The Electronic Frontier Foundation's Peter Eckersley writes: Yesterday, The New York Times reported that there is widespread unrest amongst Google's employees about the company's work on a U.S. military project called "Project Maven." Google has claimed that its work on Maven is for "non-offensive uses only," but it seems that the company is building computer vision systems to flag objects and people seen by military drones for human review. This may in some cases lead to subsequent targeting by missile strikes. EFF has been mulling the ethical implications of such contracts, and we have some advice for Google and other tech companies that are considering building military AI systems.
The EFF lists several "starting points" any company, or any worker, considering whether to work with the military on a project with potentially dangerous or risk AI applications should be asking:

1. Is it possible to create strong and binding international institutions or agreements that define acceptable military uses and limitations in the use of AI? While this is not an easy task, the current lack of such structures is troubling. There are serious and potentially destabilizing impacts from deploying AI in any military setting not clearly governed by settled rules of war. The use of AI in potential target identification processes is one clear category of uses that must be governed by law.
2.Is there a robust process for studying and mitigating the safety and geopolitical stability problems that could result from the deployment of military AI? Does this process apply before work commences, along the development pathway and after deployment? Could it incorporate the sufficient expertise to address subtle and complex technical problems? And would those leading the process have sufficient independence and authority to ensure that it can check companies' and military agencies' decisions?
3.Are the contracting agencies willing to commit to not using AI for autonomous offensive weapons? Or to ensuring that any defensive autonomous systems are carefully engineered to avoid risks of accidental harm or conflict escalation? Are present testing and formal verification methods adequate for that task?
4.Can there be transparent, accountable oversight from an independently constituted ethics board or similar entity with both the power to veto aspects of the program and the power to bring public transparency to issues where necessary or appropriate? For example, while Alphabet's AI-focused subsidiary DeepMind has committed to independent ethics review, we are not aware of similar commitments from Google itself. Given this letter, we are concerned that the internal transparency, review, and discussion of Project Maven inside Google was inadequate. Any project review process must be transparent, informed, and independent. While it remains difficult to ensure that that is the case, without such independent oversight, a project runs real risk of harm.

bumblebaetuna writes from a report via Motherboard: On the eve of the net neutrality repeal, just as tensions and public debate over the issue were reaching a fever pitch, someone in the FCC decided it would be a good idea to have chair Ajit Pai ridicule legitimate concerns of internet users with a video featuring an outdated meme and a pizzagate conspiracy theorist. Now, citing the infamous b5 FOIA exemption, the Federal Communications Commission is refusing to release emails related to the planning of the video. The b5 exemption is supposed to protect "inter-agency or intra-agency memorandum or letters which would be privileged in civil litigation," but each agency interprets that meaning differently.

An anonymous reader quotes a report from The Register: A remote-code execution vulnerability in Windows Defender -- a flaw that can be exploited by malicious .rar files to run malware on PCs -- has been traced back to an open-source archiving tool Microsoft adopted for its own use. The bug, CVE-2018-0986, was patched on Tuesday in the latest version of the Microsoft Malware Protection Engine (1.1.14700.5) in Windows Defender, Security Essentials, Exchange Server, Forefront Endpoint Protection, and Intune Endpoint Protection. This update should be installed, or may have been automatically installed already on your device. The vulnerability can be leveraged by an attacker to achieve remote code execution on a victim's machine simply by getting the mark to download -- via a webpage or email or similar -- a specially crafted .rar file while the anti-malware engine's scanning feature is on. In many cases, this analysis set to happen automatically.

When the malware engine scans the malicious archive, it triggers a memory corruption bug that leads to the execution of evil code smuggled within the file with powerful LocalSystem rights, granting total control over the computer. The screwup was discovered and reported to Microsoft by legendary security researcher Halvar Flake, now working for Google. Flake was able to trace the vulnerability back to an older version of unrar, an open-source archiving utility used to unpack .rar archives. Apparently, Microsoft forked that version of unrar and incorporated the component into its operating system's antivirus engine. That forked code was then modified so that all signed integer variables were converted to unsigned variables, causing knock-on problems with mathematical comparisons. This in turn left the software vulnerable to memory corruption errors, which can crash the antivirus package or allow malicious code to potentially execute.

Brian Krebs reports of a new scheme where new debit cards are intercepted in the mail and the chips on the cards are replaced with chips from old cards. Thieves can then start draining funds from the account as soon as the modified card is activated. The warning comes from the U.S. Secret Service. Krebs on Security reports: The reason the crooks don't just use the debit cards when intercepting them via the mail is that they need the cards to be activated first, and presumably they lack the privileged information needed to do that. So, they change out the chip and send the card on to the legitimate account holder and then wait for it to be activated. The Secret Service memo doesn't specify at what point in the mail process the crooks are intercepting the cards. It could well involve U.S. Postal Service employees (or another delivery service), or perhaps the thieves are somehow gaining access to company mailboxes directly. Either way, this alert shows the extent to which some thieves will go to target high-value customers.

Coinbase announced today that it is launching a new incubator fund for early-stage startups. "We're going to invest off our balance sheet into crypto companies," Coinbase President and COO Asiff Hirji told CNBC's "Fast Money" Thursday. "We will invest in companies that are in the space and are aligned with our values." From the report: Profits from the fund will be "de minimis" in the scope of the entire company but the fund is already off to a $15 million start and set to grow, Hirji said. The fund's seed-stage investments, which will begin this week, will help companies and founders in the crypto and blockchain space get off the ground. It's also meant to focus on building relationships within that ecosystem, he said. In order to do that, Coinbase could be investing in its competitors.

"You may also see us invest in companies that ostensibly look competitive with Coinbase," the San Francisco-based company said in a blog post. "We're taking a long term view of the space, and we believe that multiple approaches are healthy and good." Hirji emphasized that Coinbase Ventures is searching for founders, not the next money-making cryptocurrency. "By giving them access to capital we hope that they will grow great businesses," he said. "It's not about investing in the token, it's not about trying to line up tokens that we would put on our exchange."

Both the United Kingdom and Australia said Thursday that they have opened formal investigations into Facebook amid allegations that their citizens' data was improperly shared with Cambridge Analytica. ABC News reports: The Information Commissioner's Office in the U.K. is "looking at how data was collected from a third party app on Facebook and shared with Cambridge Analytica. We are also conducting a broader investigation into how social media platforms were used in political campaigning," according to Commissioner Elizabeth Denham. The office will investigate Facebook, along with 29 other organizations that have not been named.

Earlier Thursday, Australia said it had opened a formal investigation into the tech giant amid allegations that Australian users' data was improperly shared with Cambridge Analytica. "Today I have opened a formal investigation into Facebook, following confirmation from Facebook that the information of over 300,000 Australian users may have been acquired and used without authorization," Angelene Falk, Australia's acting information commissioner and acting privacy commissioner, said. According to Falk, Australia will work with international regulatory agencies to investigate whether Facebook violated the country's privacy act. Under Australian law, the commissioner has the power to issue fines of up to $1.6 million to organizations that fail to comply with the act, according to the Australian Broadcasting Corporation. Australia and the U.K. joined the United States and Israel in investigating Facebook's breach of privacy.

An anonymous reader quotes a report from Bleeping Computer: An unknown attacker has exploited a bug in the Verge cryptocurrency network code to mine Verge coins at a very rapid pace and generate funds almost out of thin air. The Verge development team is preparing a hard-fork of the entire cryptocurrency code to fix the issue and revert the blockchain to a previous state before the attack to neutralize the hacker's gains. The attack took place yesterday, and initially users thought it was a over "51% attack," an attack where a malicious actor takes control over the more than half of the network nodes, giving himself the power to forge transactions. Nonetheless, users who later looked into the suspicious network activity eventually tracked down what happened, revealing that a mysterious attacker had mined Verge coins at a near impossible speed of 1,560 Verge coins (XVG) per second, the equivalent of $78/s. The malicious mining lasted only three hours, according to the Verge team. According to users who tracked the illegally mined funds on the Verge blockchain said the hacker appears to have made around 15.6 million Verge coins, which is around $780,000.

Scientists in Antarctica have harvested their first crop of vegetables grown without earth, daylight or pesticides as part of a project designed to help astronauts cultivate fresh food on other planets. From a report: Researchers at Germany's Neumayer Station III say they've picked 3.6 kilograms (8 pounds) of salad greens, 18 cucumbers and 70 radishes grown inside a high-tech greenhouse as temperatures outside dropped below -20 degrees Celsius (-4 Fahrenheit). The German Aerospace Center DLR, which coordinates the project, said Thursday that by May scientists hope to harvest 4-5 kilograms of fruit and vegetables a week.

Following the shooting at YouTube's headquarters in San Bruno, California, yesterday, the company has announced plans to increase security at all of its offices worldwide. YouTube says this is intended to "make them more secure not only in the near term, but long-term." The Verge reports: The move reflects a growing concern in Silicon Valley that the effects of increasingly toxic and partisan online behavior may translate into violent offline actions. YouTube's statement was released through Google's Twitter account for communications; it's not clear whether Google itself will be implementing stronger security measures beyond YouTube. The shooter, 39-year-old Nasim Aghdam of San Diego, died yesterday of a self-inflicted gunshot wound after shooting and injuring three employees. From police reports, testimony from Aghdam's family members, and extensive traces of the woman's online behavior on YouTube and other platforms, we now know that Aghdam was disgruntled over the demonetizing of her videos and harm to her financial well-being.