"The upcoming version of the Android operating system is taking a strong focus on privacy," reports SD Times, "but the Electronic Frontier Foundation (EFF) believes it could still do better." Android Q's new privacy features include: user control over app access to device location, new limits on access to files in shared external storage, restrictions on launching activities, and restrictions on access to the device's hardware and sensors... "However, in at least one area, Q's improvements are undermined by Android's continued support of a feature that allows third-party advertisers, including Google itself, to track users across apps," Bennett Cyphers, engineer for the EFF, wrote in a post. "Furthermore, Android still doesn't let users control their apps' access to the Internet, a basic permission that would address a wide range of privacy concerns."

According to Cyphers, while Android Q has new restrictions on non-resettable device identifies, it will allow unrestricted access for its own tracking identifier [called "advertising ID"]... "Facebook and other targeting companies allow businesses to upload lists of ad IDs that they have collected in order to target those users on other platforms," he wrote... "On Android, there is no way for the user to control which apps can access the ID, and no way to turn it off. While we support Google taking steps to protect other hardware identifiers from unnecessary access, its continued support of the advertising ID -- a "feature" designed solely to support tracking -- undercuts the company's public commitment to privacy," he wrote...

Cypher also noted that while Apple's iOS has similar identifiers for advertisers that contradict with its privacy campaign, it does enable users to turn off the tracking.
In fact, Android Q also ships with an "opt out of ad personalization" checkbox where users can indicate that they don't want Google's identifier to track them, Cyphers reports -- but "the checkbox doesn't affect the ad ID in any way.

"It only encodes the user's 'preference', so that when an app asks Android whether a user wants to be tracked, the operating system can reply 'no, actually they don't.' Google's terms tell developers to respect this setting, but Android provides no technical safeguards to enforce this policy."

Long-time Slashdot reader JonZittrain is an international law professor at Harvard Law School, and an EFF board member. Wednesday he contacted us to share his new article in the New Yorker: I've been thinking about what happens when AI gives us seemingly correct answers that we wouldn't have thought of ourselves, without any theory to explain them. These answers are a form of "intellectual debt" that we figure we'll repay -- but too often we never get around to it, or even know where it's accruing.

A more detailed (and unpaywalled) version of the essay draws a little from how and when it makes sense to pile up technical debt to ask the same questions about intellectual debt.
The first article argues that new AI techniques "increase our collective intellectual credit line," adding that "A world of knowledge without understanding becomes a world without discernible cause and effect, in which we grow dependent on our digital concierges to tell us what to do and when."

And the second article has a great title. "Intellectual Debt: With Great Power Comes Great Ignorance." It argues that machine learning "at its best gives us answers as succinct and impenetrable as those of a Magic 8-Ball -- except they appear to be consistently right." And it ultimately raises the prospect that humanity "will build models dependent on, and in turn creating, underlying logic so far beyond our grasp that they defy meaningful discussion and intervention..."

An anonymous reader quotes a report from Motherboard: Tuesday, the Electronic Frontier Foundation (EFF) filed a class action lawsuit against AT&T and two data brokers over their sale of AT&T customers' real-time location data. The lawsuit seeks an injunction against AT&T, which would ban the company from selling any more customer location data and ensure that any already sold data is destroyed. The move comes after multiple Motherboard investigations found AT&T, T-Mobile, Sprint, and Verizon sold their customers' data to so-called location aggregators, which then ended up in the hands of bounty hunters and bail bondsman.

The lawsuit, focused on those impacted in California, represents three Californian AT&T customers. Katherine Scott, Carolyn Jewel, and George Pontis are all AT&T customers who were unaware the company sold access to their location. The class action complaint says the three didn't consent to the sale of their location data. The complaint alleges that AT&T violated the Federal Communications Act by not properly protecting customers' real-time location data; and the California Unfair Competition Law and the California Consumers Legal Remedies Act for misleading its customers around the sale of such data. It also alleges AT&T and the location aggregators it sold data through violated the California Constitutional Right to Privacy. The lawsuit highlights AT&T's Privacy Policy that says "We will not sell your personal information to anyone, for any purpose. Period."

An AT&T spokesperson said in a statement "While we haven't seen this complaint, based on our understanding of what it alleges we will fight it. Location-based services like roadside assistance, fraud protection, and medical device alerts have clear and even life-saving benefits. We only share location data with customer consent. We stopped sharing location data with aggregators after reports of misuse."

A broker that helped sell AT&T customers' real-time location data says it will fight a class action lawsuit against it. From a report: The broker, called LocationSmart, was involved in a number of data selling and cybersecurity incidents, including selling location data that ended up in the hands of bounty hunters. "LocationSmart will fight this lawsuit because the allegations of wrongdoing are meritless and rest on recycled falsehoods," a LocationSmart spokesperson said in an emailed statement. LocationSmart did not point to any specific part of the lawsuit to support these claims. On Tuesday, activist group the Electronic Frontier Foundation (EFF) and law firm Pierce Bainbridge filed a class action lawsuit against LocationSmart, another data broker called Zumigo, and telecom giant AT&T. The lawsuit's plaintiffs are three California residents who say they did not consent to AT&T selling their real-time location data through the data brokers. The lawsuit alleges all three companies violated the California Constitutional Right to Privacy, and seeks monetary damages as well as an injunction against AT&T to ensure the deletion of any sold data.

"Cheap surveillance software is changing how landlords manage their tenants and what laws police can enforce," reports Slate.

For example, there's a private company contracting with property managers that says they now have 475 security cameras in place and can sometimes scan more than 1.5 million license plates in a week. (According to Clayton Burnett, Watchstore Security's director of "innovation and new technology".) Burnett's company regularly hands over location data to police, he says, as evidence for cases large and small. But that investigative firepower also comes in handy for more routine landlord-tenant affairs. They've investigated tree trimmers charging for a day of work they didn't do and caught people dumping trash on private property. Sometimes, he says, a tenant will claim her car was hit in the building's parking lot and ask for free rent. His company can search for her plate and see that one day, she left the lot with her bumper intact and then came back later with a dent in it. Probably once a week, Burnett says, Watchtower uses it to prove that a tenant has "a buddy crashing on their couch," violating their lease. "Normally, there's some limit to how long they can stay, like five days," he says, "and we can prove they're going over that." One search, and they have proof that that buddy has been coming over every night for a month.

I was wondering how tenants felt about this, and I asked Burnett whether anyone had ever complained about the license plate readers. "No," he said with a laugh. "I'd say they probably don't know about it...."

[A]s the technology has matured, it's gotten in the hands of organizations that, five years ago, would never have been able to consider it. Small-town police departments can suddenly afford to conduct surveillance at a massive scale. Neighborhood homeowners associations and property managers are buying up cameras by the dozen. And in many jurisdictions, cheap automatic license plate reader (ALPR) cameras are creeping into neighborhoods -- with almost nothing restricting how they're used besides the surveiller's own discretion....

If you know that a bald guy in a gray Toyota illegally dumped trash in your lawn, the police won't try to track him down. But if they have the plate, enforcing lower-level crime becomes much easier. Several of the property managers and homeowners associations I spoke to emphasized that this is one of the main benefits of their ALPR systems. Along with burglaries, they're mostly concerned about people breaking into cars to steal personal belongings; police wouldn't investigate that before, but now homeowners associations can do the investigation for them and hand over the evidence. As Burnett put it, "[Police] are not going to be able to investigate [a small crime] unless we hand it to them on a silver platter. Which we've done plenty of times."
The article points out that today's software can detect dents on cars and watch for specific bumper stickers (or Lyft tags) -- and often the software can be retrofitted to existing traffic cameras. A contractor working with police in one Pennsylvania county says they've now "virtually gated" an entire 20,000-person town south of Pittsburgh. "Any way you can come in and out, you're on camera."

A senior investigative researcher at the EFF points out that "Now a cop can look up your license plate and see where you've been for the past two years."

"Schools in the central German state of Hesse [population: 6 million] have been told it's now illegal to use Microsoft Office 365," reports ZDNet: The state's data-protection commissioner has ruled that using the popular cloud platform's standard configuration exposes personal information about students and teachers "to possible access by US officials".

That might sound like just another instance of European concerns about data privacy or worries about the current US administration's foreign policy. But in fact the ruling by the Hesse Office for Data Protection and Information Freedom is the result of several years of domestic debate about whether German schools and other state institutions should be using Microsoft software at all.

Besides the details that German users provide when they're working with the platform, Microsoft Office 365 also transmits telemetry data back to the US. Last year, investigators in the Netherlands discovered that that data could include anything from standard software diagnostics to user content from inside applications, such as sentences from documents and email subject lines. All of which contravenes the EU's General Data Protection Regulation, or GDPR, the Dutch said...

To allay privacy fears in Germany, Microsoft invested millions in a German cloud service, and in 2017 Hesse authorities said local schools could use Office 365. If German data remained in the country, that was fine, Hesse's data privacy commissioner, Michael Ronellenfitsch, said. But in August 2018 Microsoft decided to shut down the German service. So once again, data from local Office 365 users would be data transmitted over the Atlantic. Several US laws, including 2018's CLOUD Act and 2015's USA Freedom Act, give the US government more rights to ask for data from tech companies.
ZDNet also quotes Austrian digital-rights advocate Max Schrems, who summarizes the dilemma. "If data is sent to Microsoft in the US, it is subject to US mass-surveillance laws. This is illegal under EU law."

Two House lawmakers are pushing an amendment that would effectively defund a massive data collection program run by the National Security Agency unless the government promises to not intentionally collect data of Americans. TechCrunch reports: The bipartisan amendment -- just 15 lines in length -- would compel the government to not knowingly collect communications -- like emails, messages and browsing data -- on Americans without a warrant. Reps. Justin Amash (R-MI, 3rd) and Zoe Lofgren (D-CA, 19th) have already garnered the support from some of the largest civil liberties and rights groups, including the ACLU, the EFF, FreedomWorks, New America and the Sunlight Foundation.

Under the current statute, the NSA can use its Section 702 powers to collect and store the communications of foreign targets located outside the U.S. by tapping into the fiber cables owned and run by U.S. telecom giants. But this massive data collection effort also inadvertently vacuums up Americans' data, who are typically protected from unwarranted searches under the Fourth Amendment. The government has consistently denied to release the number of how many Americans are caught up in the NSA's data collection. For the 2018 calendar year, the government said it made more than 9,600 warrantless searches of Americans' communications, up 28% year-over-year.

AmiMoJo shares an article by Cory Doctorow: Wednesday, Youtube announced that it would shut down, demonetize and otherwise punish channels that promoted violent extremism, "supremacy" and other forms of hateful expression; predictably enough, this crackdown has caught some of the world's leading human rights campaigners, who publish Youtube channels full of examples of human rights abuses in order to document them and prompt the public and governments to take action....

Some timely reading: Caught in the Net: The Impact of "Extremist" Speech Regulations on Human Rights Content, a report by the Electronic Frontier Foundation's Jillian C York: "The examples highlighted in this document show that casting a wide net into the Internet with faulty automated moderation technology not only captures content deemed extremist, but also inadvertently captures useful content like human rights documentation, thus shrinking the democratic sphere. No proponent of automated content moderation has provided a satisfactory solution to this problem."
A British history teacher living in Romania complained Wednesday that his YouTube channel had been banned completely from YouTube, possibly over its documenting of propaganda speeches from World War II. He tweeted that he was frustrated that "15 years of materials for #HistoryTeacher community have ended so abruptly."

Later that same day, his account was restored -- but he's still concerned about other YouTube accounts. "It's absolutely vital that @YouTube work to undo the damage caused by their indiscriminate implementation as soon as possible," he tweeted Wednesday. "Access to important material is being denied wholesale as many other channels are left branded as promoting hate when they do nothing of the sort."

An anonymous reader quotes a report from Vice News: Google has found itself under fire for plans to limit the effectiveness of popular ad blocking extensions in Chrome. While Google says the changes are necessary to protect the "user experience" and improve extension security, developers and consumer advocates say the company's real motive is money and control. In the wake of ongoing backlash to the proposal, Chrome software security engineer Chris Palmer took to Twitter this week to claim the move was intended to help improve the end-user browsing experience, and paid enterprise users would be exempt from the changes.

Chrome security leader Justin Schuh also said the changes were driven by privacy and security concerns. Adblock developers, however, aren't buying it. uBlock Origin developer Raymond Hill, for example, argued this week that if user experience was the goal, there were other solutions that wouldn't hamstring existing extensions. "Web pages load slow because of bloat, not because of the blocking ability of the webRequest API -- at least for well crafted extensions," Hill said. Hill said that Google's motivation here had little to do with the end user experience, and far more to do with protecting advertising revenues from the rising popularity of adblock extensions. The team behind the EFF's Privacy Badger ad-blocking extension also spoke out against the changes. "Google's claim that these new limitations are needed to improve performance is at odds with the state of the internet," the organization said. "Sites today are bloated with trackers that consume data and slow down the user experience. Tracker blockers have improved the performance and user experience of many sites and the user experience. Why not let independent developers innovate where the Chrome team isn't?"

Online free speech has been given a victory, with a federal court ruling that a Redditor can remain anonymous in a copyright lawsuit. From a report: This means anyone from around the globe who posts on Reddit can still rely on First Amendment protections for anonymous free speech, because Reddit is a US platform with a US audience. The Electronic Frontier Foundation fought on behalf of Reddit commenter Darkspilver, a Jehovah's Witness who posted public and internal documents from The Watch Tower Bible and Tract Society online. Watch Tower subpoenaed Reddit to provide identity information on Darkspilver for the court case, but the EFF filed a motion to quash this, citing "deep concerns that disclosure of their identity would cause them to be disfellowshipped by their community." In February 2019, Darkspilver posted an advertisement by the Jehovah's Witness organization that asks for donations, as well as a chart showing what personal data the organization keeps. Watch Tower said both of these were copyrighted items. The Redditor argued it was fair use, because he posted the ad for commentary and criticism purposes.

An anonymous reader quotes the Washington Post: Venky Ganesan, a partner at technology investor Menlo Ventures, told The Washington Post that the White House's new survey about bias on social media is "pure kabuki theatre" and an attempt to curry political points with conservatives. He said the Trump administration's repeated accusations that tech companies censor conservative voices are unfounded because even though most Silicon Valley executives are liberal or libertarian, they wouldn't let politics get in the way of their primary goal: making money...

The Internet Association, a trade association representing Facebook, Google and other tech companies, also pushed back on President Trump's repeated accusations that their products are biased against conservatives. The association says the platforms are open and enable the speech of all Americans -- including the president himself. "That's why the president uses Twitter so much," said Michael Beckerman, the Internet Association's chief executive. "He actually used Twitter for this particular announcement, which is perhaps ironic."
The article adds that the Trump administration "declined to tell The Washington Post what it planned to do with the data it's amassing." But on Twitter the New York Times technology columnist Kevin Roose argued that the survey "is just going to be used to assemble a voter file, which Trump will then pay Facebook millions of dollars to target with ads about how biased Facebook is."

Vice also believes it's a "craven data collection ploy" and "an elaborate way of getting people to subscribe to the White House's email list," adding "If this whole enterprise feels shady, that's because it is... The site isn't even hosted on a government server, but was created with Typeform, a Spain-based web tool that lets anyone set up simple surveys." Mashable also notes that the site "also just so happens to have an absolutely bonkers privacy policy" which includes allowing the White House to edit everything that's submitted.

Click here to read even more reactions.

Despite the spread of anti-vaccine misinformation, "censorship cannot be the only answer," argues the EFF, adding that "removing entire categories of speech from a platform does little to solve the underlying problems."

"Tech companies and online platforms have other ways to address the rapid spread of disinformation, including addressing the algorithmic 'megaphone' at the heart of the problem and giving users control over their own feeds... " Anti-vax information is able to thrive online in part because it exists in a data void in which available information about vaccines online is "limited, non-existent, or deeply problematic." Because the merit of vaccines has long been considered a decided issue, there is little recent scientific literature or educational material to take on the current mountains of disinformation. Thus, someone searching for recent literature on vaccines will likely find more anti-vax content than empirical medical research supporting vaccines. Censoring anti-vax disinformation won't address this problem.

Even attempts at the impossible task of wiping anti-vax disinformation from the Internet entirely will put it beyond the reach of researchers, public health professionals, and others who need to be able to study it and understand how it spreads. In a worst-case scenario, well-intentioned bans on anti-vax content could actually make this problem worse. Facebook, for example, has over-adjusted in the past to the detriment of legitimate educational health content...

Platforms must address one of the root causes behind disinformation's spread online: the algorithms that decide what content users see and when. And they should start by empowering users with more individualized tools that let them understand and control the information they see.... Users shouldn't be held hostage to a platform's proprietary algorithm. Instead of serving everyone "one algorithm to rule them all" and giving users just a few opportunities to tweak it, platforms should open up their APIs to allow users to create their own filtering rules for their own algorithms. News outlets, educational institutions, community groups, and individuals should all be able to create their own feeds, allowing users to choose who they trust to curate their information and share their preferences with their communities.

The right for Californians to control the private data that tech companies hold on them may be undermined today at a critical committee hearing in Sacramento. The Register reports: The Privacy And Consumer Protection Committee will hold a special hearing on Tuesday afternoon to discuss and vote on nine proposed amendments to the California Consumer Privacy Act (CCPA) -- which was passed last year in the U.S. state but has yet to come into force. Right now, the legislation is undergoing tweaks at the committee stage. Privacy advocates are warning that most of the proposals before the privacy committee are influenced by the very industry that the law was supposed to constrain: big tech companies like Google, Facebook, and Amazon.

In most cases, the amendments seek to add carefully worded exemptions to the law that would benefit business at the cost of consumer rights. But most upsetting to privacy folk is the withdrawal of an amendment by Assembly member Buffy Wicks (D-15th District) that incorporated changes that would enhance consumer data privacy rights. Wicks' proposal would have given consumers more of a say of what is done with their personal data and more power to sue companies that break the rules. But the Assembly member pulled the measure the day before the hearing because it was not going to get the necessary votes. If a measure is voted down it cannot be reintroduced in that legislative session.

An anonymous reader quotes CNBC: The emergence of sensor and other technologies that let businesses track, listen to and even watch employees while on company time is raising concern about corporate levels of surveillance... Earlier this year, Amazon received a patent for an ultrasonic bracelet that can detect a warehouse worker's location and monitor their interaction with inventory bins by using ultrasonic sound pulses. The system can track when and where workers put in or remove items from the bins. An Amazon spokesperson said the company has "no plans to introduce this technology" but that, if implemented in the future, could free up associates' hands, which now hold scanners to check and fulfill orders.

Walmart last year patented a system that lets the retail giant listen in on workers and customers. The system can track employee "performance metrics" and ensure that employees are performing their jobs efficiently and correctly by listening for sounds such as rustling of bags or beeps of scanners at the checkout line and can determine the number of items placed in bags and number of bags. Sensors can also capture sounds from guests talking while in line and determine whether employees are greeting guests. Walmart spokesman Kory Lundberg said the company doesn't have any immediate plans to implement the system.

Logistics company UPS has been using sensors in their delivery trucks to track usage to make sure drivers are wearing seat belts and maintenance is up to date.

Companies are also starting to analyze digital data, such as emails and calendar info, in the hopes of squeezing more productivity out of their workers. Microsoft's Workplace Analytics lets employers monitor data such as time spent on email, meeting time or time spent working after hours. Several enterprises, including Freddie Mac and CBRE, have tested the system.
A senior staff attorney for the EFF argues that new consumer privacy laws may not apply to employees. The article also cites a recent survey by Accenture in which 62% of executives "said their companies are using new technologies to collect data on people -- from the quality of work to safety and well-being" -- even though "fewer than a third said they feel confident they are using the data responsibly."

Yet the leader of Accenture's talent and organization practice argues that workforce data "could boost revenue by 6.4%. This has encouraged workers to be open to responsible use of data, but they want to know that they will get benefits and return on their time."

American entertainment giant Starz is continuing to remove tweets that link to a TorrentFreak news report about leaked TV-shows. From a report: Last week we posted a news article documenting how several TV-show episodes had leaked online before their official release. Due to the leaks, complete seasons of unreleased TV-shows such as "The Spanish Princess," "Ramy," and "The Red Line," surfaced on pirate sites. In most cases, there were visible signs revealing that the leaks were sourced from promotional screeners. The leaks also hit Starz, as three then-unreleased episodes from its TV series "American Gods" appeared online as well. The American entertainment company was obviously not happy with that, but its response was rather unconventional.

Soon after the news was published, Starz issued a takedown request through The Social Element Agency, requesting Twitter to remove our tweet to our own article. Twitter was quick to comply and removed the tweet that supposedly infringed Starz copyrights. We disagreed. The article in question never linked to any infringing material. It did include a screenshot from a leaked episode, showing the screener watermarks, but those watermarks were central to the story, as we explained in a follow-up piece. The good news is that many legal scholars, journalists, and lawyers agree with our stance. The Electronic Frontier Foundation (EFF), for example, responded that Starz has no right to silence TorrentFreak and also shared that opinion on Twitter, where many others chimed in as well. That's when things started to spiral out of control. Starz takedown efforts only encouraged more people to share the original story about the leaks, which is a classic example of the 'Streisand Effect'. However, Starz didn't budge and issued takedown notices against those tweets as well.

An anonymous reader quotes a senior investigative researcher at the EFF: Despite Facebook's repeated warnings that law enforcement is required to use "authentic identities" on the social media platform, cops continue to create fake and impersonator accounts to secretly spy on users. By pretending to be someone else, cops are able to sneak past the privacy walls users put up and bypass legal requirements that might require a warrant to obtain that same information...

EFF is now calling on Facebook to escalate the matter with law enforcement in the United States. Facebook should take the following actions to address the proliferation of fake/impersonator Facebook accounts operated by law enforcement, in addition to suspending the fake accounts.

- As part of its regular transparency reports, Facebook should publish data on the number of fake/impersonator law enforcement accounts identified, what agencies they belonged to, and what action was taken.

- When a fake/impersonator account is identified, Facebook should alert the users and groups that interacted with the account whether directly or indirectly.
The article also suggests updating Facebook's Terms of Service to explicitly prohibit fake/impersonator profiles by law enforcement groups, and updating Facebook pages of law enforcement groups to inform visitors when those groups have a written policy allowing fake/impersonator law enforcement accounts. "These four changes are relatively light lifts that would enhance transparency and establish real consequences for agencies that deliberately violate the rules..."

"Facebook's practice of taking down these individual accounts when they learn about them from the press (or from EFF) is insufficient to deter what we believe is a much larger iceberg beneath the surface."

EU lawmakers today endorsed an overhaul of the bloc's two-decade old copyright rules, which will force Google and Facebook to pay publishers for use of news snippets and make them filter out protected content. From a report: The set of copyright rules known as the Directive on Copyright in the Digital Single Market, but more succinctly as the EU Copyright Directive, has been debated and discussed for several years. While it is broadly uncontroversial in many regards, there are two facets to the directive that has caused the internet to freak out. Article 11, which has been dubbed the "link tax," stipulates that websites pay publishers a fee if they display excerpts of copyrighted content -- or even link to it. This obviously could have big ramifications for services such as Google News. Then there is Article 13, dubbed the "upload filter," which would effectively make digital platforms legally liable for any copyright infringements on their platform, which has stoked fears that it would stop people from sharing content -- such as GIF-infused memes -- on social networks. In a statement, EFF said, "In a stunning rejection of the will five million online petitioners, and over 100,000 protestors this weekend, the European Parliament has abandoned common-sense and the advice of academics, technologists, and UN human rights experts, and approved the Copyright in the Digital Single Market Directive in its entirety."

The Electronic Frontier Foundation has published a new report calling for a "fiber for all" plan to combat the broadband access crisis in the United States. Government data and independent analysis show we are falling behind the rest of the developed world in this area, and "the U.S. is the only country that believes having no plan will solve this issue," writes Ernesto Falcon from the EFF. "We are the only country to completely abandon federal oversight of an uncompetitive, highly concentrated market that sells critical services to all people, yet we expect widely available, affordable, ultra-fast services. But if you live in a low-income neighborhood or in a rural market today, you know very well this is not working and the status quo is going to cement in your local broadband options to either one choice or no choice." From the report: Very small ISPs and local governments with limited budgets are at the frontline of deploying fiber to the home to fix these problems, but policymakers from the federal, state, and local level need to step up and lead. At least 19 states still have laws that prohibit local governments from deploying community broadband projects. Worst yet, both AT&T and Verizon are actively asking the FCC to make it even harder for small private ISPs to deploy fiber, so that the big incumbents can raise prices and suppress competition, a proposal EFF has urged the FCC to reject.

This is why we need to push our elected officials and regulators for a fiber-for-all-people plan to ensure everyone can obtain the next generation of broadband access. Otherwise, the next generation of applications and services won't be usable in most of the United States. They will be built instead for markets with better, faster, cheaper, and more accessible broadband. This dire outcome was the central thesis to a recently published book by Professor Susan Crawford (appropriately named Fiber) and EFF agrees with its findings. If American policymakers do not remedy the failings in the US market and actively pursue ways to drive fiber deployment with the goal of universal coverage, then a staggering number of Americans will miss out on the latest innovations that will occur on the Internet because it will be inaccessible or too expensive. As a result, we will see a worsening of the digital divide as advances in virtual reality, cloud computing, gaming, education, and things we have not invented yet are going to carry a monopoly price tag for a majority of us -- or just not be accessible here. This does not have to be so, but it requires federal, state, and local governments to get to work on policies that promote fiber infrastructure to all people. Most of the talk lately has been about 5G networks, but the less-spoken truth about these networks is that they need dense fiber networks to make them work. "One estimate on the amount of fiber investment that needs to occur is as much as $150 billion -- including fiber to the home deployments -- in the near future, and we are far below that level of commitment to fiber," the report says.

Long-time Slashdot reader retroworks shared this EFF article: Although relatively little news gets out of Xinjiang to the rest of the world, we've known for over a year that China has been testing facial-recognition tracking and alert systems across Xinjiang and mandating the collection of biometric data -- including DNA samples, voice samples, fingerprints, and iris scans -- from all residents between the ages of 12 and 65... Earlier this month, security researcher Victor Gevers found and disclosed an exposed database live-tracking the locations of about 2.6 million residents of Xinjiang, China, offering a window into what a digital surveillance state looks like in the 21st century...

Over a period of 24 hours, 6.7 million individual GPS coordinates were streamed to and collected by the database, linking individuals to various public camera streams and identification checkpoints associated with location tags such as "hotel," "mosque," and "police station." The GPS coordinates were all located within Xinjiang. This database is owned by the company SenseNets, a private AI company advertising facial recognition and crowd analysis technologies. A couple of days later, Gevers reported a second open database tracking the movement of millions of cars and pedestrians. Violations like jaywalking, speeding, and going through a red-light are detected, trigger the camera to take a photo, and ping a WeChat API, presumably to try and tie the event to an identity.

China may have a working surveillance program in Xinjiang, but it's a shockingly insecure security state. Anyone with an Internet connection had access to this massive honeypot of information... Even poorly-executed surveillance is massively expensive, and Beijing is no doubt telling the people of Xinjiang that these investments are being made in the name of their own security. But the truth, revealed only through security failures and careful security research, tells a different story: China's leaders seem to care little for the privacy, or the freedom, of millions of its citizens.
EFF also reports that a Chinese cybersecurity firm also recently discovered 468 exposed MongoDB servers on the internet, including databases containing detailed information about remote access consoles owned by China General Nuclear Power Group.

Meanwhile, ZDNet suggests that SenseNets may actually be "a government contractor, helping authorities track the Muslim minority, rather than a private company selling its product to another private entity. Otherwise, it would be hard to explain how SenseNets has access to ID card information and camera feeds from police stations and other government buildings."

A federal judge has blocked Washington State's 2004 cyberstalking law after ruling that a key provision violated First Amendment protections for free speech due to vague terms. "Its prohibitions against speech meant to 'harass, intimidate, torment or embarrass' weren't clearly defined, according to the judge, and effectively criminalized a 'large range' of language guarded under the Constitution," reports Engadget. "You could theoretically face legal action just by criticizing a public figure." From the report: The ruling came after a retired Air Force Major, Richard Rynearson III, sued to have the law overturned. He claimed that Kitsap County threatened to prosecute him under the cyberstalking law for criticizing an activist involved with a memorial to Japanese victims of U.S. internment camps during World War II. While Rynearson would use "invective, ridicule, and harsh language," the judge said, his language was neither threatening nor obscene.

Officials had contended that the law held up because it targeted conduct, not the speech itself. They also maintained that Rynearson hadn't shown evidence of a serious threat -- just that the prosecutor's office would see how Rynearson behaved and take action if necessary. A county court had already tossed out the activist's restraining order against Rynearson over free speech. It's not clear whether Washington will appeal the decision. If the ruling stays, though, it could force legislators to significantly narrow the scope if it wants a cyberstalking law to remain in place. This might also set a precedent that could affect legislation elsewhere in the country. The Electronic Frontier Foundation praises the judge's decision, adding: "This is all valuable speech that is protected by the First Amendment, and no state law should be allowed to undermine these rights. We are pleased that the judge has agreed."