Last month, Washington filed a lawsuit against Facebook (and Google) for failing to disclose political ad spending, as required by state law. Washington law requires that "political campaign and lobbying contributions and expenditures be fully disclosed to the public and that secrecy is to be avoided." Today, as reported by Reuters, Facebook has signed an agreement with the state to stop third-party advertisers in the U.S. from excluding protected groups from seeing their ads. From the report: Facebook confirmed the agreement with the state, and said the announcement is part of a long process to ensure that tools used to target ads on the social network are safe, civil, and fair. "We've removed thousands of categories related to potentially sensitive personal attributes -- like race, ethnicity, sexual orientation and religion -- from our exclusion targeting tools," the company said, pointing to its efforts from over a year-and-a-half. The legally binding agreement with Washington state requires Facebook to make the changes to its ad platform within 90 days, Washington Attorney General Bob Ferguson said.

"Russian hackers [...] broke into supposedly secure, "air-gapped" or isolated networks owned by utilities (Warning: source may be paywalled; alternative source) with relative easy by first penetrating the networks of key vendors who had trusted relationships with the power companies," reports The Wall Street Journal, citing officials at the Department of Homeland Security. "They got to the point where they could have thrown switches" and disrupted power flows, said Jonathan Homer, chief of industrial-control-system analysis for DHS. The hacking campaign started last year and likely is continuing. From the report: DHS has been warning utility executives with security clearances about the Russian group's threat to critical infrastructure since 2014. But the briefing on Monday was the first time that DHS has given out information in an unclassified setting with as much detail. It continues to withhold the names of victims but now says there were hundreds of victims, not a few dozen as had been said previously. It also said some companies still may not know they have been compromised, because the attacks used credentials of actual employees to get inside utility networks, potentially making the intrusions more difficult to detect.

The attackers began by using conventional tools -- spear-phishing emails and watering-hole attacks, which trick victims into entering their passwords on spoofed websites -- to compromise the corporate networks of suppliers, many of whom were smaller companies without big budgets for cybersecurity. Once inside the vendor networks, they pivoted to their real focus: the utilities. It was a relatively easy process, in many cases, for them to steal credentials from vendors and gain direct access to utility networks. Then they began stealing confidential information. For example, the hackers vacuumed up information showing how utility networks were configured, what equipment was in use and how it was controlled. They also familiarized themselves with how the facilities were supposed to work, because attackers "have to learn how to take the normal and make it abnormal" to cause disruptions, said Mr. Homer. Their goal, he said: to disguise themselves as "the people who touch these systems on a daily basis."

The proliferation of digital tools that make text and email messages vanish may be welcome to Americans seeking to guard their privacy. But open government advocates fear they are being misused by public officials to conduct business in secret and evade transparency laws. From a report: Whether communications on those platforms should be part of the public record is a growing but unsettled debate in states across the country. Updates to transparency laws lag behind rapid technological advances, and the public and private personas of state officials overlap on private smartphones and social media accounts. "Those kind of technologies literally undermine, through the technology itself, state open government laws and policies," said Daniel Bevarly, executive director of the National Freedom of Information Coalition. "And they come on top of the misuse of other technologies, like people using their own private email and cellphones to conduct business." Some government officials have argued that public employees should be free to communicate on private, non-governmental cellphones and social media platforms without triggering open records requirements.

Ecuador is planning to hand over WikiLeaks founder Julian Assange to UK authorities in the "coming weeks or even days," RT editor-in-chief Margarita Simonyan said, citing her own sources. Simonyan reported the news in a recent tweet, which was reposted by WikiLeaks. Slashdot reader Okian Warrior first shared the news. Daily Express reports: Foreign Office minister Sir Alan Duncan is said to be involved in the diplomatic effort, which has come weeks ahead of a visit by new Ecuadorian president, Lenin Moreno, who called Mr Assange an "inherited problem." He also referred to the exiled WikiLeaks founder as a "stone in the shoe." Sources close to Assange claim he was not aware of the talks, but believe America is piling "significant pressure" on Ecuador to give him up, according to the Sunday Times. The sources claim that America has threatened to block a loan from the International Monetary Fund (IMF) if he is not removed from the embassy, based in Knightsbridge, west London. UPDATE 7/21/18: The Intercept also confirmed the news. Glen Greenwald, former reporter for The Guardian, writes: "A source close to the Ecuadorian Foreign Ministry and the President's office, unauthorized to speak publicly, has confirmed to the Intercept that Moreno is close to finalizing, if he has not already finalized, an agreement to hand over Assange to the UK within the next several weeks. The withdrawal of asylum and physical ejection of Assange could come as early as this week."

An anonymous reader shares a report: Microsoft detected and helped block hacking attempts against three congressional candidates this year, a company executive said Thursday, marking the first known example of cyber interference in the midterm elections. "Earlier this year, we did discover that a fake Microsoft domain had been established as the landing page for phishing attacks," said Tom Burt, Microsoft's vice president for security and trust, at the Aspen Security Forum. "And we saw metadata that suggested those phishing attacks were being directed at three candidates who are all standing for election in the midterm elections."

Burt declined to name the targets but said they were "people who, because of their positions, might have been interesting targets from an espionage standpoint as well as an election disruption standpoint." Microsoft took down the fake domain and worked with the federal government to block the phishing messages.

Kim Zetter, reporting for Motherboard: The nation's top voting machine maker has admitted in a letter to a federal lawmaker that the company installed remote-access software on election-management systems it sold over a period of six years, raising questions about the security of those systems and the integrity of elections that were conducted with them. In a letter sent to Sen. Ron Wyden (D-OR) in April and obtained recently by Motherboard, Election Systems and Software acknowledged that it had "provided pcAnywhere remote connection software ... to a small number of customers between 2000 and 2006," which was installed on the election-management system ES&S sold them.

The statement contradicts what the company told me and fact checkers for a story I wrote for the New York Times in February. At that time, a spokesperson said ES&S had never installed pcAnywhere on any election system it sold. "None of the employees -- including long-tenured employees, has any knowledge that our voting systems have ever been sold with remote-access software," the spokesperson said. ES&S did not respond on Monday to questions from Motherboard, and it's not clear why the company changed its response between February and April. Lawmakers, however, have subpoena powers that can compel a company to hand over documents or provide sworn testimony on a matter lawmakers are investigating, and a statement made to lawmakers that is later proven false can have greater consequence for a company than one made to reporters.

Rep. Mike Coffman (R-CO) today announced his support for a bill that would institute the basic outlines of the FCC's 2015 Open Internet order, which banned the throttling and blocking of content as well as harmful paid prioritization practices. He is also the first Republican to sign on to the Democrat-led discharge petition, which aims to force a vote on the House floor to roll back the FCC's December decision to repeal net neutrality. The Verge reports: The 21st Century Internet Act aims to restructure the current framework by which the internet has been governed since the '90s. Coffman's bill moves past this argument by amending the 1934 Telecommunications Act and adding the new Title VIII. This new classification would "permanently codify into law the 'four corners' of net neutrality" by banning providers from controlling traffic quality and speed and forbidding them from participating in paid prioritization programs or charging access fees from edge providers.

On top of providing stable ground for net neutrality rules to be upheld in the future, the legislation also makes it illegal for providers to participate in "unfair or deceptive acts or practices." It directs the FCC to investigate claims of anticompetitive behavior on behalf of consumers after receiving their complaints. Transparency requirements are heightened for providers as well, as companies must publicly disclose information regarding their network practices to allow consumers to "make informed choices regarding use of such services."

Special counsel Robert Mueller has obtained a new indictment charging 12 Russian intelligence officers with hacking Democrats to interfere with the 2016 presidential election, and with stealing information of about 500,000 American voters, the Justice Department announced Friday. From a report: The indictment lodged in Washington, D.C., accuses the Russian spies of hacking into the Democratic National Committee and the presidential campaign of Hillary Clinton, and of releasing emails obtained from that cybersnooping with a a goal of influencing the election. The accused also hacked into state boards of elections, secretaries of state, and into companies that provided software used to administer elections, according to Deputy Attorney Rod Rosenstein. Rosenstein said he briefed President Donald Trump about the case earlier in the week.

An anonymous reader quotes a report from NPR: The information operatives who worked out of the Internet Research Agency in St. Petersburg did not stop at posing as American social media users or spreading false information from purported news sources, according to new details. They also created a number of Twitter accounts that posed as sources for Americans' hometown headlines. NPR has reviewed information connected with the investigation and found 48 such accounts. They have names such as @ElPasoTopNews, @MilwaukeeVoice, @CamdenCityNews and @Seattle_Post. "A not-insignificant amount of those had some sort of variation on what appeared to be a homegrown local news site," said Bret Schafer, a social media analyst for the Alliance for Securing Democracy, which tracks Russian influence operations and first noticed this trend. Another example: The Internet Research Agency created an account that looks like it is the Chicago Daily News. That newspaper shuttered in 1978. The Internet Research Agency-linked account was created in May 2014, and for years, it just posted local headlines, accumulating some 19,000 followers by July 2016.

Another twist: These accounts apparently never spread misinformation. In fact, they posted real local news, serving as sleeper accounts building trust and readership for some future, unforeseen effort. "They set them up for a reason. And if at any given moment, they wanted to operationalize this network of what seemed to be local American news handles, they can significantly influence the narrative on a breaking news story," Schafer told NPR. "But now instead of just showing up online and flooding it with news sites, they have these accounts with two years of credible history."

An anonymous reader quotes a report from Engadget: If you're familiar with the phrase "that's a terrible idea, let's do it" then you might be one of the British MPs who think that the UK should do its own version of FOSTA-SESTA. That's exactly what Labour MP Sarah Champion has done by leading a debate this week for the creation of laws to criminalize websites used by sex workers in the UK -- under the rubric of fighting trafficking, of course. A self-appointed group of MPs (the "All-Party Parliamentary Group on Prostitution and the Global Sex Trade") fronted by Ms. Champion made a call to ban "prostitution websites" during a Wednesday House of Commons debate. Conflating sex work with trafficking just like their American counterparts, they claim websites where workers advertise and screen clients "directly and knowingly" profit from sex trafficking.

A new paper from the Center for Global Development says we are spending too much time discussing whether robots can take your job and not enough time discussing what happens next. The Verge reports: The paper's authors, Lukas Schlogl and Andy Sumner, say it's impossible to know exactly how many jobs will be destroyed or disrupted by new technology. But, they add, it's fairly certain there are going to be significant effects -- especially in developing economies, where the labor market is skewed toward work that requires the sort of routine, manual labor that's so susceptible to automation. Think unskilled jobs in factories or agriculture.

One class of solution they call "quasi-Luddite" -- measures that try to stall or reverse the trend of automation. These include taxes on goods made with robots (or taxes on the robots themselves) and regulations that make it difficult to automate existing jobs. They suggest that these measures are challenging to implement in "an open economy," because if automation makes for cheaper goods or services, then customers will naturally look for them elsewhere; i.e. outside the area covered by such regulations. [...] The other class of solution they call "coping strategies," which tend to focus on one of two things: re-skilling workers whose jobs are threatened by automation or providing economic safety nets to those affected (for example, a universal basic income or UBI). They conclude that there's simply not enough work being done researching the political and economic solutions to what could be a growing global crisis. "Questions like profitability, labor regulations, unionization, and corporate-social expectations will be at least as important as technical constraints in determining which jobs get automated," they write.

schwit1 quotes a report from the Electronic Frontier Foundation: We are asking a court to declare the Allow States and Victims to Fight Online Sex Trafficking Act of 2017 ("FOSTA") unconstitutional and prevent it from being enforced. The law was written so poorly that it actually criminalizes a substantial amount of protected speech and, according to experts, actually hinders efforts to prosecute sex traffickers and aid victims. In our lawsuit, two human rights organizations, an individual advocate for sex workers, a certified non-sexual massage therapist, and the Internet Archive, are challenging the law as an unconstitutional violation of the First and Fifth Amendments. Although the law was passed by Congress for the worthy purpose of fighting sex trafficking, its broad language makes criminal of those who advocate for and provide resources to adult, consensual sex workers and actually hinders efforts to prosecute sex traffickers and aid victims. The EFF goes on to cite some examples of how FOSTA has already censored the internet. Most notably, two days after FOSTA was passed in the Senate, "Craigslist eliminated its Personals section, including non-sexual subcategories such as 'Missed Connections' and 'Strictly Platonic,'" reports the EFF. Reddit even removed some of its subreddits out of fear of future lawsuits.

According to a new Pew Research Center study, 72 percent of those polled (from a sample of 4,594 adults) think it's likely companies such as Facebook and Twitter actively censor political views that they consider objectionable. The study finds that Americans don't trust those companies to be impartial when it comes to partisan politics. Bloomberg reports: Republicans, more than their Democratic counterparts, displayed concern over perceived political bias. Eighty-five percent of Republicans and those who labeled themselves conservative independents said it's likely that social media platforms censor political speech. And 64 percent of Republicans think technology companies support the views of liberals over conservatives. The majority of Democrats, meanwhile, think it's likely that social media platforms censor political viewpoints, coming in at 62 percent. But only about a quarter of Democrats worry that these companies support the views of conservatives over liberals.

Congressional Democrats seeking to reinstate net neutrality rules are still 46 votes short of getting the measure through the House of Representatives. Ars Technica reports: The U.S. Senate voted last month to reverse the Federal Communications Commission's repeal of net neutrality rules, with all members of the Democratic caucus and three Republicans voting in favor of net neutrality. A discharge petition needs 218 signatures to force a House vote on the same net neutrality bill, and 218 votes would also be enough to pass the measure. So far, the petition has signatures from 172 representatives, all Democrats. That number hasn't changed in two weeks. The outlook looks grim as Republicans have a 235-193 majority in the House. If you're curious to see which representatives haven't signed the petition, you can view this page maintained by net neutrality group Fight for the Future.

Some U.S. lawmakers on both sides of the aisle have asked Google on Wednesday to reconsider its work with Chinese telecommunications firm Huawei, citing security concerns. Reuters reports: In a letter to Google Chief Executive Sundar Pichai, the lawmakers said Google recently decided not to renew "Project Maven," an artificial intelligence research partnership with the U.S. Department of Defense. "While we regret that Google did not want to continue a long and fruitful tradition of collaboration between the military and technology companies, we are even more disappointed that Google apparently is more willing to support the Chinese Communist Party than the U.S. military," they wrote. The letter was signed by Republican Senators Tom Cotton and Marco Rubio, Republican Representatives Michael Conaway and Liz Cheney, and Democratic Representative Dutch Ruppersberger.

"Like many U.S. companies, we have agreements with dozens of OEMs (manufacturers) around the world, including Huawei. We do not provide special access to Google user data as part of these agreement, and our agreements include privacy and security protections for use data," she said in an emailed statement.

A Democratic assemblyman with financial ties to AT&T has gutted a new law that would serve as a gold standard for true net neutrality protection across the country. The bill SB 822 is expected to be voted on by the California State Assembly Communications and Conveyance committee on Wednesday, where it would go to the state assembly for a full vote, at which point it would become law if it passes. "But late Tuesday evening, Miguel Santiago, a California assemblyman and chair of the Communications and Conveyance committee, edited the bill to allow for gaping loopholes that benefit the telecommunications industry and make the net neutrality legislation toothless," reports Mashable. From the report: If Santiago doesn't remove his amendments, he would be the first California Democrat to side with the Trump administration to actively destroy net neutrality, according to Fight for the Future (an internet freedoms advocacy organization). Specifically, the amendments undermine net neutrality in a few ways. First, they would allow ISPs to charge any website a fee for people to be able to access it.

Next, they would give some content (such as content owned by the provider) preferential treatment on cellular data. That means that some content would eat up cellular data, while others would be free or less impactful to access. There's a high likelihood that privileged content would be created by the network's parent company, since so many telecoms companies like Comcast and, recently, AT&T, now both own the actual content, and the way it's distributed. This loophole makes it likely that people wary about using up the data that they pay for would opt for the content privileged by their telecoms provider, which undermines consumer choice. And finally, Santiago's edits allow for throttling, which means intentionally slowing down content, but with a twist: Instead of slowing down the connection to consumer devices, the data is slowed at the website or service side, affecting everyone trying to access it.

An anonymous reader writes: Kaspersky Lab announced it was temporarily halting its cooperation with Europol following the voting of a controversial motion in the European Parliament. The Russian antivirus vendor will also stop working on the NoMoreRansom project that provided free ransomware decrypters for ransomware victims.

The company's decision comes after the EU Parliament voted a controversial motion that specifically mentions Kaspersky as a "confirmed as malicious" software and urges EU states to ban it as part of a joint EU cyber defense strategy. The EU did not present any evidence for its assessment that Kaspersky is malicious, but even answered user questions claiming it has no evidence. The motion is just a EU policy and has no legislative power, put it is still an official document. Kaspersky software has been previously banned from Government systems in the US, UK, Netherlands, and Lithuania.

An anonymous reader shares a report: Former FBI Director James Comey, who led the investigation into Hillary Clinton's use of personal email while secretary of state, also used his personal email to conduct official business, according to a report from the Justice Department on Thursday. The report also found that while Comey was "insubordinate" in his handling of the email investigation, political bias did not play a role in the FBI's decision to clear Clinton of any criminal wrongdoing.

The report from the office of the inspector general "identified numerous instances in which Comey used a personal email account (a Gmail account) to conduct FBI business." In three of the five examples, investigators said Comey sent drafts he had written from his FBI email to his personal account. In one instance, he sent a "proposed post-election message for all FBI employees that was entitled 'Midyear thoughts,'" the report states. In another instance, Comey again "sent multiple drafts of a proposed year-end message to FBI employees" from his FBI account to his personal email account.

The U.S. Treasury imposed sanctions on three Russian individuals and five companies on Monday, saying they had worked with Moscow's military and intelligence services on ways to conduct cyber attacks against the United States and its allies. From a report: "The United States is engaged in an ongoing effort to counter malicious actors working at the behest of the Russian Federation and its military and intelligence units to increase Russiaâ(TM)s offensive cyber capabilities," Treasury Secretary Steven Mnuchin said in a statement. "The entities designated today have directly contributed to improving Russia's cyber and underwater capabilities through their work with the FSB and therefore jeopardize the safety and security of the United States and our allies," Mnuchin said, using an acronym for Russia's Federal Security Service.

Anonymous readers share a report: As President Trump prepares to meet Kim Jong-un of North Korea to negotiate denuclearization, a challenge that has bedeviled the world for years, he is doing so without the help of a White House science adviser or senior counselor trained in nuclear physics. Mr. Trump is the first president since 1941 not to name a science adviser, a position created during World War II to guide the Oval Office on technical matters ranging from nuclear warfare to global pandemics. As a businessman and president, Mr. Trump has proudly been guided by his instincts. Nevertheless, people who have participated in past nuclear negotiations say the absence of such high-level expertise could put him at a tactical disadvantage in one of the weightiest diplomatic matters of his presidency.

"You need to have an empowered senior science adviser at the table," said R. Nicholas Burns, who led negotiations with India over a civilian nuclear deal during the George W. Bush administration. "You can be sure the other side will have that." The lack of traditional scientific advisory leadership in the White House is one example of a significant change in the Trump administration: the marginalization of science in shaping United States policy. There is no chief scientist at the State Department, where science is central to foreign policy matters such as cybersecurity and global warming. Nor is there a chief scientist at the Department of Agriculture: Mr. Trump last year nominated Sam Clovis, a former talk-show host with no scientific background, to the position, but he withdrew his name and no new nomination has been made.