Government

FDA Wants Medical Devices To Have Mandatory Built-In Update Mechanisms (bleepingcomputer.com) 73

Catalin Cimpanu, writing for BleepingComputer: The US Food & Drug Administration plans to ask Congress for more funding and regulatory powers to improve its approach towards medical device safety, including on the cybersecurity front. An FDA document released this week reveals several of the FDA's plans, including the desire to force device makers to include mandatory update systems inside products for the purpose of delivering critical security patches.

In addition, the FDA also plans to force device makers to create a document called "Software Bill of Materials" that will be provided for each medical device and will include software-related details for each product. Hospitals, healthcare units, contractors, or users will be able to consult the medical device's bill of materials and determine how it functions, what software is needed for what feature, and what technologies are used in each device.

United States

The Higher Your Salary, the More Time Your Employer Will Pay You Not To Work (qz.com) 286

The best-paid workers in the US not only make more money than many of their colleagues, they also tend to get more paid vacation days. An anonymous reader shares a report: An annual survey of of employee benefits conducted by the US government shows that, in 2017, nearly half of the people in the top 25% of earners received at least 10 days of paid vacation. The bottom 25% was not so lucky -- only around a tenth of them received such generous leave. Paid vacation time is often overlooked in measures of pay inequality in the US, because the value of time off does not appear in the household income statistics.
Businesses

Finland Is Killing Its Basic Income Experiment (businessinsider.com) 460

tomhath shares a report: Since the beginning of last year, 2000 Finns are getting money from the government each month -- and they are not expected to do anything in return. The participants, aged 25-58, are all unemployed, and were selected at random by Kela, Finland's social-security institution. Instead of unemployment benefits, the participants now receive $690 per month, tax free. Should they find a job during the two-year trial, they still get to keep the money. While the project is praised internationally for being at the cutting edge of social welfare, back in Finland, decision makers are quietly pulling the brakes, making a U-turn that is taking the project in a whole new direction. "Right now, the government is making changes that are taking the system further away from a basic income," Kela researcher Miska Simanainen told the Swedish daily Svenska Dagbladet.
The Internet

Russia Admits To Blocking Millions of IP Addresses (sfgate.com) 72

It turns out, the Russian government, in its quest to block Telegram, accidentally shut down several other services as well. From a report: The chief of the Russian communications watchdog acknowledged Wednesday that millions of unrelated IP addresses have been frozen in a so-far futile attempt to block a popular messaging app. Telegram, the messaging app that was ordered to be blocked last week, was still available to users in Russia despite authorities' frantic attempts to hit it by blocking other services. The row erupted after Telegram, which was developed by Russian entrepreneur Pavel Durov, refused to hand its encryption keys to the intelligence agencies. The Russian government insists it needs them to pre-empt extremist attacks but Telegram dismissed the request as a breach of privacy. Alexander Zharov, chief of the Federal Communications Agency, said in an interview with the Izvestia daily published Wednesday that Russia is blocking 18 networks that are used by Amazon and Google and which host sites that they believe Telegram is using to circumvent the ban.
Communications

Iran Bans State Bodies From Using Telegram App, Khamenei Shuts Account (reuters.com) 37

Iran banned government bodies on Wednesday from using the popular Telegram instant messaging app as Supreme Leader Ayatollah Ali Khamenei's office said his account would shut down to protect national security, Iranian media reported. From a report: ISNA news agency did not give a reason for the government ban on the service which lets people send encrypted messages and has an estimated 40 million users in the Islamic Republic. The order came days after Russia -- Iran's ally in the Syrian war -- started blocking the app in its territory following the company's repeated refusal to give Russian state security services access to users' secret messages. Iran's government banned "all state bodies from using the foreign messaging app," according to ISNA.
China

Huawei To Back Off US Market Amid Rising Tensions (nytimes.com) 89

Huawei is reportedly going to give up on selling its products and services in the United States (Warning: source may be paywalled; alternative source) due to Washington's accusations that the company has ties to the Chinese government. The change in tactics comes a week after the company laid off five American employees, including its biggest American lobbyist. The New York Times reports: Huawei's tactics are changing as its business prospects in the United States have darkened considerably. On Tuesday, the Federal Communications Commission voted to proceed with a new rule that could effectively kill off what little business the company has in the United States. Although the proposed rule does not mention Huawei by name, it would block federally subsidized telecommunications carriers from using suppliers deemed to pose a risk to American national security. Huawei's latest moves suggest that it has accepted that its political battles in the United States are not ones it is likely to win. "Some things cannot change their course according to our wishes," Eric Xu, Huawei's deputy chairman, said at the company's annual meeting with analysts on Tuesday. "With some things, when you let them go, you actually feel more at ease."
Crime

Former FCC Broadband Panel Chair Arrested For Fraud (dslreports.com) 105

An anonymous reader quotes a report from DSLReports: The former chair of a panel built by FCC boss Ajit Pai to advise the agency on broadband matters has been arrested for fraud. Elizabeth Ann Pierce, former CEO of Quintillion Networks, was appointed by Pai last April to chair the committee, but her tenure only lasted until September. Pierce resigned from her role as Quintillion CEO last August after investigators found she was engaged in a scam that tricked investors into pouring money into a multi-million dollar investment fraud scheme. According to the Wall Street Journal, Pierce convinced two investment firms that the company had secured contracts for a high-speed fiber-optic system that would generate hundreds of millions of dollars in future revenue. She pitched the system as a way to improve Alaska's connectivity to the rest of the country, but the plan was largely a fabrication, law enforcement officials say. "As it turned out, those sales agreements were worthless because the customers had not signed them," U.S. Attorney Geoffrey Berman said in prepared remarks. "Instead, as alleged, Pierce had forged counterparty signatures on contract after contract. As a result of Pierce's deception, the investment companies were left with a system that is worth far less than Pierce had led them to believe." Quintillion says it began cooperating with lawmakers as soon as allegations against Pierce surfaced last year. Pierce was charged with wire fraud last Thursday and faces a maximum sentence of 20 years in prison.
United States

Online Tax Filers Will Get Extension After IRS Payment Website Outage (cnbc.com) 39

An anonymous reader quotes a report from CNBC: The IRS will give last-minute filers additional time to file their tax returns after the page for paying their tax bills using their bank accounts crashed, Treasury Secretary Steven Mnuchin told the Associated Press. The IRS "Direct Pay" page allows filers to transfer funds from their checking or savings account to pay what they owe. As of 5 p.m. ET on April 17 -- Tax Day -- the page was still unavailable. Direct Pay is a free service. The "Payment Plan" page, where filers can pay their tax bill in installments also appears to have crashed. "I'd strongly advise folks who owe any federal taxes and cannot pay online to mail a check or money order to the IRS to the appropriate address," said Patrick Thomas, director of Notre Dame Law School's Tax Clinic. According to a TurboTax spokesperson, the IRS's technical difficulties are affecting all tax preparers and tax returns. "Taxpayers should go ahead and continue to prepare and file their taxes as normal with TurboTax," the spokesperson said. "TurboTax has uninterrupted service and is available and accepting e-filed returns," she said. "We will hold returns until the IRS is ready to begin accepting them again." H&R Block said it will continue to accept returns from filers.
Government

IRS 'Direct Pay' Option Not Working on Tax Day (cbsnews.com) 137

An anonymous reader shares a report: Online payments on IRS.gov are partially down. But the government still expects its money. A page on the IRS website that allows taxpayers to make a payment is not working for many as of Tuesday morning. Clicking on "Make a payment" on the payments page redirects the user to a page titled "unplannedOutagePage. Note that your tax payment is due although IRS Direct Pay may not be available," the page notes. UPDATE 04/17/18: Treasury Secretary Steven Mnuchin told the Associated Press that online tax filers will get an extension due to today's website outage.
Businesses

Cybersecurity Tech Accord: More Than 30 Tech Firms Pledge Not to Assist Governments in Cyberattacks (cybertechaccord.org) 67

Over 30 major technology companies, led by Microsoft and Facebook, on Tuesday announced what they are calling the Cybersecurity Tech Accord, a set of principles that include a declaration that they will not help any government -- including that of the United States -- mount cyberattacks against "innocent civilians and enterprises from anywhere."

The companies that are participating in the initiative are: ABB, Arm, Avast, Bitdefender, BT, CA Technologies, Cisco, Cloudflare, DataStax, Dell, DocuSign, Facebook, Fastly, FireEye, F-Secure, GitHub, Guardtime, HP Inc., HPE, Intuit, Juniper Networks, LinkedIn, Microsoft, Nielsen, Nokia, Oracle, RSA, SAP, Stripe, Symantec, Telefonica, Tenable, Trend Micro, and VMware.

The announcement comes at the backdrop of a growing momentum in political and industry circles to create a sort of Digital Geneva Convention that commits the entire tech industry and governments to supporting a free and secure internet. The effort comes after attacks such as WannaCry and NotPetya hobbled businesses around the world last year, and just a day after the U.S. and U.K. issued an unprecedented joint alert citing the threat of cyberattacks from Russian state-sponsored actors. The Pentagon has said Russian "trolling" activity increased 2,000 percent after missile strikes in Syria.

Interestingly, Amazon, Apple, Google, and Twitter are not participating in the program, though the Tech Accord says it "remains open to consideration of new private sector signatories, large or small and regardless of sector."
Canada

19-Year-Old Archivist Charged For Downloading Freedom-of-Information Releases (www.cbc.ca) 417

Ichijo writes: According to CBC News, a Canadian teen "has been charged with 'unauthorized use of a computer,' which carries a possible 10-year prison sentence, for downloading approximately 7,000 freedom-of-information releases. The provincial government says about 250 of those contain Nova Scotians' sensitive personal information."

"When he was around eight [...] his Grade 3 class adopted an animal at a shelter, receiving an electronic adoption certificate," reports CBC. "That lead to a discovery on the classroom computer. 'The website had a number at the end, and I was able to change the last digit of the number to a different number and was able to see a certificate for someone else's animal that they adopted,' he said. 'I thought that was interesting.' The teenager's current troubles arose because he used the same trick on Nova Scotia's freedom-of-information portal, downloading about 7,000 freedom-of-information requests."
The teen is estimated to have around 30 terabytes of online data on his hard drives, which equates to "millions" of webpages. "He usually copies online forums such as 4chan and Reddit, where posts are either quickly erased or can become difficult to locate."
Businesses

New Child Protection Nonprofit Strikes Back At Sex-Negative Approach of FOSTA-SESTA (youcaring.com) 209

qirtaiba writes: When the FOSTA-SESTA online sex trafficking bill passed last month, it sailed through Congress because there were no child protection organizations that stood against it, and because no member of Congress (with the brave exceptions of Ron Wyden and Rand Paul) wanted to face re-election having opposed a bill against sex trafficking, despite its manifest flaws. In the wake of the law's passage, its real targets -- not child sex traffickers, but adult sex workers and the internet platforms used by them -- have borne the brunt of its effects. Websites like the Erotic Review and Craigslist's personals section have either shut down entirely or for U.S. users, while Backpage.com has been seized, leaving many adult sex workers in physical and financial peril.

A new child protection organization, Prostasia Foundation, has just been announced, with the aim of taking a more sex-positive approach that would allow it to push back against laws that really target porn or sex work under the guise of being child protection laws. Instead, the organization promotes a research-based approach to the prevention of child sexual abuse before it happens. From the organization's press release: "Prostasia Director Jaylen MacLaren is a former child prostitute who used a website like this to screen her clients. She now recognizes those clients as abusers, but she does not blame the website for her suffering. 'I am committed to preventing child sexual abuse, but I don't believe that this should come at the cost of civil liberties and sexual freedom,' Jaylen said. 'I have found ways to express my sexuality in consensual and cathartic ways.'" Nerea Vega Lucio, a member of the group's Advisory Council, said, 'Child protection laws need to be informed by accurate and impartial research, and ensuring that policy makers have access to such research will be a top priority for Prostasia.'"

United States

T-Mobile To Pay $40 Million Over False Ring Tones on Rural US Calls (reuters.com) 77

David Shepardson, writing for Reuters: T-Mobile USA agreed on Monday to pay $40 million to resolve a government investigation that found it failed to correct problems with delivering calls in rural areas and inserted false ring tones in hundreds of millions of calls, the Federal Communications Commission said. T-Mobile, a unit of Deutsche Telekom, agreed to changes and acknowledged that it had injected false ring tones into hundreds of millions of long-distance rural calls, the FCC said, in violation of FCC rules.

False ring tones "cause callers to believe that the phone is ringing at the called party's premises when it is not," the FCC said, noting uncompleted calls "cause rural businesses to lose revenue, impede medical professionals from reaching patients in rural areas, cut families off from their relatives, and create the potential for dangerous delays in public safety communications."

Transportation

Why New York City Stopped Building Subways (citylab.com) 219

New York City, which once saw an unprecedented infrastructure boom -- putting together iconic bridges, opulent railway terminals to build the then world's largest underground and rapid transit network in just 20 years -- has not built a single new subway line in more than seven decades. As New York's rapid transit system froze, cities across the globe expanded their networks. A closer inspection reveals that things have actually moved backward -- New York's rapid transit network is actually considerably smaller than it was during the Second World War, and due to this, today's six million daily riders are facing constant delays, infrastructure failures, and alarmingly crowded cars and platforms. This raises two questions: Why did New York abruptly stop building subways after the 1940s? And how did a construction standstill that started nearly 80 years ago lead to the present moment of transit crisis? The Atlantic's CityLab explores: Three broad lines of history provide an explanation. The first is the postwar lure of the suburbs and the automobile -- the embodiment of modernity in its day. The second is the interminable battles of control between the city and the private transit companies, and between the city and the state government. The third is the treadmill created by rising costs and the buildup of deferred maintenance -- an ever-expanding maintenance backlog that eventually consumed any funds made available for expansion.

To see exactly how and why New York's subway went off the rails requires going all the way back to the beginning. What follows is a 113-year timeline of the subway's history, organized by these three narratives (with the caveat that no history is fully complete).

Communications

France is Building Its Own Encrypted Messaging Service To Ease Fears That Foreign Entities Could Spy on Private Conversations (reuters.com) 87

The French government is building its own encrypted messenger service to ease fears that foreign entities could spy on private conversations between top officials, the digital ministry said on Monday. From a report: None of the world's major encrypted messaging apps, including Facebook's WhatsApp and Telegram -- a favorite of President Emmanuel Macron -- are based in France, raising the risk of data breaches at servers outside the country.

About 20 officials and top civil servants are testing the new app which a state-employed developer has designed, a ministry spokeswoman said, with the aim that its use will become mandatory for the whole government by the summer. "We need to find a way to have an encrypted messaging service that is not encrypted by the United States or Russia," the spokeswoman said. "You start thinking about the potential breaches that could happen, as we saw with Facebook, so we should take the lead."

United Kingdom

State-Sponsored Russian Hackers Actively Seeking To Hijack Essential Internet Hardware, US and UK Intelligence Agencies Say (bbc.com) 170

State-sponsored Russian hackers are actively seeking to hijack essential internet hardware, US and UK intelligence agencies say. BBC reports: The UK's National Cyber Security Centre (NCSC), the FBI and the US Department of Homeland Security issued a joint alert warning of a global campaign. The alert details methods used to take over essential network hardware. The attacks could be an attempt by Russia to gain a foothold for use in a future offensive, it said. "Russia is our most capable hostile adversary in cyber-space, so dealing with their attacks is a major priority for the National Cyber Security Centre and our US allies," said Ciaran Martin, head of the NCSC in a statement. The alert said attacks were aimed at routers and switches that directed traffic around the net. Compromised devices were used to look at data passing through them, so Russia could scoop up valuable intellectual property, business information and other intelligence.
Education

Former Senior VP of Apple Tony Fadell Says Company Needs To Tackle Smartphone Addiction (wired.co.uk) 73

In an op-ed published on Wired, former SVP at Apple Tony Fadell argues that smartphone manufacturers -- Apple in particular -- need to do a better job of educating users about how often they use their mobile phones, and the resulting dangers that overuse might bring about. An excerpt: Take healthy eating as an analogy: we have advice from scientists and nutritionists on how much protein and carbohydrate we should include in our diet; we have standardised scales to measure our weight against; and we have norms for how much we should exercise. But when it comes to digital "nourishment", we don't know what a "vegetable", a "protein" or a "fat" is. What is "overweight" or "underweight"? What does a healthy, moderate digital life look like? I think that manufacturers and app developers need to take on this responsibility, before government regulators decide to step in -- as with nutritional labelling. Interestingly, we already have digital-detox clinics in the US. I have friends who have sent their children to them. But we need basic tools to help us before it comes to that. I believe that for Apple to maintain and even grow its customer base it can solve this problem at the platform level, by empowering users to understand more about how they use their devices. To do this, it should let people track their digital activity in detail and across all devices.
Power

Ola Wants a Million Electric Rides on India's Roads by 2021 (bloomberg.com) 28

Ride-hailing company Ola, Uber's fiercest Indian competitor, wants to roll out 10,000 electric three-wheeled rickshaws within a year and a million battery-powered vehicles by 2021. From a report: The startup run by ANI Technologies said it's in policy discussions with several state governments, and is talking with potential partners from automakers to battery producers. It aims to build out an existing pilot project in the central Indian city of Nagpur, where Ola's first EVs have already traveled more than 4 million kilometers. Ola's ambitions dovetail with the Indian government's objectives. Prime Minster Narendra Modi plans to significantly increase the number of new energy vehicles on the road. The power ministry in March said Modi had directed senior ministers to ensure that by 2030 most vehicles in India would be powered by electricity.
Encryption

Lawmakers Call FBI's 'Going Dark' Narrative 'Highly Questionable' After Motherboard Shows Cops Can Easily Hack iPhones (vice.com) 69

Joseph Cox, reporting for Motherboard: This week, Motherboard showed that law enforcement agencies across the country, including a part of the State Department, have bought GrayKey, a relatively cheap technology that can unlock fully up-to-date iPhones. That revelation, cryptographers and technologists said, undermined the FBI's renewed push for backdoors in consumer encryption products. Citing Motherboard's work, on Friday US lawmakers sent a letter to FBI Director Christopher Wray, doubting the FBI's narrative around 'going dark', where law enforcement officials say they are increasingly unable to obtain evidence related to crimes due to encryption. Politico was first to report the letter. "According to your testimony and public statements, the FBI encountered 7,800 devices last year that it could not access due to encryption," the letter, signed by 5 Democrat and 5 Republican n House lawmakers, reads. "However, in light of the availability of unlocking tools developed by third-parties and the OIG report's findings that the Bureau was uninterested in seeking available third-party options, these statistics appear highly questionable," it adds, referring to a recent report from the Justice Department's Office of the Inspector General. That report found the FBI barely explored its technical options for accessing the San Bernardino iPhone before trying to compel Apple to unlock the device. The lawmaker's letter points to Motherboard's report that the State Department spent around $15,000 on a GrayKey.

Slashdot Top Deals