An anonymous reader shares this report from Dark Reading: In recent weeks, hackers have been deploying the "IceFire" ransomware against Linux enterprise networks, a noted shift for what was once a Windows-only malware.

A report from SentinelOne suggests that this may represent a budding trend. Ransomware actors have been targeting Linux systems more than ever in cyberattacks in recent weeks and months, notable not least because "in comparison to Windows, Linux is more difficult to deploy ransomware against, particularly at scale," Alex Delamotte, security researcher at SentinelOne, tells Dark Reading....

"[M]any Linux systems are servers," Delamotte points out, "so typical infection vectors like phishing or drive-by download are less effective." So instead, recent IceFire attacks have exploited CVE-2022-47986 — a critical remote code execution (RCE) vulnerability in the IBM Aspera data transfer service, with a CVSS rating of 9.8.

Delamotte posits a few reasons for why more ransomware actors are choosing Linux as of late. For one thing, she says, "Linux-based systems are frequently utilized in enterprise settings to perform crucial tasks such as hosting databases, Web servers, and other mission-critical applications. Consequently, these systems are often more valuable targets for ransomware actors due to the possibility of a larger payout resulting from a successful attack, compared to a typical Windows user."

A second factor, she guesses, "is that some ransomware actors may perceive Linux as an unexploited market that could yield a higher return on investment."
While previous reports had IceFire targetting tech companies, SentinelLabs says they've seen recent attacks against organizations "in the media and entertainment sector," impacting victims "in Turkey, Iran, Pakistan, and the United Arab Emirates, which are typically not a focus for organized ransomware actors."

An anonymous reader quotes a report from Gizmodo: A former TikTok employee turned whistleblower has reportedly met with multiple U.S. senators expressing concerns TikTok's plan to secure U.S. user data won't go far enough to stop possible Chinese espionage. The whistleblower told The Washington Post in an interview that the company's policy plan, dubbed Project Texas, doesn't go far enough and that properly ensuring U.S. data is secured from Chinese employees requires nothing short of a "complete re-engineering" of the way the app works. Those allegations come just days after another whistleblower raised concerns regarding TikTok's U.S. user controls. Combined, the comments could fan the flames for what looks like growing bipartisan support for a full-on nationwide TikTok ban.

The former TikTok employee turned whistleblower told the Post he worked at the company for around six months ending in early 2022 as a risk manager and head of a unit in TikTok's Safety Operations team. Part of that job, he claims, put him in charge of knowing which employees had access to certain tools and user data. He claims he was fired after speaking up about his data privacy concerns. Though he left TikTok prior to its finalization of the so-called Project Texas policy, he maintains he saw enough evidence to suggest the guardrails put in place to placate U.S. regulators fearful of Chinese employees viewing U.S. user data were insufficient. The whistleblower has reportedly already met with staffers from Iowa Sen. Chuck Grassley and Virginia Sen. Mark Warner's offices.

Specifically, the whistleblower shared a snippet of code with the Post which they say shows TikTok's code connecting with Toutiao, a Chinese news app also run by TikTok's parent company, ByteDance. The whistleblower alleges that connection could let Chinese employees intercept and potentially view U.S. user data. Gizmodo could not independently confirm those claims. The whistleblower, meanwhile reportedly did not advocate for an outright nationwide ban. Instead, he said the problems could be solved but would require further steps than what is included in the Project Texas proposal. Another alleged whistleblower came forward just days before the Post interview, alleging TikTok's access controls on U.S. data were "superficial" at best. "TikTok and ByteDance employees, he alleged, possess the ability to 'switch between Chinese and U.S. data with nothing more than the click of a button,'" reports Gizmodo.

The whistleblower alleged in a letter sent to ByteDance by Republican Missouri Rep. Josh Hawley: "I have seen first-hand China-based engineers flipping over to non-China datasets and creating scheduled tasks to backup, aggregate, and analyze data. TikTok and ByteDance are functionally the same company."

Chronic pain patients were implanted with "dummy" pieces of plastic and told it would ease their pain, according to an indictment charging the former CEO of the firm that made the fake devices with fraud. Motherboard reports: Laura Perryman, the former CEO of Stimwave LLC, was arrested in Florida on Thursday. According to an FBI press release, Perryman was indicted "in connection with a scheme to create and sell a non-functioning dummy medical device for implantation into patients suffering from chronic pain, resulting in millions of dollars in losses to federal healthcare programs." According to the indictment, patients underwent unnecessary implanting procedures as a result of the fraud. Perryman was charged with one count of conspiracy to commit wire fraud and health care fraud, and one count of healthcare fraud. Stimwave received FDA approval in 2014, according to Engadget, and was positioned as an alternative to opioids for pain relief.

The Stimwave "Pink Stylet" system consisted of an implantable electrode array for stimulating the target nerve, a battery worn externally that powered it, and a separate, 9-inch long implantable receiver. When doctors told Stimwave that the long receiver was difficult to place in some patients, Perryman allegedly created the "White Stylet," a receiver that doctors could cut to be smaller and easier to implant -- but was actually just a piece of plastic that did nothing. "To perpetuate the lie that the White Stylet was functional, Perryman oversaw training that suggested to doctors that the White Stylet was a 'receiver,' when, in fact, it was made entirely of plastic, contained no copper, and therefore had no conductivity," the FBI stated. "In addition, Perryman directed other Stimwave employees to vouch for the efficacy of the White Stylet, when she knew that the White Stylet was actually non-functional." Stimwave charged doctors and medical providers approximately $16,000 for the device, which medical insurance providers, including Medicare, would reimburse the doctors' offices for.

The United States Federal Bureau of Investigation has acknowledged for the first time that it purchased US location data rather than obtaining a warrant. Wired reports: While the practice of buying people's location data has grown increasingly common since the US Supreme Court reined in the government's ability to warrantlessly track Americans' phones nearly five years ago, the FBI had not previously revealed ever making such purchases. The disclosure came [Wednesday] during a US Senate hearing on global threats attended by five of the nation's intelligence chiefs.

Senator Ron Wyden, an Oregon Democrat, put the question of the bureau's use of commercial data to its director, Christopher Wray: "Does the FBI purchase US phone-geolocation information?" Wray said his agency was not currently doing so, but he acknowledged that it had in the past. He also limited his response to data companies gathered specifically for advertising purposes. To my knowledge, we do not currently purchase commercial database information that includes location data derived from internet advertising," Wray said. "I understand that we previously -- as in the past -- purchased some such information for a specific national security pilot project. But that's not been active for some time." He added that the bureau now relies on a "court-authorized process" to obtain location data from companies."

It's not immediately clear whether Wray was referring to a warrant -- that is, an order signed by a judge who is reasonably convinced that a crime has occurred -- or another legal device. Nor did Wray indicate what motivated the FBI to end the practice. In its landmark Carpenter v. United States decision, the Supreme Court held that government agencies accessing historical location data without a warrant were violating the Fourth Amendment's guarantee against unreasonable searches. But the ruling was narrowly construed. Privacy advocates say the decision left open a glaring loophole that allows the government to simply purchase whatever it cannot otherwise legally obtain. [...] Asked during the Senate hearing whether the FBI would pick up the practice of purchasing location data again, Wray replied: "We have no plans to change that, at the current time."

An anonymous reader quotes a report from CNBC: Rep. Mark Takano, who represents California's 39th district, has reintroduced his 32-hour Workweek Act to Congress, which, if passed, would officially reduce the standard definition of the workweek from 40 hours to 32 hours by amending the Fair Labor Standards Act. His proposal would mandate overtime pay for any work done after 32 hours, which would encourage business to either pay workers more for longer hours, or shorten their week and hire more people.

The bill applies to non-exempt workers, who typically work hourly jobs across leisure and hospitality, transportation, construction, manufacturing, wholesale, and retail trade. This is by design, Takano tells CNBC Make It. "The serious conversations about the reduced workweek are happening for white-collar professions. What my bill will do is spur conversation about how we democratize this norm to other sectors of the workforce so everybody benefits."

Takano says he's passionate about the 32-hour workweek to bring about "a significant change which will increase the happiness of humankind. That's a very big statement. But it was a big deal 100 years ago when we gave people the weekend by passing the Fair Labor Standards Act," which established a 40-hour workweek and created other worker protections. "These are all part of the social justice discourse," he says. Supporters say a shortened week would push businesses to hire more people, increase labor market participation, and create "healthier competition in the workplace that empowers workers to negotiate for better wages and working conditions," according to a release (PDF) from Takano's team. The report notes that Takano first introduced the legislation in 2021, but it "ultimately failed to advanced in Congress."

The Federal Trade Commission has voted to sue to block Intercontinental Exchange from completing its $11.7 billion acquisition of mortgage software provider Black Knight. From a report: The antitrust agency said the deal would lead to higher prices for software that lenders use to generate mortgages. Higher prices would be passed on to home buyers, the FTC said. The FTC's lawsuit, filed in its administrative court, is a setback for Intercontinental Exchange's efforts to become a big player in the technical infrastructure behind home loans. Best known as the parent company of the New York Stock Exchange, the company has increasingly pushed to digitize the mortgage business and made a series of deals to expand its role in home-loan finance.

Intercontinental Exchange -- known as ICE for short -- said it strongly disagreed with the FTC's decision. "ICE is fully confident in our position and look forward to presenting it in court," the company said in a statement. ICE and Black Knight currently compete to offer loan-origination systems -- used by lenders to initiate mortgage loans. Earlier this week, ICE said it had agreed to divest Black Knight's loan-origination system business to address any concerns about the deal hurting competition. The divestment would reduce the price tag of ICE's acquisition of Black Knight to $11.7 billion, from the original $13.1 billion when the deal was unveiled in May of last year. The FTC said it didn't believe that selling off Black Knight's product would fix the competitive harm caused by combining the two largest mortgage-loan technology providers. The agency also claimed the deal would undermine competition for another service that ICE and Black Knight provide that helps lenders get the best interest rates for home buyers.

Cerebral has revealed it shared the private health information, including mental health assessments, of more than 3.1 million patients in the United States with advertisers and social media giants like Facebook, Google, and TikTok. From a report: The telehealth startup, which exploded in popularity during the COVID-19 pandemic after rolling lockdowns and a surge in online-only virtual health services, disclosed the security lapse in a filing with the federal government that it shared patients' personal and health information who used the app to search for therapy or other mental health care services. Cerebral said that it collected and shared names, phone numbers, email addresses, dates of birth, IP addresses and other demographics, as well as data collected from Cerebral's online mental health self-assessment, which may have also included the services that the patient selected, assessment responses, and other associated health information.

A top House official said that a "significant data breach" at the health insurance marketplace for Washington, D.C., on Tuesday potentially exposed personal identifiable information of hundreds of lawmakers and staff. NBC News reports: In a letter obtained by NBC News, Chief Administrative Officer Catherine L. Szpindor said Wednesday that the U.S. Capitol Police and the FBI had alerted her to a data breach at DC Health Link, the Affordable Care Act online marketplace that administers health care plans for members of Congress and certain Capitol Hill staff. "Currently, I do not know the size and scope of the breach, but have been informed by the Federal Bureau of Investigation (FBI) that account information and [personally identifiable information] of hundreds of Member and House staff were stolen," Szpindor said. "I expect to have access to the list of impacted enrollees later today and will notify you directly if your information was compromised." Szpindor added that it did not appear that House lawmakers were "the specific target of the attack" on DC Health Link.

Out of an "abundance of caution," Szpindor said, lawmakers may opt to freeze family credit at three major credit bureaus, Equifax, Experian and Transunion. The data breach has also affected Senate offices, according to an email sent to Senate offices Wednesday afternoon that said the Senate Sergeant at Arms was informed by law enforcement about a data breach. The notice said that the "data included the full names, date of enrollment, relationship (self, spouse, child), and email address, but no other Personally Identifiable Information (PII)."

An anonymous reader quotes a report from Motherboard: A security researcher appears to have tracked the physical location of a former top Biden administration official through his apparent usage of AllTrails, a popular hiking app with more than 30 million registered users. The AllTrails records appear to show the official visiting sensitive locations such as the White House, and also suggests the specific house where he or his family lives. By default, AllTrails users' activity is public for anyone to view, including completed trails, maps, and activities. But that convenience and focus on providing a social network style experience comes with potential risks around national security or privacy, depending on the particular user. Whether a public figure like a government official or celebrity, or someone at risk of stalking in general such as someone in an abusive relationship, AllTrails' privacy settings may be something users should consider.

"I found interesting results by searching near the Pentagon, NSA, CIA or White House and then looking at the user's other activity," Wojciech, the security researcher, told Motherboard in an email. Wojciech said they used their own open source intelligence platform as part of the investigative process. They said the tool supports Strava and another app called SportsTracker, and will include AllTrails itself soon. Wojciech sent Motherboard a link to what they believed to be the AllTrails profile of the former top Biden official. Motherboard is not naming the official because they did not respond to requests for comment, and their profile is still publicly accessible.

One trip to the White House in December recorded in AllTrails also shows a nearby apartment building he ended his journey at. More trips recorded that month show the official's other movements throughout Washington D.C. Much of the AllTrails activity relates to when this official was part of the administration. Motherboard searched through the official's AllTrails activity and found multiple hikes starting from the same location. Motherboard then queried public records and found this location was a house registered to the official's family, meaning AllTrails had helped identify where the official or his family may have been living. Motherboard also verified that the official does have an account on AllTrails by attempting to sign up to the service with the official's personal email address. This was not possible because the address was already registered to an account.

China's government could use TikTok to control data on millions of American users, FBI Director Christopher Wray told a U.S. Senate hearing on Wednesday, saying the Chinese-owned video app "screams" of security concerns. Reuters reports: Wray told a Senate Intelligence Committee hearing on worldwide threats to U.S. security that the Chinese government could also use TikTok to control software on millions of devices and drive narratives to divide Americans over Taiwan or other issues. "Yes, and I would make the point on that last one, in particular, that we're not sure that we would see many of the outward signs of it happening if it was happening," Wray said of concerns China could feed misinformation to users. "This is a tool that is ultimately within the control of the Chinese government - and it, to me, it screams out with national security concerns," Wray said. Yesterday, the White House said it backed a bill in Congress to give the Biden administration new powers to ban TikTok and other foreign technologies that could pose security threats.

A YouTube star who built a sizable following with slickly produced videos flaunting his fleet of luxury and sports cars, collection of diamond-encrusted bling, and his spacious Swedesboro home will be forced to give up nearly all of it after he was sentenced Tuesday to 5 and a half years in prison for the illegal business that allowed him to amass those trappings of success. From a report: Bill Omar Carrasquillo -- better known to his more than 800,000 online followers as "Omi in a Hellcat" -- pleaded guilty last year to running one of the most brazen and successful cable TV piracy schemes ever prosecuted by the U.S. government. As part of his sentencing Tuesday, he was ordered to forfeit more than $30 million in assets, including nearly $6 million in cash; cars including Lamborghinis, Porsches, Bentleys, and McLarens; and a portfolio of more than a dozen properties he'd amassed across Philadelphia and its suburbs.

"Thirty million dollars is a lot of money [but] tangible objects aren't everything," U.S. District Judge Harvey Bartle III said in announcing the punishment during a hearing in federal court. "You have a large following and there may be people who think if you can get away with it, they can too." Carrasquillo, 36, apologized to his family, his employees, and the cable companies he'd cheated through his business, which illegally sold content hijacked from cable boxes to thousands of online subscribers paying fees as low as $15 a month. "I really didn't know the significance of this crime until I was picked up [by the FBI] at my home," he said. "I feel like I let everybody down." But while prosecutors described Carrasquillo's crimes -- which included counts of conspiracy, copyright infringement, fraud, money laundering, and tax evasion -- as serious, much of Tuesday's hearing focused on Carrasquillo's remarkable rags-to-riches story.

Google is expanding VPN access to all Google One members on all plans and rolling out a new dark web report feature for all subscribers. From a report: VPN by Google One was previously only available to members on the Premium 2TB plan, but will now be available to all Google One members, including those on the Basic plan that starts at $1.99 per month. The tech giant notes that VPN by Google One adds more protection to your internet activity no matter what apps or browsers you use, shielding it from hackers or network operators by masking your IP address. Google is also introducing a new feature called "dark web report" for Google One members on all plans in the United States to help users monitor their personal information on the dark web. Dark web report will start rolling out over the next few weeks to members across all Google One plans in the United States.

An anonymous reader quotes a report from Reuters: Amazon on Tuesday defeated a proposed class action lawsuit on behalf of nearly 7,000 workers in California that claimed the company should have reimbursed employees who worked remotely during the COVID-19 pandemic for home office expenses. U.S. District Judge Vincent Chhabria in San Francisco said the named plaintiff, David Williams, failed to show that Amazon had a company-wide policy of not reimbursing employees for internet, cell phone and other costs, and the judge denied his motion to certify the workers as a class.

The judge said that more than 600 of the 7,000 proposed class members were reimbursed $66.49 on average for home internet expenses, and some were reimbursed in full. Williams' motion for class certification was denied without prejudice, meaning he can file a renewed motion later on. Craig Ackermann, a lawyer for Williams, said he plans to file a new motion excluding the 619 workers who received reimbursements from the proposed class. Williams sued Amazon in 2021 individually and added class-action claims last year. He has accused Amazon of violating a California law requiring employers to reimburse workers for reasonable work-related expenses.

The domain name registrar Freenom, whose free domain names have long been a draw for spammers and phishers, has stopped allowing new domain name registrations. KrebsOnSecurity reports: Freenom is the domain name registry service provider for five so-called "country code top level domains" (ccTLDs), including .cf for the Central African Republic; .ga for Gabon; .gq for Equatorial Guinea; .ml for Mali; and .tk for Tokelau. Freenom has always waived the registration fees for domains in these country-code domains, presumably as a way to encourage users to pay for related services, such as registering a .com or .net domain, for which Freenom does charge a fee. On March 3, 2023, social media giant Meta sued Freenom in a Northern California court, alleging cybersquatting violations and trademark infringement. The lawsuit also seeks information about the identities of 20 different "John Does" -- Freenom customers that Meta says have been particularly active in phishing attacks against Facebook, Instagram, and WhatsApp users. The lawsuit points to a 2021 study (PDF) on the abuse of domains conducted for the European Commission, which discovered that those ccTLDs operated by Freenom made up five of the Top Ten TLDs most abused by phishers.

"The five ccTLDs to which Freenom provides its services are the TLDs of choice for cybercriminals because Freenom provides free domain name registration services and shields its customers' identity, even after being presented with evidence that the domain names are being used for illegal purposes," the complaint charges. "Even after receiving notices of infringement or phishing by its customers, Freenom continues to license new infringing domain names to those same customers." Freenom has not yet responded to requests for comment. But attempts to register a domain through the company's website as of publication time generated an error message that reads: "Because of technical issues the Freenom application for new registrations is temporarily out-of-order. Please accept our apologies for the inconvenience. We are working on a solution and hope to resume operations shortly. Thank you for your understanding." Although Freenom is based in The Netherlands, some of its other sister companies named as defendants in the lawsuit names are incorporated in the United States.

It remains unclear why Freenom has stopped allowing domain registration, but it could be that the company was recently the subject of some kind of disciplinary action by the Internet Corporation for Assigned Names and Numbers (ICANN), the nonprofit entity which oversees the domain registrars. In June 2015, ICANN suspended Freenom's ability to create new domain names or initiate inbound transfers of domain names for 90 days. According to Meta, the suspension was premised on ICANN's determination that Freenom "has engaged in a pattern and practice of trafficking in or use of domain names identical or confusingly similar to a trademark or service mark of a third party in which the Registered Name Holder has no rights or legitimate interest."

An anonymous reader quotes a report from Reuters: The White House said Tuesday it backs a bill in Congress to give the Biden administration new powers to ban Chinese-owned video app TikTok and other foreign technologies that could pose security threats. White House National Security Advisor Jake Sullivan said the bipartisan bill sponsored by a dozen senators "would strengthen our ability to address discrete risks posed by individual transactions, and systemic risks posed by certain classes of transactions involving countries of concern in sensitive technology sectors."

"We look forward to continue working with both Democrats and Republicans on this bill, and urge Congress to act quickly to send it to the President's desk," he said. The bill in question is called the "Restricting the Emergence of Security Threats that Risk Information and Communications Technology (RESTRICT) Act."

The bill, introduced by Sen. Mark Warner (D-Va.) and Sen. John Thune (R-SD), doesn't single out TikTok to be banned. "Instead, Warner avoids making his bill all about TikTok," reports Ars Technica. "His office told Reuters that the RESTRICT Act will 'comprehensively address the ongoing threat posed by technology from foreign adversaries,' citing TikTok as an example of tech that could be assessed as a threat."

"[T]he RESTRICT Act is superior to the DATA Act because it provides a legal framework for the US to review all 'foreign technology coming into America,' not just from China, but also from Russia, North Korea, Iran, Venezuela, and Cuba. It's designed to give the US 'a systemic approach to make sure we can ban or prohibit' emerging technology threats 'when necessary.'"

The FBI and the Defense Department were actively involved in research and development of facial recognition software that they hoped could be used to identify people from video footage captured by street cameras and flying drones, according to thousands of pages of internal documents that provide new details about the government's ambitions to build out a powerful tool for advanced surveillance. WashingtonPost: The documents, revealed in response to an ongoing Freedom of Information Act lawsuit the American Civil Liberties Union filed against the FBI, show how closely FBI and Defense officials worked with academic researchers to refine artificial-intelligence techniques that could help in the identification or tracking of Americans without their awareness or consent. Many of the records relate to the Janus program, a project funded by the Intelligence Advanced Research Projects Agency, or IARPA, the high-level research arm of the U.S. intelligence community modeled after the Pentagon's Defense Advanced Research Projects Agency, known as DARPA. Program leaders worked with FBI scientists and some of the nation's leading computer-vision experts to design and test software that would quickly and accurately process the "truly unconstrained face imagery" recorded by surveillance cameras in public places, including subway stations and street corners, according to the documents, which the ACLU shared with The Washington Post.

In a 2019 presentation, an IARPA program manager said the goal had been to "dramatically improve" the power and performance of facial recognition systems, with "scaling to support millions of subjects" and the ability to quickly identify faces from partially obstructed angles. One version of the system was trained for "Face ID ... at target distances" of more than a half-mile. To refine the system's capabilities, researchers staged a data-gathering test in 2017, paying dozens of volunteers to simulate real-world scenarios at a Defense Department training facility made to resemble a hospital, a subway station, an outdoor marketplace and a school, the documents show. The test yielded thousands of surveillance videos and images, some of which were captured by a drone. The improved facial recognition system was ultimately folded into a search tool, called Horus, and made available to the Pentagon's Combating Terrorism Technical Support Office, which helps provide military technologies to civilian police forces, the documents show. The Horus tool has since been offered for use to at least six federal agencies, and their feedback is "continuing to be used to refine the tool," Department of Homeland Security officials said last year.

Police were investigating his neighbor. A judge gave officers access to all his security-camera footage, including inside his home. From a report: The week of last Thanksgiving, Michael Larkin, a business owner in Hamilton, Ohio, picked up his phone and answered a call. It was the local police, and they wanted footage from Larkin's front door camera. Larkin had a Ring video doorbell, one of the more than 10 million Americans with the Amazon-owned product installed at their front doors. His doorbell was among 21 Ring cameras in and around his home and business, picking up footage of Larkin, neighbors, customers and anyone else near his house. The police said they were conducting a drug-related investigation on a neighbor, and they wanted videos of "suspicious activity" between 5 and 7 p.m. one night in October. Larkin cooperated, and sent clips of a car that drove by his Ring camera more than 12 times in that time frame. He thought that was all the police would need. Instead, it was just the beginning.

They asked for more footage, now from the entire day's worth of records. And a week later, Larkin received a notice from Ring itself: The company had received a warrant, signed by a local judge. The notice informed him it was obligated to send footage from more than 20 cameras -- whether or not Larkin was willing to share it himself. As networked home surveillance cameras become more popular, Larkin's case, which has not previously been reported, illustrates a growing collision between the law and people's own expectation of privacy for the devices they own -- a loophole that concerns privacy advocates and Democratic lawmakers, but which the legal system hasn't fully grappled with. Questions of who owns private home security footage, and who can get access to it, have become a bigger issue in the national debate over digital privacy. And when law enforcement gets involved, even the slim existing legal protections evaporate. "It really takes the control out of the hands of the homeowners, and I think that's hugely problematic," said Jennifer Lynch, the surveillance litigation director of the Electronic Frontier Foundation, a digital rights advocacy group.

In the debate over home surveillance, much of the concern has focused on Ring in particular, because of its popularity, as well as the company's track record of cooperating closely with law enforcement agencies. The company offers a multitude of products such as indoor cameras or spotlight cameras for homes or businesses, recording videos based on motion activation, with the footage stored for up to 180 days on Ring's servers. They amount to a large and unregulated web of eyes on American communities -- which can provide law enforcement valuable information in the event of a crime, but also create a 24/7 recording operation that even the owners of the cameras aren't fully aware they've helped to build.

An anonymous reader quotes a report from Bloomberg: The US can stop Twitter from releasing details about the government's demands for user information in national security investigations, a court ruled (PDF), in the same week House Republicans are to grill national security officials over surveillance. Twitter had protested the government's redactions to a 2014 "transparency report" that featured a numerical breakdown of national security-related data requests from the previous year. The US appeals court in San Francisco on Monday agreed with a lower-court judge that the Justice Department had shown a "compelling" interest in keeping that information secret. Based on classified and unclassified declarations provided by government officials, the court was "able to appreciate why Twitter's proposed disclosure would risk making our foreign adversaries aware of what is being surveilled and what is not being surveilled -- if anything at all," US Circuit Judge Daniel Bress wrote for the three-judge panel.

Although the case is almost a decade old, the ruling comes just as lawmakers and US national security agencies gear up for a bruising fight over making changes to a key surveillance program. Section 702 of the Foreign Intelligence Surveillance Act, described by intelligence officials as a key authority, expires on Dec. 31 unless Congress votes to renew it. US agencies use the authority to compel internet and technology companies to turn over information about suspected foreign terrorists and spies. Changes to Section 702 could include altering what companies like Twitter are required to do in response to government demands. "The case at issue in Monday's decision involved efforts by Twitter to share information about two types of federal law enforcement demands on the social media company: 'national security letters' for subscriber information, which would cover metadata but not the substance of any electronic communications, and orders under FISA, which could include content," adds Bloomberg.

Judge Daniel Bress wrote: "The government may not fend off every First Amendment challenge by invoking national security. But we must apply the First Amendment with due regard for the government's compelling interest in securing the safety of our country and its people."

Ministers must consider changing the law to allow scientists to carry out genome editing of human embryos for serious genetic conditions -- as a matter of urgency. That is the key message of a newly published report by a UK citizens' jury made up of individuals affected by genetic conditions. From a report: The report is the first in-depth study of the views of individuals who live with genetic conditions about the editing of human embryos to treat hereditary disorders and will be presented at the Third International Summit on Human Genome Editing, which opens at the Crick Institute in London this week. Scientists say that in a few years, they will be ready to use genome editing techniques to alter genes and induce changes in physical traits, such as disease risk, in future generations. In the UK, around 2.4 million people live with a genetic condition. These include cystic fibrosis, sickle cell disease, muscular dystrophy, various cancers, and some forms of hereditary blindness.

"Genome editing offers the prospect of preventing such conditions affecting future generations but there needs to be a full national debate on the issues," said Prof Anna Middleton of Cambridge University, the project's leader. "These discussions need to start now because genome editing is advancing so quickly. Many affected individuals want to debate the ethical issues and explore what implementation might look like." Genome editing acts like a pair of molecular scissors that can cut a strand of DNA at a specific site, allowing scientists to alter the structure of a gene, a form of manipulation that does not involve the introduction of DNA from other organisms. In the UK, as in most countries worldwide, it is illegal to perform genome editing on embryos that lead to pregnancy.

"On March 7, 2003, a struggling company called The SCO Group filed a lawsuit against IBM," writes LWN.net, "claiming that the success of Linux was the result of a theft of SCO's technology..."

Two decades later, "It is hard to overestimate how much the community we find ourselves in now was shaped by a ridiculous lawsuit 20 years ago...." It was the claim of access to Unix code that was the most threatening allegation for the Linux community. SCO made it clear that, in its opinion, Linux was stolen property: "It is not possible for Linux to rapidly reach UNIX performance standards for complete enterprise functionality without the misappropriation of UNIX code, methods or concepts". To rectify this "misappropriation", SCO was asking for a judgment of at least $1 billion, later increased to $5 billion. As the suit dragged on, SCO also started suing Linux users as it tried to collect a tax for use of the system.

Though this has never been proven, it was widely assumed at the time that SCO's real objective was to prod IBM into acquiring the company. That would have solved SCO's ongoing business problems and IBM, for rather less than the amount demanded in court, could have made an annoying problem go away and also lay claim to the ownership of Unix — and, thus, Linux. To SCO's management, it may well have seemed like a good idea at the time. IBM, though, refused to play that game; the company had invested heavily into Linux in its early days and was uninterested in allowing any sort of intellectual-property taint to attach to that effort. So the company, instead, directed its not inconsiderable legal resources to squashing this attack. But notably, so did the development community as a whole, as did much of the rest of the technology industry.

Over the course of the following years — far too many years — SCO's case fell to pieces. The "misappropriated" technology wasn't there. Due to what must be one of the worst-written contracts in technology-industry history, it turned out that SCO didn't even own the Unix copyrights it was suing over. The level of buffoonery was high from the beginning and got worse; the company lost at every turn and eventually collapsed into bankruptcy.... Microsoft, which had not yet learned to love Linux, funded SCO and loudly bought licenses from the company. Magazines like Forbes were warning the "Linux-loving crunchies in the open-source movement" that they "should wake up". SCO was suggesting a license fee of $1,399 — per-CPU — to run Linux.... Such an effort, in less incompetent hands, could easily have damaged Linux badly.

As it went, SCO, despite its best efforts, instead succeeded in improving the position of Linux — in development, legal, and economic terms — considerably.
The article argues SCO's lawsuit ultimately proved that Linux didn't contain copyrighted code "in a far more convincing way than anybody else could have." (And the provenance of all Linux code contributions are now carefully documented.) The case also proved the need for lawyers to vigorously defend the rights of open source programmers. And most of all, it revealed the Linux community was widespread and committed.

And "Twenty years later, it is fair to say that Linux is doing a little better than The SCO Group. Its swaggering leader, who thought to make his fortune by taxing Linux, filed for personal bankruptcy in 2020."