EU

EU Set To Unveil Plans For Bloc-Wide Digital Wallet (reuters.com) 39

The European Union (EU) is set to unveil plans for a bloc-wide digital wallet on Wednesday, following requests from member states to find a safe way for citizens to access public and private services online, the Financial Times reported. Reuters reports: The app will allow citizens across the EU to securely access a range of private and public services with a single online ID, according to the FT report on Tuesday. The digital wallet will securely store payment details and passwords and allow citizens from all 27 countries to log onto local government websites or pay utility bills using a single recognized identity, the newspaper said, citing people with direct knowledge of the plans.

The EU-wide app can be accessed via fingerprint or retina scanning among other methods, and will also serve as a vault where users can store official documents like the driver's license, the newspaper reported. EU officials will enforce a structural separation to prevent companies that access user data from using the wallet for any other commercial activity such as marketing new products.

United States

Europe To US: Pass New Laws If You Want a Data-Transfer Deal (politico.eu) 42

The United States must pass new legislation to limit how its national security agencies access Europeans' data if Washington and Brussels are to hammer out a new deal on transferring people's digital information across the Atlantic, according to European Commission Vice President Vera Jourova. From a report: Speaking at POLITICO's AI summit on Monday, the Czech politician said the U.S. needed to create legally binding laws to provide European Union citizens' the ability to challenge bulk data collection by federal authorities in U.S. courts. The goal, she said, would be "to have legally binding rules, or rule, on the U.S. side guaranteeing this. It's of course the best and the strongest way to do that," said Jourova when asked if the Commission would accept a presidential executive order or would require new U.S. legislation to provide EU citizens with the power to sue over how U.S. national security agencies collected and used their data.
Government

Will America Confront the Kremlin Over SolarWinds' Latest Massive Phishing Attack? (apnews.com) 64

In the latest SolarWinds mass-phishing attack, "The highest percentage of emails went to the United States, but [incident response firm] Volexity also saw a significant number of victims in Europe..." according to Security Week.

In an article shared by Slashdot reader wiredmikey, they note that the attackers apparently compromised the Constant Contact account of USAID, an independent agency of the United States federal government that is primarily responsible for administering civilian foreign aid and development assistance — and then impersonated it in emails "to roughly 3,000 accounts across over 150 organizations in 24 countries."

So what happens next?

The Associated Press reports: The White House says it believes U.S. government agencies largely fended off the latest cyberespionage onslaught blamed on Russian intelligence operatives, saying the spear-phishing campaign should not further damage relations with Moscow ahead of next month's planned presidential summit. Officials downplayed the cyber assault as "basic phishing" in which hackers used malware-laden emails to target the computer systems of U.S. and foreign government agencies, think tanks and humanitarian groups.

Microsoft, which disclosed the effort late Thursday, said it believed most of the emails were blocked by automated systems that marked them as spam. As of Friday afternoon, the company said it was "not seeing evidence of any significant number of compromised organizations at this time."

Even so, the revelation of a new spy campaign so close to the June 16 summit between President Joe Biden and Russian counterpart Vladimir Putin adds to the urgency of White House efforts to confront the Kremlin over aggressive cyber activity that criminal indictments and diplomatic sanctions have done little to deter. "I don't think it'll create a new point of tension because the point of tension is already so big," said James Lewis, a senior vice president at the Center for Strategic and International Studies. "This clearly has to be on the summit agenda. The president has to lay down some markers" to make clear "that the days when you people could do whatever you want are over."

There's a famous story about Vladimir Putin meeting Joe Biden back in 2011. A decade earlier former U.S. president George W. Bush had said when he'd looked Putin in the eye, "I was able to get a sense of his soul." But as Biden tells it, when he'd met Putin (who was then Russia Prime Minister), "I said, 'Mr. Prime Minister, I'm looking into your eyes, and I don't think you have a soul.'"

"He looked back at me, and he smiled, and he said, 'We understand one another.'"
Privacy

Clearview AI Hit With Sweeping Legal Complaints Over Controversial Face Scraping in Europe (theverge.com) 10

Privacy International (PI) and several other European privacy and digital rights organizations announced today that they've filed legal complaints against the controversial facial recognition company Clearview AI. From a report: The complaints filed in France, Austria, Greece, Italy, and the United Kingdom say that the company's method of documenting and collecting data -- including images of faces it automatically extracts from public websites -- violates European privacy laws. New York-based Clearview claims to have built "the largest known database of 3+ billion facial images."

PI, NYOB, Hermes Center for Transparency and Digital Human Rights, and Homo Digitalis all claim that Clearview's data collection goes beyond what the average user would expect when using services like Instagram, LinkedIn, or YouTube. "Extracting our unique facial features or even sharing them with the police and other companies goes far beyond what we could ever expect as online users," said PI legal officer Ioannis Kouvakas in a joint statement.

Facebook

EU Set To Open Antitrust Probe Into Facebook's Classified Ads Business (cityam.com) 3

The EU is said to be on the brink of opening a formal antitrust investigation into Facebook following complaints from rivals about the platform's classified ads business. From a report: Regulators have already sent questions to Facebook and its competitors asking whether the social media site distorted the classified ads market by promoting its Marketplace services for free to its 2bn users. Facebook Marketplace, which launched in 2016, allows users to buy and sell goods to each other without fees. It is used by 800m Facebook users in 70 countries. The European Commission first started looking at the platform in 2019, asking companies whether they considered Marketplace as a close rival and how many visits to their sites came from ads placed on Facebook's platform. Classified ads rivals are said to have complained that Facebook used its market power to gain an advantage.
EU

EU Guidelines Target Tech Giants Over Monetising Disinformation (financialpost.com) 37

New stricter European Union guidelines will push Facebook, Google and other big tech companies to commit not to make money from advertising linked to disinformation. From a report: The European Commission said on Wednesday that its strengthened non-binding guidelines, which confirmed a May 19 Reuters report, set out a robust monitoring framework and clear performance indicators for firms to comply with. read more Concerns about the impact of disinformation have intensified during the COVID-19 pandemic and after claims about election fraud in the United States, with some critics pointing to the role of social media and tech giants in spreading it.

"Disinformation cannot remain a source of revenue. We need to see stronger commitments by online platforms, the entire advertising ecosystem and networks of fact-checkers," EU industry chief Thierry Breton said in a statement. "We need online platforms and other players to address the systemic risks of their services and algorithmic amplification, stop policing themselves alone and stop allowing to make money on disinformation, while fully preserving the freedom of speech," she said. Signatories to the code, which was introduced in 2018, include Google, Facebook, Twitter, Microsoft, Mozilla, TikTok and some advertising and tech lobbying groups.

Piracy

German 'Upload Filter' Law Sets Standards To Prevent Overblocking 31

AmiMoJo writes: The German Parliament has adopted new legislation that will implement the EU Copyright Directive into local law. This includes the controversial Article 17 that, according to some, would lead to overbroad upload filters. To deal with these concerns, the German law prevents 'minor' and limited use of copyrighted content from being blocked automatically. These 'presumably authorized' uploads should not be blocked automatically if they qualify for all of the selection criteria below:

1. The upload should use less than 50% of the original copyrighted work
2. The upload must use the copyrighted work in combination with other content
3. The use should be 'minor'

The term 'minor' applies to non-commercial uses of fewer than 15 seconds of video or audio, 160 characters of text, or 125 kB of graphics. If the use of a copyrighted work exceeds these 'minor' thresholds, it can still qualify as 'presumably authorized' when the uploader flags it as an exception.
Cellphones

Huawei Could Eavesdrop on 6.5 Million Dutch Cellphone Users Without their Knowledge (theconversation.com) 100

"Chinese technology provider Huawei was recently accused of being able to monitor all calls made using Dutch mobile operator KPN," writes the Conversation. Long-time Slashdot reader schwit1 shares their report: The revelations are from a secret 2010 report made by consultancy firm Capgemini, which KPN commissioned to evaluate the risks of working with Huawei infrastructure. While the full report on the issue has not been made public, journalists reporting on the story have outlined specific concerns that Huawei personnel in the Netherlands and China had access to security-essential parts of KPN's network - including the call data of millions of Dutch citizens - and that a lack of records meant KPN couldn't establish how often this happened... KPN essentially granted Huawei "administrator rights" to its mobile network by outsourcing work to the Chinese firm.

Legislation is only now catching up to prevent similar vulnerabilities in telecoms security...

Lower revenues force operators to carefully manage costs. This means that operators have been keen to outsource parts of their businesses to third parties, especially since the late 2000s. Large numbers of highly skilled engineers are an expensive liability to have on the balance sheet, and can often appear underused when things are running smoothly... , outsourcing by mobile operators is widespread. And firms in the UK and across Europe have often turned to Huawei to provide IT services and to help build core networks.

In 2010, Huawei was managing security-critical functions of KPN's core network.

Facebook

Facebook Loses Challenge To Irish Watchdog's Data Curbs (bloomberg.com) 16

Facebook lost a court fight over an initial order from a European Union privacy watchdog threatening its transfers of users' data across the Atlantic. From a report: An Irish court on Friday rejected the social network's challenge, saying it didn't establish "any basis" for calling into question the Irish Data Protection Commission's decision. The dispute is part of the fallout from July's shock decision at the EU's Court of Justice, which toppled the so-called Privacy Shield, an EU-approved trans-Atlantic transfer tool, over fears citizens' data isn't safe once shipped to the U.S. That EU court ruling was quickly followed by a preliminary order from the Irish authority telling Facebook it could no longer use an alternative tool, known as standard contractual clauses, to satisfy privacy rules when shipping data to the U.S.
EU

Apple Faces UK Class Action for App Store Overcharging (bloomberg.com) 35

Apple is facing a London lawsuit over claims it overcharged nearly 20 million U.K. customers for App Store purchases, yet another legal headache for the tech giant fighting lawsuits across the world. Bloomberg reports: Apple's 30% fee is "excessive" and "unlawful" the claimants said in a press release Tuesday. The claim, filed at London's Competition Appeal Tribunal on Monday, calls for the U.S. firm to compensate U.K. iPhone and iPad users for years of alleged overcharging. They estimate that Apple could face paying out in excess of 1.5 billion pounds ($2.1 billion). "Apple is abusing its dominance in the app store market, which in turn impacts U.K. consumers," Rachael Kent, the lead claimant in the case and a professor at King's College London. She teaches the ways in which consumers interact and depend upon digital platforms.

The legal challenges come as Apple faces a backlash -- with billions of dollars in revenue on the line -- from global regulators and some developers who say its fees and other policies are unjust and self-serving. Last month, the European Commission sent a statement of objections to the firm, laying out how it thinks Apple abused its power as the "gatekeeper" for music-streaming apps on its store. The suit alleges that Apple deliberately shuts out potential competition and forces ordinary users to use its own payment processing system, generating unlawfully excessive levels of profit for the company. The claimants say any U.K. user of an iPhone or iPad who purchased paid apps, subscriptions or made other in-app purchases since October 2015 is entitled to compensation.
"We believe this lawsuit is meritless and welcome the opportunity to discuss with the court our unwavering commitment to consumers and the many benefits the App Store has delivered to the U.K.'s innovation economy," Apple said in an emailed statement. "The commission charged by the App Store is very much in the mainstream of those charged by all other digital marketplaces," Apple said. "In fact, 84% of apps on the App Store are free and developers pay Apple nothing. And for the vast majority of developers who do pay Apple a commission because they are selling a digital good or service, they are eligible for a commission rate of 15%."
Earth

Millennials are Taking Governments to Court over Climate Change. And They're Starting to Win (cnnphilippines.com) 240

CNN tells the story of Luisa Neubauer, a 25-year-old woman who took the German government to court last year — and won: On April 29, the country's Supreme Court announced that some provisions of the 2019 climate change act were unconstitutional and "incompatible with fundamental rights," because they lacked a detailed plan for reducing emissions and placed the burden for future climate action on young people. The court ordered the government to come up with new provisions that "specify in greater detail how the reduction targets for greenhouse gas emissions" by the end of next year. The decision made headlines across the world...

"This case changes everything," she said. "It's not nice to have climate action, it's our fundamental right that the government protects us from the climate crisis...."

Climate lawsuits are becoming an increasingly popular and powerful tool for climate change activists. A January report released by the United Nations Environment Programme found that the number of climate litigation cases filed around the world nearly doubled between 2017 and 2020. Crucially, the governments are starting to lose. Neubauer's victory came just months after a court in Paris ruled that France was legally responsible for its failure to meet emission cutting targets. Another similar case involving six young people from Portugal was fast-tracked at the European Court of Human Rights last October...

The cases are most often centered around the idea that future generations have a right to live in a world that is not completely decimated by the climate crisis.

Long-time Slashdot reader AmiMoJo shares an Ars Technica story noting that in addition to the German suit, "A similar lawsuit in the U.S. has been winding its way through the courts." First filed in 2015 on behalf of a group of children and teenagers, the suit accused the U.S. government of violating the plaintiffs' constitutional rights to life, liberty, and property by not taking stronger action on climate change.
EU

Bayer Loses Fight Over Chemicals EU Blamed For Killing Bees (bloomberg.com) 50

Bayer AG lost its fight to topple a European Union ban on controversial insecticides that regulators blame for killing honeybees. Bloomberg reports: The EU Court of Justice dismissed the appeal, finding there were no legal errors in the European Commission's decision to impose restrictions on the substances' use, based on concerns that the chemicals posed "high acute risks for bees" and "the survival and development of colonies in several crops." Bayer and Syngenta AG in 2018 already lost a first round in court after telling judges that the EU ban on three so-called neonicotinoids forced farmers to revert to potentially more harmful chemicals. Bayer appealed one more time.

The EU's decision five years earlier imposed limits on the use of three neonics -- clothianidin, imidacloprid and thiametoxam -- saying they were "harmful" to Europe's honeybee population when used to treat flowering plants with nectar that attracts the insects. The court ruled on Thursday the commission "is entitled to consider that a risk to the colonies could not be ruled out" even if there is "scientific uncertainty at this stage as to the rate of mortality of individual bees." EU governments in 2018 voted in favor of widening the ban of neonicotinoids to apply everywhere, except for greenhouses. The commission has described the chemicals as "systemic," causing the entire plant to become toxic to bees.

Businesses

FTC Report Blasts Manufacturers For Restricting Product Repairs (theverge.com) 68

The Federal Trade Commission (FTC) has published its long-awaited report on how manufacturers limit product repairs. From a report: The "Nixing the Fix" [PDF] report details a host of repair restrictions, especially those imposed by mobile phone and car manufacturers. The anticompetitive practices covered by the FTC range from limited availability of spare parts and diagnostic software to designs that make repairs more difficult than they need to be. In response, the FTC wants to develop new laws and rules surrounding repairs, but it also wants better enforcement of existing legislation like the Magnuson-Moss Warranty Act (MMWA). While debates around right to repair rules in the EU have tended to focus on the environmental impact of sending broken devices to landfills, the FTC's report leads with the impacts they have on people. It says repair restrictions are bad for consumers when they can't easily repair their devices, and adds that these "may place a greater financial burden on communities of color and lower-income Americans." Independent repair shops also suffer as a result of repair restrictions, "disproportionately [affecting] small businesses owned by people of color."

[...] According to the FTC, manufacturers are guilty of using numerous tactics that make it difficult for customers and independent businesses to repair their products. Here's the full list from the FTC's report:

Product designs that complicate or prevent repair;
Unavailability of parts and repair information;
Designs that make independent repairs less safe;
Policies or statements that steer consumers to manufacturer repair networks;
Application of patent rights and enforcement of trademarks;
Disparagement of non-OEM parts and independent repair;
Software locks and firmware updates; or
End User License Agreements

The Almighty Buck

Amazon Had Sales Income of $53 Billion in Europe in 2020 But Paid No Corporation Tax (theguardian.com) 305

Fresh questions have been raised over Amazon's tax planning after its latest corporate filings in Luxembourg revealed that the company collected record sales income of $53 billion in Europe last year but did not have to pay any corporation tax to the Grand Duchy. From a report: Accounts for Amazon EU Sarl, through which it sells products to hundreds of millions of households in the UK and across Europe, show that despite collecting record income, the Luxembourg unit made a $1.4 billion loss and therefore paid no tax. In fact the unit was granted $67.3 million in tax credits it can use to offset any future tax bills should it turn a profit. The company has $3.25 billion worth of carried forward losses stored up, which can be used against any tax payable on future profits. Margaret Hodge, a Labour MP who has long campaigned against tax avoidance, said: "It seems that Amazon's relentless campaign of appalling tax avoidance continues."

"Amazon's revenues have soared under the pandemic while our high streets struggle, yet it continues to shift its profits to tax havens like Luxembourg to avoid paying its fair share of tax. These big digital companies all rely on our public services, our infrastructure, and our educated and healthy workforce. But unlike smaller businesses and hard-working taxpayers, the tech giants fail to pay fairly into the common pot for the common good. President Biden has proposed a new, fairer system for taxing large corporations and digital companies but the UK has not come out in support of the reforms. The silence is deafening. The government must act and help to grasp this once-in-a-generation opportunity to banish corporate tax avoidance to a thing of the past."

Businesses

Amazon Knew Seller Data Was Used To Boost Company Sales (politico.eu) 41

Amazon CEO Jeff Bezos told U.S. lawmakers last year that the company has a policy prohibiting employees from using data on specific sellers to help boost its own sales. "I can't guarantee you that that policy has never been violated," he added. Now it's clear why he chose his words so carefully. POLITICO: An internal audit seen by POLITICO warned Amazon's senior leadership in 2015 that 4,700 of its workforce working on its own sales had unauthorized access to sensitive third-party seller data on the platform -- even identifying one case in which an employee used the access to improve sales. Since then, reports of employees using third-party seller information to bolster Amazon's own sales and evidence of lax IT access controls at the company suggest that efforts to fix the issue have been lackluster.

The revelations come as trustbusters worldwide are increasingly targeting Amazon, including over how it uses third-party seller data to boost its own offerings. The European Commission opened an investigation into precisely this issue in November 2020, with preliminary findings suggesting Amazon had breached EU competition law. "This is fuel for the suspicions I had," Dutch internet entrepreneur Peter Sorber said when told about the audit. Sorber sold children's clothes on Amazon, but 18 months after setting up his "Brandkids" store on the platform and entering the required sales data, his products disappeared from the search rankings. "You cannot ask a retailer to show his entire story with all sales statistics and then show that to your own purchasers. This is worse than not done. This is simply unfair competition," Sorber said.

Security

Click Studios Asks Customers To Stop Tweeting About Its Passwordstate Data Breach (techcrunch.com) 14

Australian security software house Click Studios has told customers not to post emails sent by the company about its data breach, which allowed malicious hackers to push a malicious update to its flagship enterprise password manager Passwordstate to steal customer passwords. TechCrunch reports: Last week, the company told customers to "commence resetting all passwords" stored in its flagship password manager after the hackers pushed the malicious update to customers over a 28-hour window between April 20-22. The malicious update was designed to contact the attacker's servers to retrieve malware designed to steal and send the password manager's contents back to the attackers. In an email to customers, Click Studios did not say how the attackers compromised the password manager's update feature, but included a link to a security fix.

But news of the breach only became public after Danish cybersecurity firm CSIS Group published a blog post with details of the attack hours after Click Studios emailed its customers. Click Studios claims Passwordstate is used by "more than 29,000 customers," including in the Fortune 500, government, banking, defense and aerospace, and most major industries.

In an update on its website, Click Studios said in a Wednesday advisory that customers are "requested not to post Click Studios correspondence on Social Media." The email adds: "It is expected that the bad actor is actively monitoring Social Media, looking for information they can use to their advantage, for related attacks." "It is expected the bad actor is actively monitoring social media for information on the compromise and exploit. It is important customers do not post information on Social Media that can be used by the bad actor. This has happened with phishing emails being sent that replicate Click Studios email content," the company said.
The report says Click Studios has remained extremely tightlipped about the situation. The company has refused to comment or respond to questions; it's also unclear if the company has disclosed the breach to U.S. and EU authorities, which require companies to disclose data breach incidents or face hefty fines.
EU

EU Says Apple's App Store Breaks Competition Rules After Spotify Complaint (cnbc.com) 58

Apple has "abused its dominant position" in the distribution of music streaming apps through its App Store, the European Commission said Friday. From a report: "Our preliminary finding is that Apple exercises considerable market power in the distribution of music streaming apps to owners of Apple devices. On that market, Apple has a monopoly," Margrethe Vestager, the head of competition policy in the EU, said in a press conference. The European Commission, the EU's executive arm, opened an antitrust investigation into the App Store last year, after the music streaming platform Spotify complained in 2019 about Apple's license agreements. The agreements mean that app developers have to pay a 30% commission on all subscription fees that come through the App Store. On Friday, the EU said it took issue with the "mandatory use of Apple's own in-app purchase mechanism imposed on music streaming app developers to distribute their apps via Apple's App Store." App developers are also unable to inform users of alternative ways to purchase the same apps elsewhere --another issue the commission said it was concerned with.
EU

EU Adopts Rules on One-Hour Takedowns for Terrorist Content (techcrunch.com) 52

The European Parliament approved a new law on terrorist content takedowns yesterday, paving the way for one-hour removals to become the legal standard across the EU. From a report: The regulation "addressing the dissemination of terrorist content online" will come into force shortly after publication in the EU's Official Journal -- and start applying 12 months after that. The incoming regime means providers serving users in the region must act on terrorist content removal notices from Member State authorities within one hour of receipt, or else provide an explanation why they have been unable to do so. There are exceptions for educational, research, artistic and journalistic work -- with lawmakers aiming to target terrorism propaganda being spread on online platforms like social media sites.

The types of content they want speedily removed under this regime includes material that incites, solicits or contributes to terrorist offences; provides instructions for such offences; or solicits people to participate in a terrorist group. Material posted online that provides guidance on how to make and use explosives, firearms or other weapons for terrorist purposes is also in scope. However concerns have been raised over the impact on online freedom of expression -- including if platforms use content filters to shrink their risk, given the tight turnaround times required for removals.

EU

EU To Charge Apple With Anti-Competitive Behaviour This Week (bloomberg.com) 82

Margrethe Vestager, the EU's competition chief, will late this week publicly issue charges against Apple over concerns that the rules it sets for developers on its App store break EU law, Financial Times reported Tuesday, citing several people with direct knowledge of the announcement. From the report: The case started two years ago after music streaming app Spotify brought a complaint alleging that Apple took a hefty 30 per cent subscription fee in exchange for featuring it on its App Store, but refused to let users know of cheaper ways of accessing it outside the Apple ecosystem. The case is among a number against Apple and is one of the most high profile antitrust cases in Europe against a US tech group. The people warned that the timing could still slip.
Facebook

Facebook Mistakenly Deletes Page for the Town of Bitche, France (slate.com) 76

"Ville de Bitche is a town situated in northwestern France with a rich military history, pastoral landscape, and an unfortunate sounding name," reports Slate. (Adding that the "e" is silent....)

"Recently tiny Bitche made international headlines after Facebook mistook the city's name for a swear word and deleted the town's Facebook page." The city's communication manager, Valêrie Degouy, contacted Facebook on March 19 to explain the situation and ask the company to reverse its decision — for the second time. (The page was previously deleted in 2016.) As she awaited Facebook's response — which apologized and reinstated the page Tuesday — Degouy set up a new page for her town, under the name of Marie 57230, her city's postal code. Although Facebook's mistake seems innocuous enough, for the towns located around Bitche, local Facebook pages serve as the main form of communication. Shutting the page down effectively creates a local news blackout. When Rohrbach-les Bitche — a nearby town in the region — heard about the deletion, it quickly rid "ls-Bitche" from its Facebook page name to avoid a similar fate...

The residents of Bitche are far from alone in their reliance on Facebook for local news. In the United States alone, more than 2,000 local newspapers have closed over the past two decades, according to an estimate from Joshua Scacco, associate professor of political communication at the University of South Florida. In these news deserts, Facebook has risen as an alternative information source, allowing anyone with an account to share updates and post events...

But Facebook is not only filling the local news void — it is tied to local papers' disappearance. "Social and digital media are a contributing factor in thinking about the declines of the presence of local newsrooms, as well as what that coverage looks like for the local newsrooms that remain," Scacco says. Facebook is moving advertising dollars away from local newspapers, and even driving the content local newspapers create. Local news coverage often panders to Facebook's algorithms when creating content and headlines, notes Ashley Muddiman, a communications professor at the University of Kansas.

Slashdot Top Deals