Posts with «politics & government» label

Moscow metro launches facial recognition payment system despite privacy concerns

More than 240 metro stations across Moscow now allow passengers to pay for a ride by looking at a camera. The Moscow metro has launched what authorities say is the first mass-scale deployment of a facial recognition payment system. According to The Guardian, passengers can access the payment option called FacePay by linking their photo, bank card and metro card to the system via the Mosmetro app. "Now all passengers will be able to pay for travel without taking out their phone, Troika or bank card," Moscow mayor Sergey Sobyanin tweeted.

Теперь все пассажиры #мосметро смогут платить за проезд, не доставая телефон, "Тройку" или банковскую карту. Система Face Pay завтра заработает на более чем 240 станциях.

— Сергей Собянин (@MosSobyanin) October 14, 2021

In the official Moscow website's announcement, the country's Department of Transport said all Face Pay information will be encrypted. The cameras at the designated turnstyles will read a passenger's biometric key only, and authorities said information collected for the system will be stored in data centers that can only be accessed by interior ministry staff. Moscow's Department of Information Technology has also assured users that photographs submitted to the system won't be handed over to the cops.

Still, privacy advocates are concerned over the growing use of facial recognition in the city. Back in 2017, officials added facial recognition tech to the city's 170,000 security cameras as part of its efforts to ID criminals on the street. Activists filed a case against Moscow's Department of Technology a few years later in hopes of convincing the courts to ban the use of the technology. However, a court in Moscow sided with the city, deciding that its use of facial recognition does not violate the privacy of citizens. Reuters reported earlier this year, though, that those cameras were also used to identify protesters who attended rallies.

Stanislav Shakirov, the founder of Roskomsvoboda, a group that aims to protect Russians' digital rights, said in a statement:

"We are moving closer to authoritarian countries like China that have mastered facial technology. The Moscow metro is a government institution and all the data can end up in the hands of the security services."

Meanwhile, the European Parliament called on lawmakers in the EU earlier this month to ban automated facial recognition in public spaces. It cited evidence that facial recognition AI can still misidentify PoCs, members of the LGBTI+ community, seniors and women at higher rates. In the US, local governments are banning the use of the technology inpublic spaces, including statewide bans by Massachusetts and Maine. Four Democratic lawmakers also proposed a bill to ban the federal government from using facial recognition. 

Judge bars county clerk after voting machine passwords leaked to QAnon

In August, QAnon conspiracy theorist Ron Watkins shared a video he claimed showed ballot machines from Dominion Voting Systems could be remotely accessed to tamper with the results of a vote. At the time, he said the information came to him from a “whistleblower.”

This week, a Colorado judge barred Mesa County Clerk Tina Peters from overseeing the county’s upcoming November election in relation to a leak of voting machine BIOS passwords. Peters, who tweeted in support of former President Donald Trump’s election conspiracy theories, invited a man named Gerald Wood to a meeting involving a “trusted build” software update that was meant to ensure the security of the county’s voting machines. Peters claimed Wood was an “administrative assistant” transitioning to her office, but then later described him as a “consultant” she hired to copy information from the computers.

Ahead of the meeting, Belinda Knisley, Peters’ deputy, sent an email to staff asking that they turn off the security cameras in the Election Department and not turn them back on until after August 1st. Knisley didn’t explain the reason for her request, but it was carried out either way. On the day of the meeting, Wood photographed a spreadsheet that contained the passwords to the machines and copied over their hard drives. Following the meeting, the passwords were publicly posted to an “online social media site.”

“Peters directed the creation of the images of the hard drive, which was not authorized by law and which directly led to the decommissioning of Mesa County’s voting systems, facilitating the leak of sensitive data and exposed the county’s voting system to compromise,” Judge Valerie Robinson wrote in a decision spotted by Ars Technica.

In a statement, Peters said she plans to appeal the “decision to remove a duly elected clerk and recorded from her election duties.” She went on to described herself as a whistleblower and called the case against her a “power grab” by Colorado Secretary of State Jena Griswold.

“Clerk Peters seriously compromised the security of Mesa County’s voting system,” Griswold said in a statement. “The Court’s decision today bars Peters from further threatening the integrity of Mesa’s elections and ensures Mesa County residents have the secure and accessible election they deserve.” The FBI and Mesa County district attorney are investigating Peters, but no criminal charges have been filed yet.

Missouri governor threatens to prosecute journalist for sharing web security flaw

Missouri Governor Mike Parson might want to read up on the differences between disclosing and exploiting security flaws. According to The Missouri Independent, Parson accused a St. Louis Post-Dispatch reporter of being a "hacker" for having the audacity to... report security holes. The journalist disclosed a Department of Elementary and Secondary Education web app flaw that let anyone see over 100,000 teachers' Social Security numbers in site source code, and Parson interpreted this as a "political game" meant to "embarrass the state" — that is, a malicious hack.

The governor has already referred the case to the Cole County Prosecutor, and even has the Missouri Highway State Patrol investigating. An attorney for The Post-Dispatch maintained that the reporter "did the responsible thing" by sharing the flaw with the government to get it fixed. The lawyer also helpfully refreshed Parson on his internet lingo. A hacker is someone who "subverts" security with sinister intent, not a reporter trying to bolster security by sharing publicly available information.

This flaw wasn't recent, either. University of Missouri-St. Louis professor Shaji Khan told The Post-Dispatch that this kind of vulnerability had been known for "at least" 10 years, and that it was "mind boggling" the Department would let these problems linger. Audits in 2015 and 2016 had highlighted data collection issues at both the Department and school districts.

No, prosecutors probably won't file charges. It's a bit difficult to convict someone whose 'hack' effectively amounted to clicking "view page source" in their browser. However, this highlights an all-too-familiar problem with politicians that don't understand tech. It doesn't just lead to embarrassments, such as letters to long-gone CEOs — it can discourage responsible security disclosures and put thousands of people at risk.

House bill would limit Section 230 protections for 'malicious' algorithms

Congress is once again hoping to limit Section 230 safeguards under certain circumstances. Rep. Frank Pallone and other House Democrats are introducing a bill, the Justice Against Malicious Algorithms Act (JAMA), that would make internet platforms liable when they "knowingly or recklessly" use algorithms to recommend content that leads to physical or "severe emotional" harm. They're concerned online giants like Facebook are knowingly amplifying harmful material, and that companies should be held responsible for this damage.

The key sponsors, including Reps. Mike Doyle, Jan Schakowsky and Anna Eshoo, pointed to whistleblower Frances Haugen's Senate testimony as supposed evidence of Facebook's algorithm abuse. Her statements were proof Facebook was abusing the Communications Decency Act's Section 230 "well beyond congressional intent," according to Eshoo. Haugen alleged that Facebook knew its social networks were harmful to children and spread "divisive and extreme" content.

The bill only applies to services with over 5 million monthly users, and won't cover basic online infrastructure (such as web hosting) or user-specified searches. JAMA will go before the House on October 15th.

As with past proposed reforms, there are no guarantees JAMA will become law. Provided it passes the House, an equivalent measure still has to clear a Senate that has been hostile to some Democrat bills. The parties have historically disagreed on how to change Section 230 — Democrats believe it doesn't require enough moderation for hate and misinformation, while Republicans have claimed it enables censorship of conservative viewpoints. The bill's vaguer concepts, such as 'reckless' algorithm use and emotional damage, might raise fears of over-broad interpretations.

The bill could still send a message even if it dies, though. Pallone and the other JAMA backers argue the "time for self-regulation is over" — they're no longer convinced social media heavyweights like Facebook can apologize, implement a few changes and carry on. This won't necessarily lead to a more strictly regulated social media space, but it could put more pressure on social networks to implement far-reaching policy changes.

California could ban gas-powered generators and mowers by 2024

California could ban sales of some gas-powered devices, including lawn equipment, generators and pressure washers. Governor Gavin Newsom signed a law over the weekend that orders regulators to prohibit the sale of small off-road engines.

The California Air Resources Board was already working on rules to that effect, but Newsom has given the agency deadlines for adopting and applying the regulations. The agency has until July 1st to adopt the rules. The regulations will apply to engines made on or after January 1st, 2024, or whenever is feasible in the state board's opinion — whichever is later. The law also stipulates that regulators will need to offer rebates to lower the cost of switching equipment. The latest state budget set aside $30 million to cover the costs.

The aim of the law is to reduce emissions. As the Associated Press notes, California brought in emission standards for those engines in 1990. Although emissions from cars have generally decreased over the last few decades, that hasn't necessarily been the case for small off-road engines.

State officials have said that a gas-powered leaf blower that's used for one hour emits the same level of pollution as a 2017 Toyota Camry that travels for around 1,100 miles. There are currently more than 16.7 million devices with small off-road engines in California — three million or so more than the number of passenger cars in the state.

California is tackling emissions from gas-powered engines on other fronts. Last year, the California Air Resources Board said all truck and van manufacturers will have to switch to electric versions by 2045. The state will also ban sales of new combustion engine cars and trucks by 2035. Many auto manufacturers are aiming to switch entirely to EVs by that time. Another zero-emissions rule for light-duty autonomous vehicles will come into effect starting in 2030.

There are already some electric pressure washers and lawn mowers on the market. Zero-emission generators might be harder to come by, though some companies have also attempted to make hydrogen-powered models.

US Justice Department forms a cryptocurrency enforcement team

The United States Department of Justice has formed a team of investigators to look into the use of cryptocurrency for criminal purposes. To be specific, the group, called National Cryptocurrency Enforcement Team (NCET), will tackle cases committed by virtual currency exchanges and groups and individuals involved in money laundering. Members will also investigate mixing and tumbling services, which charge customers a fee to send cryptocurrency to an address while also concealing the source of the funds. In addition, they'll work on tracing and recovering assets lost to fraud or ransomware extortion demands. 

According to the DOJ's announcement, the team will combine the expertise of its money laundering and asset recovery section with its computer crime and intellectual property section. It will also include experts from US Attorneys' Offices. The group will be under the supervision of Assistant Attorney General Kenneth A. Polite Jr., though the Justice Department is still looking for an individual to lead it. DOJ is looking for someone "with experience with complex criminal investigations and prosecutions, as well as the technology underpinning cryptocurrencies and the blockchain," in particular. 

The hope is that NCET can provide the whole department and other government agencies with the expertise in cryptocurrency and blockchain needed to investigate and prosecute the growing number of cases related to the technology today. There's been a rise in cybercrime cases these past years, including ransomware attacks wherein bad actors target companies across industries to hold their networks hostage in exchange for payment via cryptocurrency. 

Some of them have had real-world consequences. The attack on Colonial Pipeline caused fuel shortage in the East Coast, for instance, while the various attacks on hospitals around the world put people's lives in danger. The Biden administration is even hosting a meeting with 30 countries later this month to discuss the threat of ransomware attacks to global economy and national security.

Deputy Attorney General Lisa O. Monaco said in a statement:

"Today we are launching the National Cryptocurrency Enforcement Team to draw on the Department’s cyber and money laundering expertise to strengthen our capacity to dismantle the financial entities that enable criminal actors to flourish — and quite frankly to profit — from abusing cryptocurrency platforms. As the technology advances, so too must the Department evolve with it so that we’re poised to root out abuse on these platforms and ensure user confidence in these systems."

European Parliament calls for a ban on facial recognition in public spaces

The European Parliament has called on lawmakers in the European Union to ban automated facial recognition in public spaces and to enforce strict safeguards for police use of artificial intelligence. MEPs voted in favor of the non-binding resolution by 377-248, with 62 abstentions.

The MEPs said citizens should only be monitored when they're suspected of a crime. They cited concerns over algorithmic bias in AI and argued that both human supervision and legal protections are required to avoid discrimination. The politicians noted there's evidence suggesting AI-based identification systems misidentify minority ethnic groups, LGBTI+ people, seniors and women at higher rates. As a result, the MEPs say, "algorithms should be transparent, traceable and sufficiently documented," with open-source options being used wherever possible.

The resolution states that "those subject to AI-powered systems must have recourse to remedy." Under EU law, according to the document, "a person has the right not to be subjected to a decision which produces legal effects concerning them or significantly affects them and is based solely on automated data processing."

In addition, the MEPs called on EU officials to ban private facial recognition databases (some law enforcement agencies in Europe are using Clearview AI's one), as well as "predictive policing based on behavioral data." They also urged the European Commission to prohibit social scoring or social credit systems and said the iBorderCtrl virtual border agent and other border control systems that use automated recognition should be shut down.

The approval of the resolution follows similar calls by EU data protection regulators this summer. The European Data Protection Board and the European Data Protection Supervisor said the EC should ban AI systems from using biometrics to categorize people "into clusters based on ethnicity, gender, political or sexual orientation," or any other classifications that could lead to discrimination.

In April, the EC proposed a bill called the Artificial Intelligence Act, which would introduce a sweeping regulatory framework for AI. Among the measures are a ban on remote biometric identification (such as facial recognition) in public spaces unless it's being used to tackle major crimes, including terrorism and kidnappings.

Donald Trump sues to get his Twitter account back

If you were hoping the long running Donald Trump / Twitter saga was over, I have bad news. The former president has filed suit in Florida seeking a preliminary injunction of the ban, while he works towards having his account permanently reinstated. Trump is arguing, as expected, that the ban violates his First Amendment rights, but also Florida's new social media law signed by Governor Ron DeSantis earlier this year — though courts have stopped the law from taking effect on the grounds that it likely violates free speech laws. 

The suit makes many predictable arguments that Twitter is “a major avenue of public discourse" and that it "exercises a degree of power and control over political discourse in this country that is immeasurable, historically unprecedented, and profoundly dangerous to open democratic debate.” 

This story is developing...

US will bring together 30 countries to tackle ransomware

The Biden administration plans to bring together 30 countries later this month to discuss the threat ransomware attacks pose to global economic and national security. Per CNN, the virtual meeting is part of what the president says will become an ongoing multilateral initiative to tackle the cybersecurity problem.

National Security Adviser Jake Sullivan told the network the goal of the meeting is "to accelerate our cooperation in combatting cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, and engaging on these issues diplomatically."

The alliance marks the latest effort by the Biden administration to tackle the issue of ransomware following a year in which one such attack on the Colonial Pipeline led to gas shortages across parts of the US. In the aftermath of the incident, the president signed an executive order that called for greater cooperation and information sharing between disparate federal agencies. More recently, the Treasury Department imposed sanctions on the SUEX cryptocurrency exchange for allegedly facilitating several attacks.

Nigeria lifts Twitter ban but demands it’s used for ‘business and positive engagements’

Nigeria is set to lift a ban on Twitter under the condition that it's used in the country for "business and positive engagements," according to Bloomberg. The social media network was originally banned in June after it removed a tweet from President Muhammadu Buhari under a violation of its abuse policy.

The Nigerian government said it was close to an agreement with Twitter on resuming operations. "As a country, we are committed to ensuring that digital companies use their platform to enhance the lives of our citizens, respect Nigeria’s sovereignty, cultural values and promote online safety,” said Buhari in a speech sent to Bloomberg

Twitter was banned in the country following a tweet by Buhari that threatened to punish secessionists that allegedly attacked government buildings. At the time, the social media company said in a tweet that it was "deeply concerned" by Nigeria's actions and that it considered the open internet an "essential human right." 

Facebook, Twitter, Apple and other tech giants often walk a fine line between promoting espousing internet freedom and bending to local laws. Apple, for example, was recently accused of giving the Chinese government control over local data, while railing against similar actions in the United States and elsewhere