US To Launch ‘Labeling’ Rating Program For Internet-Connected Devices In 2023

The Biden administration said it will launch a cybersecurity labeling program for consumer Internet of Things devices starting in 2023 in an effort to protect Americans from “significant national security risks.” TechCrunch reports: Inspired by Energy Star, a labeling program operated by Environmental Protection Agency and the Department of Energy to promote energy efficiency, the White House is planning to roll out a similar IoT labeling program to the “highest-risk” devices starting next year, a senior Biden administration official said on Wednesday following a National Security Council meeting with consumer product associations and device manufacturers. Attendees at the meeting included White House cyber official Anne Neuberger, FCC chairwoman Jessica Rosenworcel, National Cyber Director Chris Inglis and Sen. Angus King, alongside leaders from Google, Amazon, Samsung, Sony and others.

The initiative, described by White House officials as “Energy Star for cyber,” will help Americans to recognize whether devices meet a set of basic cybersecurity standards devised by the National Institute of Standards and Technology (NIST) and the Federal Trade Commission (FTC). Though specifics of the program have not yet been confirmed, the administration said it will “keep things simple.” The labels, which will be “globally recognized” and debut on devices such as routers and home cameras, will take the form of a “barcode” that users can scan using their smartphone rather than a static paper label, the administration official said. The scanned barcode will link to information based on standards, such as software updating policies, data encryption and vulnerability remediation.

Read more of this story at Slashdot.

RIAA Flags ‘Artificial Intelligence’ Music Mixer As Emerging Copyright Threat

The RIAA has submitted its most recent overview of notorious markets to the U.S. Trade Representative. As usual, the music industry group lists various torrent sites, cyberlockers and stream-ripping services as familiar suspects. In addition, several ‘AI-based’ music mixers and extractors are added as an emerging threat. TorrentFreak reports: “There are online services that, purportedly using artificial intelligence (AI), extract, or rather, copy, the vocals, instrumentals, or some portion of the instrumentals from a sound recording, and/or generate, master or remix a recording to be very similar to or almost as good as reference tracks by selected, well known sound recording artists,” RIAA writes.

Songmastr is one of the platforms that’s mentioned. The service promises to “master” any song based on the style of well-known music artists such as Beyonce, Taylor Swift, Coltrane, Bob Dylan, James Brown and many others. The site’s underlying technology is powered by the open-source Matchering 2.0 code, which is freely available on GitHub. And indeed, its purported AI capabilities are prominently in the site’s tagline. “This service uses artificial intelligence and is based on the open source library Matchering. The algorithm masters your track with the same RMS, FR, peak amplitude and stereo width as the reference song you choose,” Songmastr explains.

Where Artificial Intelligence comes into play isn’t quite clear to us. The same can be said for the Acapella-Extractor and Remove-Vocals websites, which the RIAA lists in the same category. The names of these services are pretty much self-explanatory; they can separate the vocals from the rest of a track. The RIAA logically doesn’t want third parties to strip music or vocals from copyrighted tracks, particularly when these derivative works are further shared with others. While Songmastr’s service is a bit more advanced, the RIAA sees it as clearly infringing. After all, the original copyrighted tracks are used by the site to create derivative works, without the necessary permission. […] The RIAA is clearly worried about these services. Interestingly, however, the operator of Songmastr and Acapella-Extractor informs us that the music group hasn’t reached out with any complaints. But perhaps they’re still in the pipeline. The RIAA also lists various torrent sites, download sites, streamrippers, and bulletproof ISPs in its overview, all of which can be found in the full report (PDF) or listed at the bottom of TorrentFreak’s article.

Read more of this story at Slashdot.

Anti-Vaccine Groups Avoid Facebook Bans By Using Emojis

Pizza slices, cupcakes, and carrots are just a few emojis that anti-vaccine activists use to speak in code and continue spreading COVID-19 misinformation on Facebook. Ars Technica reports: Bloomberg reported that Facebook moderators have failed to remove posts shared in anti-vaccine groups and on pages that would ordinarily be considered violating content, if not for the code-speak. One group that Bloomberg reviewed, called “Died Suddenly,” is a meeting ground for anti-vaccine activists supposedly mourning a loved one who died after they got vaccines — which they refer to as having “eaten the cake.” Facebook owner Meta told Bloomberg that “it’s removed more than 27 million pieces of content for violating its COVID-19 misinformation policy, an ongoing process,” but declined to tell Ars whether posts relying on emojis and code-speak were considered in violation of the policy.

According to Facebook community standards, the company says it will “remove misinformation during public health emergencies,” like the pandemic, “when public health authorities conclude that the information is false and likely to directly contribute to the risk of imminent physical harm.” Pages or groups risk being removed if they violate Facebook’s rules or if they “instruct or encourage users to employ code words when discussing vaccines or COVID-19 to evade our detection.” However, the policy remains vague regarding the everyday use of emojis and code words. The only policy that Facebook seems to have on the books directly discussing improper use of emojis as coded language deals with community standards regarding sexual solicitation. It seems that while anti-vaccine users’ emoji-speak can expect to remain unmoderated, anyone using “contextually specific and commonly sexual emojis or emoji strings” does actually risk having posts removed if moderators determine they are using emojis to ask for or offer sex.

In total, Bloomberg reviewed six anti-vaccine groups created in the past year where Facebook users employ emojis like peaches and apples to suggest people they know have been harmed by vaccines. Meta’s seeming failure to moderate the anti-vaccine emoji-speak suggests that blocking code-speak is likely not currently a priority. Last year, when BBC discovered that anti-vaccine groups were using carrots to mask COVID-19 vaccine misinformation, Meta immediately took down the groups identified. However, BBC reported that soon after, the same groups popped back up, and more recently, Bloomberg reported that some of the groups that it tracked seemed to change names frequently, possibly to avoid detection.

Read more of this story at Slashdot.

China Dumps Dud Chips On Russia, Moscow Media Moans

The failure rate of semiconductors shipped from China to Russia has increased by 1,900 percent in recent months, according to Russian national business daily Kommersant. The Register reports: Quoting an anonymous source, Kommersant states that before Russia’s illegal invasion of Ukraine the defect rate in imported silicon was two percent. Since that war commenced, Russian manufacturers have apparently faced 40 percent failure rates. Even a two percent defect rate is sub-optimal, because products made of many components can therefore experience considerable quality problems. Forty percent failure rates mean supplies are perilously close to being unfit for purpose.

According to Kommersant, Russian electronics manufacturers are not enjoying life at all because, on top of high failure rates, gray market gear doesn’t flow with the same speed as legit kit and supply chains are currently very kinked indeed inside Russia. The newspaper lays the blame on economic sanctions that have seen many major businesses quit Russia. Gray market distributors and other opportunistic operators have been left as the only entities willing to deal with Russian businesses. Gray market folks are not renowned for their sterling customer service nor their commitment to quality. They get away with it because buyers of products with — ahem — unconventional origins self-incriminate if they complain to authorities. Perhaps they’re even dumping dud product on Russian buyers, knowing that they can’t easily access alternatives.

Read more of this story at Slashdot.

Germany Fires Cybersecurity Chief ‘Over Russia Ties’

Germany’s cybersecurity chief has been fired after allegations of being excessively close to Russia through an association he helped set up. The BBC reports: Arne Schonbohm had led the Federal Cyber Security Authority (BSI) — charged with protecting government communications — since 2016. German media have accused him of having had links with people involved with Russian intelligence services. The interior ministry is investigating allegations made against him. But it confirmed he had been fired with immediate effect.

Mr Schonbohm had come under scrutiny after his potential links to a Russian company through a previous role were highlighted by Jan Bohmermann, the host of one of Germany’s most popular late-night TV shows. Before leading the BSI, Mr Schonbohm had helped set up and run the Cyber Security Council Germany, a private association which advises business and policymakers on cybersecurity issues. He is said to have maintained close ties to the association and attended their 10th anniversary celebrations in September. One of the association’s members was a cybersecurity company called Protelion, which was a subsidiary of a Russian firm reportedly established by a former member of the KGB honored by President Vladimir Putin. Protelion was ejected from the association last weekend, and Cyber Security Council Germany says the allegations of links to Russian intelligence are untrue.

Read more of this story at Slashdot.

Visitors of Qatar World Cup Need To Install Spyware On Their Phone

“Everyone visiting Qatar for the World Cup needs to install spyware on their phone,” writes security researcher Bruce Schneier. His comments are in response to an article from the Norwegian Broadcasting Corporation (NRK), reporting: Everyone traveling to Qatar during the football World Cup will be asked to download two apps called Ehteraz and Hayya. Briefly, Ehteraz is an covid-19 tracking app, while Hayya is an official World Cup app used to keep track of match tickets and to access the free Metro in Qatar. In particular, the covid-19 app Ehteraz asks for access to several rights on your mobile., like access to read, delete or change all content on the phone, as well as access to connect to WiFi and Bluetooth, override other apps and prevent the phone from switching off to sleep mode.

The Ehteraz app, which everyone over 18 coming to Qatar must download, also gets a number of other accesses such as an overview of your exact location, the ability to make direct calls via your phone and the ability to disable your screen lock. The Hayya app does not ask for as much, but also has a number of critical aspects. Among other things, the app asks for access to share your personal information with almost no restrictions. In addition, the Hayya app provides access to determine the phone’s exact location, prevent the device from going into sleep mode, and view the phone’s network connections. It remains to be seen whether Qatar will strictly enforce the installation of these apps. “I know people who visited Saudi Arabia when that country had a similarly sketchy app requirement,” says Schneier. “Some of them just didn’t bother downloading the apps, and were never asked about it at the border.”

Read more of this story at Slashdot.

Fintech Giant ‘The Clearing House’ Joins Open-Source Patent Protection Powerhouse OIN

The Clearing House, a banking association and payments company owned by the largest commercial banks in the U.S., has joined the Open Invention Network (OIN) — the world’s largest patent nonaggression consortium. ZDNet reports: The OIN has long protected Linux and Linux-related software from patent aggression by rival companies. With the increase in patent troll attacks, the OIN is also defending companies from these assaults. You may not think financial companies and banks are subject to such attacks. I mean, TCH’s roots go all the way back to 1853. Think again.

As Keith Bergelt, CEO of OIN, said in June, “The most sophisticated and compelling global banking and fintech companies have essentially become technology companies that employ open-source software to deliver their services at scale.” Further, patent trolls “appear to be targeting them for this reason, along with the fact that financial services companies have not historically been active patent filers.” That’s because, historically, they’ve purchased most of their tech from third-party vendors.

That was then. This is now. Today, financial institutions generate more tech in-house, so they’re more concerned about being granted patents, building patent portfolios, and related patent issues. Indeed, these days fintech businesses have their own Fintech Open Source Foundation (FINOS), the financial sector branch of the Linux Foundation. So, Bergelt said in a release Wednesday, “Advancements in financial services and fintech increasingly rely on open-source technologies. As the most experienced payment company in the US, and a keystone for the financial services industry, we are pleased that The Clearing House is committed to patent nonaggression in core Linux and adjacent open-source technologies.”

Read more of this story at Slashdot.