The Republican-controlled Senate has defeated a push by Democrats to set aside an additional $250 million for states to upgrade their voting systems to protect against hacking and other cyberattacks. From a report: An amendment offered by Vermont Sen. Patrick Leahy received 50 yes votes, 10 short of the 60 needed for approval. Leahy said securing U.S. elections and "safeguarding our democracy" is not a partisan issue. He said the Senate "must send a clear message to Russia and other foreign adversaries that tampering in our elections will not be tolerated. The president will not act. This duty has fallen to us." A similar effort was also rejected in the House.

An anonymous reader shares a report: Microsoft has launched a pilot program aimed at providing cybersecurity protection for political campaigns and election authorities. The pilot program -- named AccountGuard -- was launched at the end of July, Bleeping Computer has learned, and was set in motion for the 2018 US midterm elections. According to the pilot's website, AccountGuard "provides additional security and threat monitoring for Microsoft accounts belonging to participating US campaigns, political committees, campaign tech vendors, and their staff, who are likely to be at a higher risk in the lead up to elections."

Microsoft is now running a website where participants in the 2018 US midterm elections can sign up for this increased protection. According to the portal, participation is offered on a non-partisan basis and is by invitation only. Users from the following organizations are eligible to participate: (1) US-based political campaigns (2) US-based political committees (3) Select campaign technology vendors (4) Select individuals may also participate, if invited by eligible campaigns and affiliated organizations Last month, Microsoft said they had detected and helped block hacking attempts -- the first known example of cyber interference in the midterm elections -- against three congressional candidates this year. On Tuesday, Facebook said it was blocking more than two dozen pages that it believed were part of an ongoing political influence campaign.

The Department of Homeland Security announced on Tuesday the creation of a new center aimed at guarding the nation's banks, energy companies and other industries from major cyberattacks that could cripple critical infrastructure. From a report: The launch of the National Risk Management Center was unveiled by DHS Secretary Kirstjen Nielsen at a government-hosted cyber summit in New York City, at which Vice President Mike Pence and several other cabinet secretaries are expected to speak. In prepared remarks, Ms. Nielsen said that cyber threats now posed a greater threat to the country than physical attacks. DHS was founded 15 years ago to prevent another Sept. 11, 2001, Ms. Nielsen said, but "today I believe the next major attack is more likely to reach us online than on an airplane." The center's creation was motivated by a growing recognition in government that sophisticated cyberattacks, particularly those deployed by foreign adversaries, can not only harm a company or industry but can cause systemic failure across society, Chris Krebs, DHS's top cyber official, said in an interview.

Facebook is preparing to announce that it has identified a coordinated political influence campaign, with dozens of inauthentic accounts and pages that are believed to be engaging in political activity ahead of November's midterm elections, The New York Times reported Tuesday, citing three people briefed on the matter. From the report: In a series of briefings on Capitol Hill this week, the company told lawmakers that it detected the influence campaign as part of its investigations into election interference. It has been unable to tie the accounts to Russia, whose Internet Research Agency was at the center of an indictment earlier this year for interfering in the 2016 election, but company officials told Capitol Hill that Russia was possibly involved, according to two of the officials. Facebook is expected to announce its findings on Tuesday afternoon. The company has been working with the F.B.I. to investigate the activity. Like the Russian interference campaign in 2016, the recently detected campaign dealt with divisive social issues. Update: Facebook has confirmed the story, adding: Today we removed 32 Pages and accounts from Facebook and Instagram because they were involved in coordinated inauthentic behavior. This kind of behavior is not allowed on Facebook because we don't want people or organizations creating networks of accounts to mislead others about who they are, or what they're doing. We're still in the very early stages of our investigation and don't have all the facts -- including who may be behind this. But we are sharing what we know today given the connection between these bad actors and protests that are planned in Washington next week. We will update this post with more details when we have them, or if the facts we have change. It's clear that whoever set up these accounts went to much greater lengths to obscure their true identities than the Russian-based Internet Research Agency (IRA) has in the past. We believe this could be partly due to changes we've made over the last year to make this kind of abuse much harder.

On Monday, Senator Mark Warner published 20 proposals on how to regulate big tech platforms. What's interesting is that none of the proposals call for breaking up the pseudo-monopolies. Instead, they aim to start a substantive debate by laying out different paths to address problems posed by the platforms. Gizmodo reports: What may be more important than the individual proposals themselves is that the document is at least trying to organize a holistic way of thinking about the issues now on the table. It breaks down the areas that need addressing into the promotion of disinformation, privacy and consumer protection, and ensuring competition in the marketplace. Just to highlight a few of the good issues on the table, the white paper blessedly brings the conversation back to privacy and data ownership -- something that seems to have been lost as the conversation has turned to content moderation. The easiest recommendation is to implement what it calls "GDPR-like" data protection legislation that would give Americans similar data rights as EU citizens gained in May. The jury is still out on the long-term consequences of those reforms, but they require greater transparency and consent for a company's terms of service, along with many more tools for keeping track of what information a company collects on you.

On the competition side of things, the proposal suggests a data-transparency bill that would give users a more granular idea of how their data is being used and how much its worth to an individual platform. One concern it addresses is that platforms expand how they monetize a person's data while the user is often unaware of how much they're actually giving up, value-wise, when they agree to hand over their data in exchange for a particular service. Another benefit would be that regulators would have a better idea of what they're evaluating in antitrust enforcement cases. The proposals relating to disinformation are a little more worrisome. A requirement that platforms "clearly and conspicuously label bots" wouldn't be so bad, but it's a daunting task and opens up the potential for false positives. Likewise, demanding networks identify a user's true identity is unrealistic, and the option of anonymity online should be protected. Axios was first to publish the list of 20 proposals compiled by Warner's staff. Is there a proposal that resonates with you? If not, how would you regulate the Big Tech platforms?

"The UK parliament has provided another telling glimpse behind the curtain of Facebook's unregulated ad platform by publishing data on scores of pro-Brexit adverts..." reports TechCrunch, adding that the 2016 ads "were run prior to Facebook having any disclosure rules for political ads. So there was no way for anyone other than each target recipient to know a particular ad existed or who it was being targeted at." An anonymous reader quotes their report: The targeting of the ads was carried out on Facebook's platform by AggregateIQ, a Canadian data firm that has been linked to Cambridge Analytica/SCL... [I]t's not clear how many ad impressions they racked up in all. But total impressions look very sizable. While some of what runs to many thousands of distinctly targeted ads which AIQ distributed via Facebook's platform are listed as only garnering between 0-999 impressions apiece, according to Facebook's data, others racked up far more views. Commonly listed ranges include 50,000 to 99,999 and 100,000 to 199,999 -- with even higher ranges like 2M-4.9M and 5M-9.9M also listed....

The publication of the Brexit ads is, above all, a reminder that online political advertising has been allowed to be a blackhole -- and at times a cesspit -- because cash-rich entities have been able to unaccountably exploit the obscurity of Facebook's systemically dark ad targeting tools for their own ends, and operate in a darkness where only Facebook had oversight (and wasn't exercising any), leaving the public no right of objection let alone reply, despite it being people's lives that are indelibly affected by political outcomes.... The company has been making some voluntary changes to offer a degree of political ad disclosure, as it seeks to stave off regulatory rule. Whether its changes -- which at best offer partial visibility -- will go far enough remains to be seen.
Earlier this month the UK's data watchdog released a report titled "Democracy disrupted?" in which the UK's Information Commissioner recommends an "ethical pause" of political advertising on social media to allow key players "to reflect on their responsibilities in respect to the use of personal data..." And this weekend an interim report from the House of Commons' media committee "said democracy is facing a crisis because the combination of data analysis and social media allows campaigns to target voters with messages of hate without their consent," according to the Associated Press.

"Tech giants like Facebook, which operate in a largely unregulated environment, are complicit because they haven't done enough to protect personal information and remove harmful content, the committee said."

An anonymous reader quotes a report from VICE News: Twitter is limiting the visibility of prominent Republicans in search results -- a technique known as "shadow banning" -- in what it says is a side effect of its attempts to improve the quality of discourse on the platform. The Republican Party chair Ronna McDaniel, several conservative Republican congressmen, and Donald Trump Jr.'s spokesman no longer appear in the auto-populated drop-down search box on Twitter, VICE News has learned. It's a shift that diminishes their reach on the platform -- and it's the same one being deployed against prominent racists to limit their visibility. The profiles continue to appear when conducting a full search, but not in the more convenient and visible drop-down bar. (The accounts appear to also populate if you already follow the person.)

Democrats are not being "shadow banned" in the same way, according to a VICE News review. McDaniel's counterpart, Democratic Party chair Tom Perez, and liberal members of Congress -- including Reps. Maxine Waters, Joe Kennedy III, Keith Ellison, and Mark Pocan -- all continue to appear in drop-down search results. Not a single member of the 78-person Progressive Caucus faces the same situation in Twitter's search. Presented with screenshots of the searches, a Twitter spokesperson told VICE News: "We are aware that some accounts are not automatically populating in our search box and shipping a change to address this." Asked why only conservative Republicans appear to be affected and not liberal Democrats, the spokesperson wrote: "I'd emphasize that our technology is based on account *behavior* not the content of Tweets."

Russian President Vladimir Putin's gift of a soccer ball to U.S. President Donald Trump last week set off a chorus of warnings -- some of them only half in jest -- that the World Cup souvenir could be bugged. Republican Senator Lindsey Graham even tweeted, "I'd check the soccer ball for listening devices and never allow it in the White House." It turns out they weren't entirely wrong. From a report: Markings on the ball indicate that it contained a chip with a tiny antenna that transmits to nearby phones. But rather than a spy device, the chip is an advertised feature of the Adidas AG ball. Photographs from the news conference in Helsinki, where Putin handed the ball to Trump, show it bore a logo for a near-field communication tag. During manufacturing, the NFC chip is placed inside the ball under that logo, which resembles the icon for a WiFi signal, according to the Adidas website. The chip allows fans to access player videos, competitions and other content by bringing their mobile devices close to the ball. The feature is included in the 2018 FIFA World Cup match ball that's sold on the Adidas website for $165 (reduced to $83 in the past week).

Last month, Washington filed a lawsuit against Facebook (and Google) for failing to disclose political ad spending, as required by state law. Washington law requires that "political campaign and lobbying contributions and expenditures be fully disclosed to the public and that secrecy is to be avoided." Today, as reported by Reuters, Facebook has signed an agreement with the state to stop third-party advertisers in the U.S. from excluding protected groups from seeing their ads. From the report: Facebook confirmed the agreement with the state, and said the announcement is part of a long process to ensure that tools used to target ads on the social network are safe, civil, and fair. "We've removed thousands of categories related to potentially sensitive personal attributes -- like race, ethnicity, sexual orientation and religion -- from our exclusion targeting tools," the company said, pointing to its efforts from over a year-and-a-half. The legally binding agreement with Washington state requires Facebook to make the changes to its ad platform within 90 days, Washington Attorney General Bob Ferguson said.

"Russian hackers [...] broke into supposedly secure, "air-gapped" or isolated networks owned by utilities (Warning: source may be paywalled; alternative source) with relative easy by first penetrating the networks of key vendors who had trusted relationships with the power companies," reports The Wall Street Journal, citing officials at the Department of Homeland Security. "They got to the point where they could have thrown switches" and disrupted power flows, said Jonathan Homer, chief of industrial-control-system analysis for DHS. The hacking campaign started last year and likely is continuing. From the report: DHS has been warning utility executives with security clearances about the Russian group's threat to critical infrastructure since 2014. But the briefing on Monday was the first time that DHS has given out information in an unclassified setting with as much detail. It continues to withhold the names of victims but now says there were hundreds of victims, not a few dozen as had been said previously. It also said some companies still may not know they have been compromised, because the attacks used credentials of actual employees to get inside utility networks, potentially making the intrusions more difficult to detect.

The attackers began by using conventional tools -- spear-phishing emails and watering-hole attacks, which trick victims into entering their passwords on spoofed websites -- to compromise the corporate networks of suppliers, many of whom were smaller companies without big budgets for cybersecurity. Once inside the vendor networks, they pivoted to their real focus: the utilities. It was a relatively easy process, in many cases, for them to steal credentials from vendors and gain direct access to utility networks. Then they began stealing confidential information. For example, the hackers vacuumed up information showing how utility networks were configured, what equipment was in use and how it was controlled. They also familiarized themselves with how the facilities were supposed to work, because attackers "have to learn how to take the normal and make it abnormal" to cause disruptions, said Mr. Homer. Their goal, he said: to disguise themselves as "the people who touch these systems on a daily basis."

The proliferation of digital tools that make text and email messages vanish may be welcome to Americans seeking to guard their privacy. But open government advocates fear they are being misused by public officials to conduct business in secret and evade transparency laws. From a report: Whether communications on those platforms should be part of the public record is a growing but unsettled debate in states across the country. Updates to transparency laws lag behind rapid technological advances, and the public and private personas of state officials overlap on private smartphones and social media accounts. "Those kind of technologies literally undermine, through the technology itself, state open government laws and policies," said Daniel Bevarly, executive director of the National Freedom of Information Coalition. "And they come on top of the misuse of other technologies, like people using their own private email and cellphones to conduct business." Some government officials have argued that public employees should be free to communicate on private, non-governmental cellphones and social media platforms without triggering open records requirements.

Ecuador is planning to hand over WikiLeaks founder Julian Assange to UK authorities in the "coming weeks or even days," RT editor-in-chief Margarita Simonyan said, citing her own sources. Simonyan reported the news in a recent tweet, which was reposted by WikiLeaks. Slashdot reader Okian Warrior first shared the news. Daily Express reports: Foreign Office minister Sir Alan Duncan is said to be involved in the diplomatic effort, which has come weeks ahead of a visit by new Ecuadorian president, Lenin Moreno, who called Mr Assange an "inherited problem." He also referred to the exiled WikiLeaks founder as a "stone in the shoe." Sources close to Assange claim he was not aware of the talks, but believe America is piling "significant pressure" on Ecuador to give him up, according to the Sunday Times. The sources claim that America has threatened to block a loan from the International Monetary Fund (IMF) if he is not removed from the embassy, based in Knightsbridge, west London. UPDATE 7/21/18: The Intercept also confirmed the news. Glen Greenwald, former reporter for The Guardian, writes: "A source close to the Ecuadorian Foreign Ministry and the President's office, unauthorized to speak publicly, has confirmed to the Intercept that Moreno is close to finalizing, if he has not already finalized, an agreement to hand over Assange to the UK within the next several weeks. The withdrawal of asylum and physical ejection of Assange could come as early as this week."

An anonymous reader shares a report: Microsoft detected and helped block hacking attempts against three congressional candidates this year, a company executive said Thursday, marking the first known example of cyber interference in the midterm elections. "Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks," said Tom Burt, Microsoft's vice president for security and trust, at the Aspen Security Forum. "And we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for election in the midterm elections."

Burt declined to name the targets but said they were "people who, because of their positions, might have been interesting targets from an espionage standpoint as well as an election disruption standpoint." Microsoft took down the fake domain and worked with the federal government to block the phishing messages.

Kim Zetter, reporting for Motherboard: The nation's top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them. In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had "provided pcAnywhere remote connection software ... to a small number of customers between 2000 and 2006," which was installed on the election-management system ES&S sold them.

The statement contradicts what the company told me and fact checkers for a story I wrote for the New York Times in February. At that time, a spokesperson said ES&S had never installed pcAnywhere on any election system it sold. "None of the employees -- including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software," the spokesperson said. ES&S did not respond on Monday to questions from Motherboard, and it's not clear why the company changed its response between February and April. Lawmakers, however, have subpoena powers that can compel a company to hand over documents or provide sworn testimony on a matter lawmakers are investigating, and a statement made to lawmakers that is later proven false can have greater consequence for a company than one made to reporters.

Rep. Mike Coffman (R-CO) today announced his support for a bill that would institute the basic outlines of the FCC's 2015 Open Internet order, which banned the throttling and blocking of content as well as harmful paid prioritization practices. He is also the first Republican to sign on to the Democrat-led discharge petition, which aims to force a vote on the House floor to roll back the FCC's December decision to repeal net neutrality. The Verge reports: The 21st Century Internet Act aims to restructure the current framework by which the internet has been governed since the '90s. Coffman's bill moves past this argument by amending the 1934 Telecommunications Act and adding the new Title VIII. This new classification would "permanently codify into law the 'four corners' of net neutrality" by banning providers from controlling traffic quality and speed and forbidding them from participating in paid prioritization programs or charging access fees from edge providers.

On top of providing stable ground for net neutrality rules to be upheld in the future, the legislation also makes it illegal for providers to participate in "unfair or deceptive acts or practices." It directs the FCC to investigate claims of anticompetitive behavior on behalf of consumers after receiving their complaints. Transparency requirements are heightened for providers as well, as companies must publicly disclose information regarding their network practices to allow consumers to "make informed choices regarding use of such services."

Special counsel Robert Mueller has obtained a new indictment charging 12 Russian intelligence officers with hacking Democrats to interfere with the 2016 presidential election, and with stealing information of about 500,000 American voters, the Justice Department announced Friday. From a report: The indictment lodged in Washington, D.C., accuses the Russian spies of hacking into the Democratic National Committee and the presidential campaign of Hillary Clinton, and of releasing emails obtained from that cybersnooping with a a goal of influencing the election. The accused also hacked into state boards of elections, secretaries of state, and into companies that provided software used to administer elections, according to Deputy Attorney Rod Rosenstein. Rosenstein said he briefed President Donald Trump about the case earlier in the week.

An anonymous reader quotes a report from NPR: The information operatives who worked out of the Internet Research Agency in St. Petersburg did not stop at posing as American social media users or spreading false information from purported news sources, according to new details. They also created a number of Twitter accounts that posed as sources for Americans' hometown headlines. NPR has reviewed information connected with the investigation and found 48 such accounts. They have names such as @ElPasoTopNews, @MilwaukeeVoice, @CamdenCityNews and @Seattle_Post. "A not-insignificant amount of those had some sort of variation on what appeared to be a homegrown local news site," said Bret Schafer, a social media analyst for the Alliance for Securing Democracy, which tracks Russian influence operations and first noticed this trend. Another example: The Internet Research Agency created an account that looks like it is the Chicago Daily News. That newspaper shuttered in 1978. The Internet Research Agency-linked account was created in May 2014, and for years, it just posted local headlines, accumulating some 19,000 followers by July 2016.

Another twist: These accounts apparently never spread misinformation. In fact, they posted real local news, serving as sleeper accounts building trust and readership for some future, unforeseen effort. "They set them up for a reason. And if at any given moment, they wanted to operationalize this network of what seemed to be local American news handles, they can significantly influence the narrative on a breaking news story," Schafer told NPR. "But now instead of just showing up online and flooding it with news sites, they have these accounts with two years of credible history."

An anonymous reader quotes a report from Engadget: If you're familiar with the phrase "that's a terrible idea, let's do it" then you might be one of the British MPs who think that the UK should do its own version of FOSTA-SESTA. That's exactly what Labour MP Sarah Champion has done by leading a debate this week for the creation of laws to criminalize websites used by sex workers in the UK -- under the rubric of fighting trafficking, of course. A self-appointed group of MPs (the "All-Party Parliamentary Group on Prostitution and the Global Sex Trade") fronted by Ms. Champion made a call to ban "prostitution websites" during a Wednesday House of Commons debate. Conflating sex work with trafficking just like their American counterparts, they claim websites where workers advertise and screen clients "directly and knowingly" profit from sex trafficking.

A new paper from the Center for Global Development says we are spending too much time discussing whether robots can take your job and not enough time discussing what happens next. The Verge reports: The paper's authors, Lukas Schlogl and Andy Sumner, say it's impossible to know exactly how many jobs will be destroyed or disrupted by new technology. But, they add, it's fairly certain there are going to be significant effects -- especially in developing economies, where the labor market is skewed toward work that requires the sort of routine, manual labor that's so susceptible to automation. Think unskilled jobs in factories or agriculture.

One class of solution they call "quasi-Luddite" -- measures that try to stall or reverse the trend of automation. These include taxes on goods made with robots (or taxes on the robots themselves) and regulations that make it difficult to automate existing jobs. They suggest that these measures are challenging to implement in "an open economy," because if automation makes for cheaper goods or services, then customers will naturally look for them elsewhere; i.e. outside the area covered by such regulations. [...] The other class of solution they call "coping strategies," which tend to focus on one of two things: re-skilling workers whose jobs are threatened by automation or providing economic safety nets to those affected (for example, a universal basic income or UBI). They conclude that there's simply not enough work being done researching the political and economic solutions to what could be a growing global crisis. "Questions like profitability, labor regulations, unionization, and corporate-social expectations will be at least as important as technical constraints in determining which jobs get automated," they write.

schwit1 quotes a report from the Electronic Frontier Foundation: We are asking a court to declare the Allow States and Victims to Fight Online Sex Trafficking Act of 2017 ("FOSTA") unconstitutional and prevent it from being enforced. The law was written so poorly that it actually criminalizes a substantial amount of protected speech and, according to experts, actually hinders efforts to prosecute sex traffickers and aid victims. In our lawsuit, two human rights organizations, an individual advocate for sex workers, a certified non-sexual massage therapist, and the Internet Archive, are challenging the law as an unconstitutional violation of the First and Fifth Amendments. Although the law was passed by Congress for the worthy purpose of fighting sex trafficking, its broad language makes criminal of those who advocate for and provide resources to adult, consensual sex workers and actually hinders efforts to prosecute sex traffickers and aid victims. The EFF goes on to cite some examples of how FOSTA has already censored the internet. Most notably, two days after FOSTA was passed in the Senate, "Craigslist eliminated its Personals section, including non-sexual subcategories such as 'Missed Connections' and 'Strictly Platonic,'" reports the EFF. Reddit even removed some of its subreddits out of fear of future lawsuits.