Daily Archives: July 13, 2019

Microsoft Office 365: Banned in German schools over privacy fears

Posted on by

Schools in the central German state of Hesse have been have been told it’s now illegal to use Microsoft Office 365.

The state’s data-protection commissioner has ruled that using the popular cloud platform’s standard configuration exposes personal information about students and teachers “to possible access by US officials”.

That might sound like just another instance of European concerns about data privacy or worries about the current US administration’s foreign policy.

But in fact the ruling by the Hesse Office for Data Protection and Information Freedom is the result of several years of domestic debate about whether German schools and other state institutions should be using Microsoft software at all.

Besides the details that German users provide when they’re working with the platform, Microsoft Office 365 also transmits telemetry data back to the US.

Last year, investigators in the Netherlands discovered that that data could include anything from standard software diagnostics to user content from inside applications, such as sentences from documents and email subject lines. All of which contravenes the EU’s General Data Protection Regulation, or GDPR, the Dutch said.

Germany’s own Federal Office for Information Security also recently expressed concerns about telemetry data that the Windows operating system sends.

To allay privacy fears in Germany, Microsoft invested millions in a German cloud service, and in 2017 Hesse authorities said local schools could use Office 365. If German data remained in the country, that was fine, Hesse’s data privacy commissioner, Michael Ronellenfitsch, said.

But in August 2018 Microsoft decided to shut down the German service. So once again, data from local Office 365 users would be data transmitted over the Atlantic. Several US laws, including 2018’s CLOUD Act and 2015’s USA Freedom Act, give the US government more rights to ask for data from tech companies.

It’s actually simple, Austrian digital-rights advocate Max Schrems, who took a case on data transfers between the EU and US to the highest European court this week, tells ZDNet.

School pupils are usually not able to give consent, he points out. “And if data is sent to Microsoft in the US, it is subject to US mass-surveillance laws. This is illegal under EU law.”

Source: Microsoft Office 365: Banned in German schools over privacy fears | ZDNet

Microsoft tells resellers: ‘We listened to you, and we have acted’ (PS: Plz keep making us money)

Posted on by

Faced with continued rumbles of discontent from its reseller network on the eve of its Inspire conference, Microsoft has climbed down from plans to pull free software licences from its channel chums.

Doubtless fearful of a keynote sabotaged by a baying mob of angry resellers, Microsoft corporate veep for commercial partners Gavriella Schuster was tasked with the job of backing down.

Thanking its besuited middlemen and woman for “sharing your feedback with us”, Schuster confirmed the kindly corporation had “made the decision to roll back all planned changes related to internal use rights and competency timelines”.

So that 1 July 2020 retirement of the internal use rights? Not going to happen. For now.

Schuster blustered that “a thorough review” had taken place over the, er, days since the company dispensed the bad news and said: “We listened to you, and we have acted.”

The veep sadly missed out the words: “We looked at what annoying those who sell our stuff would do to our bottom line” in the latter comment. Fixed it for you.

Source: Microsoft tells resellers: ‘We listened to you, and we have acted’ (PS: Plz keep making us money) • The Register

Bitpoint cryptocurrency exchange hacked for $32 million

Posted on by

Japan-based cryptocurrency exchange Bitpoint announced it lost 3.5 billion yen (roughly $32 million) worth of cryptocurrency assets after a hack that happened late yesterday, July 11.

The exchange suspended all deposits and withdrawals this morning to investigate the hack, it said in a press release.

Thoroughly compromised

In a more detailed document released by RemixPoint, the legal entity behind Bitpoint, the company said that hackers stole funds from both of its “hot” and “cold” wallets. This suggests the exchange’s network was thoroughly compromised.

Hot wallets are used to store funds for current transactions, while the cold wallets are offline devices storing emergency and long-term funds.

Bitpoint reported the attackers stole funds in five cryptocurrencies, including Bitcoin, Bitcoin Cash, Litecoin, Ripple, and Ethereal.

The exchange said it detected the hack because of errors related to the remittance of Ripple funds to customers. Twenty-seven minutes after detecting the errors, Bitpoint admins realized they had been hacked, and three hours later, they discovered thefts from other cryptocurrency assets.

Another three and a half hours later, after a meeting with management, the exchange shut down, and law enforcement notified.

Two-third of stolen funds belonged to customers

The exchange also said that 2.5 billion yen ($23 million) of the total 3.5 billion yen ($32 million) that were stolen were customer funds, while the rest were funds owned by the exchange itself, as reserve funds and profits from past activity.

Source: Bitpoint cryptocurrency exchange hacked for $32 million | ZDNet

FTC Fines Facebook $5 Billion for Cambridge Analytica – not  very much considering earnings – and does not curtail future breaches

Posted on by

The Federal Trade Commission, which has been investigating Facebook in the wake of its massive Cambridge Analytica scandal, has voted to approve levying a massive $5 billion fine against the social media giant, according to reporting in both the Wall Street Journal and the Washington Post. It’s the single largest fine against a tech company by the FTC to date, but its inadequacy to curtail future breaches of this sort already has progressive lawmakers furious

Facebook was aware of a fine of this magnitude potentially coming down the pike for some time, and braced for a hit between $3 billion and $5 billion. The approval vote—which reportedly split down party lines, with three Republicans voting in favor and two Democrats against—was on the higher end of the expected spectrum.

This is expected to cap the agency’s investigation into the data-mining scandal that compromised up to 87 million Facebook users’ personal data. The data was originally harvested using a seemingly benign quiz app on the platform but was later potentially used by Cambridge Analytica, a political consultancy, for the unrelated purpose of political ad targeting.

[…]

While massive by the standards of tech companies, which too frequently get off with a slap on the wrist of lax data privacy practices which endanger users, the FTC’s fine still represents less than a third of the company’s $15.08 billion earnings from just the first quarter of this year.

Source: FTC Fines Facebook $5 Billion, Democrats Call It a Failure

Palantir’s Top-Secret User Manual for Cops shows how easily they can find scary amounts of information on you and your friends

Posted on by

Through a public record request, Motherboard has obtained a user manual that gives unprecedented insight into Palantir Gotham (Palantir’s other services, Palantir Foundry, is an enterprise data platform), which is used by law enforcement agencies like the Northern California Regional Intelligence Center. The NCRIC serves around 300 communities in northern California and is what is known as a “fusion center,” a Department of Homeland Security intelligence center that aggregates and investigates information from state, local, and federal agencies, as well as some private entities, into large databases that can be searched using software like Palantir.

Fusion centers have become a target of civil liberties groups in part because they collect and aggregate data from so many different public and private entities. The US Department of Justice’s Fusion Center Guidelines list the following as collection targets:

1562941666896-Screen-Shot-2019-07-12-at-102230-AM
Data via US Department of Justice. Chart via Electronic Information Privacy Center.
1562940862696-Screen-Shot-2019-07-12-at-101110-AM
A flow chart that explains how cops can begin to search for records relating to a single person.

The guide doesn’t just show how Gotham works. It also shows how police are instructed to use the software. This guide seems to be specifically made by Palantir for the California law enforcement because it includes examples specific to California. We don’t know exactly what information is excluded, or what changes have been made since the document was first created. The first eight pages that we received in response to our request is undated, but the remaining twenty-one pages were copyrighted in 2016. (Palantir did not respond to multiple requests for comment.)

The Palantir user guide shows that police can start with almost no information about a person of interest and instantly know extremely intimate details about their lives. The capabilities are staggering, according to the guide:

  • If police have a name that’s associated with a license plate, they can use automatic license plate reader data to find out where they’ve been, and when they’ve been there. This can give a complete account of where someone has driven over any time period.
  • With a name, police can also find a person’s email address, phone numbers, current and previous addresses, bank accounts, social security number(s), business relationships, family relationships, and license information like height, weight, and eye color, as long as it’s in the agency’s database.
  • The software can map out a person’s family members and business associates of a suspect, and theoretically, find the above information about them, too.

All of this information is aggregated and synthesized in a way that gives law enforcement nearly omniscient knowledge over any suspect they decide to surveil.

[…]

In order for Palantir to work, it has to be fed data. This can mean public records like business registries, birth certificates, and marriage records, or police records like warrants and parole sheets. Palantir would need other data sources to give police access to information like emails and bank account numbers.

“Palantir Law Enforcement supports existing case management systems, evidence management systems, arrest records, warrant data, subpoenaed data, RMS or other crime-reporting data, Computer Aided Dispatch (CAD) data, federal repositories, gang intelligence, suspicious activity reports, Automated License Plate Reader (ALPR) data, and unstructured data such as document repositories and emails,” Palantir’s website says.

Some data sources—like marriage, divorce, birth, and business records—also implicate other people that are associated with a person personally or through family. So when police are investigating a person, they’re not just collecting a dragnet of emails, phone numbers, business relationships, travel histories, etc. about one suspect. They’re also collecting information for people who are associated with this suspect.

Source: Revealed: This Is Palantir’s Top-Secret User Manual for Cops – VICE

It turns out Bystanders do Help Strangers in Need

Posted on by
Research dating back to the late 1960s documents how the great majority of people who witness crimes or violent behavior refuse to intervene.

Psychologists dubbed this non-response as the “bystander effect”—a phenomenon which has been replicated in scores of subsequent psychological studies. The “bystander effect” holds that the reason people don’t intervene is because we look to one another. The presence of many bystanders diffuses our own sense of personal responsibility, leading people to essentially do nothing and wait for someone else to jump in.

Past studies have used police reports to estimate the effect, but results ranged from 11 percent to 74 percent of incidents being interventions. Now, widespread surveillance cameras allow for a new method to assess real-life human interactions. A new study published this year in the American Psychologist finds that this well-established bystander effect may largely be a myth. The study uses footage of more than 200 incidents from surveillance cameras in Amsterdam; Cape Town; and Lancaster, England.

Researchers watched footage and coded the nature of the conflict, the number of direct participants in it, and the number of bystanders. Bystanders were defined as intervening if they attempted a variety of acts, including pacifying gestures, calming touches, blocking contact between parties, consoling victims of aggression, providing practical help to a physical harmed victim, or holding, pushing, or pulling an aggressor away. Each event had an average of 16 bystanders and lasted slightly more than three minutes.

The study finds that in nine out of 10 incidents, at least one bystander intervened, with an average of 3.8 interveners. There was also no significant difference across the three countries and cities, even though they differ greatly in levels of crime and violence.

Instead of more bystanders creating an immobilizing “bystander effect,” the study actually found the more bystanders there were, the more likely it was that at least someone would intervene to help. This is a powerful corrective to the common perception of “stranger danger” and the “unknown other.” It suggests that people are willing to self-police to protect their communities and others. That’s in line with the research of urban criminologist Patrick Sharkey, who finds that stronger neighborhood organizations, not a higher quantity of policing, have fueled the Great Crime Decline.

Source: How Often Will Bystanders Help Strangers in Need? – CityLab

Carbon nanotube device channels heat into light, could increase solar panel efficiency

Posted on by

The ever-more-humble carbon nanotube may be just the device to make solar panels—and anything else that loses energy through heat—far more efficient.

Rice University scientists are designing arrays of aligned single-wall carbon to channel mid- (aka heat) and greatly raise the efficiency of solar energy systems.

Gururaj Naik and Junichiro Kono of Rice’s Brown School of Engineering introduced their technology in ACS Photonics.

Their invention is a hyperbolic thermal emitter that can absorb intense heat that would otherwise be spewed into the atmosphere, squeeze it into a narrow bandwidth and emit it as light that can be turned into electricity.

The discovery rests on another by Kono’s group in 2016 when it found a simple method to make highly aligned, wafer-scale films of closely packed nanotubes.

[…]

The aligned nanotube films are conduits that absorb and turn it into narrow-bandwidth photons. Because electrons in nanotubes can only travel in one direction, the aligned films are metallic in that direction while insulating in the perpendicular direction, an effect Naik called hyperbolic dispersion. Thermal photons can strike the film from any direction, but can only leave via one.

“Instead of going from heat directly to electricity, we go from to light to electricity,” Naik said. “It seems like two stages would be more efficient than three, but here, that’s not the case.”

[…]

Naik said adding the emitters to standard solar cells could boost their efficiency from the current peak of about 22%. “By squeezing all the wasted thermal energy into a small spectral region, we can turn it into electricity very efficiently,” he said. “The theoretical prediction is that we can get 80% efficiency.”

Nanotube films suit the task because they stand up to temperatures as high as 1,700 degrees Celsius (3,092 degrees Fahrenheit). Naik’s team built proof-of-concept devices that allowed them to operate at up to 700 C (1,292 F) and confirm their narrow-band output. To make them, the team patterned arrays of submicron-scale cavities into the chip-sized films.

Source: Carbon nanotube device channels heat into light