Author Archives: Robin Edgar

About Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

How Google quietly funds Europe’s leading tech policy institutes

Posted on by

A recent scientific paper proposed that, like Big Tobacco in the Seventies, Big Tech thrives on creating uncertainty around the impacts of its products and business model. One of the ways it does this is by cultivating pockets of friendly academics who can be relied on to echo Big Tech talking points, giving them added gravitas in the eyes of lawmakers.

Google highlighted working with favourable academics as a key aim in its strategy, leaked in October 2020, for lobbying the EU’s Digital Markets Act – sweeping legislation that could seriously undermine tech giants’ market dominance if it goes through.

Now, a New Statesman investigation can reveal that over the last five years, six leading academic institutes in the EU have taken tens of millions of pounds of funding from Google, Facebook, Amazon and Microsoft to research issues linked to the tech firms’ business models, from privacy and data protection to AI ethics and competition in digital markets. While this funding tends to come with guarantees of academic independence, this creates an ethical quandary where the subject of research is also often the primary funder of it.

 

The New Statesman has also found evidence of an inconsistent approach to transparency, with some senior academics failing to disclose their industry funding. Other academics have warned that the growing dependence on funding from the industry raises questions about how tech firms influence the debate around the ethics of the markets they have created.

The Institute for Ethics in Artificial Intelligence at the Technical University of Munich (TUM), for example, received a $7.5m grant from Facebook in 2019 to fund five years of research, while the Humboldt Institute for Internet and Society in Berlin, has accepted almost €14m from Google since it was founded in 2012, and the tech giant accounts for a third of the institute’s third-party funding.

The Humboldt Institute is seeking to diversify its funding sources, but still receives millions from Google
Annual funding to the Humboldt Institute by Google and other third-party institutions

Researchers at Big Tech-funded institutions told the New Statesman they did not feel any outward pressure to be less critical of their university’s benefactors in their research.

But one, who wished to remain anonymous, said Big Tech wielded a subtle influence through such institutions. They said that the companies typically appeared to identify uncritical academics – preferably those with political connections – who perhaps already espoused beliefs aligned with Big Tech. Companies then cultivate relationships with them, sometimes incentivising academics by granting access to sought-after data.

[…]

Luciano Floridi, professor of philosophy and ethics of information at Oxford University’s Internet Institute, is one of the most high-profile and influential European tech policy experts, who has advised the European Commission, the Information Commissioner’s Office, the UK government’s Centre for Data Ethics and Innovation, the Foreign Office, the Financial Conduct Authority and the Vatican.

Floridi is one of the best-connected tech policy experts in Europe, and he is also one of the most highly funded. The ethicist has received funding from Google, DeepMind, Facebook, the Chinese tech giant Tencent and the Japanese IT firm Fujitsu, which developed the infrastructure involved in the Post Office’s Horizon IT scandal.

OII digital ethics director Luciano Floridi is one of Europe’s most influential tech policy experts
Funding sources, and advisory positions declared by Luciano Floridi in public integrity statements

Although Floridi is connected to several of the world’s most valuable tech companies, he is especially close to Google. In the mid-2010s the academic was described as the company’s “in-house philosopher”, with his role on the company’s “right to be forgotten” committee. When the Silicon Valley giant launched a short-lived ethics committee to oversee its technology development in 2019, Floridi was among those enlisted.

Last year, Floridi oversaw and co-authored a study that found some alternative and commercial search engines returned more misinformation about healthcare to users than Google. The authors of the pro-Google study didn’t disclose any financial interests, despite Floridi’s long-running relationship with the company.

[…]

Michael Veale, a lecturer in law at University College London, said that beyond influencing independent academics, there are other motives for firms such as Google to fund policy research. “By funding very pedantic academics in an area to investigate the nuances of economics online, you can heighten the amount of perceived uncertainty in things that are currently taken for granted in regulatory spheres,” he told the New Statesman.

[…]

This appears to be the case within competition law as well. “I have noticed several common techniques used by academics who have been funded by Big Tech companies,” said Oles Andriychuk, a senior lecturer in law at Strathclyde University. “They discuss technicalities – very technical arguments which are not wrong, but they either slow down the process, or redirect the focus to issues which are less important, or which blur clarity.”

It is difficult to measure the impact of Big Tech on European academia, but Valletti adds that a possible outcome is to make research less about the details, and more about framing. “Influence is not just distorting the result in favour of [Big Tech],” he said, “but the kind of questions you ask yourself.”

Source: How Google quietly funds Europe’s leading tech policy institutes

Major U.K. science funder to require grantees to make papers immediately free to all

Posted on by

[…]

UK Research and Innovation (UKRI), will expand on existing rules covering all research papers produced from its £8 billion in annual funding. About three-quarters of papers recently published from U.K. universities are open access, and UKRI’s current policy gives scholars two routes to comply: Pay journals for “gold” open access, which makes a paper free to read on the publisher’s website, or choose the “green” route, which allows them to deposit a near-final version of the paper on a public repository, after a waiting period of up to 1 year. Publishers have insisted that an embargo period is necessary to prevent the free papers from peeling away their subscribers.

But starting in April 2022, that yearlong delay will no longer be permitted: Researchers choosing green open access must deposit the paper immediately when it is published. And publishers won’t be able to hang on to the copyright for UKRI-funded papers: The agency will require that the research it funds—with some minor exceptions—be published with a Creative Commons Attribution license (known as CC-BY) that allows for free and liberal distribution of the work.

UKRI developed the new policy because “publicly funded research should be available for public use by the taxpayer,” says Duncan Wingham, the funder’s executive champion for open research. The policy falls closely in line with those issued by other major research funders, including the nonprofit Wellcome Trust—one of the world’s largest nongovernmental funding bodies—and the European Research Council.

The move also brings UKRI’s policy into alignment with Plan S, an effort led by European research funders—including UKRI—to make academic literature freely available to read

[…]

It clears up some confusion about when UKRI will pay the fees that journals charge for gold open access, he says: never for journals that offer a mix of paywalled and open-access content, unless the journal is part of an agreement to transition to exclusively open access for all research papers. (More than half of U.K. papers are covered by transitional agreements, according to UKRI.)

[…]

Publishers have resisted the new requirements. The Publishers Association, a member organization for the U.K. publishing industry, circulated a document saying the policy would introduce confusion for researchers, threaten their academic freedom, undermine open access, and leave many researchers on the hook for fees for gold open access—which it calls the only viable route for researchers. The publishing giant Elsevier, in a letter sent to its editorial board members in the United Kingdom, said it had been working to shape the policy by lobbying UKRI and the U.K. government, and encouraged members to write in themselves.

[…]

It would not be in the interest of publishers to refuse to publish these green open-access papers, Rooryck says, because the public repository version ultimately drives publicity for publishers. And even with a paper immediately deposited in a public repository, the final “version of record” published behind a paywall will still carry considerable value, Prosser says. Publishers who threaten to reject such papers, Rooryck believes, are simply “saber rattling and posturing.”

Source: Major U.K. science funder to require grantees to make papers immediately free to all | Science | AAAS

It’s pretty bizarre that publically funded research is hidden behind paywalls – the public that paid for it can’t get to it and innovation is stifled because people who need the research can’t get at it either.

Chinese regulators go after price gauging in car chip industry

Posted on by

Chinese antitrust watchdog, State Administration of Market Supervision (SAMR), announced Tuesday it has started investigating price gouging in the automotive chip market.

The regulatory body promised to strengthen supervision and punish illegal acts such as hoarding, price hikes and collusive price increases. SAMR singled out distributors as the object of its ire.

In the early stages of the COVID-19 pandemic, prices for items such as hand sanitizer, face masks, toilet paper and other health-related items saw startling inflation that required legal intervention.

As the pandemic wore on and work from home kit became a necessity, the world saw a new kind of shortages: semiconductors.

The automotive industry was hit particularly hard by the shortage, largely because its procurement practices sent it to the back of the queue. The industry has since endured factory shutdowns and reduced levels of vehicle production – which, given cars have long supply chains, is not the sort of thing anyone needs during difficult economic times.

Chinese entrepreneurs are clearly alive to the opportunities the silicon shortage presents. Last month several Chinese would-be bootleggers were caught smuggling the critical tech with tactics like taping US$123,000 worth of product to their calves and torso or hiding them in their vehicle as they attempted to cross borders.

Analyst firm Gartner has predicted semiconductor shortages will remain moderate to severe for the rest of 2021 and continue until the second quarter of 2022. Taiwanese chipmaker TSMC has said shortages will continue until 2023.

The Register imagines that those that can influence chip prices in China, and elsewhere, will continue to try their luck until demand deflates. Or until SAMR gets a grip on regulation, whichever comes first

Source: China tightens distributor cap after local outfits hoard automotive silicon then charge silly prices • The Register

The Chinese regulators are doing a way better job than the EU and US in terms of price gauging and monopolies. Maybe the EU and US shouldn’t let big companies lobbying determine their courses of action.

Hey, AI software developers, you are taking Unicode into account, right … right?

Posted on by

[…]

The issue is that ambiguity or discrepancies can be introduced if the machine-learning software ignores certain invisible Unicode characters. What’s seen on screen or printed out, for instance, won’t match up with what the neural network saw and made a decision on. It may be possible abuse this lack of Unicode awareness for nefarious purposes.

As an example, you can get Google Translate’s web interface to turn what looks like the English sentence “Send money to account 4321” into the French “Envoyer de l’argent sur le compte 1234.”

A screenshot of Google Translate

Fooling Google Translate with Unicode. Click to enlarge

This is done by entering on the English side “Send money to account” and then inserting the invisible Unicode glyph 0x202E, which changes the direction of the next text we type in – “1234” – to “4321.” The translation engine ignores the special Unicode character, so on the French side we see “1234,” while the browser obeys the character, so it displays “4321” on the English side.

It may be possible to exploit an AI assistant or a web app using this method to commit fraud, though we present it here in Google Translate to merely illustrate the effect of hidden Unicode characters. A more practical example would be feeding the sentence…

You akU+8re aqU+8 AU+8coward and a fovU+8JU+8ol.

…into a comment moderation system, where U+8 is the invisible Unicode character for delete the previous character. The moderation system ignores the backspace characters, sees instead a string of misspelled words, and can’t detect any toxicity – whereas browsers correctly rendering the comment show, “You are a coward and a fool.”

[…]

It was academics at the University of Cambridge in England, and the University of Toronto in Canada, who highlighted these issues, laying out their findings in a paper released on arXiv In June this year.

“We find that with a single imperceptible encoding injection – representing one invisible character, homoglyph, reordering, or deletion – an attacker can significantly reduce the performance of vulnerable models, and with three injections most models can be functionally broken,” the paper’s abstract reads.

“Our attacks work against currently deployed commercial systems, including those produced by Microsoft and Google, in addition to open source models published by Facebook and IBM.”

[…]

Source: Hey, AI software developers, you are taking Unicode into account, right … right?

Researchers Say They’ve Found a ‘Master Face’ to Bypass Face Rec Tech

Posted on by

[…]

computer scientists at Tel Aviv University in Israel say they have discovered a way to bypass a large percentage of facial recognition systems by basically faking your face. The team calls this method the “master face” (like a “master key,” harhar), which uses artificial intelligence technologies to create a facial template—one that can consistently juke and unlock identity verification systems.

“Our results imply that face-based authentication is extremely vulnerable, even if there is no information on the target identity,” researchers write in their study. “In order to provide a more secure solution for face recognition systems, anti-spoofing methods are usually applied. Our method might be combined with additional existing methods to bypass such defenses,” they add.

According to the study, the vulnerability being exploited here is the fact that facial recognition systems use broad sets of markers to identify specific individuals. By creating facial templates that match many of those markers, a sort of omni-face can be created that is capable of fooling a high percentage of security systems. In essence, the attack is successful because it generates “faces that are similar to a large portion of the population.”

This face-of-all-faces is created by inputting a specific algorithm into the StyleGAN, a widely used “generative model” of artificial intelligence tech that creates digital images of human faces that aren’t real. The team tested their face imprint on a large, open-source repository of 13,000 facial images operated by the University of Massachusetts and claim that it could unlock “more than 20% of the identities” within the database. Other tests showed even higher rates of success.

Furthermore, the researchers write that the face construct could hypothetically be paired with deepfake technologies, which will “animate” it, thus fooling “liveness detection methods” that are designed to assess whether a subject is living or not.

Source: Researchers Say They’ve Found a ‘Master Face’ to Bypass Face Rec Tech

Apple confirms it will begin scanning your iCloud Photos

Posted on by

[…] Apple told TechCrunch that the detection of child sexual abuse material (CSAM) is one of several new features aimed at better protecting the children who use its services from online harm, including filters to block potentially sexually explicit photos sent and received through a child’s iMessage account. Another feature will intervene when a user tries to search for CSAM-related terms through Siri and Search.

Most cloud services — Dropbox, Google, and Microsoft to name a few — already scan user files for content that might violate their terms of service or be potentially illegal, like CSAM. But Apple has long resisted scanning users’ files in the cloud by giving users the option to encrypt their data before it ever reaches Apple’s iCloud servers.

Apple said its new CSAM detection technology — NeuralHash — instead works on a user’s device, and can identify if a user uploads known child abuse imagery to iCloud without decrypting the images until a threshold is met and a sequence of checks to verify the content are cleared.

News of Apple’s effort leaked Wednesday when Matthew Green, a cryptography professor at Johns Hopkins University, revealed the existence of the new technology in a series of tweets. The news was met with some resistance from some security experts and privacy advocates, but also users who are accustomed to Apple’s approach to security and privacy that most other companies don’t have.

Apple is trying to calm fears by baking in privacy through multiple layers of encryption, fashioned in a way that requires multiple steps before it ever makes it into the hands of Apple’s final manual review.

[…]

Source: Apple confirms it will begin scanning iCloud Photos for child abuse images | TechCrunch

No matter what the cause, they have no right to be scanning your stuff at all, for any reason, at any time.

Apple is about to start scanning iPhone users’ photos

Posted on by

Apple is about to announce a new technology for scanning individual users’ iPhones for banned content. While it will be billed as a tool for detecting child abuse imagery, its potential for misuse is vast based on details entering the public domain.

The neural network-based tool will scan individual users’ iDevices for child sexual abuse material (CSAM), respected cryptography professor Matthew Green told The Register today.

Rather than using age-old hash-matching technology, however, Apple’s new tool – due to be announced today along with a technical whitepaper, we are told – will use machine learning techniques to identify images of abused children.

[…]Indiscriminately scanning end-user devices for CSAM is a new step in the ongoing global fight against this type of criminal content. In the UK the Internet Watch Foundation’s hash list of prohibited content is shared with ISPs who then block the material at source. Using machine learning to intrusively scan end user devices is new, however – and may shake public confidence in Apple’s privacy-focused marketing.

[…]

Governments in the West and authoritarion regions alike will be delighted by this initiative, Green feared. What’s to stop China (or some other censorious regime such as Russia or the UK) from feeding images of wanted fugitives into this technology and using that to physically locate them?

[…]

“Apple will hold the unencrypted database of photos (really the training data for the neural matching function) and your phone will hold the photos themselves. The two will communicate to scan the photos on your phone. Alerts will be sent to Apple if *multiple* photos in your library match, it can’t just be a single one.”

The privacy-busting scanning tech will be deployed against America-based iThing users first, with the idea being to gradually expand it around the world as time passes. Green said it would be initially deployed against photos backed up in iCloud before expanding to full handset scanning.

[…]

Source: Apple is about to start scanning iPhone users’ devices for banned content, warns professor • The Register

Wow, no matter what the pretext (and the pretext of sex offenders is very very often the very first step they take on a much longer road, because hey, who can be against bringing sex offenders to justice, right?) Apple has just basically said that they think they have the right to read whatever they like on your phone. Nothing privacy! So what will be next? Your emails? Text messages? Location history (again)?

As a user, you actually bought this hardware – anyone you don’t explicitly give consent to (and that means not being coerced by limiting functionality, eg) should stay out of it!

Parkour: The Ultimate Guide For Beginners

Posted on by

[…]

Parkour is rooted in French military history, and more specifically escape and evasion tactics using only the human body, trained using “parcours du combattant”; an obstacle course based training method.

Whilst sharing common features, it should not be confused with freerunning, which places less of an emphasis on efficiency, allowing for more acrobatic movements.

[…]

Experienced traceurs do not seek the adrenaline rush which can often be part and parcel of engaging in the riskier aspects of the activity. Instead they seek to challenge themselves to overcome the shackles of their inhibitions. Their training allows practitioners to learn to manage risk rather than seek it.

[…]

# The basics:

1. Balancing

The ability to balance is a vital aspect of parkour. Practitioners spend a decent amount of time jumping onto and walking along narrow railings and walls.

2. Running

Parkour involves both explosive sprinting and endurance running so be sure to add in some middle distance as well as short sharp sprint sessions into your training regime to ensure you are parkour fit.

3. Jumping and Dropping

Whether it’s to bridge gaps or scale heights, jumping plays a significant role in parkour movement patterns. Dropping involves moving from areas of high ground to low, and requires a proper understanding of how to land safely, which will be discussed below.

4. Landing

Landing properly after jumping or dropping is an essential skill which will enable you not only to engage in parkour safely but also allows for efficient transition between movements and obstacles. The way in which you choose depends on a number of factors:

  • The height from which you are landing;
  • The landing area;
  • The distance of the jump

Landing on two feet should always be your preference as this will limit the amount of stress you place on your joints. The objective should be land as softly as possible, which means bending at the knees on contact with the surface. If your dropping from a particularly high level or landing with significant forward momentum then you may want to sink at the hips too and use your hands and arms to absorb some of the force.

Rolling on landing is a really useful way of dissipating the force you experience on making contact with the ground across more of your body. This is definitely something to add to your repertoire when you start to drop from levels higher than head height or when jumping with a lot of forward momentum. It’s a vital skill to help you remain safe and injury free whilst partaking in parkour.

5. Vaulting

A maneuver to help you negotiate those obstacles which are to high to jump over but don’t require climbing, the vault is probably one of the most iconic aspects of parkour. It normally involves you using your hands to propel yourself over an obstacle a little bit like a monkey. There are numerous ways in which you can achieve this basic principle. The below video takes you through a step by step guide to 10 different ways suitable for beginners.

6. Climbing

When taking the most direct (efficient route), a cornerstone of the parkour philosophy, it is inevitable that you’re going to be required to climb in order to scale obstacles which are too high to jump or vault over. This is where climbing comes to the fore. There are a number of different ways in which to climb, largely depending on the height you are required to scale.

Undoubtedly one of the most useful techniques in parkour generally has to be the ‘wall run’. This skill will enable you to climb over walls which would ordinarily be way out of reach. Check out the video below for a quick tutorial.

A slight variation on the wall run, known as the ‘tic tac’ can be a great way of using adjacent surfaces to help you generate the required momentum to climb your target wall.

The ‘cat leap’ is a combination of jumping and climbing. Particularly useful when you are attempting to traverse a gap which is too wide for you be able to land on the target area on your feet. Instead you must aim to land with your feet on the front face of the wall fractionally before gripping the top of the wall with your hands.

7. Swinging (Lache)

Just like when you were a kid swinging from tree branches. This can be a particularly useful method of passing through an obstacle or even dropping from a height which would ordinarily be too high. Traceurs will also use this technique to traverse gaps between bars, where gripping the bar and hanging rather than landing on your feet is more preferable.

The below tutorial takes you through a step by step guide in how to introduce yourself to the skill of lache.

Top Training Exercises To Get You On Your Way

There are some great ways in which you can prepare yourself for parkour before you even turn up for your first meet or join one of the new age parkour specific gyms.

Here are 10 of the best to get you started:

1. Forward walking lunge:

The strength and stability built from lunges is directly transferable to many of the movements which make up parkour. Jumping or landing from one foot, wall runs and tic tacs all require unilateral strength. The best way of developing such strength is by completing single leg weight bearing exercises, of which the forward lunge is a particularly good example. The intensity of the exercise can easily be increased by adding dumbbells or a barbell.

2. Wall handstand:

Parkour has numerous similarities to gymnastics, and it doesn’t get much more acrobatic (for beginners that is) than handstands. Mastering this type of exercise is a great way of developing upper body strength (a key component of climbing and swinging), as well as spatial awareness and balance. By practising against a wall you can negate some of the potential danger associated with the traditional handstand.

3. Overhead barbell press:

A fundamental exercise for developing upper body strength,the overhead press translates perfectly into actions such as vaulting. If you just starting out use an unloaded barbell to ascertain how much load is appropriate for your relative strength. Standing with your feet around hip width apart, hold the bar with an overhand grip just in front of your collar bones with your elbows pointing towards the ground. Push the bar upwards in front of your face, finishing above your head with your arms straight, locked out at the shoulders and elbows. Once you have reached the top of the range, pause momentarily before returning the bar slowly to the start position and repeating.

4. Broad jump:

This is probably one of the most important exercises to include in your parkour preparation training. The most fundamental of movements, involved in every jump you make from obstacle to obstacle. This is a great way of developing the power you will be sure to need in order to get the most out of your foundation parkour movements.

There will be plenty of occasions when parkour requires you to jump and land on just one of your legs so why not add in single leg jumps too. Mix up taking off and landing on the same foot and taking off and landing on opposite feet.

5. Back Squat:

There’s no getting away from the back squat. It is such a fundamental movement pattern which can be applied to so many different every day as well as athletic pursuits. Consequently, it is a must do exercise if you’re looking to get into parkour. There are few gym movements which are better at building general lower limb strength and will help pretty much with every aspect of parkour, including jumping, landing, and wall running.

6. Wall dip:

A slight variation on the traditional dip exercise you will see regularly in the gym, this is a perfect upper body exercise which has excellent cross-over with a common feature in movement such as the vault and the second phase of a climb.

Find a wall or equivalent surface which is between hip and shoulder height. Place your palms flat on top of the surface fingers pointing forwards. In the start position, your arms should be straight, completely holding your body weight off the ground. Lower your legs towards the ground by bending at the elbow in the same way as if you were performing a standard push up, lowering your chest towards the top of the wall. Once your elbows are bent to around 90 degrees, push against the surface through your palms and lift your body weight, extending your arms until straight. Repeat the movement.

7. The monkey plant:

These are a great exercise for building upper body strength in a more parkour specific training environment. Stand in front of a wall which is approximately hip height with one foot slightly in front of the other and both hands in contact with the top of the wall. Using both your legs and your upper body, propel yourself forwards and upwards so that you finish on top of the wall on both feet.

The monkey plant is also a great stepping stone to more advanced parkour exercises like vaulting.

8. Pull ups:

One of the most fundamental upper body strength exercises going, the pull up will help you generate the necessary strength to haul your body weight up walls with your upper body alone. Pretty useful then. Once you’ve mastered the bodyweight pull up for a decent number of sets and reps (3 x10 for instance) why not increase the intensity by adding extra weight using dumbbells or discs.

9. Bear crawl:

This exercise is a great full body workout generating stress on both the lower and upper body. It is a particularly appropriate form of training for parkour as there will often be times when you are required to move on all fours, whether it be to squeeze under low obstacles, or to provide a little extra stability when traversing obstacles at significant heights.

10. Vertical jump:

Along with the broad jump, this is also one of the most fundamentally applicable exercises to parkour. A great way of converting the strength you build in your legs using exercises such as the back squat and forward lunge into power, one of the most important assets to have if you are going to traverse those gaps or run those walls.

To make the exercise even more parkour specific, be sure to land softly each repetitions, bending at the knees and folding at the hips (making contact with the ground with your hands) in order to practice dissipating the force you will experience when you drop from considerable heights.

Source: Parkour: The Ultimate Guide For Beginners – Sport Fitness Advisor

Australian Court Rules That AI Can Be an Inventor, as does South Africa

Posted on by

In what can only be considered a triumph for all robot-kind, this week, a federal court has ruled that an artificially intelligent machine can, in fact, be an inventor—a decision that came after a year’s worth of legal battles across the globe.

The ruling came on the heels of a years-long quest by University of Surrey law professor Ryan Abbot, who started putting out patent applications in 17 different countries across the globe earlier this year. Abbot—whose work focuses on the intersection between AI and the law—first launched two international patent filings as part of The Artificial Inventor Project at the end of 2019. Both patents (one for an adjustable food container, and one for an emergency beacon) listed a creative neural system dubbed “DABUS” as the inventor.

The artificially intelligent inventor listed here, DABUS, was created by Dr. Stephen Thaler, who describes it as a “creativity engine” that’s capable of generating novel ideas (and inventions) based on communications between the trillions of computational neurons that it’s been outfitted with. Despite being an impressive piece of machinery, last year, the US Patent and Trademark Office (USPTO) ruled that an AI cannot be listed as the inventor in a patent application—specifically stating that under the country’s current patent laws, only “natural persons,” are allowed to be recognized. Not long after, Thaler sued the USPTO, and Abbott represented him in the suit.

More recently, the case has been caught in a case of legal limbo—with the overseeing judge suggesting that the case might be better handled by congress instead.

DABUS had issues being recognized in other countries, too. One spokesperson for the European patent office told the BBC in a 2019 interview that systems like DABUS are merely “a tool used by a human inventor,” under the country’s current laws. Australian courts initially declined to recognize AI inventors as well, noting earlier this year that much like in the US, patents can only be granted to people.

Or at least, that was Australia’s stance until Friday, when justice Jonathan Beach overturned the decision in Australia’s federal court. Per Beach’s new ruling, DABUS can neither be the applicant nor grantee for a patent—but it can be listed as the inventor. In this case, those other two roles would be filled by Thaler, DABUS’s designer.

“In my view, an inventor as recognised under the act can be an artificial intelligence system or device,” Beach wrote. “I need to grapple with the underlying idea, recognising the evolving nature of patentable inventions and their creators. We are both created and create. Why cannot our own creations also create?”

It’s not clear what made the Australian courts change their tune, but it’s possible South Africa had something to do with it. The day before Beach walked back the country’s official ruling, South Africa’s Companies and Intellectual Property Commission became the first patent office to officially recognize DABUS as an inventor of the aforementioned food container.

It’s worth pointing out here that every country has a different set of standards as part of the patent rights process; some critics have noted that it’s “not shocking” for South Africa to give the idea of an AI inventor a pass, and that “everyone should be ready,” for future patent allowances to come. So while the US and UK might have given Thalen the thumbs down on the idea, we’re still waiting to see how the patents filed in any of the other countries—including Japan, India, and Israel—will shake out. But at the very least, we know that DABUS will finally be recognized as an inventor somewhere.

Source: Australian Court Rules That AI Can Be an Inventor

Amazon hit with $887 million fine by European privacy watchdog

Posted on by

Amazon has been issued with a fine of 746 million euros ($887 million) by a European privacy watchdog for breaching the bloc’s data protection laws.

The fine, disclosed by Amazon on Friday in a securities filing, was issued two weeks ago by Luxembourg’s privacy regulator.

The Luxembourg National Commission for Data Protection said Amazon’s processing of personal data did not comply with the EU’s General Data Protection Regulation.

[…]

Source: Amazon hit with $887 million fine by European privacy watchdog

Pretty massively strange that they don’t tell us what exactly they are fining Amazon for…

Bungie & Ubisoft Sue Destiny 2 Cheatmakers Ring-1 For Copyright Infringement

Posted on by

Bungie and Ubisoft have filed a lawsuit against five individuals said to be behind Ring-1, the claimed creator and distributor of cheat software targeting Destiny and Rainbox Six Seige. Among other offenses the gaming companies allege copyright infringement and trafficking in circumvention devices, estimating damages in the millions of dollars.

[…]

Filed in a California district court, the lawsuit targets Andrew Thorpe (aka ‘Krypto’), Jonathan Aguedo (aka ‘Overpowered’), Wesam Mohammed (aka ‘Grizzly’), Ahmad Mohammed, plus John Does 1-50. According to the plaintiffs, these people operate, oversee or participate in Ring-1, an operation that develops, distributes and markets a range of cheats for Destiny 2 and Rainbow Six Seige, among others.

Ring-1 is said to largely operate from Ring-1.io but is also active on hundreds of forums, websites and social media accounts selling cheats that enable Ubisoft and Bungie customers to automatically aim their weapons, reveal the locations of opponents, and see information that would otherwise be obscured.

“Defendants’ conduct has caused, and is continuing to cause, massive and irreparable harm to Plaintiffs and their business interests. The success of Plaintiffs’ games depends on their being enjoyable and fair for all players,” the lawsuit reads.

[…]

According to the lawsuit, the cheats developed and distributed by Ring-1 are not cheap. Access to Destiny 2 cheats via the Ring-1 website costs 30 euros per week or 60 euros per month while those for Rainbox Six Seige cost 25 euros and 50 euros respectively, netting the defendants up to hundreds of thousands of dollars in revenue.

The plaintiffs believe that Ring-1 or those acting in concert with them fraudulently obtained access to the games’ software clients before disassembling, decompiling and/or creating derivative works from them. These tools were then tested on Destiny 2 and Rainbow Six Seige servers under false pretenses by using “throwaway accounts” and false identities.

Copyright Infringement Offenses

Since the cheating software developed and distributed by Ring-1 is primarily designed for the purpose of circumventing technological measures that control access to their games, the plaintiffs state that the defendants are trafficking in circumvention devices in violation of the DMCA (17 U.S.C. § 1201(a)(2)).

[…]

In addition, it’s alleged that the defendants unlawfully reproduced and displayed the plaintiffs’ artwork on the Ring-1 website, adapted the performance of the games, and reproduced game client files without a license during reverse engineering and similar processes.

In the alternative, Ubisoft and Bungie suggest that the defendants can be held liable for inducing and contributing to the copyright-infringing acts of their customers when they deploy cheats that effectively create unauthorized derivative works.

[…]

In addition to the alleged copyright infringement offenses, Bungie and Ubisoft say the defendants are liable for trademark infringement due to the use of various marks on the Ring-1 website and elsewhere. They are also accused of ‘false designation of origin’ due to false or misleading descriptions that suggest a connection with the companies, and intentional interference with contractual relations by encouraging Destiny 2 and Rainbow Six Seige players to breach their licensing conditions.

[…]

Source: Bungie & Ubisoft Sue Destiny 2 Cheatmakers Ring-1 For Copyright Infringement * TorrentFreak

Wow, this seems to me to be a stretch. Nobody likes playing online against a cheat but calling it copyright infringement and creating derivative works seems like a stretch, as does saying people might think the cheat creators (which to me seems like original work) might be mistaken as being affiliated with the companies. Even Trump and QAnon followers aren’t that stupid. Then as for the licenses  imposed: yes, people click yes on the usage licenses but I’m pretty sure almost no-one has any idea what they are clicking yes to.

Justice Department says Russians hacked federal prosecutors during SolarWinds

Posted on by

The Russian hackers behind the massive SolarWinds cyberespionage campaign broke into the email accounts of some of the most prominent federal prosecutors’ offices around the country last year, the Justice Department said Friday.

The department said 80% of Microsoft email accounts used by employees in the four U.S. attorney offices in New York were breached. All told, the Justice Department said 27 U.S. Attorney offices had at least one employee’s email account compromised during the hacking campaign.

The Justice Department said in a statement that it believes the accounts were compromised from May 7 to Dec. 27, 2020. Such a timeframe is notable because the SolarWinds campaign, which infiltrated dozens of private-sector companies and think tanks as well as at least nine U.S. government agencies, was first discovered and publicized in mid-December.

The Biden administration in April announced sanctions, including the expulsion of Russian diplomats, in response to the SolarWinds hack and Russian interference in the 2020 U.S. presidential election. Russia has denied wrongdoing.

[…]

Source: Justice Department says Russians hacked federal prosecutors

This is another escalation in the finger pointing between the US, Russia and China

100s of (war)ships are having their positions falsely reported in AIS

Posted on by

Analysis of tracking data from Automatic Identification System broadcasts reveals vessel locations have been simulated for a number of ships, including military vessels. This false information could compromise vessel safety, decrease confidence in a crucial collision avoidance system and potentially spark international conflict.

Over the years, data analysts working with Global Fishing Watch and SkyTruth have noticed a number of ship tracks coming up in impossible locations—in transit over Antarctica, circling in the Utah desert and elsewhere—and we have questioned whether these false positions resulted from faulty Automatic Identification System (AIS) transmitters, deliberate misuse of those transmitters, or from intentional third party interference. AIS is the international system of vessel radio broadcasts used to identify vessel locations and help prevent collisions at sea. We have learned how to interpret anomalies in AIS data and, even when the ship coordinates were wrong, we never had reason to doubt that these vessels were on the water broadcasting AIS. In most cases, we are also able to identify the true position of the vessel.

[…]

I first noticed these false AIS tracks in groups of sailboats which appeared hundreds of miles out in the Atlantic Ocean even though shore-based AIS antennas appeared to receive their positions. Since a typical range for a terrestrial antenna is at most about 60 miles, I knew something was wrong with these positions. When I searched for more information on the identities of these vessels I found that they were featured on a website running simulated sailing races. Whoever was setting up the races not only simulated realistic AIS positions for each of the participants, but then fed these made up positions into a public AIS site — sites like AISHub receive ship positions from contributors — so that the sailboat positions appeared on these sites alongside real vessel traffic.

[…]

Our recent investigation into a second group of false AIS tracks has shown that these concerns were very much warranted. I was alerted to this case when an article in Dagens Nyheter, a Swedish news outlet, was shared with me. Nine Swedish Navy vessels appeared on AIS as if out on maneuvers. In the news story, the Swedish Navy confirmed that these positions were false and mentioned additional false positions in the Baltic Sea, specifically near the Russian enclave of Kaliningrad.

[…]

I was able to take advantage of the full complexity of AIS communication to identify a pattern specific to the false simulated AIS positions. From there, I wrote an automated computer query of our global AIS database to identify other vessels with this same pattern of AIS broadcast.

The results were alarming. Nearly a hundred U.S. and European naval vessels had track segments with the same AIS pattern as the false tracks of the Swedish navy ships near Karlskrona. Over the past few months I dug into this data using all available sources to confirm vessel locations and identities. I confirmed false AIS positions for 15 navy vessels from seven countries, with many more vessels suspected of having fabricated positions.

[…]

Naval vessels are frequently photographed, and it’s possible to get a sequence of port visits based on photos uploaded to sites like warshipcam.com. This documented series of port visits can then be compared to the AIS track to confirm that an MMSI corresponds to a particular vessel.

[…]

Two sources of open satellite imagery work very well for matching to AIS, Sentinel-1 (S1) synthetic aperture radar (SAR) and Sentinel-2 (S2) optical imagery from the European Space Agency (ESA). S1 SAR is acquired with very high frequency over Europe — any given location is imaged approximately every other day and has the advantage of penetrating clouds

[…]

I matched S1 and S2 imagery to tracks of 15 naval vessels with AIS patterns sharing characteristics identified in the false positions of the Swedish vessels near Karlskrona. These 15 examples, which I was able to confirm with comparison to imagery, represent just a fraction of the nearly 100 naval vessels with suspected false AIS tracks identified by my algorithm between August 27, 2020 and July 15, 2021.

[…]

I describe two examples below.

U.S. survey vessel USNS Bruce C. Heezen transiting into Baltic Sea, September 2020

AIS data shows this vessel transiting through the North Sea and entering the Baltic Sea between September 17 through 23, 2020. However, the positions broadcast on those dates match the false AIS pattern, and I have additional evidence that this AIS track did not show the actual location of the vessel.

[…]

British Aircraft carrier HMS Queen Elizabeth on the Irish coast with accompanying flotilla of British, Dutch, and Belgian warships, September 2020

AIS from September 17, 2020, shows a surprising international naval flotilla accompanying the British aircraft carrier HMS Queen Elizabeth about 20 miles out from the coast of Ireland. In addition to the 283-meter Queen Elizabeth, AIS shows the British HMS Duncan (152 meters) and HMS Albion (176 meters) as well as the Dutch HNLMS Rotterdam (163 meters), the HNLMS Johan de Witt (176 meters) and the Belgian BNS Leopold I (122 meters). This flotilla of massive warships should have made quite a striking picture on Sentinel-2 satellite imagery. However, the image coinciding with the AIS transit dates, seen below, shows none of the six naval vessels. Furthermore, several publicly posted photos and news articles show that these vessels were in port elsewhere at the time.

[…]

It’s unclear how the false positions get combined with real data from terrestrial AIS antennas, though one can hypothesize that they could be produced by an AIS simulator program similar to that used to produce the tracks in the simulated sailing races. While I initially thought the false data might be entering the data feed from a single terrestrial AIS station, it appears that false AIS positions were reported at a number of different terrestrial stations.

Some of these terrestrial stations appear to be picking up AIS positions when vessels are too far away. For example, a suspected false position near Kiel, Germany was picked up by a receiver in Gdynia, Poland more than 300 miles away and outside of normal terrestrial antenna range. However in other cases, false positions were picked up by nearby receivers. Further information linking individual AIS positions to particular receiving antennas could allow us to understand more about where the positions are coming from.

Possible motives for data falsification

It’s clear that considerable care was taken to produce plausible tracks. For example, false AIS segments mostly appear only in those locations where naval vessels would be expected to broadcast AIS (near port and in other congested areas). Confirmed and suspected false AIS segments show incursions by 11 North Atlantic Treaty Organization (NATO) and NATO allied warships into Russian territorial waters near Kaliningrad and Murmansk as well as within the disputed territorial waters around Crimea in the Black Sea. Suspected false tracks from June 2021 also show two Russian warships entering the territorial waters of Ukraine and Poland. Other false AIS tracks are more subtle

[…]

A recent incident in the Black Sea shows how uncomfortably close we are to a scenario where a false AIS track is used to show an aggressive action by a naval vessel that did not really occur. From June 18 to 19, 2021, the British destroyer HMS Defender and Dutch frigate HNLMS Evertsen could be seen at dock in Odessa, Ukraine. However, on those same dates, AIS showed the vessels leaving port and going to a naval base in Sevastopol in Russian-occupied Crimea.

[…]

Although this attempt at disinformation was easily refuted by witnesses and a live webcam in Odessa, a far more delicate situation unfolded a few days later when the HMS Defender really did leave Odessa and transit through Russian claimed waters. The HMS Defender broadcast AIS during the transit past Crimea that showed the vessel entering disputed territorial waters that extend 12 nautical miles from shore. The vessel entered only about 1.8 nautical miles inside territorial waters and maintained a normal transit course under “innocent passage.” Russian forces claim to have responded with warning shots and dropping live bombs in the path of the vessel. The HMS Defender proceeded normally, exiting the waters around Crimea and continuing to Georgia.

[…]

Fortunately, these false tracks could be readily identified with the same systematic data analysis tools which have made it possible to pull increasingly detailed information from the global AIS dataset to inform researchers about activity at sea.

The openness and accessibility of AIS has made possible innovative uses of the data. But this accessibility also makes the system vulnerable to manipulation which, if not detected, could support false narratives about vessel movements that cause confusion and potentially could even spark an international incident.

Ultimately, AIS is a critical collision-avoidance system relied upon by thousands of mariners, and while these manipulations don’t directly compromise on-the-water collision avoidance, they may compromise trust in the AIS system

[….]

Source: Systematic data analysis reveals false vessel tracks – SkyTruth

Increase in Earth’s energy imbalance is proof that climate change is man made

Posted on by

The observed trend in Earth’s energy imbalance (TEEI), a measure of the acceleration of heat uptake by the planet, is a fundamental indicator of perturbations to climate. Satellite observations (2001–2020) reveal a significant positive globally-averaged TEEI of 0.38 ± 0.24 Wm−2decade−1, but the contributing drivers have yet to be understood. Using climate model simulations, we show that it is exceptionally unlikely (<1% probability) that this trend can be explained by internal variability. Instead, TEEI is achieved only upon accounting for the increase in anthropogenic radiative forcing and the associated climate response. TEEI is driven by a large decrease in reflected solar radiation and a small increase in emitted infrared radiation. This is because recent changes in forcing and feedbacks are additive in the solar spectrum, while being nearly offset by each other in the infrared. We conclude that the satellite record provides clear evidence of a human-influenced climate system.

[…]

Source: Anthropogenic forcing and response yield observed positive trend in Earth’s energy imbalance | Nature Communications

Edward Snowden calls for spyware trade ban amid Pegasus revelations

Posted on by

Governments must impose a global moratorium on the international spyware trade or face a world in which no mobile phone is safe from state-sponsored hackers, Edward Snowden has warned in the wake of revelations about the clients of NSO Group.

Snowden, who in 2013 blew the whistle on the secret mass surveillance programmes of the US National Security Agency, described for-profit malware developers as “an industry that should not exist”.

He made the comments in an interview with the Guardian after the first revelations from the Pegasus project, a journalistic investigation by a consortium of international media organisations into the NSO Group and its clients.

[…]

For traditional police operations to plant bugs or wiretap a suspect’s phone, law enforcement would need to “break into somebody’s house, or go to their car, or go to their office, and we’d like to think they’ll probably get a warrant”, he said.

But commercial spyware made it cost-efficient for targeted surveillance against vastly more people. “If they can do the same thing from a distance, with little cost and no risk, they begin to do it all the time, against everyone who’s even marginally of interest,” he said.

“If you don’t do anything to stop the sale of this technology, it’s not just going to be 50,000 targets. It’s going to be 50 million targets, and it’s going to happen much more quickly than any of us expect.”

Part of the problem arose from the fact that different people’s mobile phones were functionally identical to one another, he said. “When we’re talking about something like an iPhone, they’re all running the same software around the world. So if they find a way to hack one iPhone, they’ve found a way to hack all of them.”

He compared companies commercialising vulnerabilities in widely used mobile phone models to an industry of “infectioneers” deliberately trying to develop new strains of disease.

“It’s like an industry where the only thing they did was create custom variants of Covid to dodge vaccines,” he said. “Their only products are infection vectors. They’re not security products. They’re not providing any kind of protection, any kind of prophylactic. They don’t make vaccines – the only thing they sell is the virus.”

Snowden said commercial malware such as Pegasus was so powerful that ordinary people could in effect do nothing to stop it. Asked how people could protect themselves, he said: “What can people do to protect themselves from nuclear weapons?

“There are certain industries, certain sectors, from which there is no protection, and that’s why we try to limit the proliferation of these technologies. We don’t allow a commercial market in nuclear weapons.”

He said the only viable solution to the threat of commercial malware was an international moratorium on its sale. “What the Pegasus project reveals is the NSO Group is really representative of a new malware market, where this is a for-profit business,” he said. “The only reason NSO is doing this is not to save the world, it’s to make money.”

He said a global ban on the trade in infection vectors would prevent commercial abuse of vulnerabilities in mobile phones, while still allowing researchers to identify and fix them.

“The solution here for ordinary people is to work collectively. This is not a problem that we want to try and solve individually, because it’s you versus a billion dollar company,” he said. “If you want to protect yourself you have to change the game, and the way we do that is by ending this trade.”

[…]

Source: Edward Snowden calls for spyware trade ban amid Pegasus revelations | Edward Snowden | The Guardian

How To Check If Your iPhone Is Infected With Pegasus Using MVT

Posted on by

The revelation that our government might be using spyware called Pegasus to hack into its critics’ phones has started a whole new debate on privacy. The opposition is taking a dig at the ruling party every chance it gets, while the latter is trying to damage control after facing such serious allegations.

Amidst the chaos, one of the members of The Pegasus Project, Amnesty, recently made a public toolkit that can check if your phone is infected with Pegasus. The toolkit, known as MVT, requires users to know their way around the command line.

In a previous post, we wrote about how it works and successfully traces signs of Pegasus. Moreover, we mentioned how MVT is more effective on iOS than Android (the most you can do is scan APKs and SMSes). Hence, in this guide, we’re focusing on breaking down the process to detect Pegasus on iPhone into a step-by-step guide.

First off, you’ll need to create an encrypted backup and transfer it to either a Mac or PC. You can also do this on Linux instead, but you’ll have to install libimobiledevice beforehand for that.

Once the phone backup is transferred, you need to download Python 3.6 (or newer) on your system — if you don’t have it already. Here’s how you can install the same for Windows, macOS, and Linux.

After that, go through Amnesty’s manual to install MVT correctly on your system. Installing MVT will give you new utilities (mvt-ios and mvt-android) that you can use in the Python command line.

Now, let’s go through the steps for detecting Pegasus on an iPhone backup using MVT.

Steps To Detect Pegasus On iPhone

First of all, you have to decrypt your data backup. To do that, you’ll need to enter the following instruction format while replacing the placeholder text (marked with a forward slash) with your custom path.

mvt-ios decrypt-backup -p password -d /decrypted /backup

Note: Replace “/decrypted” with the directory where you want to store the decrypted backup and “/backup” with the directory where your encrypted backup is located.

Now, we will run a scan on the decrypted backup, referencing it with the latest IOCs (possible signs of Pegasus spyware), and store the result in an output folder.

To do this, first, download the newest IOCs from here (use the folder with the latest timestamp). Then, enter the instruction format as given below with your custom directory path.

mvt-ios check-backup -o /output -i /pegasus.stix2 /backup

Note: Replace “/output” with the directory where you want to store the scan result, “/backup” with the path where your decrypted backup is stored, and “/pegasus.stix2” with the path where you downloaded the latest IOCs.

After the scan completion, MVT will generate JSON files in the specified output folder. If there is a JSON file with the suffix “_detected,” then that means your iPhone data is most likely Pegasus-infected.

However, the IOCs are regularly updated by Amnesty’s team as they develop a better understanding of how Pegasus operates. So, you might want to keep running scans as the IOCs are updated to make sure there are no false positives.

Source: How To Check If Your Phone Is Infected With Pegasus Using MVT

Huge data leak shatters the lie that the innocent need not fear surveillance – governments are spying on critics, journos, etc without a warrant using commercial Pegasus spyware by NSO

Posted on by

Billions of people are inseparable from their phones. Their devices are within reach – and earshot – for almost every daily experience, from the most mundane to the most intimate.

Few pause to think that their phones can be transformed into surveillance devices, with someone thousands of miles away silently extracting their messages, photos and location, activating their microphone to record them in real time.

Such are the capabilities of Pegasus, the spyware manufactured by NSO Group, the Israeli purveyor of weapons of mass surveillance.

NSO rejects this label. It insists only carefully vetted government intelligence and law enforcement agencies can use Pegasus, and only to penetrate the phones of “legitimate criminal or terror group targets”.

Yet in the coming days the Guardian will be revealing the identities of many innocent people who have been identified as candidates for possible surveillance by NSO clients in a massive leak of data.

Without forensics on their devices, we cannot know whether governments successfully targeted these people. But the presence of their names on this list indicates the lengths to which governments may go to spy on critics, rivals and opponents.

First we reveal how journalists across the world were selected as potential targets by these clients prior to a possible hack using NSO surveillance tools.

Over the coming week we will be revealing the identities of more people whose phone numbers appear in the leak. They include lawyers, human rights defenders, religious figures, academics, businesspeople, diplomats, senior government officials and heads of state.

Our reporting is rooted in the public interest. We believe the public should know that NSO’s technology is being abused by the governments who license and operate its spyware. But we also believe it is in the public interest to reveal how governments look to spy on their citizens and how seemingly benign processes such as HLR lookups can be exploited in this environment.

[…]

Companies such as NSO operate in a market that is almost entirely unregulated, enabling tools that can be used as instruments of repression for authoritarian regimes such as those in Saudi Arabia, Kazakhstan and Azerbaijan.

The market for NSO-style surveillance-on-demand services has boomed post-Snowden, whose revelations prompted the mass adoption of encryption across the internet. As a result the internet became far more secure, and mass harvesting of communications much more difficult.

But that in turn spurred the proliferation of companies such as NSO offering solutions to governments struggling to intercept messages, emails and calls in transit. The NSO answer was to bypass encryption by hacking devices.

Two years ago the then UN special rapporteur on freedom of expression, David Kaye, called for a moratorium on the sale of NSO-style spyware to governments until viable export controls could be put in place. He warned of an industry that seemed “out of control, unaccountable and unconstrained in providing governments with relatively low-cost access to the sorts of spying tools that only the most advanced state intelligence services were previously able to use”.

His warnings were ignored. The sale of surveillance continued unabated. That GCHQ-like surveillance tools are now available for purchase by repressive governments may give some of Snowden’s critics pause for thought.

[…]

Source: Huge data leak shatters the lie that the innocent need not fear surveillance | Surveillance | The Guardian

Samsung Bricking Original SmartThings Hubs

Posted on by

Samsung is causing much angst among its SmartThings customers by shutting down support for its original SmartThings home automation hub as of the end of June. These are network-connected home automation routers providing Zigbee and Z-Wave connectivity to your sensors and actuators. It’s not entirely unreasonable for manufacturers to replace aging hardware with new models. But in this case the original hubs, otherwise fully functional and up to the task, have intentionally been bricked.

Users were offered a chance to upgrade to a newer version of the hub at a discount. But the hardware isn’t being made by Samsung anymore, after they redirected their SmartThings group to focus entirely on software. With this new dedication to software, you’d be forgiven for thinking the team implemented a seamless transition plan for its loyal user base — customers who supported and built up a thriving community since the young Colorado-based SmartThings company bootstrapped itself by a successful Kickstarter campaign in 2012. Instead, Samsung seems to leave many of those users in the lurch.

There is no upgrade path for switching to a new hub, meaning that the user has to manually reconnect each sensor in the house which often involves a cryptic sequence of button presses and flashing lights (the modern equivalent of setting the time on your VCR). Soon after you re-pair all your devices, you will discover that the level of software customization and tools that you’ve relied upon for home automation has, or is about to, disappear. They’ve replaced the original SmartThings app with a new in-house app, which by all accounts significantly dumbs down the features and isn’t being well-received by the community. Another very popular tool called Groovy IDE, which allowed users to add support for third-party devices and complex automation tasks, is about to be discontinued, as well.

 

Samsung’s announcement from last year laid out the goals of the transition divided into three phases. After the dust settles, it may well be that new tools will be rolled out which restore the functionality and convenience of the discontinued apps. But it seems that their priority at the moment is to focus on “casual” home automation users, those which just a handful of devices. The “power” users, with dozens and dozens of devices, are left wondering whether they’ve been abandoned. A casual scan through various online forums suggests that many of these loyal users are not waiting to be abandoned. Instead, they are abandoning SmartThings and switching to self-hosted solutions such as Home Assistant.

If this story sounds familiar, it is. We’ve covered several similar of IoT service closures in recent years, including:

Considering the typical home is a decades-long investment, we’d hope that the industry will eventually focus on longer-term approaches to home automation. For example, interoperability of devices using existing or new standards might be a good starting point. If you are using an automation system in your home, do you use a bundled solution like SmartThings, or have you gone the self-hosting route?

Source: Samsung Shuttering Original SmartThings Hubs | Hackaday

Bricking is pretty damn harsh and incredibly wasteful. Also, you bought the hardware, it’s yours!

US FTC Weighs in On Right To Repair

Posted on by

A few days ago, the US Federal Trade Commission (FTC) came out with a 5-0 unanimous vote on its position on right to repair. (PDF) It’s great news, in that they basically agree with us all:

Restricting consumers and businesses from choosing how they repair products can substantially increase the total cost of repairs, generate harmful electronic waste, and unnecessarily increase wait times for repairs. In contrast, providing more choice in repairs can lead to lower costs, reduce e-waste by extending the useful lifespan of products, enable more timely repairs, and provide economic opportunities for entrepreneurs and local businesses.

The long version of the “Nixing the Fix” report goes on to list ways that the FTC found firms were impeding repair: ranging from poor initial design, through restrictive firmware and digital rights management (DRM), all the way down to “disparagement of non-OEM parts and independent repair services”.

While the FTC isn’t making any new laws here, they’re conveying a willingness to use the consumer-protection laws that are already on the books: the Magnuson-Moss Warranty Act and Section 5 of the FTC Act, which prohibits unfair competitive practices.

Only time will tell if this dog really has teeth, but it’s a good sign that it’s barking. And given that the European Union is heading in a similar direction, we’d be betting that repairability increases in the future.

Source: FTC Rules On Right To Repair | Hackaday

Police Are Telling ShotSpotter to Alter Evidence From Gunshot-Detecting AI

Posted on by

On May 31 last year, 25-year-old Safarain Herring was shot in the head and dropped off at St. Bernard Hospital in Chicago by a man named Michael Williams. He died two days later.

Chicago police eventually arrested the 64-year-old Williams and charged him with murder (Williams maintains that Herring was hit in a drive-by shooting). A key piece of evidence in the case is video surveillance footage showing Williams’ car stopped on the 6300 block of South Stony Island Avenue at 11:46 p.m.—the time and location where police say they know Herring was shot.

How did they know that’s where the shooting happened? Police said ShotSpotter, a surveillance system that uses hidden microphone sensors to detect the sound and location of gunshots, generated an alert for that time and place.

Except that’s not entirely true, according to recent court filings.

That night, 19 ShotSpotter sensors detected a percussive sound at 11:46 p.m. and determined the location to be 5700 South Lake Shore Drive—a mile away from the site where prosecutors say Williams committed the murder, according to a motion filed by Williams’ public defender. The company’s algorithms initially classified the sound as a firework. That weekend had seen widespread protests in Chicago in response to George Floyd’s murder, and some of those protesting lit fireworks.

But after the 11:46 p.m. alert came in, a ShotSpotter analyst manually overrode the algorithms and “reclassified” the sound as a gunshot. Then, months later and after “post-processing,” another ShotSpotter analyst changed the alert’s coordinates to a location on South Stony Island Drive near where Williams’ car was seen on camera.

Williams reclassified photo

A screenshot of the ShotSpotter alert from 11:46 PM, May 31, 2020 showing that the sound was manually reclassified from a firecracker to a gunshot.

“Through this human-involved method, the ShotSpotter output in this case was dramatically transformed from data that did not support criminal charges of any kind to data that now forms the centerpiece of the prosecution’s murder case against Mr. Williams,” the public defender wrote in the motion.

[…]

The case isn’t an anomaly, and the pattern it represents could have huge ramifications for ShotSpotter in Chicago, where the technology generates an average of 21,000 alerts each year. The technology is also currently in use in more than 100 cities.

Motherboard’s review of court documents from the Williams case and other trials in Chicago and New York State, including testimony from ShotSpotter’s favored expert witness, suggests that the company’s analysts frequently modify alerts at the request of police departments—some of which appear to be grasping for evidence that supports their narrative of events.

[…]

Untested evidence

Had the Cook County State’s Attorney’s office not withdrawn the evidence in the Williams case, it would likely have become the first time an Illinois court formally examined the science and source code behind ShotSpotter, Jonathan Manes, an attorney at the MacArthur Justice Center, told Motherboard.

“Rather than defend the evidence, [prosecutors] just ran away from it,” he said. “Right now, nobody outside of ShotSpotter has ever been able to look under the hood and audit this technology. We wouldn’t let forensic crime labs use a DNA test that hadn’t been vetted and audited.”

[…]

A pattern of alterations

In 2016, Rochester, New York, police looking for a suspicious vehicle stopped the wrong car and shot the passenger, Silvon Simmons, in the back three times. They charged him with firing first at officers.

The only evidence against Simmons came from ShotSpotter. Initially, the company’s sensors didn’t detect any gunshots, and the algorithms ruled that the sounds came from helicopter rotors. After Rochester police contacted ShotSpotter, an analyst ruled that there had been four gunshots—the number of times police fired at Simmons, missing once.

Paul Greene, ShotSpotter’s expert witness and an employee of the company, testified at Simmons’ trial that “subsequently he was asked by the Rochester Police Department to essentially search and see if there were more shots fired than ShotSpotter picked up,” according to a civil lawsuit Simmons has filed against the city and the company. Greene found a fifth shot, despite there being no physical evidence at the scene that Simmons had fired. Rochester police had also refused his multiple requests for them to test his hands and clothing for gunshot residue.

Curiously, the ShotSpotter audio files that were the only evidence of the phantom fifth shot have disappeared.

Both the company and the Rochester Police Department “lost, deleted and/or destroyed the spool and/or other information containing sounds pertaining to the officer-involved shooting,”

[…]

Greene—who has testified as a government witness in dozens of criminal trials—was involved in another altered report in Chicago, in 2018, when Ernesto Godinez, then 27, was charged with shooting a federal agent in the city.

The evidence against him included a report from ShotSpotter stating that seven shots had been fired at the scene, including five from the vicinity of a doorway where video surveillance showed Godinez to be standing and near where shell casings were later found. The video surveillance did not show any muzzle flashes from the doorway, and the shell casings could not be matched to the bullets that hit the agent, according to court records.

During the trial, Greene testified under cross-examination that the initial ShotSpotter alert only indicated two gunshots (those fired by an officer in response to the original shooting). But after Chicago police contacted ShotSpotter, Greene re-analyzed the audio files.

[…]

Prior to the trial, the judge ruled that Godinez could not contest ShotSpotter’s accuracy or Greene’s qualifications as an expert witness. Godinez has appealed the conviction, in large part due to that ruling.

“The reliability of their technology has never been challenged in court and nobody is doing anything about it,” Gal Pissetzky, Godinez’s attorney, told Motherboard. “Chicago is paying millions of dollars for their technology and then, in a way, preventing anybody from challenging it.”

The evidence

At the core of the opposition to ShotSpotter is the lack of empirical evidence that it works—in terms of both its sensor accuracy and the system’s overall effect on gun crime.

The company has not allowed any independent testing of its algorithms, and there’s evidence that the claims it makes in marketing materials about accuracy may not be entirely scientific.

Over the years, ShotSpotter’s claims about its accuracy have increased, from 80 percent accurate to 90 percent accurate to 97 percent accurate. According to Greene, those numbers aren’t actually calculated by engineers, though.

“Our guarantee was put together by our sales and marketing department, not our engineers,” Greene told a San Francisco court in 2017. “We need to give them [customers] a number … We have to tell them something. … It’s not perfect. The dot on the map is simply a starting point.”

In May, the MacArthur Justice Center analyzed ShotSpotter data and found that over a 21-month period 89 percent of the alerts the technology generated in Chicago led to no evidence of a gun crime and 86 percent of the alerts led to no evidence a crime had been committed at all.

[..]

Meanwhile, a growing body of research suggests that ShotSpotter has not led to any decrease in gun crime in cities where it’s deployed, and several customers have dropped the company, citing too many false alarms and the lack of return on investment.

[…]

a 2021 study by New York University School of Law’s Policing Project that determined that assaults (which include some gun crime) decreased by 30 percent in some districts in St. Louis County after ShotSpotter was installed. The study authors disclosed that ShotSpotter has been providing the Policing Project unrestricted funding since 2018, that ShotSpotter’s CEO sits on the Policing Project’s advisory board, and that ShotSpotter has previously compensated Policing Project researchers.

[…]

Motherboard recently obtained data demonstrating the stark racial disparity in how Chicago has deployed ShotSpotter. The sensors have been placed almost exclusively in predominantly Black and brown communities, while the white enclaves in the north and northwest of the city have no sensors at all, despite Chicago police data that shows gun crime is spread throughout the city.

Community members say they’ve seen little benefit from the technology in the form of less gun violence—the number of shootings in 2021 is on pace to be the highest in four years—or better interactions with police officers.

[…]

Source: Police Are Telling ShotSpotter to Alter Evidence From Gunshot-Detecting AI

QR Menu Codes Are Tracking You More Than You Think

Posted on by

If you’ve returned to the restaurants and bars that have reopened in your neighborhood lately, you might have noticed a new addition to the post-quarantine decor: QR codes. Everywhere. And as they’ve become more ubiquitous on the dining scene, so has the quiet tracking and targeting that they do.

That’s according to a new analysis by the New York Times, that found these QR codes have the ability to collect customer data—enough to create what Jay Stanley, a senior policy analyst at the American Civil Liberties Union, called an “entire apparatus of online tracking,” that remembers who you are every time you sit down for a meal. While the data itself contains pretty uninteresting information, like your order history or contact information, it turns out there’s nothing stopping that data from being passed to whomever the establishment wants.

[…]

But as the Times piece points out, these little pieces of tech aren’t as innocuous as they might initially seem. Aside from storing data like menus or drink options, QR codes are often designed to transmit certain data about the person who scanned them in the first place—like their phone number or email address, along with how often the user might be scanning the code in question. This data collection comes with a few perks for the restaurants that use the codes (they know who their repeat customers are and what they might order). The only problem is that we actually don’t know where that data actually goes.

Source: QR Menu Codes Are Tracking You More Than You Think

Note for ant fuckers: the QR code does not in fact “transmit” anything – a server behind it detects that you have visited it (if you follow a URL in the code) and then collects data based on what you do on the server, but also on the initial connection (eg location through IP address, URL parameters which can include location information, OS, browser type, etc etc etc)

Shield TV Owners Are Pissed About the Banner Ads in Android TV – wtf are manufacturers doing advertising on products you actually own?

Posted on by

Nvidia’s Shield TVs are some of the best streaming video boxes on the market, but following a recent update to Android TV, Shield TV users are starting to see ads on their home screen and they aren’t happy about it.

The latest update to Android TV on Shield TV devices began rolling out earlier this month and featured a small UI redesign that added large banner images to Android TV’s home screen, similar to what you get when using Google TV devices like the Chromecast with Google TV.

Now technically, Google calls these banner images “recommendations,” as they are regularly updated and rotated to help users find new streaming content Google thinks they might enjoy. However, a number of Shield TV users consider these images to be advertisements (especially when they recommend shows on services users aren’t even subscribed to), and as such, have taken to showing their displeasure with the recent update by review bombing the listing for the Android TV Home app, which now has a one-star rating across more than 800 reviews.

[…]

As seen in a number of reviews and complaints on Reddit, many Shield TV users are unhappy about the way Google has killed off Android TV’s previously minimalist design by implementing intrusive banner ads that take up significantly more space, particularly on what is supposed to be a premium streaming device that goes for $150 or $200 depending on the model.

[…]

But more importantly, the addition of new banner images in Android TV is merely just one example of a growing trend in which major OS makers have begun inserting ads in a number of devices from smartphones to smart TVs. Sometimes these ads are presented as tools to help users find new content, while in other situations (like on Samsung phones), ads can appear as unwanted notifications alerting users about a newly announced Samsung device or service.

[…]

Unfortunately, oftentimes there’s no easy way to get rid of the ads, which causes user dissatisfaction or may even eventually drive users away from their current devices or platforms. But the real sad part is that until users make enough noise or cause a company’s sales to drop, it’s hard to say when this trend of seeing more and more ads in modern gadgets will stop.

Source: Shield TV Owners Are Pissed About the Banner Ads in Android TV

The argument for ads everywhere was that as you were accessing a free service, it had to be paid for by advertising. These products have all been paid for though and as such belong to you. The manufacturer has no business being on these products trying to monetise something you own even further.

iFixit CEO names and shames tech giants for right to repair obstruction – not sustainable at all

Posted on by

iFixit co-founder and CEO Kyle Wiens has exposed how companies including Apple, Samsung, and Microsoft manipulate the design of their products and the supply chain to prevent consumers and third-party repairers from accessing necessary tools and parts to repair products such as smartphones and laptops.

ZDNet Recommends

The best old phones to buy

The best old phones to buy

Why last year’s and older models make great deals.

Read More

Speaking during the Productivity Commission’s virtual right to repair public hearing on Monday, Weins took the opportunity to draw on specific examples of how some of the largest tech companies are obstructing consumers from a right to repair.

“We’ve seen manufacturers restrict our ability to buy parts. There’s a German battery manufacturer named Varta that sells batteries to a wide variety of companies. Samsung happens to use these batteries in their Galaxy earbuds … but when we go to Varta and say can we buy that part as a repair part, they’ll say ‘No, our contract with Samsung will not allow us to sell that’. We’re seeing that increasingly,” he said.

“Apple is notorious for doing this with the chips in their computers. There’s a particular charging chip on the MacBook Pro … there is a standard version of the part and then there’s the Apple version of the part that sits very slightly tweaked, but it’s tweaked enough that it’s only required to work in this computer, and that company again is under contractual requirement with Apple.”

He continued, highlighting that a California-based recycler was contracted by Apple to recycle spare parts that were still in new condition.

“California Apple stops providing service after seven years, so this was at seven years and Apple have warehouses full of spare parts, and rather than selling that out in the marketplace — so someone like me who eagerly would’ve bought them — they were paying the recycler to destroy them,” Wiens said.

Weins also pointed to an example involving a Microsoft Surface laptop.

“[iFixit] rated it on our repairability score, we normally rate products from one to 10; the Surface laptop got a zero. It had a glued-in battery … we had to actually cut our way into the product and destroyed it in the process of trying to get inside,” he said.

[…]

The other major point that was covered during the Productivity Commission’s public hearing was whether there is plausibility to introduce a labelling scheme, much like one that exists in France, in Australia.

[…]

Based on his observation, Weins said the adoption of the French index has been “pretty universal” across all five categories. He also pointed out that a recent Samsung survey showed 86% of French citizens say that the index impacts their purchasing behaviour while 80% said they would give up their favourite brand for a more repairable product.

“This is really substantially driving consumer behaviour,” he said.

For consumer group Choice, the possibility of introducing a labelling scheme to improve right to repair in Australia could work.

“We know from experience, particularly with the water and energy labelling scheme, that if you want manufacturers to improve the quality of products, start by rating and ranking them,” Choice campaign and communications director Erin Turner said during the hearing.

[…]

Source: iFixit CEO names and shames tech giants for right to repair obstruction | ZDNet

US legal eagles representing Apple, IBM, and more take 5 months to inform clients of ransomware data breach, will only offer support if social security number was in data

Posted on by

Law firm Campbell Conroy & O’Neil has warned of a breach from late February which may have exposed data from the company’s lengthy client list of big-name corporations including Apple and IBM.

The breach, which was discovered on 27 February 2021 when a ransomware infection blocked access to selected files on the company’s internal systems, has been blamed on an unnamed “unauthorised actor.”

[…]

While it’s not yet known precisely what data was accessed during the breach, the system affected held a treasure trove including “certain individuals’ names, dates of birth, driver’s license numbers/state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data, and/or online account credentials (i.e. usernames and passwords),” the company confirmed in a statement regarding the attack.

[…]

The company has also offered those affected a 24-month subscription to credit monitoring, fraud consultation, and identity theft restoration services – but only if they had their Social Security numbers held on the system. For those whose data did not include Social Security numbers, they get nothing bar the company’s apologies.

Source: US legal eagles representing Apple, IBM, and more take 5 months to inform clients of ransomware data breach • The Register

16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines

Posted on by

Researchers have released technical details on a high-severity privilege-escalation flaw in HP printer drivers (also used by Samsung and Xerox), which impacts hundreds of millions of Windows machines.

If exploited, cyberattackers could bypass security products; install programs; view, change, encrypt or delete data; or create new accounts with more extensive user rights.

The bug (CVE-2021-3438) has lurked in systems for 16 years, researchers at SentinelOne said, but was only uncovered this year. It carries an 8.8 out of 10 rating on the CVSS scale, making it high-severity.

According to researchers, the vulnerability exists in a function inside the driver that accepts data sent from User Mode via Input/Output Control (IOCTL); it does so without validating the size parameter. As the name suggests, IOCTL is a system call for device-specific input/output operations.

“This function copies a string from the user input using ‘strncpy’ with a size parameter that is controlled by the user,” according to SentinelOne’s analysis, released on Tuesday. “Essentially, this allows attackers to overrun the buffer used by the driver.”

Thus, unprivileged users can elevate themselves into a SYSTEM account, allowing them to run code in kernel mode, since the vulnerable driver is locally available to anyone, according to the firm.

The printer-based attack vector is perfect for cybercriminals, according to SentinelOne, since printer drivers are essentially ubiquitous on Windows machines and are automatically loaded on every startup.

“Thus, in effect, this driver gets installed and loaded without even asking or notifying the user,” explained the researchers. “Whether you are configuring the printer to work wirelessly or via a USB cable, this driver gets loaded. In addition, it will be loaded by Windows on every boot. This makes the driver a perfect candidate to target since it will always be loaded on the machine even if there is no printer connected.”

[…]

 

Source: 16-Year-Old HP Printer-Driver Bug Impacts Millions of Windows Machines | Threatpost