An anonymous reader quotes a report from Consumer Reports: A Consumer Reports investigation finds that TikTok, one of the country's most popular apps, is partnering with a growing number of other companies to hoover up data about people as they travel across the internet. That includes people who don't have TikTok accounts. These companies embed tiny TikTok trackers called "pixels" in their websites. Then TikTok uses the information gathered by all those pixels to help the companies target ads at potential customers, and to measure how well their ads work. To look into TikTok's use of online tracking, CR asked the security firm Disconnect to scan about 20,000 websites for the company's pixels. In our list, we included the 1,000 most popular websites overall, as well as some of the biggest sites with domains ending in ".org," ".edu," and ".gov." We wanted to look at those sites because they often deal with sensitive subjects. We found hundreds of organizations sharing data with TikTok.

If you go to the United Methodist Church's main website, TikTok hears about it. Interested in joining Weight Watchers? TikTok finds that out, too. The Arizona Department of Economic Security tells TikTok when you view pages concerned with domestic violence or food assistance. Even Planned Parenthood uses the trackers, automatically notifying TikTok about every person who goes to its website, though it doesn't share information from the pages where you can book an appointment. (None of those groups responded to requests for comment.) The number of TikTok trackers we saw was just a fraction of those we observed from Google and Meta. However, TikTok's advertising business is exploding, and experts say the data collection will probably grow along with it.

After Disconnect researchers conducted a broad search for TikTok trackers, we asked them to take a close look at what kind of information was being shared by 15 specific websites. We focused on sites where we thought people would have a particular expectation of privacy, such as advocacy organizations and hospitals, along with retailers and other kinds of companies. Disconnect found that data being transmitted to TikTok can include your IP address, a unique ID number, what page you're on, and what you're clicking, typing, or searching for, depending on how the website has been set up. What does TikTok do with all that information? "Like other platforms, the data we receive from advertisers is used to improve the effectiveness of our advertising services," says Melanie Bosselait, a TikTok spokesperson. The data "is not used to group individuals into particular interest categories for other advertisers to target." If TikTok receives data about someone who doesn't have a TikTok account, the company only uses that data for aggregated reports that they send to advertisers about their websites, she says. There's no independent way for consumers or privacy researchers to verify such statements. But TikTok's terms of service say its advertising customers aren't allowed to send the company certain kinds of sensitive information, such as data about children, health conditions, or finances. "We continuously work with our partners to avoid inadvertent transmission of such data," TikTok's Bosselait says. What can you do to protect your personal information? Consumer Reports recommends using privacy-protecting browser extensions like Disconnect, changing your browser's privacy settings to block trackers, and trying a more private browser like Firefox and Brave.

An anonymous reader quotes a report from the Guardian: The CIA used hundreds of websites for covert communications that were severely flawed and could have been identified by even an "amateur sleuth," according to security researchers. The flaws reportedly led to the death of more than two dozen US sources in China in 2011 and 2012 and also reportedly led Iran to execute or imprison other CIA assets. The new research was conducted by security experts at the Citizen Lab at the University of Toronto, which started investigating the matter after it received a tip from reporter Joel Schectmann at Reuters.

The group said it was not publishing a full detailed technical report of its findings to avoid putting CIA assets or employees at risk. But its limited findings raise serious doubts about the intelligence agency's handling of safety measures. Using just a single website and publicly available material, Citizen Lab said it identified a network of 885 websites that it attributed "with high confidence" as having been used by the CIA. It found that the websites purported to be concerned with news, weather, healthcare and other legitimate websites. "Knowing only one website, it is likely that while the websites were online, a motivated amateur sleuth could have mapped out the CIA network and attributed it to the US government," Citizen Lab said in a statement.

The websites were active between 2004 and 2013 and were probably not used by the CIA recently, but Citizen Lab said a subset of the websites were sill linked to active intelligence employees or assets, including a foreign contractor and a current state department employee. Citizen Lab added: "The reckless construction of this infrastructure by the CIA reportedly led directly to the identification and execution of assets, and undoubtedly risked the lives of countless other individuals. Our hope is that this research and our limited disclosure process will lead to accountability for this reckless behavior." CIA spokesperson Tammy Kupperman Thorp said: "CIA takes its obligations to protect the people who work with us extremely seriously and we know that many of them do so bravely, at great personal risk. The notion that CIA would not work as hard as possible to safeguard them is false."

Rights Alliance and ISPs have agreed to update their code of conduct to block pirate sites more quickly in Denmark. When one ISP receives an instruction to block a domain, a new process will see other ISPs follow in less than seven days. Meanwhile, Denmark's Telecommunications Industry Association is publishing files that reveal precisely which domains are being blocked. TorrentFreak reports: Both Rights Alliance and Teleindustrien (Telecommunications Industry Association in Denmark) have published copies of the new Code of Conduct but neither explain how the new system will work. Indeed, the CoC contains a paragraph that explains that a section detailing the individual steps, procedures and criteria, has been withheld "in order to achieve the purpose of the agreement." Given that Denmark's blocking program is DNS-based, it's trivial for ISPs to modify local DNS entries to redirect pirate site visitors to Share With Care (SWC), a portal designed to encourage pirates back on to the legal path of authorized content services. Somewhat intrigued by the apparent need for secrecy, we took a closer look at Teleindustrien and to our surprise, found the complete opposite.

It appears that when ISPs are ordered to block domains for any reason, Teleindustrien goes public with three things: the laws under which the blocking was ordered, who ordered the blocking, and which domains were blocked in response. For example, the telecoms industry group details recent blocks associated with the Ukraine conflict (including RT.com and sputniknews.com) and publishes the domains to an easily downloadable .csv file -- perfect for ISPs looking to implement DNS blocking. Another .csv file is published for gambling site domains deemed illegal in Denmark, 183 according to the latest batch.

The data relating to Denmark's pirate site blocking program reveals how quickly it has expanded over the years. In 2017, Danish ISPs were blocking around 100 pirate sites, a figure that jumped to 478 in 2020. The latest .csv file containing the list of blocked piracy domains is dated September 27, 2022. It contains 892 URLs -- some of them domains in their own right and others representing sub-domains on various sites dedicated to unblocking. It's unclear how the new streamlining provisions in the revised Code of Conduct can beat pulling a plain text file from a website but Teleindustrian also provides the data in PDF format (PDF) for the Adobe fans out there.

An anonymous reader quotes a report from TechCrunch: Dubbed the Facial Recognition Act, the bill would compel law enforcement to obtain a judge-authorized warrant before using facial recognition. By adding the warrant requirement, law enforcement would first have to show a court it has probable cause that a person has committed a serious crime, rather than allowing largely unrestricted use of facial recognition under the existing legal regime. The bill also puts other limits on what law enforcement can use facial recognition for, such as immigration enforcement or peaceful protests, or using a facial recognition match as the sole basis for establishing probable cause for someone's arrest.

If passed, the bill would also require law enforcement to annually test and audit their facial recognition systems, and provide detailed reports of how facial recognition systems are used in prosecutions. It would also require police departments and agencies to purge databases of photos of children who were subsequently released without charge, whose charges were dismissed or were acquitted. [...] The bill has so far received glowing support from privacy advocates, rights groups and law enforcement-adjacent groups and organizations alike. Woodrow Hartzog, a law professor at Boston University, praised the bill for strengthening baseline rules and protections across the U.S. "without preempting more stringent limitations elsewhere."

An anonymous reader quotes a report from the Associated Press: A New York City man is suing an Atlantic City casino, its parent company and its online betting partner, alleging he was repeatedly disconnected while gambling online, and was given payments to prevent him from reporting the malfunctions to New Jersey gambling regulators during a nine-month span in which he wagered over $29 million. Sam Antar says he is a compulsive gambler -- a fact he says was well-known to defendants in the case including the Borgata casino, MGM Resorts International, and its online partner Entain. In a lawsuit filed Wednesday in state Superior Court in Middlesex County, Antar accuses the defendants of fraud, racketeering and other transgressions. His lawsuit asserts that he experienced thousands of disconnections from the online platforms, often when he had a winning hand that was then wiped out.

His lawyer, Christopher Gramiccioni, said Antar experienced a disconnection rate approaching 50% during the nine months covered by the lawsuit. He added Antar, 46, had lost "easily hundreds of thousands of dollars" during that time. "It's one thing if you have technical issues intermittently," said Gramiccioni, a former Monmouth County prosecutor. "It is quite another when you have them 50% of the time. The casino did not take corrective action as required. They kept doubling down and giving him $30,000 a month, feeding him extra money to try to avoid scrutiny by the regulatory agencies."

In his lawsuit, Antar claims he alerted numerous employees and officials with the gambling companies to the fact that there was a serious, recurring problem with disconnections, but that they knowingly kept malfunctioning games available to the public because they were too profitable to take down. He says his complaints were made to local supervisors and VIP hosts, an online complaint portal, and even to the president of the casino and the CEO of its parent company. He also claims the companies paid him near-daily bonuses totaling $30,000 a month to keep him playing and to entice him not to report problems with the games to the New Jersey Division of Gaming Enforcement. [...] Antar said employees acknowledged problems with the system were affecting other customers as well. In a July 17, 2019 text and email conversation, Antar quotes one as telling him "other players are not getting anywhere near what you are getting" in terms of compensation for being kicked offline while gambling. "In 2013, Sam Antar was sentenced to 21 months in federal prison for taking $225,000 in a fraudulent investment scheme" to feed his compulsive gambling habit, notes the report.

A former National Security Agency employee was arrested on Wednesday for spying on the U.S. government on behalf of a foreign government. Nextgov reports: Jareh Sebastian Dalke, 30, was arrested in Denver, Colorado after allegedly committing three separate violations of the Espionage Act. Law enforcement allege that the violations were committed between August and September of 2022, after he worked as a information systems security designer at the agency earlier that summer. Dalke allegedly used an encrypted email account to leak sensitive and classified documents he obtained while working at the NSA to an individual who claimed to have worked for a foreign government.

The individual who received the documents was later revealed to be an undercover FBI agent. Dalke was arrested in September upon arriving at the location where he and the undercover agent agreed to exchange documentation for $85,000 in compensation. "Dalke told that individual that he had taken highly sensitive information relating to foreign targeting of U.S. systems, and information on U.S. cyber operations, among other topics," the press release from the Department of Justice reads. "To prove he had access to sensitive information, Dalke transmitted excerpts of three classified documents to the undercover FBI agent. Each excerpt contained classification markings." "Should Dalke be found guilty, his sentence could include the dealth penalty or any term of years up to life imprisonment," notes the report.

An anonymous reader quotes a report from the BBC: Doreen Bogdan-Martin has become the first woman to be elected as secretary-general of the International Telecommunication Union (ITU). The ITU is the main technology agency within the UN. Originally founded in 1865 to manage the first international telegraph networks, the ITU now has an important role in facilitating the use of radio, satellite and the internet. Ms Bogdan-Martin beat her Russian rival Rashid Ismailov by 139 votes to 25. The American will succeed Houlin Zhao, who has been in the role since 2014, when her term begins on January 1, 2023. She will be taking the reins of the oldest UN agency, which is responsible for many facets of international communications. These include assigning satellite orbits globally, co-ordinating technical standards, and improving infrastructure in the developing world. There had been concerns ahead of the election because Ms Bogdan-Martin's opponent had previously called for international regulation of the internet.

In her previous role as director of the ITU's Telecommunication Development bureau, Ms Bogdan-Martin's remit included job creation, digital skills development, diversity, and gender equality. Her candidacy for the top job was endorsed by US President Joe Biden, who said she had the "integrity, experience, and vision necessary to transform the digital landscape." "She understands the importance of connecting every school to the internet and making sure every student can access virtual learning, providing women and girls the digital tools they need to succeed, and extending the benefits of online health and educational resources," he said in a statement. "Whether it's today's children or our children's children, we need to provide them with a strong and stable foundation for growth," Ms Bogdan-Martin said following her win. "The world is facing significant challenges -- escalating conflicts, a climate crisis, food security, gender inequalities, and 2.7 billion people with no access to the internet."

The European Commission on Wednesday proposed rules making it easier for individuals and companies to sue makers of drones, robots and other products equipped with artificial intelligence software for compensation for harm caused by them. Reuters reports: The AI Liability Directive aims to address the increasing use of AI-enabled products and services and the patchwork of national rules across the 27-country European Union. Under the draft rules, victims can seek compensation for harm to their life, property, health and privacy due to the fault or omission of a provider, developer or user of AI technology, or for discrimination in a recruitment process using AI.

The rules lighten the burden of proof on victims with a "presumption of causality", which means victims only need to show that a manufacturer or user's failure to comply with certain requirements caused the harm and then link this to the AI technology in their lawsuit. Under a "right of access to evidence," victims can ask a court to order companies and suppliers to provide information about high-risk AI systems so that they can identify the liable person and the fault that caused the damage.

The Commission also announced an update to the Product Liability Directive that means manufacturers will be liable for all unsafe products, tangible and intangible, including software and digital services, and also after the products are sold. Users can sue for compensation when software updates render their smart-home products unsafe or when manufacturers fail to fix cybersecurity gaps. Those with unsafe non-EU products will be able to sue the manufacturer's EU representative for compensation. The AI Liability Directive will need to be agreed with EU countries and EU lawmakers before it can become law.

The head of WhatsApp has warned UK ministers that moves to undermine encryption in a relaunched online safety bill would threaten the security of the government's own communications and embolden authoritarian regimes. From a report: In an interview with the Financial Times, Will Cathcart, who runs the Meta-owned messaging app, insisted that alternative techniques were available to protect children using WhatsApp, without having to abandon the underlying security technology that safeguards its more than 2bn users. The UK's bill, which the government argues will make the internet safer, has become a focus of global debate over whether companies such as Google, Meta and Twitter should be forced to proactively scan and remove harmful content on their networks.

Tech companies claim it is not technically possible for encrypted messaging apps to scan for material such as child pornography without undermining the security of the entire network, which prevents anyone -- including platform operators -- from reading users' messages. Cathcart said the UK's ultimate position on the issue would have a global impact. "If the UK decides that it is OK for a government to get rid of encryption, there are governments all around the world that will do exactly the same thing, where liberal democracy is not as strong, where there are different concerns that really implicate deep-seated human rights," he said, citing Hong Kong as a potential example.

The U.S. Transportation Department on Tuesday said it approved electric vehicle charging station plans for all 50 states, Washington, D.C., and Puerto Rico covering roughly 75,000 miles of highways. CNBC reports: Earlier this year, the Biden administration allocated $5 billion to states to fund EV chargers over five years along interstate highways as part of the bipartisan infrastructure package. Under the plan, entitled the National Electric Vehicle Infrastructure Formula Program, states provided their EV infrastructure deployment proposals to the Joint Office of Energy and Transportation. States are now approved to construct a network of EV charging stations along designated alternative fuel corridors on the national highway system and have access to more than $1.5 billion to help build the chargers.

It's unclear how many charging stations the funds will support, and states have not yet shared specific charger locations. Transportation Department officials have said that states should install stations every 50 miles and ensure each station is located within one mile of an interstate highway. "We have approved plans for all 50 States, Puerto Rico and the District of Columbia to help ensure that Americans in every part of the country -- from the largest cities to the most rural communities -- can be positioned to unlock the savings and benefits of electric vehicles," Transportation Secretary Pete Buttigieg said in a statement.

Oracle has paid $23 million to the US Securities and Exchange Commission to settle corruption charges that subsidiaries in Turkey, United Arab Emirates and India used "slush funds" to bribe foreign officials to win business. The Register reports: The SEC said on Tuesday that Big Red violated provisions of the Foreign Corrupt Practices Act (FCPA) during a three-year period between 2016 and 2019. The cash that was apparently surreptitiously set aside was also spent on paying for foreign officials to attend technology conferences, which breaks Oracle's own internal policies and procedures. And the SEC said that in some instances, it found Oracle staff at the Turkish subsidiary had spent the funds on taking officials' families with them on International conferences or side trips to California.

"The creation of off-books slush funds inherently gives rise to the risk those funds will be used improperly, which is exactly what happened here at Oracle's Turkey, UAE, and India subsidiaries," said Charles Cain, FCPA unit chief at the SEC. "This matter highlights the critical need for effective internal accounting controls throughout the entirety of a company's operations," he added. Oracle, without admitting or denying the findings of the SEC's investigation, has agreed to "cease and desist from committing violations" of the anti-bribery, books and records, and internal accounting controls of the FCPA, said the Commission.

An anonymous reader quotes a report from Bloomberg: Senior House Democrats are poised to introduce long-promised legislation to restrict stock ownership and trading by members of Congress, senior government officials and Supreme Court justices. The bill would apply to the spouses and dependent children of those officials, according to an outline sent to lawmaker offices last week by House Administration Chair Zoe Lofgren. The restrictions also cover "commodities, futures, cryptocurrency, and other similar investments," according to the outline. The legislation would require public officials to either divest current holdings or put them in a blind trust. Investments in mutual funds or other widely held investment funds and government bonds would be allowed.

The bill may be released as soon as Monday, according to a person familiar with the matter. It hasn't been scheduled for a vote, though House Majority Leader Steny Hoyer has said it's possible it could come to the floor this week in the middle of an already jam-packed schedule before lawmakers go on break ahead of the November midterm election. While conservative Republicans and progressive Democrats alike have been clamoring for restrictions on stock trades by members of Congress to avoid conflicts of interest, legislation has been hung up by questions about how broad to make the ban and whether to include family members. A group of senators is working on their own version of the legislation and there's little chance of Congress taking any final action before the midterms. [...]

Another potential point of contention is applying the requirements to the Supreme Court. The Congressional Research Service in an April report said that Congress imposing a code of conduct on the judiciary would "raise an array of legal questions," including whether it would violate the constitutional separation of powers. Justices and lower court judges already file annual financial disclosures and are barred from participating in cases where there's a direct conflict of interest. Despite that, the CRS report says that the Supreme Court has never directly addressed "whether Congress may subject Supreme Court Justices to financial reporting requirements or limitations upon the receipt of gifts." "The current law doesn't prohibit lawmakers from owning or trading individual securities, but it bans members of Congress from using nonpublic information available to them for personal benefit," notes the report. "It requires any transaction be disclosed within 45 days."

Further reading: TikTokers Are Trading Stocks By Copying What Members of Congress Do

Civil rights lawyers and Democratic senators are pushing for legislation that would limit U.S. law enforcement agencies' ability to buy cellphone tracking tools to follow people's whereabouts, including back years in time, and sometimes without a search warrant. From a report: Concerns about police use of the tool known as "Fog Reveal" raised in an investigation by The Associated Press published earlier this month also surfaced in a Federal Trade Commission hearing three weeks ago. Police agencies have been using the platform to search hundreds of billions of records gathered from 250 million mobile devices, and hoover up people's geolocation data to assemble so-called "patterns of life," according to thousands of pages of records about the company.

Sold by Virginia-based Fog Data Science LLC, Fog Reveal has been used since at least 2018 in criminal investigations ranging from the murder of a nurse in Arkansas to tracing the movements of a potential participant in the Jan. 6 insurrection at the Capitol. The tool is rarely, if ever, mentioned in court records, something that defense attorneys say makes it harder for them to properly defend their clients in cases in which the technology was used. Panelists and members of the public who took part in the FTC hearing also raised concerns about how data generated by popular apps is used for surveillance purposes, or "in some cases, being used to infer identity and cause direct harm to people in the real world, in the physical world and being repurposed for, as was mentioned earlier, law enforcement and national security purposes," said Stacey Gray, a senior director for U.S. programs for the Future of Privacy Forum.

The Securities and Exchange Commission is suing former MoviePass CEO Mitch Lowe and Ted Farnsworth, the former CEO of MoviePass' parent company, Helios and Matheson Analytics (HMNY), alleging they mislead investors that the company could make a profit at its $10-a-month plan. From a report: A complaint filed late Monday, reviewed by Insider, said the duo made "false or misleading statements" in financial filings and in the press. "Faced with debilitating negative cash flows -- rather than tell the public the truth -- Farnsworth and Lowe devised fraudulent tactics to prevent MoviePass's heavy users from using the service, and falsely and misleadingly informed the public that usage had declined naturally or due to measures the company had employed to combat subscribers' purported violations of MoviePass's terms and conditions of service," the complaint said. The lawsuit also named former MoviePass Vice President Khalid Itum as a defendant. The complaint accused Itum of submitting false invoices and receiving more than $310,000 from both MoviePass and HMNY.

U.S. lawmakers and TikTok are hammering out a plan, under which the short-form video app would make changes to its data security and governance without requiring its parent firm, China's ByteDance to sell it, the New York Times reported on Monday. Reuters reports: TikTok and the Biden administration have drafted a preliminary agreement to resolve national security concerns but are still deciding on a potential agreement, the Times reported, citing people familiar with the matter. A TikTok spokesperson declined to comment on the report but said the app was confident about being able to "fully satisfy all reasonable U.S. national security concerns." TikTok's parent company ByteDance was ordered to divest the company more than two years ago over fears that U.S. user data could be passed on to China's communist government.

Beijing's long-distance bus drivers have been told to wear electronic wristbands that use emotion-sensing technology to monitor their state of mind. From a report: The move was initiated by the state-run Beijing Public Transport Holding Group, which says it is aimed at protecting public safety. But legal experts have raised privacy concerns and say the wristbands could cause bus drivers undue distress and potentially lead to discrimination. Some 1,800 wristbands were distributed to bus drivers on cross-province and highway routes on Wednesday, the official Beijing Daily reported. It is unclear how many drivers will be required to wear the devices. The report said they would be used to monitor the drivers' vital signs and emotional state in real time to improve safety.

Following one of the biggest data breaches in Australian history, the government of Australia is planning to get stricter on requirements for disclosure of cyber attacks. From a report: On Monday, Prime Minister Anthony Albanese told Australian radio station 4BC that the government intended to overhaul privacy legislation so that any company suffering a data breach was required to share details with banks about customers who had potentially been affected in an effort to minimize fraud. Under current Australian privacy legislation, companies are prevented from sharing such details about their customers with third parties.

The policy announcement was made in the wake of a huge data breach last week, which affected Australia's second-largest telecom company, Optus. Hackers managed to access a vast amount of potentially sensitive information on up to 9.8 million Optus customers -- close to 40 percent of the Australian population. Leaked data included name, date of birth, address, contact information, and in some cases, driver's license or passport ID numbers. Reporting from ABC News Australia suggested the breach may have resulted from an improperly secured API that Optus developed to comply with regulations around providing users multifactor authentication options.

Interpol has issued a red notice for Do Kwon, requesting law enforcement agencies worldwide to search and arrest the Terraform Labs founder whose blockchain startup collapsed earlier this year. From a report: The collapse of Terra cryptocurrency (Luna) and the so-called stablecoin TerraUSD (UST) wiped out investors' $40 billion, prompting an uproar that caused the prosecutors to launch investigations into Kwon and his colleagues. He faces charges in South Korea, the prosecutors said Monday.

An anonymous reader shares a report: Are smartphones ever entirely secure? It depends on one's definition of "secure," particularly when dealing with corporate environments. Most companies with bring-your-own-device policies install apps or agents on workers' smartphones to help secure them, leveraging the management capabilities built into operating systems like Android and iOS. But those might not be sufficient. That's what Cloudflare argues, anyway, in the pitch for the new services it's launching this week. Today, the company announced Zero Trust SIM and Zero Trust for Mobile Operators, two product offerings targeting smartphone users, the companies securing corporate phones and the carriers selling data services. Let's start with Zero Trust SIM. Designed to secure all data packets leaving a smartphone, Zero Trust SIM -- once launched in the U.S. (to start) -- will be available as an eSIM deployable via existing mobile device management platforms to both iOS and Android devices. It'll be locked to a specific device, mitigating the risk of SIM-swapping attacks, and usable either in a standalone configuration or in tandem with Cloudflare's mobile agent, WARP.

In a recent email interview, Cloudflare CTO John Graham-Cumming made the case that Zero Trust SIM can accomplish what VPNs and other secure layers can't: cell-level protection. A SIM card can act as another security factor, and -- in combination with hardware keys -- make it nearly impossible to impersonate an employee, he argued. "Zero Trust SIM provides defense in depth. A VPN layer is one of those components, but doesn't remove the need to still deploy cellular connectivity across all of your mobile devices today, and traditional 'AnyConnect-style' VPNs do nothing to stop attackers moving laterally once they're inside the VPN," Graham-Cumming said. "We continue to see organizations breached due to challenges securing their applications and networks, and what was once a real-estate budget is quickly becoming a 'secure my remote and distributed workforce' budget from an IT security perspective." Specifically, Graham-Cumming said that Zero Trust SIM will enable Cloudflare to rewrite DNS requests leaving a device to instead use Cloudflare Gateway for DNS filtering.

An anonymous reader quotes a report from the Guardian: Richard Nixon and his wife, Pat, were exposed to potentially harmful radiation while staying at the US ambassador's residence in Moscow in 1959, according to declassified Secret Service documents. Nixon, who was vice-president at the time, was not informed of the threat, and the state department was only informed in 1976, when a member of his Secret Service detail, James Golden, revealed that detection equipment had measured significant levels of radiation in and around the Nixons' sleeping quarters at the residence, Spaso House. Golden said he was later told by the state department that he had been exposed to "massive dosages" of ionizing radiation produced by an atomic battery used by Soviet spies to power bugging devices hidden in the building. However, Golden had doubts about that explanation and it was not confirmed.

After Secret Service agents denounced Soviet dirty tricks in earshot of the listening devices in the residence, the radiation stopped. "We sat down on the beds facing each other and began berating the Russians in loud voices cursing them for pulling a trick like this and wondering in loud voices why they were taking us for fools and asking each other if they thought they were going to get away with doing this," Golden testified. Before his Moscow visit, Nixon was asked by another member of his Secret Service detail, John Sherwood, whether he wanted radiation detection devices taken on the trip. Sherwood pointed out that Soviet officials visiting the US had asked for Geiger counters. The vice-president turned down Geiger counters, but yes to more discreet dosimeters -- though he said he would not wear one himself and did not want it known that the matter had been discussed.

On the first evening of the visit, on 23 July 1959, the dosimeter readings climbed rapidly, leading a senior military official in the entourage, Adm Hyman Rickover, an expert on nuclear naval propulsion, to suspect that there had been a nuclear accident. Rickover and the US ambassador, Llewellyn Thompson, agreed not to tell Nixon. Golden was skeptical of the analysis by the state department's medical division that the radiation came from atomic batteries used to power listening devices inside Spaso House. He pointed out that the radiation had stopped while he was in the building, so no one could have come in and removed the batteries. He concluded the state department experts were not being frank with him. The incident was reported after Golden's revelations in 1976, but this is the first time the underlying documentation has been made available online, after a request to the Nixon presidential library from the National Security Archive at George Washington University.