On Friday, Facebook and Twitter shut down a network of fake accounts that pushed pro-Trump messages all while "masquerading" as Americans with AI-generated faces as profile photos. The Verge reports: In a blog post, Facebook said that it connected the accounts to a US-based media company called The BL that, it claims, has ties to Epoch Media Group. In August, NBC News first reported that Epoch Media Group was pushing messages in support of President Donald Trump across social media platforms like Facebook and Twitter. Epoch has extensive connections to Falun Gong, an eccentric Chinese spiritual community that has faced significant persecution from the country's central government. In a statement provided to The Verge, the Epoch Times denied any connection to The BL.

Facebook noted that many of the fake accounts used in the latest campaign employed false profile photos that appeared to have been generated by artificial intelligence. Those accounts would post BL content in other Facebook groups while pretending to be Americans. Pro-Trump messages were often posted "at very high frequencies" and linked to off-platform sites belonging to the BL and The Epoch Times. The accounts and pages were managed by individuals in the US and Vietnam. Facebook said that it removed 610 accounts, 89 Facebook pages, 156 groups, and 72 Instagram accounts that were connected to the organization. Around 55 million accounts followed one of these Facebook pages and 92,000 followed at least one of the Instagram accounts. The organization spent nearly $9.5 million in advertisements, according to Facebook.

The House of Representatives voted to impeach President Donald J. Trump on Wednesday, marking the third time in the nation's history the House voted to impeach a sitting president. NBC News reports: Trump was impeached on two articles. The first vote, 230-197, was to impeach him for abuse of power and was almost entirely on party lines; it was followed quickly by a second 229-198 vote that the president obstructed Congress. One Democrat, Rep. Tulsi Gabbard of Hawaii, who is running for president, voted "present" on both articles. Two Democrats, Reps. Jeff Van Drew of New Jersey and Collin Peterson of Minnesota, voted with Republicans against both articles of impeachment, while another Democrat, Rep. Jared Golden of Maine, voted yes on abuse of power and no on obstruction of Congress. No Republicans voted against Trump.

The trial in the GOP-controlled Senate on whether to remove the president will begin in early January. It is likely that Trump will be acquitted since a two-thirds majority is required for conviction and removal from office. "It doesn't really feel like we're being impeached," Trump said at a campaign rally minutes before the vote. "The country is doing better than ever before. We did nothing wrong. And we have tremendous support in the Republican party like we have never had before. Nobody has ever had this kind of support."

The impeachment vote centers around President Trump's call with Ukraine's leader Volodymyr Zelensky, urging him to contact Attorney General William Barr about opening an inquiry tied to Joseph R. Biden Jr.

Researchers at Valimail found that only 5% of the largest voting counties in the U.S. are protected against email impersonation and phishing attacks. TechCrunch reports: Researchers at Valimail, which has a commercial stake in the email security space, looked at the largest three electoral districts in each U.S. state, and found only 10 out of 187 domains were protected with DMARC, an email security protocol that verifies the authenticity of a sender's email and rejects fraudulent or spoofed emails. DMARC, when enabled and properly enforced, rejects fake emails that hackers design to spoof a genuine email address by sending to spam or bouncing it from the target's inbox altogether. Hackers often use spoofed emails to try to trick victims into opening malicious links from people they know.

But the research found that although DMARC is enabled on many domains, it's not properly enforced, rendering its filtering efforts largely ineffective. The researchers said 66% of the district election-related domains had no DMARC entry at all, while 28% had either a valid DMARC entry but no enforcement, or an invalid DMARC entry altogether. [...] The worry is that attackers could use the lack of DMARC to impersonate legitimate email addresses to send targeted phishing or malware in order to gain a foothold on election networks or launch attacks, steal data or delete it altogether, a move that would potentially disrupt the democratic process.

Google has stopped accepting political ads in Singapore months before a widely expected election. Reuters reports: In email correspondence between the Singapore Democratic Party and a senior Google public policy official, the tech firm said it "will not accept advertising regulated by the Code of Practice for Transparency of Online Political Advertisements." The new code of practice, part of a controversial 'fake news' law introduced in October, requires advertising intermediaries to maintain detailed records of political adverts and their sponsors and make those records available to authorities. The code applies to "all advertisement or paid content that can reasonably be regarded as being directed towards a political end." SDP said the "shocking policy" would deprive voters of information ahead of that ballot. "In an election with the media totally dominated by the state, alternative parties would have no ability to educate and inform the voters of Singapore in the run up to the elections if we are not able to use Google's advertising platforms in the first place," Paul Tambyah, chairman of SDP, said in the correspondence.

Reuters reports: In 2016, the U.S. Census Bureau faced a pivotal choice in its plan to digitize the nation's once-a-decade population count: build a system for collecting and processing data in-house, or buy one from an outside contractor. The bureau chose Pegasystems, reasoning that outsourcing would be cheaper and more effective. Three years later, the project faces serious reliability and security problems, according to Reuters interviews with six technology professionals currently or formerly involved in the census digitization effort. And its projected cost has doubled to $167 million -- about $40 million more than the bureau's 2016 cost projection for building the site in-house. The Pega-built website was hacked from IP addresses in Russia during 2018 testing of census systems, according to two security sources with direct knowledge of the incident. One of the sources said an intruder bypassed a "firewall" and accessed parts of the system that should have been restricted to census developers. "He got into the network," one of the sources said. "He got into where the public is not supposed to go." In a separate incident during the same test, an IP address affiliated with the census site experienced a domain name service attack, causing a sharp increase in traffic, according to one of the two sources and a third source with direct knowledge of the incident.

An anonymous reader writes: "Dutch prosecutors have asked a judge for a three-year prison sentence for a local politician who doubled as a hacker and breached the personal iCloud accounts of more than 100 women, stealing and then leaking sexually explicit photos and videos online," reports ZDNet. The hacker (VVD politician Mitchel van der K.) is believed to have been part of the Celebgate (TheFappening) movement. Between 2015 and 2017, van der K. used credentials leaked at other sites to hack into iCloud accounts belonging to acquaintances and Dutch celebrities, from where he stole nudes and sex tapes. Some he leaked online, some he kept for himself. Victims included acquaintances, but also local celebrities, such as Dutch YouTube star Laura Ponticorvo and Dutch field hockey star Fatima Moreira de Melo. After he was arrested, van der K. claimed he was forced to hack his victims by other hackers, an excuse which the prosecution quickly knocked down, pointing out that half of his victims were friends and acquaintances, and not celebrities that would be of interest to other hackers. Days before he was arrested, van der K. was also elected to his city's council, a position from which he resigned.

Two associate professors of communication at Clemson spent two years studying online propaganda and state-affiliated disinformation campaigns on social media. This week in Rolling Stone they explain how professional trolls share uplifting "Trojan horse" tweets meant to gain hundreds of thousands of followers, and then "use that following to spread messages promoting division, distrust, and doubt." Professional disinformation isn't spread by the account you disagree with -- quite the opposite. Effective disinformation is embedded in an account you agree with. The professionals don't push you away, they pull you toward them... The quality of Russia's work has been honed over several years and millions of social media posts. They have appeared on Instagram, Stitcher, Reddit, Google+, Tumblr, Medium, Vine, Meetup, and even Pokemon Go, demonstrating not only a nihilistic creativity, but also a ruthless efficiency in volume of production. Russia's Internet Research Agency (IRA) has been called a "troll farm," but they are undoubtedly a factory...

The factory doesn't stop. They attack issues from both sides, attempting to drive mainstream viewpoints in polar and extreme directions. In a free society, we must accept that bad actors will try to take advantage of our openness. But we need to learn to question our own and others' biases on social media. We need to teach -- to individuals of all ages -- that we shouldn't simply believe or repost anonymous users because they used the same hashtag we did, and neither should we accuse them of being a Russian bot simply because we disagree with their perspective. We need to teach digital civility. It will not only weaken foreign efforts, but it will also help us better engage online with our neighbors, especially the ones we disagree with...

Russia's goals are to further widen existing divisions in the American public and decrease our faith and trust in institutions that help maintain a strong democracy... Their work was never just about elections. Rather, the IRA encourages us to vilify our neighbor and amplify our differences because, if we grow incapable of compromising, there can be no meaningful democracy. Russia has dug in for a long campaign. So far, we're helping them win.
Their article includes specific examples from two accounts later suspended by Twitter.

It also notes that "consistent with past Russian activity, they attacked moderate politicians as a method of bolstering more polarizing candidates."

Just one-third of the 2020 U.S. presidential candidates are using an email security feature that could prevent a similar attack that hobbled the Democrats during the 2016 election. From a report: Out of the 21 presidential candidates in the race, according to Reuters, only seven Democrats are using and enforcing DMARC, an email security protocol that verifies the authenticity of a sender's email and rejects spoofed emails, which hackers often use to try to trick victims into opening malicious links from seemingly known individuals. It's a marked increase from April, where only Elizabeth Warren's campaign had employed the technology. Now, the Democratic campaigns of Joe Biden, Kamala Harris, Michael Bloomberg, Amy Klobuchar, Cory Booker, Tulsi Gabbard and Steve Bullock have all improved their email security. The remaining candidates, including presidential incumbent Donald Trump, are not rejecting spoofed emails. Another seven candidates are not using DMARC at all.

mspohr quotes a report from The Guardian: Top Democrats on Tuesday proposed tough new privacy laws to rein in the U.S.'s tech companies after a series of scandals that have shaken confidence in the companies and exposed the personal data of millions of consumers. The effort, led by Senator Maria Cantwell, the top Democrat on the Senate commerce, science and transportation committee, aims to "provide consumers with foundational data privacy rights, create strong oversight mechanisms, and establish meaningful enforcement." The Consumer Online Privacy Rights Act (Copra) comes after a series of failed attempts to rein in the tech giants in the U.S.

The act resembles Europe's sweeping General Data Protection Regulation (GDPR) legislation, passed in 2016. It would force tech companies to disclose the personal information they have collected, delete or correct inaccurate or incomplete information and allow consumers to block the sale of their information. The bill's sponsors are all Democrats and include presidential candidate Senator Amy Klobuchar. "Companies continue to profit off of the personal data they collect from Americans, but they leave consumers completely in the dark about how their personal information is being used," she said. "It's time for Congress to pass comprehensive privacy legislation."

schwit1 shares a report from The Age, a daily newspaper published in Australia: A Chinese spy has risked his life to defect to Australia and is now offering a trove of unprecedented inside intelligence on how China conducts its interference operations abroad. Wang "William" Liqiang is the first Chinese operative to ever blow his cover. He has revealed the identities of China's senior military intelligence officers in Hong Kong, as well as providing details of how they fund and conduct political interference operations in Hong Kong, Taiwan and Australia.

In interviews with The Age, The Sydney Morning Herald and 60 Minutes, he has revealed in granular detail how Beijing covertly controls listed companies to fund intelligence operations, including the surveillance and profiling of dissidents and the co-opting of media organizations. [...] Mr Wang said he was part of an intelligence operation hidden within a Hong Kong-listed company, China Innovation Investment Limited (CIIL), which infiltrated Hong Kong's universities and media with pro-Chinese Communist Party operatives who could be activated to counter the democracy movement. He says he had personal involvement in an October 2015 operation to kidnap and abduct to the Chinese mainland a Hong Kong bookseller, Lee Bo, and played a role in a clandestine organization that also directed bashings or cyber attacks on Hong Kong dissidents. His handlers in China issued him a fake South Korean passport to gain entry to Taiwan and help China's efforts to systematically infiltrate its political system, including directing a "cyber army" and Taiwanese operatives to meddle in the 2018 municipal elections. Plans are underway to influence the 2020 presidential election - plans that partly motivated him to defect to Australia. Mr Wang is currently at an undisclosed location in Sydney pending formal protections from the Australian government. More information is expected to be revealed on Monday.

Plans to ensure patient safety as the nation transitioned to electronic health records have yet to come to fruition a decade later, according to a new report. From an investigation: In fall 2009, several dozen of the best minds in health information technology huddled at a hotel outside Washington, D.C., to discuss potential dangers of an Obama White House plan to spend billions of tax dollars computerizing medical records. The health data geeks trusted that transitioning from paper to electronic records would cut down on medical errors, help identify new cures for disease and give patients an easy way to track their health care histories. But after two days of discussions, the group warned that few safeguards existed to protect the public from possible consequences of rolling out the new technology so quickly. Because this software tracks the medicines people take and their vital signs, even a tiny error or omission, or a doctor's inability to access the file quickly, can be a matter of life or death. The experts at that September 2009 meeting, mainly members of the American Medical Informatics Association, or AMIA, agreed that safety should be a top priority as federal officials poured more than $30 billion into subsidies to wire up medical offices and hospitals nationwide. The group envisioned creating a national databank to track reports of deaths, injuries and near misses linked to issues with the new technology. It never happened.

Instead, plans for putting patient safety first -- and for building a comprehensive injury reporting and reviewing system -- have stalled for nearly a decade, because manufacturers of electronic health records (EHRs), health care providers, federal health care policy wonks, academics and Congress have either blocked the effort or fought over how to do it properly, an ongoing investigation by Fortune and Kaiser Health News shows. Over the past 10 years, the parties have squabbled over how best to collect injury data, over who has the power to require it, over who should pay for it, and over whether to make public damning findings and the names of those responsible for safety problems. In 2015, members of Congress derailed a long-planned EHR safety center, first by challenging the government's authority to create it and later by declining to fund it. A year later, Congress stripped the Food and Drug Administration of its power to regulate the industry or even to track malfunctions and injuries.

President Trump on Wednesday toured a Texas plant that makes high-end Apple computers, chatting with Apple's chief executive, Timothy D. Cook, and accepting a plate with the words "Assembled in USA." From a report: It was a pretty typical publicity event, until the end. Mr. Trump walked in front of the news cameras and took credit for the plant, suggesting it had opened that day. "For me, this is a very special day," he said. Mr. Cook stood next to him, stone-faced. The plant has been making Apple computers since 2013. Immediately after Mr. Trump's comments, Mr. Cook thanked the president and his staff. "I'm grateful for their support in pulling today off and getting us to this far. It would not be possible without them," he said. He did not correct the record. The moment was part of a bizarre afternoon in Texas, where the president played up a six-year-old factory as evidence of his three-year-old presidency's success in bringing manufacturing jobs back to the United States. It showed Mr. Trump's willingness to leverage his influence over American companies in his pitch to voters that he deserves another four years in the White House. And it illustrated the complicated position that Mr. Cook and other corporate executives find themselves in with this president, forced to stand silently by while he sometimes misleads about their businesses.

[...] On Wednesday, Mr. Trump called Mr. Cook a "very special person" because of his ability to create jobs. He turned to Mr. Cook and said, "What would you say about our economy compared to everybody else?" Mr. Cook replied, "I think we have the strongest economy in the world." "Strongest in the world," Mr. Trump said. The president then took questions on the impeachment inquiry and launched into a tirade against "the fake press." Mr. Cook stood silently nearby.

Google said on Wednesday that it will stop giving advertisers the ability to target election ads using data such as public voter records and general political affiliations. Reuters reports: Google said on Wednesday it would start limiting audience targeting for election ads to age, gender and general location at a postal code level. Previously, verified political advertisers could also target ads using data such as whether the users were left-leaning, right-leaning or independent. Google said political advertisers can still do contextual targeting, such as serving ads to people reading a certain story or watching a particular video.

The company will begin enforcing the new approach in the United Kingdom within a week, ahead of the country's general election on Dec. 12. It said it would begin enforcing it in the European Union by the end of the year and in the rest of the world starting on Jan. 6, 2020. "Given recent concerns and debates about political advertising, and the importance of shared trust in the democratic process, we want to improve voters' confidence in the political ads they may see on our ad platforms," Scott Spencer, vice president of product management for Google Ads, said in the blog post. Google added examples to its misrepresentation policy to show that it would not allow false claims about election results or the eligibility of political candidates. Google also added examples to its ad policies to clarify that it prohibits doctored and manipulated media.

dcblogs writes: Employees are discussing national politics in the workplace now more than ever, according to two new surveys. Politics has been on the rise since the 2016 election. But political leanings may be more than an office irritation. Managers tend to hire people of similar ideology, and doing so could create a hiring bias, according to researchers at Texas A&M. "It is becoming more common to learn and make inferences about an applicant's political ideology, particularly given information sources such as social media," said Andrew Johnson, assistant professor of management in the College of Business at Texas A&M University in Corpus Christi. It's easy to separate those perceived as "different," he said. Hiring managers may not feel hiring this is wrong. There are employment discrimination protections for gender, race, religion and other characteristics. But political affiliations are not a protected class under the law.

The streaming service is happy to pretend it's a moral force bringing the power of documentary filmmaking to new markets. Until that becomes inconvenient. The Outline: This past January, at the request of the Saudi Arabian government, Netflix spiked an episode of its comedy news show Patriot Act with Hasan Minhaj, owing to the subject matter, which was the Saudi Arabian government's murder of Washington Post columnist Jamal Khashoggi. Speaking at the New York Times's DealBook conference in New York earlier this month, Hastings affirmed the company's decision in no uncertain terms: "We're not in the news business," Hastings said, according to Variety. "We're not trying to do 'truth to power.' We're trying to entertain... We don't feel bad about [pulling the 'Patriot Act' episode in Saudi Arabia] at all." A few days ago, Netflix did the same thing again. A new (apparently good) documentary on the web streaming service about John Demanjajuk, a Ukrainian guard at Treblinka who was caught decades after the Holocaust while living a quiet suburban life in Ohio, drew the ire of Polish prime minister Mateusz Morawiecki. "Central to [Morawiecki's] complaint were maps seen in the series that place Nazi concentration camps such as Auschwitz within the borders of modern-day Poland," again, according to Variety. "The U.S. streamer now says that it will amend the series by adding on-screen text, likely below the maps, to spell out the fact that the death camps sat in territory occupied by the Nazis."

The basis for why Saudi Arabia and Poland would whine to Netflix is straightforward enough. Saudi Arabia wants to bury, as quickly possible, any memory of the time that it botched the Khashoggi cover-up, and had to eat international crow for a few months before most of the world moved on. Poland, meanwhile, is presently led by right-wing politicians who believe that Poland gets an excessively bad rap for helping to carry out the Holocaust, so much so that these politicians attempted last year to pass a law that could impose prison time on people who accused the Polish nation of complicity in the Holocaust. If one really wanted to, you could make a by-the-numbers case for why Hastings has decided to cave to these foreign governments.

Two senators are asking Facebook to "respect" users' decisions to keep their location data from the company. From a report: In a letter sent Tuesday, Sen. Josh Hawley, R-Mo., and Sen. Chris Coons, D-Del., asked Facebook CEO Mark Zuckerberg to respond to questions about how the company collects location data through the new operating systems for Apple's iPhones and Google's Android. Both Google and Apple updated their operating systems earlier this year to give users more control and insight into which apps can access their location data. Anticipating those changes, Facebook released a blog post in September explaining that even if users opt out of letting Facebook collect their data, it could still determine users' locations in other ways, like through check-ins and users' internet connections.

"If a user has decided to limit Facebook's access to his or her location, Facebook should respect these privacy choices," the senators, members of the Judiciary Committee, wrote in the letter to Zuckerberg. "The language in the blog post, however, indicates that Facebook may continue to collect location data despite user preferences, even if the user is not engaging with the app, and Facebook is simply deducing the user's location from information about his or her internet connection. Given that most mobile devices are connected to the internet nearly all the time, whether through a cellular network or a Wi-Fi connection, this practice would allow Facebook to collect user location data almost constantly, irrespective of the user's privacy preferences. Users who have selected a restrictive location services option could reasonably be under the misimpression that their selection limits all of Facebook's efforts to extract location information."

Few companies have more riding on proposed privacy legislation than Alphabet's Google and Facebook. To try to steer the bill their way, the giant advertising technology companies spend millions of dollars to lobby each year, a fact confirmed by government filings. From a report: Not so well-documented is spending to support highly influential think tanks and public interest groups that are helping shape the privacy debate, ostensibly as independent observers. Bloomberg Law examined seven prominent nonprofit think tanks that work on privacy issues that received a total of $1.5 million over a 18-month period ending Dec. 31, 2018. The groups included such organizations as the Center for Democracy and Technology, the Future of Privacy Forum and the Brookings Institution. The actual total is undoubtedly much higher -- exact totals for contributions were difficult to pin down. The tech giants have "funded scores of nonprofits, including consumer and privacy groups, and academics," said Jeffrey Chester, executive director at the Center for Digital Democracy, a public interest group that does not accept donations from Google or Facebook. Further, he says, their influence is strong. The companies have "opposed federal privacy laws and worked to weaken existing safeguards," Chester said. Accepting donations from these "privacy-killing companies enable them to influence decisions by nonprofits, even subtly," he said.

An anonymous reader quotes a report from The Verge: On Thursday, 2020 Democratic presidential candidate Andrew Yang put out a sweeping new tech policy proposal with a number of controversial proposals, including taxing digital ads and launching a new department to regulate algorithms on social networks. [...] In his Thursday blog post, Yang argues that his opponents' calls to break-up big tech firms like Facebook and Google fall short of protecting consumers from companies that prioritize "profits over our well-being." Yang's broad tech policy plan attacks the issues plaguing tech from four different angles: promoting a healthy relationship with tech, data ownership and privacy, fighting disinformation, and empowering the federal government with new guidelines and resources to tackle these issues.

Ever since the 2016 election, platforms like Facebook and Twitter have been under fire by public advocates and lawmakers for their failures to remove disinformation from their platforms. In his tech proposal, Yang piggybacks on his digital ads VAT, suggesting that if it were implemented, there would be less false information on social media because platforms would become subscription-based and not be forced to accept advertising at all, let alone misleading political ads. There would also be significant new restrictions on how platforms like Facebook can target users with content. Any algorithms used by "platforms that allow political advertisements or the sharing of news stories" would be required to be open source or at least confidentially shared with Yang's "Department of the Attention Economy." All ads would have to be clearly labeled as such. Yang says he would amend Section 230 of the Communications Decency Act -- one of the most pivotal laws governing the internet -- but didn't specify what his amendment would look like.

He also pledges to pass a "Digital Bill of Rights, ensuring ownership of data, control over how it's used, and compensation for its use" if he is elected president. Consumers could choose to opt in to have their data collected. "But then you should receive a share of the economic value generated from your data," Yang says.

Facebook's latest transparency report is out. The social media giant said the number of government demands for user data increased by 16% to 128,617 demands during the first-half of this year compared to the second-half of last year. From a report: That's the highest number of government demands its received in any reporting period since it published its first transparency report in 2013. The U.S. government led the way with the most number of requests -- 50,741 demands for user data resulting in some account or user data given to authorities in 88% of cases. Facebook said two-thirds of all of the U.S. government's requests came with a gag order, preventing the company from telling the user about the request for their data. But Facebook said it was able to release details of 11 so-called national security letters (NSLs) for the first time after their gag provisions were lifted during the period. National security letters can compel companies to turn over non-content data at the request of the FBI. These letters are not approved by a judge, and often come with a gag order preventing their disclosure. But since the Freedom Act passed in 2015, companies have been allowed to request the lifting of those gag orders.

A federal court in Boston has ruled that the government is not allowed to search travelers' phones or other electronic devices at the U.S. border without first having reasonable suspicion of a crime. From a report: That's a significant victory for civil liberties advocates, who say the government's own rules allowing its border agents to search electronic devices at the border without a warrant are unconstitutional. The court said that the government's policies on warrantless searches of devices without reasonable suspicion "violate the Fourth Amendment," which provides constitutional protections against warrantless searches and seizures. The case was brought by 11 travelers -- ten of which are U.S. citizens -- with support from the American Civil Liberties Union and the Electronic Frontier Foundation, who said border agents searched their smartphones and laptops without a warrant or any suspicion of wrongdoing or criminal activity. The border remains a bizarre legal grey area, where the government asserts powers that it cannot claim against citizens or residents within the United States but citizens and travelers are not afforded all of their rights as if they were on U.S. soil. The government has long said it doesn't need a warrant to search devices at the border.