The U.S. Department of Homeland Security said Saturday it currently had no reason to doubt statements from companies that have denied a Bloomberg report that their supply chains were compromised by malicious computer chips inserted by Chinese intelligence services.

“The Department of Homeland Security is aware of the media reports of a technology supply chain compromise,” DHS said in a statement.

“Like our partners in the UK, the National Cyber Security Centre, at this time we have no reason to doubt the statements from the companies named in the story,” it said.

Bloomberg Businessweek on Thursday cited 17 unidentified intelligence and company sources as saying that Chinese spies had placed computer chips inside equipment used by around 30 companies, as well as multiple U.S. government agencies, which would give Beijing secret access to internal networks.

Apple and Amazon

Britain’s national cyber security agency said Friday it had no reason to doubt the assessments made by Apple Inc and Amazon.com Inc challenging the report.

Apple contested the Bloomberg report Thursday, saying its own internal investigations found no evidence to support the story’s claims and that neither the company, nor its contacts in law enforcement, were aware of any investigation by the FBI on the matter.

Apple’s recently retired general counsel, Bruce Sewell, told Reuters he called the FBI’s then-general counsel, James Baker, last year after being told by Bloomberg of an open investigation of Super Micro Computer Inc, a hardware maker whose products Bloomberg said were implanted with malicious Chinese chips.

“I got on the phone with him personally and said, ‘Do you know anything about this?” Sewell said of his conversation with Baker. “He said, ‘I’ve never heard of this, but give me 24 hours to make sure.’ He called me back 24 hours later and said ‘Nobody here knows what this story is about.” Baker and the FBI declined to comment Friday.
…

The U.S. farm-to-table trend is definitely one of the latest. Americans are hungry for fresh, organic produce in their homes, and in many cases they are willing to pay more for it. But in an urban setting, residents don’t have a farm next door. The company Iron Ox is looking to change that, with the help of robust robotics. VOA’s Kevin Enochs has the story.
…

The Trump administration is moving ahead with plans to revise safety rules that bar fully self-driving cars from the roads without equipment such as steering wheels, pedals and mirrors, according to a document made public on Thursday.

The National Highway Traffic Safety Administration (NHTSA) “intends to reconsider the necessity and appropriateness of its current safety standards” as applied to automated vehicles, the U.S. Department of Transportation said in an 80-page update of its principles dubbed “Automated Vehicles 3.0.”

The department, as reported by Reuters earlier on Thursday, disclosed that the NHTSA wants comment “on proposed changes to particular safety standards to accommodate automated vehicle technologies and the possibility of setting exceptions to certain standards that are relevant only when human drivers are present.”

U.S. Transportation Secretary Elaine Chao released the document at a department event. In the report, Chao said that self-driving cars have the potential to dramatically reduce traffic crashes and road deaths. But she added the “public has legitimate concerns about the safety, security, and privacy of automated technology.”

Automakers must currently meet nearly 75 auto safety standards, many of which were written with the assumption that a licensed driver will be in control of the vehicle.

General Motors Co in January filed a petition seeking an exemption for the current rules to use vehicles without steering wheels and other human controls as part of a ride-sharing fleet it plans to deploy in 2019.

NHTSA has not declared the GM petition complete, a step necessary before it can rule on the merits. NHTSA said it plans to propose modernizing procedures to follow when reviewing exemption petitions.

Alphabet Inc’s Waymo unit plans to launch an autonomous ride-hailing service for the general public with no human driver behind the steering wheel in Arizona later this year. But unlike GM, Waymo’s vehicles will have human controls for the time being.

In March, a self-driving Uber Technologies Inc vehicle struck and killed a pedestrian, while the backup safety driver was watching a video, police said. Uber suspended testing in the aftermath and some safety advocates said the crash showed the system was not safe enough to be tested on public roads.

NHTSA has stepped up its self-driving car focus as legislation in Congress on self-driving cars, which passed the U.S. House of Representatives in 2017, has stalled. It has only a slender chance of being approved in 2018, congressional aides said.

The report said “NHTSA’s current statutory authority to establish motor vehicle safety standards is sufficiently flexible to accommodate the design and performance of different” automated vehicles.

The Center for Auto Safety said NHTSA should require companies to “submit evidence” that their self-driving technology is safe “before involuntarily involving human beings in their testing.”

GM said in a statement on Thursday that “legislation is still urgently needed” to allow “the full deployment of self-driving vehicles.”

Automakers have warned it could take too long for NHTSA to rewrite the rules to allow for the widespread of adoption of self-driving cars without human controls.

The department also said it “no longer recognizes the designations of ten automated vehicle proving grounds” announced in January 2017.

The sites, including a Michigan center that U.S. President Donald Trump visited last year, were named by Congress to be eligible for $60 million in grants “to fund demonstration projects that test the feasibility and safety” of self-driving vehicles.

The Transportation Department also announced it will start studying the workforce impacts of automated vehicles with the Labor, Commerce, and the Health and Human Services departments. 

The report also said the Trump administration will not support calls to end human driving. The department “embraces the freedom of the open road, which includes the freedom for Americans to drive their own vehicles.”
…

The U.S. government warned Wednesday that a hacking group widely known as cloudhopper, which Western cybersecurity firms have linked to the Chinese government, has launched attacks on technology service providers in a campaign to steal data from their clients.

The Department of Homeland issued a technical alert for cloudhopper, which it said was engaged in cyber espionage and theft of intellectual property, after experts with two prominent U.S. cybersecurity companies warned earlier this week that Chinese hacking activity has surged amid the escalating trade war between Washington and Beijing.

Chinese authorities have repeatedly denied claims by Western cybersecurity firms that it supports hacking.

Homeland Security

Homeland Security released the information to support U.S. companies in responding to attacks by the group, which is targeting information technology, energy, health care, communications and manufacturing firms.

“These cyber threat actors are still active and we strongly encourage our partners in government and industry to work together to defend against this threat,” DHS official Christopher Krebs said in a statement.

The reported increase in Chinese hacking follows what cybersecurity firms have described as a lull in such attacks prompted by a 2015 agreement between Chinese President Xi Jinping and former U.S. President Barrack Obama to curb cyber-enabled economic theft.

“I can tell you now unfortunately the Chinese are back,” Dmitri Alperovitch, chief technology officer of U.S. cybersecurity firm CrowdStrike, said Tuesday at a security conference in Washington.

“We’ve seen a huge pickup in activity over the past year and a half. Nowadays they are the most predominant threat actors we see threatening institutions all over this country and Western Europe,” he said.

Analysts with FireEye, another U.S. cybersecurity firm, said that some of the Chinese hacking groups it tracks have become more active in recent months.

Advice to US firms

Wednesday’s alert provided advice on how U.S. firms can prevent, identify and remediate attacks by cloudhopper, which is also known as Red Leaves and APT10.

The hacking group has largely targeted firms known as managed service providers, which supply telecommunications, technology and other services to business around the globe.

Managed service providers, or MSPs, are attractive targets because their networks provide routes for hackers to access sensitive systems of their many clients, said Ben Read, a senior intelligence manager with FireEye.

“We’ve seen this group route malware through an MSP network to other targets,” Read said.
…

Brandon Alexander would like to introduce you to Angus, the farmer of the future. He’s heavyset, weighing in at nearly 1,000 pounds, not to mention a bit slow. But he’s strong enough to hoist 800-pound pallets of maturing vegetables and can move them from place to place on his own.

Sure, Angus is a robot. But don’t hold that against him, even if he looks more like a large tanning bed than C-3PO.

To Alexander, Angus and other robots are key to a new wave of local agriculture that aims to raise lettuce, basil and other produce in metropolitan areas while conserving water and sidestepping the high costs of human labor. It’s a big challenge, and some earlier efforts have flopped. Even Google’s “moonshot” laboratory, known as X, couldn’t figure out how to make the economics work.

After raising $6 million and tinkering with autonomous robots for two years, Alexander’s startup Iron Ox says it’s ready to start delivering crops of its robotically grown vegetables to people’s salad bowls. “And they are going to be the best salads you ever tasted,” says the 33-year-old Alexander, a one-time Oklahoma farmboy turned Google engineer turned startup CEO.

Iron Ox planted its first robot farm in an 8,000-square-foot warehouse in San Carlos, California, a suburb located 25 miles south of San Francisco. Although no deals have been struck yet, Alexander says Iron Ox has been talking to San Francisco Bay area restaurants interested in buying its leafy vegetables and expects to begin selling to supermarkets next year.

The San Carlos warehouse is only a proving ground for Iron Ox’s long-term goals. It plans to set up robot farms in greenhouses that will rely mostly on natural sunlight instead of high-powered indoor lighting that sucks up expensive electricity. Initially, though, the company will sell its produce at a loss in order to remain competitive.

During the next few years, Iron Ox wants to open robot farms near metropolitan areas across the U.S. to serve up fresher produce to restaurants and supermarkets. Most of the vegetables and fruit consumed in the U.S. is grown in California, Arizona, Mexico and other nations. That means many people in U.S. cities are eating lettuce that’s nearly a week old by the time it’s delivered.

There are bigger stakes as well. The world’s population is expected to swell to 10 billion by 2050 from about 7.5 billion now, making it important to find ways to feed more people without further environmental impact, according to a report from the World Resources Institute.

Iron Ox, Alexander reasons, can be part of the solution if its system can make the leap from its small, laboratory-like setting to much larger greenhouses.

The startup relies on a hydroponic system that conserves water and automation in place of humans who seem increasingly less interested in U.S. farming jobs that pay an average of $13.32 per hour, according to the U.S. Department of Agriculture. Nearly half of U.S. farmworkers planting and picking crops aren’t in the U.S. legally, based on a survey by the U.S. Department of Labor.

The heavy lifting on Iron Ox’s indoor farm is done by Angus, which rolls about the indoor farm on omnidirectional wheels. Its main job is to shuttle maturing produce to another, as-yet unnamed robot, which transfers plants from smaller growing pods to larger ones, using a mechanical arm whose joints are lubricated with “food-safe” grease.

It’s a tedious process to gently pick up each of the roughly 250 plants on each pallet and transfer them to their bigger pods, but the robot doesn’t seem to mind the work. Iron Ox still relies on people to clip its vegetables when they are ready for harvest, but Alexander says it is working on another robot that will eventually handle that job too.

Alexander formerly worked on robotics at Google X, but worked on drones, not indoor farms. While there, he met Jon Binney, Iron Ox’s co-founder and chief technology offer. The two men became friends and began to brainstorm about ways they might be able to use their engineering skills for the greater good.

“If we can feed people using robots, what could be more impactful than that?” Alexander says.

                 
…

Ireland’s data regulator has launched an investigation of Facebook over a recent data breach that allowed hackers access 50 million accounts which could potentially cost Facebook more than $1.6 billion in fines.

The Irish Data Protection Commission said Wednesday that it will look into whether the U.S. social media company complied with European regulations that went into effect earlier this year covering data protection.

It’s the latest headache for Facebook in Europe, where authorities are turning up the heat on dominant tech firms over data protection. Last month, European Union consumer protection chief Vera Jourova said that she was growing impatient with Facebook for being too slow in clarifying the fine print in its terms of service covering what happens to user data and warned that the company could face sanctions.

The commission said in a statement that it would examine whether Facebook put in place “appropriate technical and organizational measures to ensure the security and safeguarding of the personal data it processes.”

The commission said earlier this week the number of EU accounts potentially affected numbered less than 5 million.

Ireland, which is Facebook’s lead privacy regulator for Europe, is moving swiftly to investigate the U.S. tech company since the breach became public on Friday.

Facebook said Friday attackers gained the ability to “seize control” of user accounts by stealing digital keys the company uses to keep users logged in. They could do so by exploiting three distinct bugs in Facebook’s code.

The company said it has fixed the bugs and logged out the 50 million breached users — plus another 40 million who were vulnerable to the attack — in order to reset those digital keys. Facebook said it doesn’t know who was behind the attacks or where they’re based. Neither passwords nor credit card data was stolen. At the time, the company said it alerted the FBI and regulators in the U.S. and Europe.

Facebook on Wednesday didn’t immediately return a request for comment.

Facebook has faced a tumultuous year of security problems and privacy issues . News broke early this year that a data analytics firm once employed by the Trump campaign, Cambridge Analytica, had improperly gained access to personal data from millions of user profiles. Then a congressional investigation found that agents from Russia and other countries have been posting fake political ads since at least 2016. In April, Zuckerberg appeared at a congressional hearing focused on Facebook’s privacy practices.

The European Union implemented stronger data and privacy rules, known as General Data Protection Regulation, in May.

The case could prove to be the first major test of GDPR. Under the new rules, companies could be hit with fines equal to 4 percent of annual global turnover for the most serious violations. In Facebook’s case, that could amount to more than $1.6 billion based on its 2017 revenues.

The new rules also require companies to disclose any breaches within 72 hours. The commission said Facebook informed it that its internal investigation is continuing and that it is taking actions to “mitigate the potential risk to users.”
…

Children’s and public health advocacy groups say Facebook’s kid-centric messaging app violates federal law by collecting kids’ personal information without getting verifiable consent from their parents.

The Campaign for a Commercial-Free Childhood and other groups asked the Federal Trade Commission on Wednesday to investigate Facebook’s Messenger Kids for violating the Children’s Online Privacy Protection Act, or COPPA.

The complaint says the app does not meet COPPA requirements because it doesn’t try to ensure that the person who sets up the kids’ account and gives consent to have their data collected is the actual parent. In fact, the groups say, someone could set up a brand new, fictional account and immediately approve a kid’s account without proving their age or identity.

Facebook said Wednesday it hasn’t yet reviewed the complaint letter. The company has said it doesn’t show ads on Messenger Kids or collect data for marketing purposes, though it does collect some data it says is necessary to run the service.

But the advocacy groups say the privacy policy of Messenger Kids is “incomplete and vague” and allows Facebook to disclose data to third parties and other Facebook services “for broad, undefined business purposes.”

Facebook launched Messenger Kids last December on iOS and has since expanded to Android and Amazon devices and beyond the U.S. to Mexico, Canada and elsewhere. It is aimed at children under 13 who technically cannot have Facebook accounts (although plenty of them do).

Though the company says it has received a lot of input from parents and children’s development experts in creating the app, groups such as the CCFC have been trying to get Messenger Kids shut down since it launched.
…

U.S. President Donald Trump plans to meet with Google CEO Sundar Pichai and other tech executives this month at a social media summit.

White House economic adviser Larry Kudlow said Tuesday that the administration hoped Facebook and Twitter would send representatives to the meeting. Kudlow added the event would most likely happen in mid-October, though no date has been set.

Prominent conservatives, including the president, have accused Facebook, Google and Twitter of silencing right-leaning voices on their platforms, a suspected practice called “shadow banning.”

Kudlow had a meeting with Pichai last Friday, which he described as “great.”

Pichai drew flack from senators last month after failing to send an executive to a hearing, and he has agreed appear at another.
…

Heated streets will melt ice and snow on contact. Sensors will monitor traffic and protect pedestrians. Driverless shuttles will carry people to their doors.

A unit of Google’s parent company Alphabet is proposing to turn a rundown part of Toronto’s waterfront into what may be the most wired community in history — to “fundamentally refine what urban life can be.”

Sidewalk Labs has partnered with a government agency known as Waterfront Toronto with plans to erect mid-rise apartments, offices, shops and a school on a 12-acre (4.9-hectare) site — a first step toward what it hopes will eventually be a 800-acre (325-hectare) development.

High-level interest is clear: Prime Minister Justin Trudeau and Alphabet’s then-Executive Chairman Eric Schmidt appeared together to announce the plan in October.

But some Canadians are rethinking the privacy implications of giving one of the most data-hungry companies on the planet the means to wire up everything from street lights to pavement. And some want the public to get a cut of the revenue from products developed using Canada’s largest city as an urban laboratory.

“The Waterfront Toronto executives and board are too dumb to realize they are getting played,” said former BlackBerry chief executive Jim Balsillie, a smartphone pioneer considered a national hero.

Complaints about the proposed development prompted Waterfront Toronto to re-do the agreement to ensure a greater role for the official agency, which represents city, provincial and federal governments.

So far the project is still in the embryonic stage. After consultations, the developers plan to present a formal master plan early next year.

Dan Doctoroff, the CEO of Sidewalk Labs, envisions features like pavement that lights up to warn pedestrians of approaching streetcars. Flexible heated enclosures — described as “raincoats” for buildings — will be deployed based on weather data during Toronto’s bitter winters. Robotic waste-sorting systems will detect when a garbage bin is full and remove it before raccoons descend.

“Those are great uses of data that can improve the quality of life of people,” he said. “That’s what we want to do.”

Sidewalk Labs promotional materials promise “a place that’s enhanced by digital technology and data, without giving up the privacy and security that everyone deserves.”

Doctoroff said the company isn’t looking to monetize people’s personal information in the way that Google does now with search information. He said the plan is to invent so-far-undefined products and services that Sidewalk Labs can market elsewhere.

“People automatically assume because of our relationship to Alphabet and Google that they will be treated one way or another. We have never said anything” about the data issue, he said. “To be honest people should give us some time. Be patient.”

But that wasn’t good enough for Julie Di Lorenzo, a prominent Toronto developer who resigned from the Waterfront Toronto board over the project. Di Lorenzo said data and what Google wants to do with it should be front and center in the discussions. She also believes the government agency has given the Google affiliate too much power over how the project develops.

“How can [Waterfront Toronto], a corporation established by three levels of democratically elected government, have shared values with a limited, for-profit company whose premise is embedded data collection?” Di Lorenzo asked.

Di Lorenzo asks who will own the autonomous vehicles. “Is the municipality maintaining the fleet or forcing you to share your vehicle?” She also asks if people who don’t want their data collected will be allowed to live there.

The concerns have intensified following a series of privacy scandals at Facebook and Google. A recent Associated Press investigation found that many Google services on iPhones and Android devices store location-tracking data even if you use privacy settings that are supposed to turn them off.

“It gives all of us pause,” Waterfront board chair Helen Burstyn acknowledged.

Bianca Wylie, an advocate of open government, said it remains deeply troubling that Sidewalk Labs still hasn’t said who will own data produced by the project or how it will be monetized. Google is here to make money, she said, and Canadians should benefit from any data or products developed from it.

“We are not here to be someone’s research and development lab,” she said, “to be a loss leader for products they want to sell globally.”

Ottawa patent lawyer Natalie Raffoul said the fact that the current agreement leaves ownership of data issues for later shows that it wasn’t properly drafted and means patents derived from the data will default to Google.

“We just can’t be too trusting of corporations,” she said.

But Burstyn, the Waterfront Toronto chair, said the upcoming master plan will address data concerns. The agency wants to make Toronto a global hub of a rising new industry, she said.

“Everybody gets worried about the digital and technology aspects that might run amok,” she said. “I don’t worry about that as much as I see the opportunities for developing a really interesting, innovative community.”

Adam Vaughan, the federal lawmaker whose district includes the development, said debate about big data and urban infrastructure is coming to cities across the world and he would rather have Toronto at the forefront of discussion.

“Google is ahead of governments globally and locally. That’s a cause for concern but it’s also an opportunity,” Vaughan said.
…

The EU’s top data privacy enforcer expressed worry Tuesday that Facebook had lost control of data security after a vast privacy breach that she said affected five million Europeans.

“It is a question for the management, if they have things under control,”  EU Justice and Consumer Affairs Commissioner Vera Jourova told AFP in Luxembourg.

“The magnitude of the company … makes it very difficult to manage, but they have to do that because they are harvesting the data and they are making incredible money on using our privacy as the commodity,” she added.

Jourova spoke just days after Facebook admitted that up to 50 million user accounts around the world had been breached by hackers, in yet another scandal for the beleaguered social platform.

“I will know more … in hours or days but according to our knowledge, five million Europeans have been affected out of those 50, which is an incredible number,” she said.

Jourova said Facebook’s quick revelation of the case demonstrated that new European rules on data protection implemented earlier this year are working.

New EU rules – the General Data Protection Regulation (GDPR) – have been billed as the biggest shake-up of privacy regulations since the birth of the web and give European regulators vast new enforcement powers.

The case for GDPR was boosted by another recent scandal over the harvesting of Facebook users’ data by Cambridge Analytica, a US-British political research firm, for the 2016 US presidential election.

Jourova said the worst cases involve a company finding a major breach then failing to warn authorities or their users, which she said doesn’t appear to be the case in the latest Facebook drama.

Under GDPR, companies can be fined up to four percent of annual global turnover if they fail to abide by the rules, including notification of the data breach within 72 hours.

Facebook met this requirement, Jourova pointed out, which “is one of the factors which might result in lower sanctions, but this is only theoretical”.

 
…

Imagine seeing an incredibly detailed map of your home city in three dimensions, with every citizen carrying a cell phone showing up as a dot on that map. Well, you can’t because there are security issues galore when it comes to tracking people online. But you should know it’s possible, at least in Singapore, where city planners are considering how the technology may help improve life. VOA’s Kevin Enochs reports.
…

Adam Mosseri, a veteran 10-year Facebook executive, will become the new head of Instagram, outgoing co-founders Kevin Systrom and Mike Krieger announced Monday.

“We are thrilled to hand over the reins to a product leader with a strong design background and a focus on craft and simplicity,” Systrom and Krieger said in a press release.The pair announced their resignation last week without giving a clear explanation.

Mosseri, 35, has been Instagram’s head of product since May. He began as a designer at Facebook in 2008, and recently ran its News Feed. His appointment comes among fears that with the departure of Instagram’s independent-minded founders, the app will become more like Facebook: Cluttered with features, and invasive of user’s personal data.

Instagram was founded in 2010 and bought by Facebook two years later for $1 billion. While Facebook has struggled to hold onto younger users, Instagram remains popular with teens. It has also remained scandal-free, while Facebook has taken heat for numerous scandals including the spread of fake news, alleged exploitation of user data with third parties, electoral interference, and its use as a platform for radical leaders to spread propaganda in developing countries.
…