US To Launch ‘Labeling’ Rating Program For Internet-Connected Devices In 2023

The Biden administration said it will launch a cybersecurity labeling program for consumer Internet of Things devices starting in 2023 in an effort to protect Americans from “significant national security risks.” TechCrunch reports: Inspired by Energy Star, a labeling program operated by Environmental Protection Agency and the Department of Energy to promote energy efficiency, the White House is planning to roll out a similar IoT labeling program to the “highest-risk” devices starting next year, a senior Biden administration official said on Wednesday following a National Security Council meeting with consumer product associations and device manufacturers. Attendees at the meeting included White House cyber official Anne Neuberger, FCC chairwoman Jessica Rosenworcel, National Cyber Director Chris Inglis and Sen. Angus King, alongside leaders from Google, Amazon, Samsung, Sony and others.

The initiative, described by White House officials as “Energy Star for cyber,” will help Americans to recognize whether devices meet a set of basic cybersecurity standards devised by the National Institute of Standards and Technology (NIST) and the Federal Trade Commission (FTC). Though specifics of the program have not yet been confirmed, the administration said it will “keep things simple.” The labels, which will be “globally recognized” and debut on devices such as routers and home cameras, will take the form of a “barcode” that users can scan using their smartphone rather than a static paper label, the administration official said. The scanned barcode will link to information based on standards, such as software updating policies, data encryption and vulnerability remediation.

Read more of this story at Slashdot.

RIAA Flags ‘Artificial Intelligence’ Music Mixer As Emerging Copyright Threat

The RIAA has submitted its most recent overview of notorious markets to the U.S. Trade Representative. As usual, the music industry group lists various torrent sites, cyberlockers and stream-ripping services as familiar suspects. In addition, several ‘AI-based’ music mixers and extractors are added as an emerging threat. TorrentFreak reports: “There are online services that, purportedly using artificial intelligence (AI), extract, or rather, copy, the vocals, instrumentals, or some portion of the instrumentals from a sound recording, and/or generate, master or remix a recording to be very similar to or almost as good as reference tracks by selected, well known sound recording artists,” RIAA writes.

Songmastr is one of the platforms that’s mentioned. The service promises to “master” any song based on the style of well-known music artists such as Beyonce, Taylor Swift, Coltrane, Bob Dylan, James Brown and many others. The site’s underlying technology is powered by the open-source Matchering 2.0 code, which is freely available on GitHub. And indeed, its purported AI capabilities are prominently in the site’s tagline. “This service uses artificial intelligence and is based on the open source library Matchering. The algorithm masters your track with the same RMS, FR, peak amplitude and stereo width as the reference song you choose,” Songmastr explains.

Where Artificial Intelligence comes into play isn’t quite clear to us. The same can be said for the Acapella-Extractor and Remove-Vocals websites, which the RIAA lists in the same category. The names of these services are pretty much self-explanatory; they can separate the vocals from the rest of a track. The RIAA logically doesn’t want third parties to strip music or vocals from copyrighted tracks, particularly when these derivative works are further shared with others. While Songmastr’s service is a bit more advanced, the RIAA sees it as clearly infringing. After all, the original copyrighted tracks are used by the site to create derivative works, without the necessary permission. […] The RIAA is clearly worried about these services. Interestingly, however, the operator of Songmastr and Acapella-Extractor informs us that the music group hasn’t reached out with any complaints. But perhaps they’re still in the pipeline. The RIAA also lists various torrent sites, download sites, streamrippers, and bulletproof ISPs in its overview, all of which can be found in the full report (PDF) or listed at the bottom of TorrentFreak’s article.

Read more of this story at Slashdot.

Anti-Vaccine Groups Avoid Facebook Bans By Using Emojis

Pizza slices, cupcakes, and carrots are just a few emojis that anti-vaccine activists use to speak in code and continue spreading COVID-19 misinformation on Facebook. Ars Technica reports: Bloomberg reported that Facebook moderators have failed to remove posts shared in anti-vaccine groups and on pages that would ordinarily be considered violating content, if not for the code-speak. One group that Bloomberg reviewed, called “Died Suddenly,” is a meeting ground for anti-vaccine activists supposedly mourning a loved one who died after they got vaccines — which they refer to as having “eaten the cake.” Facebook owner Meta told Bloomberg that “it’s removed more than 27 million pieces of content for violating its COVID-19 misinformation policy, an ongoing process,” but declined to tell Ars whether posts relying on emojis and code-speak were considered in violation of the policy.

According to Facebook community standards, the company says it will “remove misinformation during public health emergencies,” like the pandemic, “when public health authorities conclude that the information is false and likely to directly contribute to the risk of imminent physical harm.” Pages or groups risk being removed if they violate Facebook’s rules or if they “instruct or encourage users to employ code words when discussing vaccines or COVID-19 to evade our detection.” However, the policy remains vague regarding the everyday use of emojis and code words. The only policy that Facebook seems to have on the books directly discussing improper use of emojis as coded language deals with community standards regarding sexual solicitation. It seems that while anti-vaccine users’ emoji-speak can expect to remain unmoderated, anyone using “contextually specific and commonly sexual emojis or emoji strings” does actually risk having posts removed if moderators determine they are using emojis to ask for or offer sex.

In total, Bloomberg reviewed six anti-vaccine groups created in the past year where Facebook users employ emojis like peaches and apples to suggest people they know have been harmed by vaccines. Meta’s seeming failure to moderate the anti-vaccine emoji-speak suggests that blocking code-speak is likely not currently a priority. Last year, when BBC discovered that anti-vaccine groups were using carrots to mask COVID-19 vaccine misinformation, Meta immediately took down the groups identified. However, BBC reported that soon after, the same groups popped back up, and more recently, Bloomberg reported that some of the groups that it tracked seemed to change names frequently, possibly to avoid detection.

Read more of this story at Slashdot.

China Dumps Dud Chips On Russia, Moscow Media Moans

The failure rate of semiconductors shipped from China to Russia has increased by 1,900 percent in recent months, according to Russian national business daily Kommersant. The Register reports: Quoting an anonymous source, Kommersant states that before Russia’s illegal invasion of Ukraine the defect rate in imported silicon was two percent. Since that war commenced, Russian manufacturers have apparently faced 40 percent failure rates. Even a two percent defect rate is sub-optimal, because products made of many components can therefore experience considerable quality problems. Forty percent failure rates mean supplies are perilously close to being unfit for purpose.

According to Kommersant, Russian electronics manufacturers are not enjoying life at all because, on top of high failure rates, gray market gear doesn’t flow with the same speed as legit kit and supply chains are currently very kinked indeed inside Russia. The newspaper lays the blame on economic sanctions that have seen many major businesses quit Russia. Gray market distributors and other opportunistic operators have been left as the only entities willing to deal with Russian businesses. Gray market folks are not renowned for their sterling customer service nor their commitment to quality. They get away with it because buyers of products with — ahem — unconventional origins self-incriminate if they complain to authorities. Perhaps they’re even dumping dud product on Russian buyers, knowing that they can’t easily access alternatives.

Read more of this story at Slashdot.

Germany Fires Cybersecurity Chief ‘Over Russia Ties’

Germany’s cybersecurity chief has been fired after allegations of being excessively close to Russia through an association he helped set up. The BBC reports: Arne Schonbohm had led the Federal Cyber Security Authority (BSI) — charged with protecting government communications — since 2016. German media have accused him of having had links with people involved with Russian intelligence services. The interior ministry is investigating allegations made against him. But it confirmed he had been fired with immediate effect.

Mr Schonbohm had come under scrutiny after his potential links to a Russian company through a previous role were highlighted by Jan Bohmermann, the host of one of Germany’s most popular late-night TV shows. Before leading the BSI, Mr Schonbohm had helped set up and run the Cyber Security Council Germany, a private association which advises business and policymakers on cybersecurity issues. He is said to have maintained close ties to the association and attended their 10th anniversary celebrations in September. One of the association’s members was a cybersecurity company called Protelion, which was a subsidiary of a Russian firm reportedly established by a former member of the KGB honored by President Vladimir Putin. Protelion was ejected from the association last weekend, and Cyber Security Council Germany says the allegations of links to Russian intelligence are untrue.

Read more of this story at Slashdot.