In the fight against Covid-19, contact tracing apps have so far largely been disappointments -- in the United States, at least. Proposed in the spring as a way to help quickly stifle viral outbreaks by tracking down potential exposures using smartphones, they were stunted by technical glitches, concerns over privacy, and the US's fragmented, haphazard pandemic response. Now, they may become mired in a fight over patents. From a report: The challenge comes from Blyncsy, a Salt Lake City-based maker of software that helps cities gather and analyze mobility data. In recent weeks, the company has sent claims seeking the equivalent of $1 per resident to states that have released or plan to release contact tracing apps, including Pennsylvania, North Dakota, South Dakota, and Virginia. The company holds three patents related to contact tracing. One of them, granted in February 2019, for "tracking proximity relationships and uses thereof," describes methods of tracking the spread of "contagion" using technology such as Bluetooth, Wi-Fi, and cellular signals. Apps launched by public health agencies during the Covid-19 pandemic infringe upon it, the company says.

In April, Blyncsy launched a portal for others to request a license for its technology and submit plans for a privacy review. That was shortly after Google and Apple jointly announced an effort to get contact tracing technology in the hands of state and national governments, using Bluetooth features on the companies' smartphones. Blyncsy did not get any takers. "State governments have taken it upon themselves to roll out a solution in their name in which they're using our property without compensation," says Blyncsy CEO Mark Pittman. He describes the current crop of contact tracing apps as "fly-by-night" efforts and says his patent fight is driven by concerns about their privacy and effectiveness, not an attempt to profit.

Google has updated its Play Store rules to impose a "formal" ban on stalkerware apps, but the company has left a pretty huge loophole in place for stalkerware to be uploaded on the official store as child-tracking applications. From a report: Stalkerware is a term used to describe apps that track a user's movements, snoop on calls and messages, and record other apps' activity. Stalkerware, also known as spouseware, is usually advertised to users as a way to discover cheating partners, track children while outside their homes, and as a way to keep an eye on employees at work. The primary feature of all stalkerware apps, regardless if they're intended to be used on smartphones or laptops, is that these apps can be installed and run without the device owner's knowledge, operating in the operating system's background. Over the past decade, the Play Store has hosted hundreds of applications that fit into the stalkerware category. Google, which has intervened to take down stalkerware apps when they've been pointed out by security researchers, has usually avoided making public statements on the topic.

tedlistens writes: The CEO of Taser maker Axon, Rick Smith, has a lot of high-tech ideas for fixing policing. One idea for identifying potentially abusive behavior is AI, integrated with the company's increasingly ubiquitous body cameras and the footage they produce. In a patent application filed last month, Axon describes the ability to search video not only for words and locations but also for clothing, weapons, buildings, and other objects. AI could also tag footage to enable searches for things such as "the characteristics [of] the sounds or words of the audio," including "the volume (e.g., intensity), tone (e.g., menacing, threatening, helpful, kind), frequency range, or emotions (e.g., anger, elation) of a word or a sound."

Building that kind of software is a difficult task, and in the realm of law enforcement, one with particularly high stakes. But Smith also faces a more low-tech challenge, he tells Fast Company: making his ideas acceptable both to intransigent police unions and to the communities those police serve. Of course, right now many of those communities aren't calling for more technology for their police but for deep reform, if not deep budget cuts. And police officers aren't exactly clamoring for more scrutiny, especially if it's being done by a computer.

Several Pirate Bay-related domains become available again this month after their owner failed to renew the registration. Yesterday, Piratebay.org was sold in a Dropcatch auction for $50,000 and ThePiratebay.com will follow soon. Both domains were previously registered to the official Pirate Bay site. TorrentFreak reports: Over the years the Pirate Bay team had many 'backup' domains available, just in case something happened. That included various exotic TLDs but the site also owned Piratebay.org and ThePiratebay.com. We use the past tense because both domains expired recently. The domains listed Pirate Bay co-founder Fredrik Neij as the registrant and until recently the same Swedish address was listed in Whois data. For reasons unknown, however, the registrant let both Piratebay.org and ThePiratebay.com expire. This isn't a problem for the torrent site really. The domains were never used as the site's main address. ThePiratebay.com did forward to the original .org domain at one point, but that's about it.

None of this means that the domains are not valuable to outsiders though. This became apparent in an auction yesterday, where Piratebay.org (without the the) was sold for $50,000 to a bidder named 'clvrfls.' The bid below ended up being the winning one. The Piratebay.org domain failed to renew earlier this month after which the professional 'drop catch' service Dropcatch.com scooped it up. They auctioned the domain off, which is a common practice, and it proved quite lucrative. What the new owner will do with the domain is unclear. It has a substantial number of backlinks and there will be plenty of type-in traffic as well. [...] ThePiratebay.com is expected to drop later this week and is listed at a pending delete auction, and ThePiratebay.net and Piratebay.net will drop in a few days as well.

During Facebook Connect -- the replacement for the AR/VR event previously known as Oculus Connect -- Facebook CEO Mark Zuckerberg said today that the company is planning to release its first pair of augmented reality glasses in 2021. From a report: While the company's Oculus unit has become a leading provider of VR headsets, Facebook has touted AR as the next major frontier for computing, and this release date could spread the next-generation technology to the masses earlier than expected. Zuckerberg confirmed that it has been working with Ray-Ban, owned by fashion eyewear company Luxottica, to create the product, and suggested that it will be cosmetically appealing. The companies haven't yet revealed imagery of the glasses, but it's important to note that there are at least two stages to Facebook's plans -- an initial AR wearable with basic functionality, then a future fully functional device with more features. Facebook confirmed its multiple prototype strategy last year.

An anonymous reader quotes a report from The Guardian: Opposition to the $40 billion sale of the UK's largest tech firm, Arm Holdings, is mounting, as the trade union Unite said staff concerned about their future had been "fobbed off" and the company's local MP urged the government to act. The government has so far declined to say whether it will consider deploying powers to block the deal or attach conditions, despite pressure from Labour, trade unions and Arm's outspoken co-founder Hermann Hauser.

On Tuesday, Unite said members who worked for Arm at its Cambridge headquarters had been kept in the dark and fobbed off in an internal meeting, with senior figures telling them any transaction was at least 18 months away. Unite called on the government to prevent the sale, saying ministers should be "protecting tech firms from being hollowed out by detrimental takeovers and providing the investment needed for the sector as a whole to flourish." Daniel Zeichner, the Labour MP whose constituency includes Arm's headquarters, will meet union officials and employees on Friday. Speaking in the House of Commons on Tuesday, he called on the government to secure a legally binding guarantee to protect jobs as well as an exemption from US foreign investment rules. On Monday, ARM co-founder Hermann Hauser penned an open letter to the UK's Prime Minister Boris Johnson in which he says that he is "extremely concerned" about the deal and how it will impact jobs in the country, Arm's business model and the future of the country's economic sovereignty independent of the U.S. and U.S. interests.

A spokesperson for Arm said: "Communication sessions have been ongoing with employees at a global, regional and departmental level since the deal was made public. Together, [Arm CEO] Simon Segars and [Nvidia CEO] Jensen Huang held multiple interactive communications sessions with Arm employees, providing them with the highest levels of transparency within the legal constraints of the situation. It was also clearly communicated that the regulatory process does not have a specific timetable and employees will be kept informed as we get more information relating to the initial estimate of 18 months."

The European Union's top court has handed down its first decision on the bloc's net neutrality rules -- interpreting the law as precluding the use of commercial 'zero rating' by Internet services providers. TechCrunch reports: 'Zero rating' refers to the practice of ISPs offering certain apps/services 'tariff free' by excluding their data consumption. It's controversial because it can have the effect of penalizing and/or blocking the use of non-zero-rated apps/services, which may be inaccessible while the zero rated apps/services are not -- which in turn undermines the principal of net neutrality with its promise of fair competition via an equal and level playing field for all things digital. The pan-EU net neutrality regulation came into force in 2016 amid much controversy over concerns it would undermine rather than bolster a level playing field online. So the Court of Justice of the EU (CJEU)'s first ruling interpreting the regulation is an important moment for regional digital rights watchers.

A Budapest court hearing two actions against Telenor, related to two of its 'zero rating' packages, made a reference to the CJEU for a preliminary ruling on how to interpret and apply Article 3(1) and (2) of the regulation -- which safeguards a number of rights for end users of Internet access services and prohibits service providers from putting in place agreements or commercial practices limiting the exercise of those rights -- and Article 3(3), which lays down a general obligation of "equal and non-discriminatory treatment of traffic." The court found that 'zero rating' agreements that combine a 'zero tariff' with measures blocking or slowing down traffic linked to the use of 'non-zero tariff' services and applications are indeed liable to limit the exercise of end users' rights within the meaning of the regulation and on a significant part of the market. It also found that no assessment of the effect of measures blocking or slowing down traffic on the exercise of end users' rights is required by the regulation, while measures applied for commercial (rather than technical) reasons must be regarded as automatically incompatible. The full CJEU judgement is available here.

An anonymous reader quotes a report from CNN: The Department of Veterans Affairs said Monday that roughly 46,000 veterans had their personal information, including Social Security numbers, exposed in a data breach in which "unauthorized users" gained access to an online application used for making health care payments. A preliminary review of the incident indicated that the hackers accessed the application "to change financial information and divert payments from VA by using social engineering techniques and exploiting authentication protocols," according to the department's announcement.

"The Financial Services Center (FSC) determined one of its online applications was accessed by unauthorized users to divert payments to community health care providers for the- medical treatment of Veterans. The FSC took the application offline and reported the breach to VA's Privacy Office," the statement said. "To prevent any future improper access to and modification of information, system access will not be reenabled until a comprehensive security review is completed by the VA Office of Information Technology," it added. The department is taking steps to alert veterans whose information was compromised. "To protect these Veterans, the FSC is alerting the affected individuals, including the next-of-kin of those who are deceased, of the potential risk to their personal information. The department is also offering access to credit monitoring services, at no cost, to those whose social security numbers may have been compromised," Monday's statement said.

"Veterans whose information was involved are advised to follow the instructions in the letter to protect their data. There is no action needed from Veterans if they did not receive an alert by mail, as their personal information was not involved in the incident," it adds.

schwit1 shares a report from TechCrunch: A privacy bug in Democratic presidential candidate Joe Biden's official campaign app allowed anyone to look up sensitive voter information on millions of Americans, a security researcher has found. The campaign app, Vote Joe, allows Biden supporters to encourage friends and family members to vote in the upcoming U.S. presidential election by uploading their phone's contact lists to see if their friends and family members are registered to vote. The app uploads and matches the user's contacts with voter data supplied from TargetSmart, a political marketing firm that claims to have files on more than 191 million Americans.

When a match is found, the app displays the voter's name, age and birthday, and which recent election they voted in. This, the app says, helps users find people you know and encourage them to get involved." While much of this data can already be public, the bug made it easy for anyone to access any voter's information by using the app. The App Analyst, a mobile expert who detailed his findings on his eponymous blog, found that he could trick the app into pulling in anyone's information by creating a contact on his phone with the voter's name. The Biden campaign fixed the bug and pushed out an app update on Friday.

"We were made aware about how our third-party app developer was providing additional fields of information from commercially available data that was not needed," Matt Hill, a spokesperson for the Biden campaign, told TechCrunch. "We worked with our vendor quickly to fix the issue and remove the information. We are committed to protecting the privacy of our staff, volunteers and supporters will always work with our vendors to do so."

Sandvine, the technology company backed by private equity firm Francisco Partners, canceled a deal with Belarus, saying the government used its technology to violate human rights. From a report: The company's technology, which is used to filter and manage internet networks, was used by a state-run internet agency in Belarus to block thousands of websites in the country amid nationwide protests over a disputed election, Bloomberg reported on Aug. 28. Sandvine said in a statement on Tuesday that a preliminary investigation determined that "custom code" was inserted into its products "to thwart the free flow of information during the Belarus election." The Tuesday announcement comes days after Sandvine was criticized by many including politicians .

The malware that French law enforcement deployed en masse onto Encrochat devices, a large encrypted phone network using Android phones, had the capability to harvest "all data stored within the device," and was expected to include chat messages, geolocation data, usernames, passwords, and more, according to a document obtained by Motherboard. From the report: The document adds more specifics around the law enforcement hack and subsequent takedown of Encrochat earlier this year. Organized crime groups across Europe and the rest of the world heavily used the network before its seizure, in many cases to facilitate large scale drug trafficking. The operation is one of, if not the, largest law enforcement mass hacking operation to date, with investigators obtaining more than a hundred million encrypted messages. "The NCA has been collaborating with the Gendarmerie on Encrochat for over 18 months, as the servers are hosted in France. The ultimate objective of this collaboration has been to identify and exploit any vulnerability in the service to obtain content," the document reads, referring to both the UK's National Crime Agency and one of the national police forces of France. As well as the geolocation, chat messages, and passwords, the law enforcement malware also told infected Encrochat devices to provide a list of WiFi access points near the device, the document reads.

Alphabet's Google faces a multibillion-dollar lawsuit in the U.K. over claims that YouTube routinely breaks privacy laws by tracking children online. Bloomberg reports: The suit, filed on behalf of more than 5 million British children under 13 and their parents, is being brought by privacy campaigner Duncan McCann and being supported by Foxglove, a tech justice group. The claimants estimate that if they're successful, there would be as much as 2.5 billion pounds ($3.2 billion) in compensation, worth between 100 to 500 pounds per child.

The filing alleges that YouTube's methods of targeting underage audiences constitute "major breaches" of U.K. and European privacy and data rules designed to protect citizens' control over their own private information. YouTube has "systematically broken these laws by harvesting children's data without obtaining prior parental consent," it alleges. A spokesperson for YouTube declined to comment on the lawsuit Monday but added that the video streaming service isn't designed for users under the age of 13. It's the first class action suit in Europe brought against a tech firm on behalf of children, according to the claimants. The legal action is being backed by Vannin Capital, a global litigation funder. "Google's drive to profit from kids' attention has turned corners of YouTube into a weird technicolored nightmare," Foxglove Director Cori Crider said. "The real price of YouTube's 'free' services is kids addicted, influenced, and exploited by Google. It's already unlawful to data-mine children under 13. But Google won't clean up its act until forced by the courts."

Pig Hogger (Slashdot reader #10,379) writes: In August 2019, Canadian telecom regulator CRTC ruled that ISPs must lower their wholesale rates (for other independant ISPs) retroactively to March 2016. Big telecoms (Bell, Rogers, Cogeco, Videotron, Shaw & Eastlink) appealed, which suspended the rate decrease immediately.

Now, a year later, the Canadian Federal Court of Appeals ruled that the CRTC decision stands, and that they must also pay the legal fees paid by the independent ISPs. For now, the big ISPs have 30 days to appeal to the Supreme Court of Canada.
The Huffington Post reports: "This is a massive win for Canadians," said Matt Stein, chair of the Canadian Network Operators Consortium (CNOC) and CEO of Distributel, one of about 30 CNOC members. He said that the court's decision ends a "pivotal chapter" in a fight that challenged "Canada's longstanding practice of appropriate oversight to ensure fair pricing and competition."

The court's 3-0 ruling concluded by saying the award of costs to TekSavvy and CNOC reflects the fact that the appellants were not successful in convincing the three judges on any of the issues they raised.
IT World reports: The respondents, consisting of the independent ISPs, said the appeal should be dismissed as it had nothing to do with law or jurisdiction and simply advanced a tax argument. "It seemed very clear right off the bat that they were not raising legal or jurisdictional grounds," said Andy Kaplan-Myrth, vice-president of regulatory affairs at TekSavvy. "All of their grounds for appeal were really factual matters or policy matters, and they were dressed up as legal or jurisdictional issues that they could argue to the Court...."

Although the stay has been lifted, the new wholesale rates are not yet instated. However, independent ISPs have renewed confidence that the new rates will come into effect soon.

Long-time Slashdot reader PuceBaboon tipped us off to a story in Japan Times: About 18 million yen ($169,563) has been stolen from bank accounts linked to NTT Docomo Inc.'s e-money service, the company said Thursday, prompting police to begin an investigation into a suspected scam. As of Thursday, 66 cases of improper withdrawals from bank accounts linked to the mobile carrier's e-money service had been confirmed, NTT Docomo Vice President Seiji Maruyama told a news conference in Tokyo.

"We apologize to the victims" of the improper withdrawals, Maruyama said at the news conference, which was also attended by other company executives.

Maruyama acknowledged that checks on user identification had been "insufficient." NTT Docomo, which has stopped allowing customers to create new links between its e-money service and accounts at 35 partner banks, has said it will try to compensate victims for the full amounts stolen through negotiations with the banks.... In May last year, there were similar cases of improper withdrawals from Resona Bank accounts linked to NTT Docomo's e-money service. Docomo acknowledged it had failed to boost user identity checks to prevent a recurrence...

In the recent cases, third parties are believed to have obtained the victims' bank account numbers and passwords, and used them to register with the e-money service to transfer funds.

America's Federal Aviation Administration "laid out the proposed fixes for the design flaws in the MAX's automated flight controls," reports the Seattle Times, "starting a clock that could see Boeing get the green light sometime next month — with U.S. airlines then scrambling to get a few MAXs flying by year end."

But the newspaper also asks two big questions. "Is fixing that flight control software good enough? Will the updated 737 MAX really be safe?" Former jet-fighter pilot and aeronautical engineer Bjorn Fehrm is convinced. Though he calls the design flaws that caused the two 737 MAX crashes "absolutely unforgivable," he believes Boeing has definitively fixed them. Fehrm, a France-based analyst with aviation consulting firm Leeham Company, says that with the updated flight control software, scenarios similar to the Lion Air and Ethiopian Airlines crashes simply cannot recur and the aircraft is no longer dangerous.

And Mike Gerzanics, a 737 captain with a major U.S. airline, is ready to fly a MAX — despite a Boeing whistleblower's scathing critique that even with the planned upgrade, the jet's decades-old flight deck systems fall far short of the latest safety standards and in the two MAX crashes created confusion in the cockpit. Gerzanics, a former Air Force and Boeing test pilot and an aviation safety expert, concedes the dated MAX flight deck is far from ideal. "It's basically 1960s technology with some 21st century technology grafted onto it. The overhead panels could be right out of the 707," he said. "But I've been flying it since 1996. I'm used to it. It's safe and it works....."

In a statement, the FAA said that in collaboration with three major foreign aviation safety regulators it has extensively evaluated the MAX redesign. "The modified aircraft will be fully compliant with the applicable rules, using the most conservative means of compliance," the FAA said... After a grounding that's stretched now to 18 months and counting, and the close attention of regulators from all over the world, Boeing insists the MAX will be the most scrutinized and safest airplane ever when it comes back. Still, even though the European and Canadian air safety regulators seem set to follow the FAA in green-lighting the MAX's return to service, both are pressing Boeing sometime afterward to make further design changes.

And Boeing concedes that the new generation of younger pilots may need more training focused on automation.
Test pilots at both Boeing and the FAA "have now conducted extreme flight test maneuvers close to a stall, both with MCAS on and with the system turned off," according to the newspaper.

Aeronautical engineer Bjorn Fehrm tells them that "If MCAS is deactivated, you can still fly the aircraft and it is not unstable. The MAX without MCAS is a perfectly flyable aircraft."

Long-time Slashdot reader phalse phace writes: The FAA has begun looking into quality-control problems at Boeing for their wide-body jet Dreamliner that go back almost a decade.

The Wall Street Journal reports that "the plane maker has told U.S. aviation regulators that it produced certain parts at its South Carolina facilities that failed to meet its own design and manufacturing standards, according to an Aug. 31 internal Federal Aviation Administration memo." (Non-paywalled source here.)

The Journal reports:

As a result of "nonconforming" sections of the rear fuselage, or body of the plane, that fell short of engineering standards, according to the memo and these people, a high-level FAA review is considering mandating enhanced or accelerated inspections that could cover hundreds of jets.

The memo, a routine update or summary of safety issues pending in the FAA's Seattle office that oversees Boeing design and manufacturing issues, says such a safety directive could cover as many as about 900 of the roughly 1,000 Dreamliners delivered since 2011.

The U.S. Equal Employment Opportunity Commission has issued a sweeping decision concluding that IBM engaged in systematic age discrimination between 2013 and 2018, when it shed thousands of older workers in the United States. ProPublica reports: The EEOC finding, contained in an Aug. 31 letter to a group of ex-employees, comes more than two years after ProPublica reported that the company regularly flouted or outflanked laws intended to protect older workers from bias in hiring and firing. The letter says a nationwide EEOC investigation "uncovered top-down messaging from (IBM's) highest ranks directing managers to engage in an aggressive approach to significantly reduce the headcount of older workers to make room for" younger ones.

Employment law experts said the agency's finding could result in IBM facing millions of dollars in settlement payments or a federal lawsuit at a time when the company is under continued competitive pressure and in the midst of a management changeover. Lawyers for some former workers said EEOC investigators have told them the agency decision may apply to more than 6,000 ex-IBM employees, a number that could grow considerably if, as experts say is likely, the agency's finding prompts new, private age discrimination lawsuits.

A team of MIT researchers has developed a device that can monitor people's sleep postures without having to use cameras or to stick sensors on their body. Engadget reports: It's a wall-mounted monitor the team dubbed BodyCompass, and it works by analyzing radio signals as they bounce off objects in a room. As the researchers explained, a device that can monitor sleep postures has many potential uses. It could be used to track the progression of Parkinson's disease, for instance, since people with the condition lose their ability to turn over in bed. To differentiate between radio signals bouncing off a body and signals bouncing off random objects in a room, the system focuses on signals that bounce off a person's chest and belly. In other words, the body parts that move while breathing. It then sends those signals to the cloud, so the BodyCompass system can analyze the user's posture.

The team trained their creation's neural network and tested its accuracy by gathering 200 hours of sleep data from 26 subjects who had to wear sensors on their chest and belly in the beginning. They said that after training the device on a week's worth of data, it predicted the subject's correct body posture 94 percent of the time. In the future, BodyCompass could be paired with other devices to prod sleepers to change positions, such as smart mattresses. When that happens, the device could alert people with epilepsy if they've taken a potentially fatal sleeping position, reduce sleep apnea events and notify caregivers to move immobile patients at risk of developing bedsores. It could also help everyone else get a good night's sleep, because we definitely all need it.

An anonymous reader quotes a report from The Register: Chinese drone maker DJI has commissioned yet another security audit with FTI Consulting that's given it a clean bill of health, as the US government reportedly prepares to ban its remote controlled aircraft from American skies. DJI, whose headquarters are in the Chinese city of Shenzhen (the firm's full name is Shenzhen Da-Jiang Innovations Technology Company) has reacted to claims that US regulators intend shutting it out of their market by announcing that a new "local data mode" will be implemented.

In a statement DJI said its local data mode "eliminates internet connectivity and prevents the transmission of all drone data over the internet," promising to add this to its DJI GO4 and DJI Fly flight control apps "within the coming months." "This expansion brings Local Data Mode to operators of all recent DJI drones, allowing commercial and government customers, including public safety agencies and other federal, state and local government users, to confidently choose the best DJI drone for each mission," boasted the firm, which, perhaps justifiably, claims to have a dominant position in the global small drone market.

An anonymous reader quotes a report from Bloomberg: Former Theranos Chief Executive Officer Elizabeth Holmes is exploring a "mental disease" defense for her criminal fraud trial, in one of Silicon Valley's most closely watched cases. That possibility was revealed Wednesday when the judge overseeing the case ruled that government prosecutors can examine Holmes. The ruling was in response to the failed blood-testing startup founder's plan to introduce evidence of "mental disease or defect" or other mental condition "bearing on the issue of guilt," according to the filing. Holmes may be seeking to introduce the evidence to challenge the requirement that prosecutors prove her intent to do something wrong or illegal.

Holmes intends to use testimony from Mindy Mechanic, a clinical psychologist at California State University at Fullerton, according to the filing. Mechanic is an expert on the psychosocial consequences of trauma, with a focus on violence against women, and often provides expert testimony in cases involving "interpersonal violence," according to her faculty profile on the school's website. Barbara McQuade, a former federal prosecutor who now teaches at the University of Michigan law school, said mounting a so-called insanity defense won't be easy, as the defendant must meet a high standard of proof. "Contrary to what you may see in the movies, an insanity defense in federal cases is rare and hard to fake," McQuade said in an email. Holmes must show that, at the time she committed the alleged offenses, a severe mental defect made her "unable to appreciate the nature and quality or the wrongfulness of (her) acts." In his ruling, U.S. District Judge Edward J. Davila rejected Holmes's argument that she shouldn't have to submit to a psychological examination by government experts. The judge ruled that such an examination is fair given Holmes's intent to use testimony from Mechanic.