [of automation and artificial intelligence taking away jobs] and these challenges as a people, as a country, and as a society, and start being honest. I'm running for president to solve the big problems and to show that these things are not beyond us," Yang says. Yang's own plan to address the increasing power tech companies are wielding in the world involves something called a "freedom dividend", which would paid for by a value-added tax. The revenue from that tax (levied on "gains from the big four") would be redistributed via the "freedom dividend" to citizens, Yang says.


Facebook Under Pressure as EU, US Urge Probes of Data Practices ( 66

Facebook CEO Mark Zuckerberg faced calls on Monday from U.S. and European lawmakers to explain how a consultancy that worked on President Donald Trump's election campaign gained access to data on 50 million Facebook users. From a report: Facebook's shares fell more than 7 percent, wiping around $40 billion off its market value, set for their biggest drop since September 2012, as investors worried that new legislation could damage the company's lucrative advertising business. "The lid is being opened on the black box of Facebook's data practices, and the picture is not pretty," said Frank Pasquale, a University of Maryland law professor who has written about Silicon Valley's use of data. Lawmakers in the United States, Britain and Europe have called for investigations into media reports that political analytics firm Cambridge Analytica had harvested the private data on more than 50 million Facebook users to support Trump's 2016 presidential election campaign. Further reading: An undercover investigation by Channel 4 News reveals how Cambridge Analytica secretly campaigns in elections across the world. Bosses were filmed talking about using bribes, ex-spies, fake IDs and sex workers.

Firefox Master Password System Has Been Poorly Secured for the Past 9 Years, Researcher Says ( 73

Catalin Cimpanu, writing for BleepingComputer: For at past nine years, Mozilla has been using an insufficiently strong encryption mechanism for the "master password" feature. Both Firefox and Thunderbird allow users to set up a "master password" through their settings panel. This master password plays the role of an encryption key that is used to encrypt each password string the user saves in his browser or email client. Experts have lauded the feature because up until that point browsers would store passwords locally in cleartext, leaving them vulnerable to malware or attackers with physical access to a victim's computer. But Wladimir Palant, the author of the AdBlock Plus extension, says the encryption scheme used by the master password feature is weak and can be easily brute-forced. "I looked into the source code," Palant says, "I eventually found the sftkdb_passwordToKey() function that converts a [website] password into an encryption key by means of applying SHA-1 hashing to a string consisting of a random salt and your actual master password."

Are Google and Facebook Surveilling Their Own Employees? ( 106

The Guardian just ran an article titled " 'They'll squash you like a bug': how Silicon Valley keeps a lid on leakers," which begins with the story of an employee confronted by Facebook's secretive "rat-catching" team: They had records of a screenshot he'd taken, links he had clicked or hovered over, and they strongly indicated they had accessed chats between him and the journalist, dating back to before he joined the company. "It's horrifying how much they know," he told the Guardian, on the condition of anonymity... "You get on their bad side and all of a sudden you are face to face with Mark Zuckerberg's secret police"... One European Facebook content moderator signed a contract, seen by the Guardian, which granted the company the right to monitor and record his social media activities, including his personal Facebook account, as well as emails, phone calls and internet use. He also agreed to random personal searches of his belongings including bags, briefcases and car while on company premises. Refusal to allow such searches would be treated as gross misconduct...

Some employees switch their phones off or hide them out of fear that their location is being tracked. One current Facebook employee who recently spoke to Wired asked the reporter to turn off his phone so the company would have a harder time tracking if it had been near the phones of anyone from Facebook. Two security researchers confirmed that this would be technically simple for Facebook to do if both people had the Facebook app on their phone and location services switched on. Even if location services aren't switched on, Facebook can infer someone's location from wifi access points.

The article cites a 2012 report that Microsoft read a French blogger's Hotmail account to identify a former employee who had leaked trade secrets. And it also reports that tech companies hire external agencies to surveil their employees. "One such firm, Pinkerton, counts Google and Facebook among its clients." Though Facebook and Google both deny this, "Among other services, Pinkerton offers to send investigators to coffee shops or restaurants near a company's campus to eavesdrop on employees' conversations...

Al Gidari, consulting director of privacy at the Stanford Center for Internet and Society, says that these tools "are common, widespread, intrusive and legal."

Did Cambridge Analytica Harvest 50 Million Facebook Profiles? ( 129

Slashdot reader umafuckit shared this article from The Guardian: The data analytics firm that worked with Donald Trump's election team and the winning Brexit campaign harvested millions of Facebook profiles of U.S. voters, in one of the tech giant's biggest ever data breaches, and used them to build a powerful software program to predict and influence choices at the ballot box... Christopher Wylie, who worked with a Cambridge University academic to obtain the data, told the Observer: "We exploited Facebook to harvest millions of people's profiles. And built models to exploit what we knew about them and target their inner demons. That was the basis the entire company was built on."

Documents seen by the Observer, and confirmed by a Facebook statement, show that by late 2015 the company had found out that information had been harvested on an unprecedented scale. However, at the time it failed to alert users and took only limited steps to recover and secure the private information of more than 50 million individuals... On Friday, four days after the Observer sought comment for this story, but more than two years after the data breach was first reported, Facebook announced that it was suspending Cambridge Analytica and Kogan from the platform, pending further information over misuse of data. Separately, Facebook's external lawyers warned the Observer on Friday it was making "false and defamatory" allegations, and reserved Facebook's legal position...

The evidence Wylie supplied to U.K. and U.S. authorities includes a letter from Facebook's own lawyers sent to him in August 2016, asking him to destroy any data he held that had been collected by GSR, the company set up by Kogan to harvest the profiles... Facebook did not pursue a response when the letter initially went unanswered for weeks because Wylie was travelling, nor did it follow up with forensic checks on his computers or storage, he said. "That to me was the most astonishing thing. They waited two years and did absolutely nothing to check that the data was deleted. All they asked me to do was tick a box on a form and post it back."

Wylie worked with Aleksandr Kogan, the creator of the "thisisyourdigitallife" app, "who has previously unreported links to a Russian university and took Russian grants for research," according to the article. Kogan "had a licence from Facebook to collect profile data, but it was for research purposes only. So when he hoovered up information for the commercial venture, he was violating the company's terms...

"At the time, more than 50 million profiles represented around a third of active North American Facebook users, and nearly a quarter of potential U.S. voters."
United States

DIY Explosives Experimenter Blows Self Up, Contaminates Building ( 356

Long-time Slashdot reader hey! writes: Benjamin D. Morrison of Beaver Dam Wisconsin was killed on March 5 while synthesizing explosives in his apartment... The accident has left the apartment building so contaminated that it will be demolished in a controlled burn, and residents are not being allowed in to retrieve any of their belongings.
It was just five years ago that Morrison graduated from Pensacola Christian College in Florida with a degree in pre-pharmacy and minors in chemistry and math. Though a local reverend believes 28-year-old Morrison was "not a bomb maker," USA Today's site FDL Reporter notes that "Officials assume he was making bombs that accidentally exploded and killed him... They have not publicly disclosed what chemicals were in apartment 11 where Morrow lived, only describing them as 'extremely volatile and unstable explosives.'"
Electronic Frontier Foundation

North Carolina Police Obtained Warrants Demanding All Google Users Near Four Crime Scenes ( 209

An anonymous reader quotes the public records reporter from North Carolina TV station WRAL: In at least four investigations last year -- cases of murder, sexual battery and even possible arson at the massive downtown fire in March 2017 -- Raleigh police used search warrants to demand Google accounts not of specific suspects, but from any mobile devices that veered too close to the scene of a crime, according to a WRAL News review of court records... The demands Raleigh police issued for Google data [in two homicide cases] described a 17-acre area that included both homes and businesses... The account IDs aren't limited to electronics running Android. The warrant includes any device running location-enabled Google apps, according to Raleigh Police Department spokeswoman Laura Hourigan...

On March 16, 2017, a five-alarm fire ripped through the unfinished Metropolitan apartment building on West Jones Street... About two months later, Raleigh police obtained a search warrant for Google account IDs that showed up near the block of the Metropolitan between 7:30 and 10 p.m. the night of the fire... In addition to anonymized numerical identifiers, the warrant calls on Google to release time stamped location coordinates for every device that passed through the area. Detectives wrote that they'd narrow down that list and send it back to the company, demanding "contextual data points with points of travel outside of the geographical area" during an expanded timeframe. Another review would further cull the list, which police would use to request user names, birth dates and other identifying information of the phones' owners.

"Do people understand that in sharing that information with Google, they're also potentially sharing it with law enforcement?" asks a former Durham prosecutor who directs the North Carolina Open Government Coalition at Elon University. And Stephanie Lacambra, criminal defense staff attorney at the Electronic Frontier Foundation, also criticized the procedure. "To just say, 'Criminals commit crimes, and we know that most people have cell phones,' that should not be enough to get the geo-location on anyone that happened to be in the vicinity of a particular incident during a particular time." She believes that without probable cause the police department is "trying to use technology as a hack for their job... It does not have to be that we have to give up our privacy rights in order to participate in the digital revolution."

Nathan Freed Wessler, staff attorney with the ACLU's Speech, Privacy and Technology Project, put it succinctly. "At the end of the day, this tactic unavoidably risks getting information about totally innocent people."

Facebook Suspends Donald Trump's Data Operations Team For Misusing People's Personal Information ( 194

An anonymous reader quotes a report from The Verge: Facebook said late Friday that it had suspended Strategic Communication Laboratories (SCL), along with its political data analytics firm, Cambridge Analytica, for violating its policies around data collection and retention. The companies, which ran data operations for Donald Trump's 2016 presidential election campaign, are widely credited with helping Trump more effectively target voters on Facebook than his rival, Hillary Clinton. While the exact nature of their role remains somewhat mysterious, Facebook's disclosure suggests that the company improperly obtained user data that could have given it an unfair advantage in reaching voters. Facebook said it cannot determine whether or how the data in question could have been used in conjunction with election ad campaigns.

In a blog post, Facebook deputy general counsel Paul Grewal laid out how SCL came into possession of the user data. In 2015, Aleksandr Kogan, a psychology professor at the University of Cambridge, created an app named "thisisyourdigitallife" that promised to predict aspects of users' personalities. About 270,000 people downloaded it and logged in through Facebook, giving Kogan access to information about their city of residence, Facebook content they had liked, and information about their friends. Kogan passed the data to SCL and a man named Christopher Wylie from a data harvesting firm known as Eunoia Technologies, in violation of Facebook rules that prevent app developers from giving away or selling users' personal information. Facebook learned of the violation that year and removed his app from Facebook. It also asked Kogan and his associates to certify that they had destroyed the improperly collected data. Everyone said that they did. The suspension is not permanent, a Facebook spokesman said. But the suspended users would need to take unspecified steps to certify that they would comply with Facebook's terms of service.

The Courts

Entire Broadband Industry Will Help FCC Defend Net Neutrality Repeal ( 87

The biggest lobby groups representing broadband providers will help the FCC defend the repeal of net neutrality rules in court. Ars Technica reports: Yesterday, three trade groups that collectively represent every major home Internet and mobile broadband provider in the U.S. filed motions to intervene in the case on behalf of the FCC. The motions for leave to intervene were filed by NCTA--The Internet & Television Association, CTIA--The Wireless Association, and USTelecom--The Broadband Association. NCTA represents cable companies such as Comcast, Charter, Cox, and Altice. CTIA represents the biggest mobile carriers, such as AT&T, Verizon Wireless, T-Mobile, and Sprint. USTelecom represents wireline telcos with copper and fiber networks, such as AT&T and Verizon. All three groups also represent a range of smaller ISPs.

As intervenors in the case, the groups will file briefs in support of the net neutrality repeal order and may play a role in oral arguments. NCTA's motion noted that its members would once again be subject to "common-carriage regulation under Title II of the Communications Act" if the FCC were to lose the case. CTIA said that its members "would be adversely affected if the [net neutrality] Order were set aside and the prior Title II Order classification and rules were reinstated."


Facial Scanning Now Arriving At US Airports ( 78

According to a report via NPR, a Geneva-based company called SITA that develops information technology for the world's airlines has installed facial scanning cameras at Orlando International Airport. "Britain-bound passengers -- some wearing Mickey Mouse T-shirts and other Disney paraphernalia -- lined up at Gate 80 recently for the evening British Airways flight to London's Gatwick Airport," reports NPR. "It looks like any other airport departure area, except for the two small gates with what look like small boxes on posts next to them. Those boxes are actually cameras." From the report: Sherry Stein, a senior manager at SITA, says the cameras are triggered when passengers step onto designated footprints. "We collect a photo, send it to CBP, who checks to make sure that person is booked on the manifest and matches the photo that they already have on file." If everything matches, Stein says, "we open the doors and give them the OK to board." All that happens, she says, "in three to five seconds." If things don't match, the traveler's passport is scanned manually by a gate agent. CBP is testing biometric scanning at a dozen or so U.S. international airports to ensure that people leaving the country are who they say they are, and to prevent visa overstays. The Transportation Security Administration, another agency within the Department of Homeland Security, is testing similar devices at security check-in lines.

Sierra Leone Records World's First Blockchain-Powered Election ( 68

The citizens of Sierra Leone went to the polls on March 7 but this time something was different: the country recorded votes at 70% of the polling to the blockchain using a technology that is the first of its kind in actual practice. The tech, created by Leonardo Gammar of Agora, anonymously stored votes in an immutable ledger, thereby offering instant access to the election results. TechCrunch reports: "Anonymized votes/ballots are being recorded on Agora's blockchain, which will be publicly available for any interested party to review, count and validate," said Gammar. "This is the first time a government election is using blockchain technology." "Sierra Leone wishes to create an environment of trust with the voters in a contentious election, especially looking at how the election will be publicly viewed post-election. By using blockchain as a means to immutably record ballots and results, the country hopes to create legitimacy around the election and reduce fall-out from opposition parties," he said.

Why is this interesting? While this is little more than a proof of concept -- it is not a complete voting record but instead captured a seemingly acceptable plurality of votes -- it's fascinating to see the technology be implemented in Sierra Leone, a country of about 7.4 million people. The goal ultimately is to reduce voting costs by cutting out paper ballots as well as reducing corruption in the voting process.

The Courts

Man Fined For Implanting NFC Train Ticket In Hand ( 106

Unhappy Windows User writes: An Australian man, when checked by a ticket inspector, claimed his smart travel card was implanted in his hand. He took the case to court and lost; the fine and legal fees add up to AU$1220 (USD $950). The man, who self-identifies as a biohacker and is a member of the Science Party, accepts the ruling but states that it won't discourage him from further biohacking. He claimed he was ahead of the law. The prosecution argued that, by cutting the chip out of the card, the ticket was invalidated. It is not clear from the article whether the NFC chip was working correctly and could be read by the inspector, or not. Further reading: BuzzFeed News

Slashdot Top Deals