President Donald Trump signed into law on Tuesday legislation that bans the use of Kaspersky Lab within the U.S. government, capping a months-long effort to purge the Moscow-based antivirus firm from federal agencies amid concerns it was vulnerable to Kremlin influence. From a report: The ban, included as part of a broader defense policy spending bill that Trump signed, reinforces a directive issued by the Trump administration in September that civilian agencies remove Kaspersky Lab software within 90 days. The law applies to both civilian and military networks. "The case against Kaspersky is well-documented and deeply concerning. This law is long overdue," said Democratic Senator Jeanne Shaheen, who led calls in Congress to scrub the software from government computers. She added that the company's software represented a "grave risk" to U.S. national security.

An anonymous reader shares an Associated Press report: World leaders, investment funds and energy magnates promised Tuesday to devote new money and technology to slow global warming at a summit in Paris that President Emmanuel Macron hopes will rev up the Paris climate accord that U.S. President Donald Trump has rejected. Trump wasn't invited to the event but his name was everywhere. One by one, top world diplomats, former California governor Arnold Schwarzenegger, business leaders like Michael Bloomberg and even former U.S. Secretary of State John Kerry insisted that the world will shift to cleaner fuels and reduce emissions regardless of whether the Trump administration pitches in or not. Central to Tuesday's summit was countering Trump's main argument that the 2015 Paris accord on reducing global emissions would hurt U.S. business. Macron, a 39-year-old former investment banker, argues that the big businesses and successful economies of the future will be making and using renewable energy instead of pumping oil. Macron's office announced a dozen international projects emerging from the summit that will inject hundreds of millions of dollars in efforts to curb climate change. "The United States did not drop out of the Paris agreement. Donald Trump got Donald Trump out of the Paris agreement," Schwarzenegger said. The projects also aim to speed up the end of the combustion engine to reduce the emissions that contribute to global warming. With that aim, World Bank President Jim Yong Kim announced that his agency would stop financing oil and gas projects in two years, except in special circumstances for very poor nations.

President Trump has formally told NASA to send U.S. astronauts back to the moon. From a report: "The directive I'm signing today will refocus America's space program on human exploration and discovery," he said. Standing at the president's side as he signed "Space Policy Directive 1" on Monday was Apollo 17 astronaut Harrison Schmitt, one of the last two humans to ever walk on the moon, in a mission that took place 45 years ago this week. Since that time, no human has ventured out beyond low-Earth orbit. NASA doesn't even have its own space vehicle, having retired the space shuttles in 2011. Americans currently ride up to the international space station in Russian capsules, though private space taxis are expected to start ferrying them up as soon as next year.

The head of Germany's domestic intelligence agency has warned that China allegedly is using social networks to try to cultivate lawmakers and other officials as sources. From a report: Hans-Georg Maassen said his agency, known by its German acronym BfV, believes more than 10,000 Germans have been targeted by Chinese intelligence agents posing as consultants, headhunters or researchers, primarily on the social networking site LinkedIn. "This is a broad-based attempt to infiltrate in particular parliaments, ministries and government agencies," Maassen said.

Jeremy Hunt has publicly attacked Facebook for releasing a version of its Messenger app aimed at children, and called on the social media company to "stay away from my kids." From a report: The health secretary accused the company of "targeting younger children" after Facebook announced on Monday that it was conducting trials of an app called Messenger Kids in the US, which is designed to be used by pre-teens. He said the company was failing to act responsibly despite having assured the government that it would not target its service at children, who can only use the main social media website if they are over 13.

David Gilbert, writing for Vice: The White House is reportedly looking at a proposal to create a ghost network of private spies in hostile countries -- a way of bypassing the intelligence community's "deep state," which Donald Trump believes is a threat to his administration. The network would report directly to the president and CIA Director Mike Pompeo, and would be developed by Blackwater founder Erik Prince, according to multiple current and former officials speaking to The Intercept. "Pompeo can't trust the CIA bureaucracy, so we need to create this thing that reports just directly to him," a former senior U.S. intelligence official with firsthand knowledge of the proposals told the website. Described as "totally off the books," the network would be run by intelligence contractor Amyntor Group and would not share any data with the traditional intelligence community.

An anonymous reader quotes a report from Ars Technica: The Federal Communications Commission will move ahead with its vote to kill net neutrality rules next week despite an unresolved court case that could strip away even more consumer protections. FCC Chairman Ajit Pai says that net neutrality rules aren't needed because the Federal Trade Commission can protect consumers from broadband providers. But a pending court case involving AT&T could strip the FTC of its regulatory authority over AT&T and similar ISPs. A few dozen consumer advocacy groups and the City of New York urged Pai to delay the net neutrality-killing vote in a letter today. If the FCC eliminates its rules and the court case goes AT&T's way, there would be a "'regulatory gap' that would leave consumers utterly unprotected," the letter said. When contacted by Ars, Pai's office issued this statement in response to the letter: "This is just evidence that supporters of heavy-handed Internet regulations are becoming more desperate by the day as their effort to defeat Chairman Pai's plan to restore Internet freedom has stalled. The vote will proceed as scheduled on December 14."

Politico reports: Staffers for Senate Republicans' campaign arm seized information on more than 200,000 donors from the House GOP campaign committee over several months this year by breaking into its computer system, three sources with knowledge of the breach told Politico... Multiple NRSC staffers, who previously worked for the NRCC, used old database login information to gain access to House Republicans' donor lists this year. The donor list that was breached is among the NRCC's most valuable assets, containing not only basic contact information like email addresses and phone numbers but personal information that could be used to entice donors to fork over cash -- information on top issues and key states of interest to different people, the names of family members, and summaries of past donation history... Donor lists like these are of such value to party committees that they can use them as collateral to obtain loans worth millions of dollars when they need cash just before major elections...

"The individuals on these lists are guaranteed money," said a Republican fundraiser. "They will give. These are not your regular D.C. PAC list"... The list has helped the NRCC raise over $77 million this year to defend the House in 2018... Though the House and Senate campaign arms share the similar goal of electing Republican candidates and often coordinate strategy in certain states, they operate on distinct tracks and compete for money from small and large donors.
Long-time Slashdot reader SethJohnson says the data breach "is the result of poor deprovisioning policies within the House Republican Campaign Committee -- allowing staff logins to persist after a person has left the organization."

NRCC officials who learned of the breach "are really pissed," one source told the site.

Alex Hern, writing for The Guardian: Eugene Kaspersky, chief executive and co-founder of the embattled Russian cybersecurity firm that bears his name, believes his company is at the centre of a "designed and orchestrated attack" to destroy its reputation. Over a short period in the summer of 2017, Kaspersky Labs was the subject of multiple media reports alleging that the company had helped Russian intelligence agencies spy on the US, a number of FBI raids on staff members, and a nationwide ban on the use of its software by federal government agencies. "This media attack and government attack from the United States, it was designed and orchestrated," Mr Kaspersky said at a press conference in London. "Because at the same time, there was government, there was FBI, there was media attack. That is expensive ... I mean all kinds of resources: political influence, money, lobbyists, the media etc." When asked directly whether he had ever been asked to help Russian intelligence agencies spy on the US, Kaspersky vehemently denied any such conversations had ever happened saying: "They have never asked us to spy on people. Never." "If the Russian government comes to me and asks me to do anything wrong, I will move the business out of Russia," he added. "We never helped the espionage agencies, the Russians or any other nation."

New submitter unarmed8 shares a report from CyberScoop: Three Democratic senators introduced legislation on Thursday requiring companies to notify customers of data breaches within thirty days of their discovery and imposing a five year prison sentence on organizations caught concealing data breaches. The new bill, called the Data Security and Breach Notification Act, was introduced in the wake of reports that Uber paid $100,000 to cover up a 2016 data breach that affected 57 million users. The scope of what kind of data breach falls under this is limited. For instance, if only a last name, address or phone number is breached, the law would not apply. If an organization "reasonably concludes that there is no reasonable risk of identity theft, fraud, or other unlawful conduct," the incident is considered exempt from the legislation.

"We need a strong federal law in place to hold companies truly accountable for failing to safeguard data or inform consumers when that information has been stolen by hackers," Sen. Bill Nelson, D-Fla., said in a statement. "Congress can either take action now to pass this long overdue bill or continue to kowtow to special interests who stand in the way of this commonsense proposal. When it comes to doing what's best for consumers, the choice is clear."

Republican FCC Chairman Ajit Pai is doubling down on his critique of tech companies, asking whether social media is "a net benefit to American society" in remarks at the Media Institute on Wednesday. "Now, I will tell you upfront that I don't have an answer." From a report: What he said: Pai made the case that social media has been key to the politicization of many aspects of American life. "Everything nowadays is political. Everything. ... This view that politics-is-all is often made worse by social media," he said, per his prepared remarks.

The White House is considering banning its employees from using personal mobile phones while at work. While President Trump has been vocal about press leaks since taking office, one official said the potential change is driven by cybersecurity concerns. Bloomberg reports: One official said that there are too many devices connected to the campus wireless network and that personal phones aren't as secure as those issued by the federal government. White House Chief of Staff John Kelly -- whose personal phone was found to be compromised by hackers earlier this year -- is leading the push for a ban, another official said. The White House already takes precautions with personal wireless devices, including by requiring officials to leave phones in cubbies outside of meeting rooms where sensitive or classified information is discussed. Top officials haven't yet decided whether or when to impose the ban, and if it would apply to all staff in the executive office of the president. While some lower-level officials support a ban, others worry it could result in a series of disruptive unintended consequences.

An anonymous reader quotes a report from Ars Technica: For years, Comcast has been promising that it won't violate the principles of net neutrality, regardless of whether the government imposes any net neutrality rules. That meant that Comcast wouldn't block or throttle lawful Internet traffic and that it wouldn't create fast lanes in order to collect tolls from Web companies that want priority access over the Comcast network. This was one of the ways in which Comcast argued that the Federal Communications Commission should not reclassify broadband providers as common carriers, a designation that forces ISPs to treat customers fairly in other ways. The Title II common carrier classification that makes net neutrality rules enforceable isn't necessary because ISPs won't violate net neutrality principles anyway, Comcast and other ISPs have claimed.

But with Republican Ajit Pai now in charge at the Federal Communications Commission, Comcast's stance has changed. While the company still says it won't block or throttle Internet content, it has dropped its promise about not instituting paid prioritization. Instead, Comcast now vaguely says that it won't "discriminate against lawful content" or impose "anti-competitive paid prioritization." The change in wording suggests that Comcast may offer paid fast lanes to websites or other online services, such as video streaming providers, after Pai's FCC eliminates the net neutrality rules next month.

Dictionary.com has selected "complicit" as its word of the year for 2017, citing the term's renewed relevance in U.S. culture and politics -- and noting that a refusal to be complicit has also been "a grounding force of 2017." From a report: The website defines "complicit" as "choosing to be involved in an illegal or questionable act, especially with others; having complicity." Interest in the word spiked several times this year, Dictionary.com says -- most notably when Ivanka Trump said in April, "I don't know what it means to be complicit."

An anonymous reader shares a report: Google does not change its search algorithm to re-rank individual websites, it said in a letter to Russia's communications watchdog, after Moscow expressed concerns the search engine might discriminate against Russian media. The Roskomnadzor watchdog said earlier this month it would seek clarification from Google over whether it intentionally placed articles from Russian news websites Sputnik and Russia Today lower in search results. Responding to a question about Sputnik articles at a conference earlier in November, Alphabet Executive Chairman Eric Schmidt said Google was working to give less prominence to "those kinds of websites" as opposed to delisting them.

Long-time Slashdot reader speedplane writes: Yes, we've all heard that net neutrality is on its way out, and it seems NPR was able to snag one of the few (the only?) interview's of Ajit Pai on its effect. Sadly, NPR's Rachel Martin stuck to very broad and basic questions, and failed to press Pai on the change of policy. That said, it's worth a listen.
Pai insists that "We saw companies like Facebook, and Amazon and Google become global powerhouses precisely because we had light-touch rules that applied to this Internet. The Internet wasn't broken in 2015 when these heavy-handed regulations were adopted, and once we remove them, I think we'll continue to see the infrastructure investment that will benefit digital consumers and entrepreneurs alike... I've talked to a lot of companies that say, look, we want to be able to invest in these networks, especially in rural and low-income urban areas, but the more heavy-handed the regulations are, the less likely we can build a business case for doing it."

But New York's Attorney General Eric Schneiderman says he's spent six months investigating "a massive scheme to corrupt the FCC's notice and comment process" for net neutrality, adding that "the FCC has refused multiple requests for crucial evidence." (Nine requests over five months were ignored.) And now over 65,000 people have signed a new online petition at WhiteHouse.gov calling for the immediate removal of Ajit Pai as the FCC's chairman, calling him "a threat to our freedoms."

Meanwhile, The Verge has compiled "a list of the lawmakers who voted to betray you," with each listing also including "how much money they received from the telecom industry in their most recent election cycle."

An anonymous reader quotes Reuters: A bipartisan Harvard University project aimed at protecting elections from hacking and propaganda will release its first set of recommendations today on how U.S. elections can be defended from hacking attacks. The 27-page guidebook calls for campaign leaders to emphasize security from the start and insist on practices such as two-factor authentication for access to email and documents and fully encrypted messaging via services including Signal and Wickr. The guidelines are intended to reduce risks in low-budget local races as well as the high-stakes Congressional midterm contests next year.

Though most of the suggestions cost little or nothing to implement and will strike security professionals as common sense, notorious attacks including the leak of the emails of Hillary Clinton's campaign chair, John Podesta, have succeeded because basic security practices were not followed... "We heard from campaigns that there is nothing like this that exists," said Debora Plunkett, a 31-year veteran of the National Security Agency who joined the Belfer Center this year. "We had security experts who understood security and election experts who understood campaigns, and both sides were eager to learn how the other part worked."
The group includes "top security experts" from both Google and Facebook.

An anonymous reader quotes a report from Bloomberg: Facebook will show people which Russian propaganda pages or accounts they've followed and liked on the social network, responding to a request from Congress to address manipulation and meddling during the 2016 presidential election. The tool will appear by the end of the year in Facebook's online support center, the company said in a blog post Wednesday. It will answer the user question, "How can I see if I've liked or followed a Facebook page or Instagram account created by the Internet Research Agency?" That's the Russian firm that created thousands of incendiary posts from fake accounts posing as U.S. citizens. People will see a list of the accounts they followed, if any, from January 2015 through August 2017. Facebook will only be showing people the names of the pages and accounts, not the content. A user will only see what they liked or followed, so if they simply saw IRA content in their news feeds, they won't be notified.

wyattstorch516 writes: The Trump administration is tightening the scrutiny on the H-1B visa program (Warning: paywalled; alternative source). Changes would undo actions by the Obama administration. There are two big regulatory changes looming that would undo actions by the Obama administration. "The first change allowed spouses of H-1B workers the right to work. That regulation is being challenged in court and the Trump administration is expected to eliminate the provision rather than defend it," reports WSJ. "The second change affects the Optional Practical Training program, which allows foreign graduates from U.S. colleges in science and technology an extra two years of work authorization, giving them time to win an H-1B visa. The Trump administration could kill that benefit or reduce the two-year window, according to people familiar with the discussions." The Journal highlights a "series of more modest changes that have added scrutiny to visa processing":

- "USCIS directed last month that adjudicators no longer pay 'deference' to past determinations for renewal applications. This means an applicant's past approval won't carry any weight if he or she applies for a renewal.

- The agency is conducting more applicant interviews, which critics say slows the system. The agency spokesman says this process will ramp up over several years and is needed to detect fraud and make accurate decisions.

- In the spring, the agency suspended premium processing, which allowed for fast-track consideration to those who paid an extra fee. This option wasn't resumed until October, meaning many workers who qualified for a coveted H-1B visa had to wait months for a decision.

- State Department officials have been told to consider that Mr. Trump's 'Buy American, Hire American' executive order directs visa programs must 'protect the interests of United States workers.' And the Foreign Affairs Manual now instructs officers to scrutinize applications of students to ensure they plan to return to their home countries. A State Department official said the official rules haven't changed but said a 'comprehensive' review is under way."

Camel Pilot writes: The new GOP tax plan -- which just passed the House -- will tax tuition waivers as income. Graduate students working as research assistants on meager stipends would have to declare tuition waivers as income on the order of $80,000 income. This will force many graduate students of modest means to quit their career paths and walk away from their research. These are the next generation of scientists, engineers, inventors, educators, medical miracle workers and market makers. As Prof Claus Wilke points out: "This would be a disaster for U.S. STEM Ph.D. education." Slashdot reader Camel Pilot references a report via The New York Times, where Erin Rousseau explains how the House of Representatives' recently passed tax bill affects graduate research in the United States. Rousseau is a graduate student at M.I.T. who studies the neurological basis of mental health disorders. "My peers and I work between 40 and 80 hours a week as classroom teachers and laboratory researchers, and in return, our universities provide us with a tuition waiver for school. For M.I.T. students, this waiver keeps us from having to pay a tuition bill of about $50,000 every year -- a staggering amount, but one that is similar to the fees at many other colleges and universities," he writes. "No money from the tuition waivers actually ends up in our pockets, so under Section 117(d)(5), it isn't counted as taxable income." Rousseau continues by saying his tuition waivers will be taxed under the House's tax bill. "This means that M.I.T. graduate students would be responsible for paying taxes on an $80,000 annual salary, when we actually earn $33,000 a year. That's an increase of our tax burden by at least $10,000 annually."