Author Archives: Robin Edgar

About Robin Edgar

Organisational Structures | Technology and Science | Military, IT and Lifestyle consultancy | Social, Broadcast & Cross Media | Flying aircraft

Facial Recognition Is Accurate, if You’re a White Guy

Posted on by

Facial recognition technology is improving by leaps and bounds. Some commercial software can now tell the gender of a person in a photograph.

When the person in the photo is a white man, the software is right 99 percent of the time.

But the darker the skin, the more errors arise — up to nearly 35 percent for images of darker skinned women, according to a new study that breaks fresh ground by measuring how the technology works on people of different races and gender.

These disparate results, calculated by Joy Buolamwini, a researcher at the M.I.T. Media Lab, show how some of the biases in the real world can seep into artificial intelligence, the computer systems that inform facial recognition.
[…]
One widely used facial-recognition data set was estimated to be more than 75 percent male and more than 80 percent white, according to another research study.

The new study also raises broader questions of fairness and accountability in artificial intelligence at a time when investment in and adoption of the technology is racing ahead.
[…]
The African and Nordic faces were scored according to a six-point labeling system used by dermatologists to classify skin types. The medical classifications were determined to be more objective and precise than race.

Then, each company’s software was tested on the curated data, crafted for gender balance and a range of skin tones. The results varied somewhat. Microsoft’s error rate for darker-skinned women was 21 percent, while IBM’s and Megvii’s rates were nearly 35 percent. They all had error rates below 1 percent for light-skinned males.

Source: Facial Recognition Is Accurate, if You’re a White Guy – The New York Times

At least 4200 popular and large websites hijacked by hidden crypto-mining code after popular plugin pwned

Posted on by

Thousands of websites around the world – from the UK’s NHS and ICO to the US government’s court system – were today secretly mining crypto-coins on netizens’ web browsers for miscreants unknown.

The affected sites all use a fairly popular plugin called Browsealoud, made by Brit biz Texthelp, which reads out webpages for blind or partially sighted people.

This technology was compromised in some way – either by hackers or rogue insiders altering Browsealoud’s source code – to silently inject Coinhive’s Monero miner into every webpage offering Browsealoud.

For several hours today, anyone who visited a site that embedded Browsealoud inadvertently ran this hidden mining code on their computer, generating money for the miscreants behind the caper.

Source: UK ICO, USCourts.gov… Thousands of websites hijacked by hidden crypto-mining code after popular plugin pwned • The Register

Worm brain translated into a computer is taught tricks without programming

Posted on by

It is not much to look at: the nematode C. elegans is about one millimetre in length and is a very simple organism. But for science, it is extremely interesting. C. elegans is the only living being whose neural system has been analysed completely. It can be drawn as a circuit diagram or reproduced by computer software, so that the neural activity of the worm is simulated by a computer program.

Such an artificial C. elegans has now been trained at TU Wien (Vienna) to perform a remarkable trick: The computer worm has learned to balance a pole at the tip of its tail.
[…]
“With the help of reinforcement learning, a method also known as ‘learning based on experiment and reward’, the artificial reflex network was trained and optimized on the computer”, Mathias Lechner explains. And indeed, the team succeeded in teaching the virtual nerve system to balance a pole. “The result is a controller, which can solve a standard technology problem – stabilizing a pole, balanced on its tip. But no human being has written even one line of code for this controller, it just emerged by training a biological nerve system”, says Radu Grosu.

The team is going to explore the capabilities of such control-circuits further. The project raises the question, whether there is a fundamental difference between living nerve systems and computer code. Is machine learning and the activity of our brain the same on a fundamental level? At least we can be pretty sure that the simple nematode C. elegans does not care whether it lives as a worm in the ground or as a virtual worm on a computer hard drive.

Source: Technische Universität Wien : Dressierter Computerwurm lernt, einen Stab zu balancieren

Razer doesn’t care about Linux

Posted on by

Razer is a vendor that makes high-end gaming hardware, including laptops, keyboards and mice. I opened a ticket with Razor a few days ago asking them if they wanted to support the LVFS project by uploading firmware and sharing the firmware update protocol used. I offered to upstream any example code they could share under a free license, or to write the code from scratch given enough specifications to do so. This is something I’ve done for other vendors, and doesn’t take long as most vendor firmware updaters all do the same kind of thing; there are only so many ways to send a few kb of data to USB devices. The fwupd project provides high-level code for accessing USB devices, so yet-another-update-protocol is no big deal. I explained all about the LVFS, and the benefits it provided to a userbase that is normally happy to vote using their wallet to get hardware that’s supported on the OS of their choice.

I just received this note on the ticket, which was escalated appropriately:

I have discussed your offer with the dedicated team and we are thankful for your enthusiasm and for your good idea.
I am afraid I have also to let you know that at this moment in time our support for software is only focused on Windows and Mac.

The CEO of Razer Min-Liang Tan said recently “We’re inviting all Linux enthusiasts to weigh in at the new Linux Corner on Insider to post feedback, suggestions and ideas on how we can make it the best notebook in the world that supports Linux.” If this is true, and more than just a sound-bite, supporting the LVFS for firmware updates on the Razer Blade to solve security problems like Meltdown and Spectre ought to be a priority?

Source: Razer doesn’t care about Linux – Technical Blog of Richard Hughes

I have gone off them since they require their products to be connected via their cloud to change settings and receive updates. There is absolutely no reason for a mouse to need to be connected to Razer to change settings.

Researchers discover efficient and sustainable way to filter salt and metal ions from water

Posted on by

With two billion people worldwide lacking access to clean and safe drinking water, joint research by Monash University, CSIRO and the University of Texas at Austin published today in Sciences Advances may offer a breakthrough new solution.

It all comes down to metal-organic frameworks (MOFs), an amazing next generation material that have the largest internal surface area of any known substance. The sponge like crystals can be used to capture, store and release chemical compounds. In this case, the salt and ions in sea water.

Dr Huacheng Zhang, Professor Huanting Wang and Associate Professor Zhe Liu and their team in the Faculty of Engineering at Monash University in Melbourne, Australia, in collaboration with Dr Anita Hill of CSIRO and Professor Benny Freeman of the McKetta Department of Chemical Engineering at The University of Texas at Austin, have recently discovered that MOF membranes can mimic the filtering function, or ‘ion selectivity’, of organic cell membranes.

With further development, these membranes have significant potential to perform the dual functions of removing salts from seawater and separating metal ions in a highly efficient and cost effective manner, offering a revolutionary new technological approach for the water and mining industries.

Source: Researchers discover efficient and sustainable way to filter salt and metal ions from water

US state’s pot dealer database pwned after security goes up in smoke

Posted on by

The US state of Washington says a miscreant was able to access the system it uses to track the manufacturing and sale of marijuana.

The Evergreen State’s Liquor and Cannabis Board – a job that sounds way cooler than it actually is – yesterday admitted that last weekend someone was able to exploit a vulnerability in one of its machines to access Leaf Data Systems, which Washington uses to keep records on the movement of Mary Jane.

Described as a “seed to sale” tracing process, the Leaf system is intended as a way for the board to keep track on the movement of marijuana from growers and suppliers. Growers and merchants upload information including planned shipments and movements of crops between various points in the “chain of custody” as the pot moves from farms to wholesalers and eventually shops.

Earlier this week, Washington was hit with a pot shortage after the Leaf Data System went down with what was at the time thought to be a “glitch” that had left shops unable to take in new shipments.

On Thursday, the board revealed that the “glitch” was in fact the aftermath of a hacker intrusion, and that someone had been able to obtain a copy of the database that tracked shipments.

“There are indications an intruder downloaded a copy of the traceability database and took action that caused issues with inventory transfers for some users,” the board said.

“We believe this was the root cause of the transfer/manifest issue experienced between Saturday and Monday.”

The stolen database contained information on shipments set to take place between February 1 and 4 of 2018, including route manifest information, vehicle identification and, license plate number. Only the manifest data is considered sensitive, as the other records are public information.

Source: You dopes! US state’s pot dealer database pwned after security goes up in smoke • The Register

I am very curious if any dope trucks got robbed in that period.

You can resurrect any deleted GitHub account name. If you depend on that account you may find yourself in trouble

Posted on by

The individual identifying himself as Jim Teeuwen, who maintained GitHub repository for a tool called go-bindata for embedded data in Go binaries, recently deleted his GitHub account, taking with it a resource that other Go developers had included in their projects.

The incident echoes the more widely noted 2016 disappearance of around 250 modules maintained by developer Azer Koçulu from the NPM repository. The deletion of one of these modules, left-pad, broke thousands of Node.js packages that incorporated it and prompted NPM to take the unprecedented step of restoring or “un-un-publishing” the code.

Earlier this week, an unidentified developer, whose Go project stopped functioning as a result of the closure of the jteeuwen account, opened a new GitHub account under the abandoned name and repopulated it with a forked version of the go-bindata package as a workaround to re-enable the broken project.

In a post on that account, Franklin Yu, a Boston-area software engineer in the US, said he was a friend of the person who recreated the account and explained that the repo had been resurrected to fix a private project.

“The current owner had no way to directly redirect the repo, so he made such work-around so that he could safely go home without being blamed by his supervisor,” he explained. “And of course, hoped this would also save someone else trapped in similar situation.”
[…]
The security implications of allowing reuse of abandoned names are particularly evident in the domain industry, where expired domains regularly get re-registered by spammers hoping to benefit from whatever trust and traffic the previous owner had accrued.

Developers themselves bear some measure of responsibility for relying on code they can’t control and can’t verify.

But Donat, in a phone interview with The Register, suggested that’s not realistic. “You could argue it’s all down to the developer,” he said. “But the fact of the matter is this is how GitHub is now being used, as a package repository, whether it’s meant to be or not.”

Donat argued that GitHub should address the issue, noting that it would not be difficult to revive an abandoned account name and use it to distribute malware.

Source: You can resurrect any deleted GitHub account name. And this is why we have trust issues • The Register

Personally I don’t think the onus here is on GitHub. If you delete a username, it becomes free. The problem is with stupid developers who trust an account, instead of downloading the software they depend on and packaging it with their product. We should know by now that anything on the cloud won’t stay there forever.

The Equifax hack could be worse than we thought

Posted on by

In its original announcement of the hack, the company had revealed that some driver’s license numbers were exposed. The new documents show that the license state and issue date might have also been compromised.

Equifax spokesperson Meredith Griffanti told CNNMoney Friday that the original list of vulnerable personal information was never intended to represent the full list of potentiality exposed information.

The new documents now raise questions of how much information hackers may have accessed in Equifax’s cyberattack.

Source: The Equifax hack could be worse than we thought – Feb. 9, 2018

Wish you could log into someone’s Netgear box without a password? Summon a &genie=1 – get patching!

Posted on by

Some 17 Netgear routers have a remote authentication bypass, meaning malware or miscreants on your network, or able to reach the device’s web-based configuration interface from the internet, can gain control without having to provide a password. Just stick &genie=1 in the URL, and bingo.

That’s pretty bad news for any vulnerable gateways with remote configuration access enabled, as anyone on the internet can exploit the cockup to take over the router, change its DNS settings, redirect browsers to malicious sites, and so on.

Another 17 Netgear routers – with some crossover with the above issue – have a similar bug, in that the genie_restoring.cgi script, provided by the box’s built-in web server, can be abused to extract files and passwords from its filesystem in flash storage – it can even be used to pull files from USB sticks plugged into the router.

Other models have less severe problems that still need patching just in case. For example, after pressing the Wi-Fi Protected Setup button, six of Netgear’s routers open up a two-minute window during which an attacker can potentially execute arbitrary code on the router as root over the air.

Source: Wish you could log into someone’s Netgear box without a password? Summon a &genie=1 • The Register

Robot learns to mimic simple human motions

Posted on by

Researchers from the University of California, Berkeley, in the USA, have made some progress on this front by teaching code controlling a robot arm and hand to perform three tasks: grabbing an object and placing it in a specific position; pushing an object; and pushing and pulling an object after seeing the same action performed by a human arm.

Think picking up stuff, such as a toy, and placing it on a box, pushing a little car along a table, and so on.

The technique, described in a paper out this week, has been dubbed “one-shot imitation.” And, yes, it requires a lot of training before it can start copycatting people on demand. The idea is to educate the code to the point where it can immediately recognize movements, or similar movements, from its training, and replay them.

A few thousand videos depicting a human arm and a robot arm completing movements and actions are used to prime the control software. The same actions are repeated using different backgrounds, lighting effects, objects, and human arms to increase the depth of the machine-learning model’s awareness of how the limbs generally operate, and thus increase the chances of the robot successfully imitating a person on the fly.

Source: Is that you, T-1000? No, just a lil robot that can mimic humans on sight • The Register

SpaceX Roadster skips Mars, steers to asteroids, central core booster explodes

Posted on by

During a press conference after liftoff, Musk said it was dicey whether the second stage would power up at all. The fuel could have frozen, the oxygen boiled off, or the avionics failed, as the rocket spent more than five hours in our planet’s high-radiation Van Allen belts before firing up.

Usually spacecraft punch through the belts as quickly as possible to minimize the risk of damage. After hours of charged particles bombarding the podule, it still worked just fine. Ish. Maybe it was performing a touching tribute to Tesla’s autopilot software.

The payload was supposed to get into an orbit around the Sun, and skim Mars. Instead, the car will whiz past the Red Planet by a much larger margin than expected and zoom off out toward the asteroid belt. T
[…]
Musk explained what went wrong with the attempted landing of the Falcon Heavy’s central core. The booster was trying to land on the floating autonomous barge Of Course I Still Love You when it suffered a “rapid, unscheduled disassembly,” to use SpaceX’s term for crashed and burned.

According to Musk, the booster had enough main fuel to make the landing, but it ran out of the triethylaluminum and triethylborane (TEA-TEB) fuel that is used to reignite the rocket engines, which are needed to control the rate of descent. Its central motor lit up, but the two other engines didn’t.

The result was that the booster came down too fast and off target. It hit the Atlantic ocean at about 300 MPH 100 metres from the barge, and disintegrated, damaging two of the sea vessel’s four thrusters, which are used to keep the ship in position.

Source: What did we say about Tesla’s self-driving tech? SpaceX Roadster skips Mars, steers to asteroids • The Register

Typical Tesla!

The House That Spied on Me: living in a smart home

Posted on by

In December, I converted my one-bedroom apartment in San Francisco into a “smart home.” I connected as many of my appliances and belongings as I could to the internet: an Amazon Echo, my lights, my coffee maker, my baby monitor, my kid’s toys, my vacuum, my TV, my toothbrush, a photo frame, a sex toy, and even my bed.

Source: The House That Spied on Me

It’s a good story on the privacy and especially the practicality of living in a smart home.

I recognise quite a lot in that much of it is quite a bit of hassle, especially trying to get it working the way you want it to!

Cheddar Man: Britains’ first men were black. And so were Europes’.

Posted on by

New research into ancient DNA extracted from the skeleton has helped scientists to build a portrait of Cheddar Man and his life in Mesolithic Britain.The biggest surprise, perhaps, is that some of the earliest modern human inhabitants of Britain may not have looked the way you might expect.Dr Tom Booth is a postdoctoral researcher working closely with the Museum’s human remains collection to investigate human adaptation to changing environments.’Until recently it was always assumed that humans quickly adapted to have paler skin after entering Europe about 45,000 years ago,’ says Tom. ‘Pale skin is better at absorbing UV light and helps humans avoid vitamin D deficiency in climates with less sunlight.’However, Cheddar Man has the genetic markers of skin pigmentation usually associated with sub-Saharan Africa.This discovery is consistent with a number of other Mesolithic human remains discovered throughout Europe.

Source: Cheddar Man: Mesolithic Britain’s blue-eyed boy | Natural History Museum

PinMe: Tracking a Smartphone User around the World with GPS and WiFi off

Posted on by

We describe PinMe, a novel user-location mechanism that exploits non-sensory/sensory data stored on the smartphone, e.g., the environment’s air pressure, along with publicly-available auxiliary information, e.g., elevation maps, to estimate the user’s location when all location services, e.g., GPS, are turned off.

Source: [1802.01468] PinMe: Tracking a Smartphone User around the World

The gender pay gap at Uber is small and has a reason

Posted on by

Specifically, the study stated, drivers who make runs for Uber more frequently are more likely to know where and when to operate in order to get the highest-paying fares.

Thus, because women, on average, spend less time driving for Uber than their male counterparts, they are less likely to be around to grab the highest-paying fares.

“Men’s willingness to supply more hours per week (enabling them to earn more) and to target the most profitable locations shows that women continue to pay a cost for working reduced hours each week, even with no convexity in the hours-earning schedule,” the research team stated.

The study, which was based on data collected from 1,877,252 drivers operating in America from January 2015 to March 2017, examined factors including average hours worked per week, money earned over the whole week, and money earned per hour.
[…]
Overall, the gang concluded that those who drove an Uber car more often were able to make more per trip, and because on average the men surveyed drove 50 per cent more often, they were able to get on average $21.28 (£15.23) per hour compared to $20.04 (£14.35) logged by their female counterparts.

With more time driving, we’re told, comes a better idea of when and where the best fares are to be expected.
[…]
“A driver with more than 2,500 lifetime trips completed earns 14 per cent more per hour than a driver who has completed fewer than 100 trips in her time on the platform, in part because she learns where to drive, when to drive, and how to strategically cancel and accept trips.”

At least one other factor was cited in the gap: speed.

The study found that while driving for Uber, men tended to drive around 2.2 per cent faster than women. This meant that, over the long haul, they were able to rack up a few extra trips and make a bit more money.

“Increasing speed increases expected driver earnings in almost all Uber settings,” the research team concluded.

Source: Uber: Ah yeah, we pay women drivers less than men. We can explain!

Bug in Grammarly browser extension exposes virtually everything a user ever writes

Posted on by

The Grammarly browser extension, which has about 22 million users, exposes its authentication tokens to all websites, allowing any to access all the user’s data without permission, according to a bug report from Google Project Zero’s Tavis Ormandy.

The high-severity bug was discovered on Friday and fixed early Monday morning, “a really impressive response time,” Ormandy wrote.

Grammarly, launched in 2009 by Ukrainian developers, looks at all messages, documents and social media posts and attempts to clean up errors so the user is left with the clearest English possible. The browser extension has access to virtually everything a user types, and therefore an attacker could access a huge trove of private data.

Exploitation is as simple as a couple of console commands granting full access to everything, as Ormandy explained. The company has no evidence that the vulnerability was exploited.

The vulnerability affected Chrome and Firefox. Updates are now available for both browsers.

Source: Bug in Grammarly browser extension exposes virtually everything a user ever writes

Japan successfully launches world’s smallest satellite-carrying rocket

Posted on by

KAGOSHIMA – Japan successfully launched on Saturday the world’s smallest satellite-carrying rocket following a failed attempt in January last year, the nation’s space agency said.

The rocket about the size of a utility pole, measuring 10 meters in length and 50 centimeters in diameter, lifted off from the Uchinoura Space Center in Kagoshima Prefecture and delivered its payload to its intended orbit, according to the Japan Aerospace Exploration Agency.

The No. 5 vehicle of the SS-520 series carried a microsatellite weighing about 3 kilograms developed by the University of Tokyo to collect imagery of the Earth’s surface.

The launch was aimed at verifying JAXA’s technology used to launch small rockets made with commercially available components at lower cost amid growing global demand for microsatellites. The agency used components found in home electronics and smartphones for the rocket.

JAXA launched the No. 4 vehicle on Jan. 15 last year, but terminated its flight shortly after liftoff due to a communications problem. The agency found that vibrations during liftoff caused a short circuit, leading to a loss of power in the data transmitter.

For Saturday’s launch, the agency made more than 40 improvements to prevent a recurrence.

Source: Japan successfully launches world’s smallest satellite-carrying rocket | The Japan Times

Exoplanets from another galaxy spotted

Posted on by

The Kepler Space Telescope has found oodles of exoplants, but now astroboffins have spotted the first exoplanets outside our galaxy.

A group of astroboffins from the University of Oklahoma has become the first to demonstrate exoplanet observations in another galaxy – one that’s 3.8 billion light years away, or one-third of the distance across the observable universe.

The discovery by a team led by professor Xinyu Dai and postdoc Eduardo Guerras, found the planets’ signatures in the spectrum of a gravitationally-microlensed galaxy behind the black hole quasar RXJ 1131−1231.

Gravitational microlensing refers to the phenomenon, predicted by Einstein, that gravity can bend light, resulting in an apparent magnification if the bodies are aligned the right way (from the point of view of the observer).

As the university explains, they believe the planets range in estimated mass from about the size of the moon, through to Jupiter-sized.

Their paper, published in Astrophysical Journal Letters and available here at the arXiv pre-print service, explains that the unbound planets they saw caused “Fe Kα line energy shifts” in the spectrum of RXJ 1131−1231.

They found the line shifts in Chandra X-ray Observatory images of the quasar, and in the paper said what they observed “has never been observed in a non-lensed AGN” [active galactic nucleus – El Reg].

The paper also explains that the researchers focussed on unbounded planets – that is, planets wandering around their galaxies rather than being part of a solar system – because planets orbiting stars don’t show up separately from their hosts.

There are around 2,000 moon-to-Jupiter sized planets for each main sequence star in their observations, the researchers wrote, which equates to trillions of stars per galaxy.

Source: Exoplanets from another galaxy spotted – take that, Kepler fatigue! • The Register

Intel’s new Vaunt smart glasses actually look good

Posted on by

There is no camera to creep people out, no button to push, no gesture area to swipe, no glowing LCD screen, no weird arm floating in front of the lens, no speaker, and no microphone (for now).

From the outside, the Vaunt glasses look just like eyeglasses. When you’re wearing them, you see a stream of information on what looks like a screen — but it’s actually being projected onto your retina.

The prototypes I wore in December also felt virtually indistinguishable from regular glasses. They come in several styles, work with prescriptions, and can be worn comfortably all day. Apart from a tiny red glimmer that’s occasionally visible on the right lens, people around you might not even know you’re wearing smart glasses.

Like Google Glass did five years ago, Vaunt will launch an “early access program” for developers later this year. But Intel’s goals are different than Google’s. Instead of trying to convince us we could change our lives for a head-worn display, Intel is trying to change the head-worn display to fit our lives.

Source: Exclusive: Intel’s new Vaunt smart glasses actually look good – The Verge

Can’t login to Skype? You’re not alone. Chat app’s been a bit crap for five days now

Posted on by

A bunch of Skype users are unhappy that they’re been unable to sign into the VoIP service for several days.The yakkity-yak app has fallen flat since January 24, leaving a number of punters with two-factor authentication enabled unable to get back into the software after signing out.”Skype users who are signed in are not affected,” Reg reader C. F. Heyns told us today. “Anyone signing out has almost no chance of getting back in.”

Source: Can’t login to Skype? You’re not alone. Chat app’s been a bit crap for five days now • The Register

Crooks make US ATMs spew million-plus bucks in ‘jackpotting’ hacks

Posted on by

ash machines in the US are being hacked to spew hundreds of dollar bills – a type of theft dubbed “jackpotting” because the ATMs look like slot machines paying out winnings.A gang of miscreants have managed to steal more than $1m from ATMs using this attack, according to a senior US Secret Service official speaking to Reuters on Monday.Typically, crooks inject malware into an ATM to make it rapidly dole out large sums of money that doesn’t belong to the thieves. Anyone aware of the work by security researcher Barnaby Jack – who almost 10 years ago revealed various ways to force cash machines to cough up cash on demand – will know of jackpotting.

[…]

Since 2013, if not earlier, Ploutus has been a favorite of Mexican banditos raiding cash machines, as previous Reg stories document. Viewed from this perspective, the main surprise today is that it’s taken so long for the scam to surface north of the border, moving from Mexico to the United States.

To get Ploutus into an ATM, the crooks have to gain physical access to the box’s internals to swap its computer hard drive for an infected one. Once the disk is in place and the ATM rebooted, the villains have full control over the device, allowing them to order it to dispense the contents of its cartridges of dollar bills.

Source: Crooks make US ATMs spew million-plus bucks in ‘jackpotting’ hacks • The Register

Maybe you should’ve stuck with NetWare: Hijackers can bypass Active Directory controls

Posted on by

“The idea of a rogue domain controller is not new and has been mentioned multiple times in previous security publications but required invasive techniques (like installing a virtual machine with Windows Server) and to log on a regular domain controller (DC) to promote the VM into a DC for the targeted domain.”That’s easily spotted, so Delsalle wrote that the attack described by Delpy and Le Toux has to “modify the targeted AD infrastructure database to authorise the rogue server to be part of the replication process.”

Source: Maybe you should’ve stuck with NetWare: Hijackers can bypass Active Directory controls • The Register

UK.gov mass data slurping ruled illegal – AGAIN

Posted on by

In a judgment handed down this morning, judges backed a challenge brought by deputy Labour leader Tom Watson in a long-running battle against state surveillance rules.These laws allow for ISPs and telcos to retain communications data for up to a year and for public authorities to get access to this information. But campaigners have argued it fails to properly restrict this retention and access.Today’s ruling refers to the Data Retention and Investigatory Powers Act, which expired at the end of 2016, but will have significant implications for its successor, the Investigatory Powers Act.The so-called Snoopers’ Charter was already under pressure following a landmark 2016 ruling from the Court of Justice of the European Union, and today’s judgment adds weight to this.In the document, the judges also note: “As [Ben] Jaffey QC, on behalf of the first respondent, pointed out in the course of his oral submissions, that the fact that DRIPA has been repealed does not make this a pointless exercise”.Their ruling was that DRIPA “was inconsistent with EU law” because it did not limit access to retained communications data solely to the purpose of fighting serious crime.It also broke the law because police forces and public authorities could themselves grant access to retained data – rather than access being subject to prior review by a court or an independent administrative authority.

Source: UK.gov mass data slurping ruled illegal – AGAIN • The Register

Especially the last bit: rather than access being subject to prior review by a court or an independent administrative authority.

Come on! How hard is it to ask a judge after proving some sort of probable cause? It’s investigation that gets the bad guys. Not being a police state.