A new bill submitted as draft legislation to Russia's lower house of parliament wants to see the commission taken by app store owners limited to just 20 percent. The change would impact both Apple and Google's app stores, but any other that operate within Russia. PCMag reports: It sounds like a great move for app developers, but the bill goes further and stipulates that developers would be required to pay 30 percent of their app income to a special IT training fund. So rather than losing 30 percent to Apple, developers would be losing 50 percent in total -- 20 percent to Apple and 30 percent to this new training fund. If the bill passes, it would surely see a large influx of cash into the training fund, but could also result in developers opting not to offer their apps to the Russian market in future. There's little incentive to if 50 percent of your app charge goes to other people. Alternatively, it could see app prices increase in Russia to compensate for the change. Apple also wouldn't be very happy, but there's little it could do if the bill passes into law.

A government watchdog has criticized U.S. border authorities for failing to properly disclose the agency's use of facial recognition at airports, which included instructions on how Americans can opt out. From a report: U.S. Customs and Border Protection (CBP), tasked with protecting the border and screening immigrants, has deployed its face-scanning technology in 27 U.S. airports as part of its Biometric Entry-Exit Program. The program was set up to catch visitors who overstay their visas. Foreign nationals must complete a facial recognition check before they are allowed to enter and leave the United States, but U.S. citizens are allowed to opt out. But the Government Accountability Office (GAO) said in a new report out Wednesday that CBP did "not consistently" provide notices that informed Americans that they would be scanned as they depart the United States.

The National Security Agency program that swept up details on billions of Americans' phone calls was illegal and possibly unconstitutional, a federal appeals court ruled Wednesday. From a report: However, the unanimous three-judge panel of the 9th Circuit Court of Appeals said the role the so-called telephone metadata program played in a criminal terror-fundraising case against four Somali immigrants was so minor that it did not undermine their convictions. The long-awaited decision is a victory for prosecutors, but some language in the court's opinion could be viewed as a rebuke of sorts to officials who defended the snooping by pointing to the case involving Basaaly Moalin and three other men found guilty by a San Diego jury in 2013 on charges of fundraising for Al-Shabaab. Judge Marsha Berzon's opinion, which contains a half-dozen references to the role of former NSA contractor and whistleblower Edward Snowden in disclosing the NSA metadata program, concludes that the "bulk collection" of such data violated the Foreign Intelligence Surveillance Act. The call-tracking effort began without court authorization under President George W. Bush following the Sept. 11, 2001, terrorist attacks. A similar program was approved by the secretive FISA Court beginning in 2006 and renewed numerous times, but the 9th Circuit panel said those rulings were legally flawed.

A threat intelligence firm called HYAS, a private company that tries to prevent or investigates hacks against its clients, is buying location data harvested from ordinary apps installed on peoples' phones around the world, and using it to unmask hackers. The company is a business, not a law enforcement agency, and claims to be able to track people to their "doorstep." From a report: The news highlights the complex supply chain and sale of location data, traveling from apps whose users are in some cases unaware that the software is selling their location, through to data brokers, and finally to end clients who use the data itself. The news also shows that while some location firms repeatedly reassure the public that their data is focused on the high level, aggregated, pseudonymous tracking of groups of people, some companies do buy and use location data from a largely unregulated market explicitly for the purpose of identifying specific individuals. HYAS' location data comes from X-Mode, a company that started with an app named "Drunk Mode," designed to prevent college students from making drunk phone calls and has since pivoted to selling user data from a wide swath of apps. Apps that mention X-Mode in their privacy policies include Perfect365, a beauty app, and other innocuous looking apps such as an MP3 file converter. "As a TI [threat intelligence] tool it's incredible, but ethically it stinks," a source in the threat intelligence industry who received a demo of HYAS' product told Motherboard.

A U.S. appeals court rejected Oracle's challenges to the Pentagon's disputed $10 billion cloud-computing contract. From a report: Oracle had raised a number of issues, including allegations of conflicts of interest with Amazon.com, and claims the Pentagon violate its own rules when it set up the contract to be awarded to a single firm. The U.S. Court of Appeals for the Federal Circuit affirmed a lower court ruling that Oracle wasn't harmed by any errors the Pentagon made in developing the contract proposal because it wouldn't have qualified for the contract anyway. Oracle was fighting its exclusion from seeking the lucrative cloud-computing deal, known as the Joint Enterprise Defense Infrastructure, or JEDI. The Pentagon awarded the contract to Microsoft in October over market leader Amazon Web Services. The project, which is valued at as much as $10 billion over a decade, is designed to help the Pentagon consolidate its technology programs and quickly move information to warfighters around the world.

An anonymous reader quotes a report from Ars Technica: Google and Facebook have withdrawn plans to build an undersea cable between the United States and Hong Kong after the Trump administration raised national security concerns about the proposal. On Thursday, the companies submitted a revised plan that bypasses Hong Kong but includes links to Taiwan and the Philippines that were part of the original proposal. One of the original project's partners, Hong Kong company Pacific Light Data Communication, has been dropped.

Federal law requires a license from the Federal Communications Commission to build an undersea cable connecting the United States with a foreign country. When Google and Facebook submitted their application for an undersea cable connecting the US to Hong Kong, Taiwan, and the Philippines, a committee of federal agencies led by the Justice Department recommended against approving the connection to Hong Kong, citing the "current national security environment." The Trump administration cited "the [People's Republic of China] government's sustained efforts to acquire the sensitive personal data of millions of U.S. persons" as a reason to deny the application. The proposed cable's "high capacity and low latency would encourage U.S. communications traffic crossing the Pacific to detour through Hong Kong before reaching intended destinations in other parts of the Asia Pacific region," the government argued.

Former presidential candidate Andrew Yang is throwing his weight behind California's November data privacy ballot measure -- not just endorsing the initiative but chairing its advisory board, the Proposition 24 campaign announced Monday. Politico reports: Yang's involvement could bring more visibility and cachet to the effort, given the tech entrepreneur's national profile and popularity among younger voters. It could also help counter the negative messaging from some consumer and civil rights groups that are opposing it. Yang lives in New York, thousands of miles from where voters will cast their ballots in November. But the initiative, like the law it would rewrite, could be the nation's de facto privacy law in the absence of federal action.

Prop. 24 would rewrite parts of the California Consumer Privacy Act, which gave Californians new rights over their personal data when it took effect in January. The new measure would create a regulatory agency to manage California's privacy regime, add protections for "sensitive data," and eliminate the 30-day window that companies now have to correct problems before the attorney general can take them to court. It also would make it harder for the Legislature to roll back its protections in the future; any changes would need to further the law's aims. Alastair Mactaggart, a Bay Area real estate developer whose 2018 initiative compelled the Legislature to pass the CCPA that year, is behind the effort to amend it. "The California Consumer Privacy Act was a major win for the state of California and the country, but we have to do more," says Yang. "Technology is changing more rapidly than ever before, and tech corporations are already lining up to undermine the CCPA. It's up to us to protect consumers and strengthen our privacy rights to global standards. Our data should be ours no matter what platforms and apps we use. That's why I hope California voters will join me in supporting Prop 24 by voting YES in November."

FBI documents warned that owners of Amazon's Ring and similar video doorbells can use the systems -- which collect video footage sometimes used to investigate crimes -- in order to watch police instead. The Verge reports: The Intercept spotted the files in the BlueLeaks data trove aggregated from law enforcement agencies. One 2019 analysis describes numerous ways police and the FBI could use Ring surveillance footage, but it also cites "new challenges" involving sensor- and camera-equipped smart home devices. Specifically, they can offer an early warning when officers are approaching a house to search it; give away officer locations in a standoff; or let the owner capture pictures of law enforcement, "presenting a risk to their present and future safety."

These are partly hypothetical concerns. The standoff issue, for instance, was noted in a report about motion-activated panoramic cameras. But the FBI points to a 2017 incident where agents approached the home of someone with a video doorbell, seeking to search the premises. The resident wasn't home but saw them approach by watching a remote video feed, then preemptively contacted his neighbor and landlord about the FBI's approach. He may also have "been able to covertly monitor law enforcement activity" with the camera. This isn't necessarily more information than a security camera would capture. But doorbells like the Ring or Google Nest Hello are pitched as more mainstream devices, and they've also created controversy around police use of the footage.

America's House of Representatives proposed a new structure for the U.S. Space Force in what's being called "the Starfleet amendment". Space News reports: Before the House passed the so-called "Starfleet" amendment, Space Force officials had been internally debating a new rank structure to set the space branch apart from its parent service the U.S. Air Force. The amendment in the House version of the 2021 National Defense Authorization Act requires the Space Force to use the Navy's rank structure. The proposal will be debated later this year in a House and Senate conference. The Senate would have to support the amendment for it to become law.
The amendment was introduced by a former Navy SEAL (now a Republican congressman from Texas), the article reports. But more importantly, the amendment "got a prominent endorsement from the Starfleet captain himself, William Shatner." In a special editorial in Military Times, Shatner wrote: It's been captains throughout entertainment history that have gone into space and been the heroes that saved the day, the planet, the galaxy and the universe. Where in any of this rich history of inspired heroes travelling into space was there a...colonel...?

"Star Trek" has borrowed so much of its iconic rank symbols from the U.S. military and NASA. When you unveiled the Space Force logo, many immediately saw it as an homage to "Star Trek" (even though our Delta was an homage to the previous military space insignias). Why not borrow back from "Star Trek" and adopt our ranks as well? We took them from the Navy for good reason, even though Gene Roddenberry was a veteran of the U.S. Army Air Corps. They made better sense when talking about a (space) ship.

So wrapping this up, I'm going to say that if you want the public to believe in heroes, that you should adopt the Navy ranks as they are the ones the public is most used to being heroes. So please reconsider and name the Space Force ranks after the U.S. Navy.
Space News reports that officials from Space Force "declined to comment on Shatner's article, or on whether his views might carry any weight with lawmakers." But the site's source said there's polarized feelings inside real-world Space Force about the Starfleet amendment.

"Some view the prospect of using naval ranks as an insult that would permanently turn the service into a Star Trek punchline."

Krebs on Security tells the tale of Hieu Minh Ngo, who earned $3 million by selling the identity records he'd stolen from consumer data brokers (which included social security numbers and physical addresses). "He was selling the personal information on more than 200 million Americans," one secret service agent tells the site, "and allowing anyone to buy it for pennies apiece."

Handling over 160,000 queries each month, Ngo's service "enabled approximately $1.1 billion in new account fraud at banks and retailers throughout the United States," according to government estimates, "and roughly $64 million in tax refund fraud with the states and the IRS..." Ngo said he wasn't surprised that his services were responsible for so much financial damage. But he was utterly unprepared to hear about the human toll. Throughout the court proceedings, Ngo sat through story after dreadful story of how his work had ruined the financial lives of people harmed by his services... "[D]uring my case, the federal court received like 13,000 letters from victims who complained they lost their houses, jobs, or could no longer afford to buy a home or maintain their financial life because of me. That made me feel really bad, and I realized I'd been a terrible person."

Even as he bounced from one federal detention facility to the next, Ngo always seemed to encounter ID theft victims wherever he went, including prison guards, healthcare workers and counselors. "When I was in jail at Beaumont, Texas I talked to one of the correctional officers there who shared with me a story about her friend who lost her identity and then lost everything after that," Ngo recalled. "Her whole life fell apart. I don't know if that lady was one of my victims, but that story made me feel sick. I know now that was I was doing was just evil."
The article says Ameria's secret service describes Ngo "as someone who caused more material financial harm to more Americans than any other convicted cybercriminal."

"Ngo was recently deported back to his home country after serving more than seven years in prison for running multiple identity theft services. He now says he wants to use his experience to convince other cybercriminals to use their skills for good..."

Blogger/science fiction writer Cory Doctorow (also a former EFF staffer and activist) has just published How to Destroy Surveillance Capitalism — a new book which he's publishing free online.

In a world swamped with misinformation and monopolies, Doctorow says he's knows what's missing from our proposed solutions: If we're going to break Big Tech's death grip on our digital lives, we're going to have to fight monopolies. That may sound pretty mundane and old-fashioned, something out of the New Deal era, while ending the use of automated behavioral modification feels like the plotline of a really cool cyberpunk novel... But trustbusters once strode the nation, brandishing law books, terrorizing robber barons, and shattering the illusion of monopolies' all-powerful grip on our society. The trustbusting era could not begin until we found the political will — until the people convinced politicians they'd have their backs when they went up against the richest, most powerful men in the world. Could we find that political will again...?

That's the good news: With a little bit of work and a little bit of coalition building, we have more than enough political will to break up Big Tech and every other concentrated industry besides. First we take Facebook, then we take AT&T/WarnerMedia. But here's the bad news: Much of what we're doing to tame Big Tech instead of breaking up the big companies also forecloses on the possibility of breaking them up later... Allowing the platforms to grow to their present size has given them a dominance that is nearly insurmountable — deputizing them with public duties to redress the pathologies created by their size makes it virtually impossible to reduce that size. Lather, rinse, repeat: If the platforms don't get smaller, they will get larger, and as they get larger, they will create more problems, which will give rise to more public duties for the companies, which will make them bigger still.

We can work to fix the internet by breaking up Big Tech and depriving them of monopoly profits, or we can work to fix Big Tech by making them spend their monopoly profits on governance. But we can't do both. We have to choose between a vibrant, open internet or a dominated, monopolized internet commanded by Big Tech giants that we struggle with constantly to get them to behave themselves...

Big Tech wired together a planetary, species-wide nervous system that, with the proper reforms and course corrections, is capable of seeing us through the existential challenge of our species and planet. Now it's up to us to seize the means of computation, putting that electronic nervous system under democratic, accountable control.
With "free, fair, and open tech" we could then tackle our other urgent problems "from climate change to social change" — all with collective action, Doctorow argues. And "The internet is how we will recruit people to fight those fights, and how we will coordinate their labor.

"Tech is not a substitute for democratic accountability, the rule of law, fairness, or stability — but it's a means to achieve these things."

CNBC reports: A Texas A&M professor was charged with conspiracy, making false statements and wire fraud on allegations that he was secretly collaborating with the Chinese government while conducting research for NASA, the Department of Justice (DOJ) said Monday...

"Once again, we have witnessed the criminal consequences that can arise from undisclosed participation in the Chinese government's talent program," Assistant Attorney General for National Security John Demers said in a statement. "The Department of Justice will continue seeking to bring participation in these talent programs to light and to expose the exploitation of our nation and our prized research institutions," he added. The DOJ has previously described China's Thousand Talents Plan as a tool of the Chinese Communist Party to "attract, recruit, and cultivate high-level scientific talent in furtherance of China's scientific development, economic prosperity and national security." Through this program, the Chinese government would "often reward individuals for stealing proprietary information," the DOJ said.

"While 1.4 million foreign researchers and academics are here in the U.S. for the right reasons, the Chinese Talents Program exploits our open and free universities," said Ryan Patrick, U.S. Attorney for the Southern District of Texas, adding that ties to the Chinese government must be disclosed.
The criminal complaint accuses the professor of trying to "leverage NASA grant resources to further the research of Chinese institutions" and "gain access to the unique resources of the International Space Station."

Tesla, Ford, Honda, Daimler, and Intel have asked America's Federal Trade Commission (FTC) to fight a recent court ruling in favour of Qualcomm, reports the BBC: Qualcomm has a practice of requiring customers to sign patent licence agreements before selling them chips. Such practices have drawn accusations the firm is stifling competition... According to Glyn Moody, a journalist specialising in tech policy, the car industry is bothered by Qualcomm's patent practices because "cars are essentially becoming computers on wheels", as the industry continues to develop more advanced connected cars. In the future, it is hoped that connected cars will use 5G processors to connect them to the internet. Carmakers have seen this battle over 4G and are worried it will cement the firm's position as the battle for dominance over 5G technology advances.

"This is a completely different world than the one [carmakers] are used to, so they're suddenly faced with dealing with computer standards and computer patents, which is a big problem for them as they don't have any. So if they have to start licensing this stuff, it's going to get expensive for them," Mr. Moody told the BBC...

Prof Mark Lemley of Stanford Law School is director of the Stanford Program in Law, Science and Technology. He has been following Qualcomm's various court cases for several years. "Qualcomm made a commitment that it would licence its chips on reasonable and non-discriminatory terms, because they wanted their chips to be included in the industry standards, and then they created a structure to avoid doing this," he said.

"I think they are in fact violating the antitrust laws."

CNET reports: Twice a year most of the U.S. stumbles around in confusion while missing appointments, resetting their clocks and grumbling about daylight saving time. The American Academy of Sleep Medicine thinks we should knock that nonsense off and just stick with standard time year-round. The AASM released a position statement this week as an accepted paper in the Journal of Clinical Sleep Medicine calling for an end to daylight saving time...

The professional organization represents sleep medicine professionals and accredits sleep medicine facilities. "Permanent, year-round standard time is the best choice to most closely match our circadian sleep-wake cycle," said lead author M. Adeel Rishi, a sleep specialist with the Mayo Clinic and vice chair of the AASM Public Safety Committee. "Daylight saving time results in more darkness in the morning and more light in the evening, disrupting the body's natural rhythm."

Studies have pointed to health risks connected to daylight saving time and the sleep disruptions it causes. The AASM called out stroke risks, stress reactions and an increase in motor vehicles crashes, particularly in relation to the springtime clock change. "Because the adoption of permanent standard time would be beneficial for public health and safety, the AASM will be advocating at the federal level for this legislative change," said AASM president Kannan Ramar in a release on Thursday.

An anonymous reader writes: Researchers from Mozilla report in a study that web browsing histories (the lists of user visited websites) are uniquely identifying users (PDF). In their study that was the case for 99% of users. Treating web browsing histories like fingerprints, the researchers analysed how the users can be reidentified just based on the coarsened list of user-visited websites.

In doing so they upheld and confirmed a previous study from 2012, prompting the author of the original study to say that web browsing histories are now personal data subject to privacy regulations like the GDPR.

Sensitivity of web browsing history data questions the laws allowing ISPs to sell web browsing histories.
The now-vindicated author of the 2012 study added this emphatic note in their blog post. "Web browsing histories are personal data. Deal with it."

Launching today is America's classified NROL-44 spy satellite, which German public broadcaster DW calls "a massive, open secret": NROL-44 is a huge signals intelligence, or SIGINT, satellite, says David Baker, a former NASA scientist who worked on Apollo and Shuttle missions, has written numerous books, including U.S. Spy Satellites and is editor of SpaceFlight magazine. "SIGINT satellites are the core of national government, military security satellites. They are massive things for which no private company has any purpose," says Baker... "It weighs more than five tons. It has a huge parabolic antenna which unfolds to a diameter of more than 100 meters in space, and it will go into an equatorial plane of Earth at a distance of about 36,000 kilometers (22,000 miles)," says Baker...

Spy satellites "hoover up" of hundreds of thousands of cell phone calls or scour the dark web for terrorist activity. "The move from wired communication to digital and wireless is a godsend to governments because you can't cut into wires from a satellite, but you can literally pick up cell phone towers which are radiating this stuff into the atmosphere. It takes a massive antenna, but you're able to sit over one spot and listen to all the communications traffic," says Baker...

Some people worry about congestion in space, or satellites bumping into each other, and the threat of a collision causing space debris that could damage other satellites or knock out communications networks. But that may have benefits, too — little bits of spy satellite can hide in all that mess and connect wirelessly to create a "virtual satellite," says Baker. "There are sleeper satellites which look like debris. You launch all the parts separately and disperse them into various orbits. So, you would have sensors on one bit, an amplifier on another bit, a processor on another, and they'll be orbiting relatively immersed in space debris."

"Space debris is very good for the space defense industry," says Baker, "because the more there is, the more you can hide in it."

The official premiere of Tenet has drawn many people to the movie theaters this week. On pirate sites, there's been plenty of interest too, as thousands of people are being tricked into downloading fake copies. Pirates are not the only ones being fooled though, as Warner Bros. has its eyes set on fake releases too. TorrentFreak reports: All around the world, millions of people have waited in anticipation for the release of Christopher Nolan's sci-fi thriller 'Tenet.' The film was initially scheduled to be released in July but, after several pandemic-related delays, Warner Bros. moved the premiere ahead to the end of August. [...] According to one anti-piracy expert, Tenet's release has all the ingredients for a "perfect storm for piracy." This prediction prompted us to take a look at how Tenet is doing on pirate sites today. This question is not hard to answer, as there is no 'real' pirated copy of the film out there. Instead, sites are overwhelmed with fake Tenet releases.

We didn't have to look far. Most torrent sites and other download portals have plenty of Tenet copies. Or at least, that's what uploaders lead users to believe. This includes The Pirate Bay, which faces a moderation backlog, by the looks of it. Most seasoned pirates will know how to avoid these fake torrents. That said, major titles such as Tenet often attract the attention of many novice users too, who will undoubtedly be disappointed. And not just because they can't see the film. These suspicious releases can lead to all sorts of malware, viruses, and worse. The two we downloaded appeared relatively harmless. They included a 700MB video file that shows a still image, asking people to check the readme file. The readme message itself sends people to a suspicious site that requests credit card details "for verification purposes." Needless to say, we declined that offer.

The Federal Trade Commission (FTC) has sought investigative documents from huge financial data seller Envestnet. Envestnet, via a company it acquired called Yodlee, sells the bank and credit card transaction data of tens of millions of Americans to investment and research firms, which show how much people spent and where. From a report: "In February 2020, we received a civil investigative demand from the FTC for documents and information relating to our data collection, assembly, evaluation, sharing, correction and deletion practices," an Envestnet document, filed with the Securities and Exchange Commission (SEC) in February, reads. On Wednesday, lawyers filed a class action lawsuit against Envestnet and Yodlee in the Northern District of California, seeking damages for Yodlee allegedly selling individuals' data without taking proper security protections and sharing the data in unencrypted files.

As previously promised by Apple, Epic's App Store account has now been terminated due to the legal dispute between the two companies after Apple removed Fortnite from the iOS App Store. Epic Games still had a few apps available for iOS besides Fortnite, but they were all removed today. From a report: Fortnite for iOS was updated earlier this month with a new option that allowed users to purchase in-game items directly through Epic's payment system instead of using Apple's In-App Purchases. Once Apple removed Fortnite from the App Store, Epic Games started a public campaign and a legal battle against Apple, which led the Cupertino-based company to announce that it would terminate Epic's developer account. That's exactly what Apple did this Friday, August 28. The App Store now shows an alert saying "this app is currently not available in your country or region" when you try to access Epic's profile or any of their apps through a direct link, such as one from Infinity Blade Stickers app.

Late last night, it was rumored that Japan's longest-serving prime minister, Shinzo Abe, would step down due to his struggle with ulcerative colitis. Abe confirmed the reports this morning, telling reporters that it was "gut wrenching" to leave many of his goals unfinished. He also apologized for stepping down during the pandemic. The Associated Press reports: Abe has had ulcerative colitis since he was a teenager and has said the condition was controlled with treatment. Concerns about his health began this summer and grew this month when he visited a Tokyo hospital two weeks in a row for unspecified health checkups. He is now on a new treatment that requires IV injections, he said. While there is some improvement, there is no guarantee that it will cure his condition and so he decided to step down after treatment Monday, he said.

"It is gut wrenching to have to leave my job before accomplishing my goals," Abe said Friday, mentioning his failure to resolve the issue of Japanese abducted years ago by North Korea, a territorial dispute with Russia and a revision of Japan's war-renouncing constitution. He said his health problem was under control until earlier this year but was found to have worsened in June when he had an annual checkup. "Faced with the illness and treatment, as well as the pain of lacking physical strength ... I decided I should not stay on as prime minister when I'm no longer capable of living up to the people's expectations with confidence," Abe said at a news conference. Slashdot reader shanen writes: [...] In theory, [Shinzo Abe] was the supreme leader of one of the most important countries in the technological world. In practice, not so much?

At a minimum, the New Akiba is far different from the Akihabara of yore, but maybe it's just a chronological coincidence? They are making quite pretty COVID-19 sneeze pictures with the new Japanese supercomputer. I have to admit that either Abe hasn't accomplished that much or he's pretty bad at tooting his own horn. I would be surprised if anyone could articulate what Abe actually stood for even after all these years in the spotlight.

Perhaps the funny part is that Abe was apparently just clinging to power to set a new endurance record as Prime Minister. He passed the old number one just a few days ago. But looking forward, I'm actually more interested in trigger effects. My current speculation is that Kishida will snag the ring and he's liable to come out much stronger against China. Xi was already annoyed and I am still expecting stock market turmoil in October, but this may make it worse. Further reading: Japan's Longest-Serving PM, Shinzo Abe, Quits In Bid To 'Escape' Potential Prosecution