DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Businesses

Amazon Wins $1.5 Billion Tax Dispute Over IRS (reuters.com) 71

Amazon.com on Thursday won a more than $1.5 billion tax dispute with the Internal Revenue Service over transactions involving a Luxembourg unit more than a decade ago. From a report: Judge Albert Lauber of the U.S. Tax Court rejected a variety of IRS arguments, and found that on several occasions the agency abused its discretion, or acted arbitrarily or capriciously. Amazon's ultimate tax liability from the decision was not immediately clear. The world's largest online retailer has said the case involved transactions in 2005 and 2006, and could boost its federal tax bill by $1.5 billion plus interest. It also said a loss could add "significant" tax liabilities in later years. Amazon made just $2.37 billion of profit in 2016, four times what it made in the four prior years combined, on revenue of $136 billion.
Cellphones

Feds: We're Pulling Data From 100 Phones Seized During Trump Inauguration (arstechnica.com) 218

An anonymous reader quotes a report from Ars Technica: In new filings, prosecutors told a court in Washington, DC that within the coming weeks, they expect to extract all data from the seized cellphones of more than 100 allegedly violent protesters arrested during the inauguration of President Donald Trump. Prosecutors also said that this search is validated by recently issued warrants. The court filing, which was first reported Wednesday by BuzzFeed News, states that approximately half of the protestors prosecuted with rioting or inciting a riot had their phones taken by authorities. Prosecutors hope to uncover any evidence relevant to the case. Under normal judicial procedures, the feds have vowed to share such data with defense attorneys and to delete all irrelevant data. "All of the Rioter Cell Phones were locked, which requires more time-sensitive efforts to try to obtain the data," Jennifer Kerkhoff, an assistant United States attorney, wrote. Such phone extraction is common by law enforcement nationwide using hardware and software created by Cellebrite and other similar firms. Pulling data off phones is likely more difficult under fully updated iPhones and Android devices.
Australia

Australia Shelves Copyright Safe Harbor For Google, Facebook (torrentfreak.com) 24

In a surprise setback for companies such as Google and Facebook that leverage user-generated content, Australia has dropped plans to extend its copyright safe harbor provisions. From a report: In a blow to Google, Facebook and others, the government dropped the amendments before they were due to be introduced to parliament yesterday. That came as a big surprise, particularly as Prime Minister Malcolm Turnbull had given the proposals his seal of approval just last week. "Provisions relating to safe harbor were removed from the bill before its introduction to enable the government to further consider feedback received on this proposal whilst not delaying the passage of other important reforms," Communications Minister Mitch Fifield said in a statement. There can be little doubt that intense lobbying from entertainment industry groups played their part, with a series of articles published in News Corp-owned The Australian piling on the pressure in favor of rightsholders.
Businesses

A Lithuanian Phisher Tricked Two Big US Tech Companies Into Wiring Him $100 Million (theverge.com) 128

According to a recent indictment from the U.S. Department of Justice, a 48-year-old Lithuanian scammer named Evaldas Rimasauskas managed to trick two American technology companies into wiring him $100 million. He was able to perform this feat "by masquerading as a prominent Asian hardware manufacturer," reports The Verge, citing court documents, "and tricking employees into depositing tens of millions of dollars into bank accounts in Latvia, Cyprus, and numerous other countries." From the report: What makes this remarkable is not Rimasauskas' particular phishing scam, which sounds rather standard in the grand scheme of wire fraud and cybersecurity exploits. Rather, it's the amount of money he managed to score and the industry from which he stole it. The indictment specifically describes the companies in vague terms. The first company is "multinational technology company, specializing in internet-related services and products, with headquarters in the United States," the documents read. The second company is a "multinational corporation providing online social media and networking services." Both apparently worked with the same "Asia-based manufacturer of computer hardware," a supplier that the documents indicate was founded some time in the late '80s. What's more important is that representatives at both companies with the power to wire vast sums of money were still tricked by fraudulent email accounts. Rimasauskas even went so far as to create fake contracts on forged company letterhead, fake bank invoices, and various other official-looking documents to convince employees of the two companies to send him money. Rimasauskas has been charged with one count of wire fraud, three counts of money laundering, and aggravated identity theft. In other words, he faces serious prison time of convicted -- each charge of wire fraud and laundering carries a max sentence of 20 years. The court documents don't reveal the names of the two companies. Though, one could surely think of a few candidates that would fit the descriptions provided in the court documents.
DRM

W3C Erects DRM As Web Standard (theregister.co.uk) 222

The World Wide Web Consortium (W3C) has formally put forward highly controversial digital rights management as a new web standard. "Dubbed Encrypted Media Extensions (EME), this anti-piracy mechanism was crafted by engineers from Google, Microsoft, and Netflix, and has been in development for some time," reports The Register. "The DRM is supposed to thwart copyright infringement by stopping people from ripping video and other content from encrypted high-quality streams." From the report: The latest draft was published last week and formally put forward as a proposed standard soon after. Under W3C rules, a decision over whether to officially adopt EME will depend on a poll of its members. That survey was sent out yesterday and member organizations, who pay an annual fee that varies from $2,250 for the smallest non-profits to $77,000 for larger corporations, will have until April 19 to register their opinions. If EME gets the consortium's rubber stamp of approval, it will lock down the standard for web browsers and video streamers to implement and roll out. The proposed standard is expected to succeed, especially after web founder and W3C director Sir Tim Berners-Lee personally endorsed the measure, arguing that the standard simply reflects modern realities and would allow for greater interoperability and improve online privacy. But EME still faces considerable opposition. One of its most persistent vocal opponents, Cory Doctorow of the Electronic Frontier Foundation, argues that EME "would give corporations the new right to sue people who engaged in legal activity." He is referring to the most recent controversy where the W3C has tried to strike a balance between legitimate security researchers investigating vulnerabilities in digital rights management software, and hackers trying to circumvent content protection. The W3C notes that the EME specification includes sections on security and privacy, but concedes "the lack of consensus to protect security researchers remains an issue." Its proposed solution remains "establishing best practices for responsible vulnerability disclosure." It also notes that issues of accessibility were ruled to be outside the scope of the EME, although there is an entire webpage dedicated to those issues and finding solutions to them.
Businesses

Patents Are A Big Part Of Why We Can't Own Nice Things (eff.org) 242

An anonymous reader shares an EFF article: Today, the Supreme Court heard arguments in a case that could allow companies to keep a dead hand of control over their products, even after you buy them. The case, Impression Products v. Lexmark International, is on appeal from the Court of Appeals for the Federal Circuit, who last year affirmed its own precedent allowing patent holders to restrict how consumers can use the products they buy. That decision, and the precedent it relied on, departs from long established legal rules that safeguard consumers and enable innovation. When you buy something physical -- a toaster, a book, or a printer, for example -- you expect to be free to use it as you see fit: to adapt it to suit your needs, fix it when it breaks, re-use it, lend it, sell it, or give it away when you're done with it. Your freedom to do those things is a necessary aspect of your ownership of those objects. If you can't do them, because the seller or manufacturer has imposed restrictions or limitations on your use of the product, then you don't really own them. Traditionally, the law safeguards these freedoms by discouraging sellers from imposing certain conditions or restrictions on the sale of goods and property, and limiting the circumstances in which those restrictions may be imposed by contract. But some companies are relentless in their quest to circumvent and undermine these protections. They want to control what end users of their products can do with the stuff they ostensibly own, by attaching restrictions and conditions on purchasers, locking down their products, and locking you (along with competitors and researchers) out. If they can do that through patent law, rather than ordinary contract, it would mean they could evade legal limits on contracts, and that any one using a product in violation of those restrictions (whether a consumer or competitor) could face harsh penalties for patent infringement.
AI

Who's Liable For Decisions AI and Robotics Make? (betanews.com) 178

An anonymous reader shares a BetaNews article: Reuters news agency reported on February 16 that "European lawmakers called [...] for EU-wide legislation to regulate the rise of robots, including an ethical framework for their development and deployment and the establishment of liability for the actions of robots including self-driving cars." The question of determining "liability" for decision making achieved by robots or artificial intelligence is an interesting and important subject as the implementation of this technology increases in industry, and starts to more directly impact our day to day lives. Indeed, as application of Artificial Intelligence and machine learning technology grows, we are likely to witness how it changes the nature of work, businesses, industries and society. And yet, although it has the power to disrupt and drive greater efficiencies, AI has its obstacles: the issue of "who is liable when something goes awry" being one of them. Like many protagonists in industry, Members of the European Parliament (MEPs) are trying to tackle this liability question. Many of them are calling for new laws on artificial intelligence and robotics to address the legal and insurance liability issues. They also want researchers to adopt some common ethical standards in order to "respect human dignity."
United States

'Sorry, I've Forgotten My Decryption Password' is Contempt Of Court, Pal - US Appeal Judges (theregister.co.uk) 516

Thomas Claburn, reporting for The Register: The US Third Circuit Court of Appeals today upheld a lower court ruling of contempt against a chap who claimed he couldn't remember the password to decrypt his computer's hard drives. In so doing, the appeals court opted not to address a lower court's rejection of the defendant's argument that being forced to reveal his password violated his Fifth Amendment protection against self-incrimination. In the case under review, the US District Court for the Eastern District of Pennsylvania held the defendant (referred to in court documents as "John Doe" because his case is partially under seal) in contempt of court for willfully disobeying and resisting an order to decrypt external hard drives that had been attached to his Mac Pro computer. The defendant's computer, two external hard drives, an iPhone 5S, and an iPhone 6 Plus had been seized as part of a child pornography investigation.
Businesses

Two More Executives Are Leaving Uber, Drivers May Unionize (nytimes.com) 200

First the resignations. "The beliefs and approach to leadership that have guided my career are inconsistent with what I saw and experienced at Uber," the company's former president told Recode on Sunday, announcing his resignation. "The departures add to the executive exodus from Uber this year," writes The New York Times. An anonymous reader quotes their report. Brian McClendon, vice president of maps and business platform at Uber, also plans to leave at the end of the month... Raffi Krikorian, a well-regarded director in Uber's self-driving division, left the company last week, while Gary Marcus, who joined Uber in December after Uber acquired his company, left this month. Uber also asked for the resignation of Amit Singhal, a top engineer who failed to disclose a sexual harassment claim against him at his previous employer, Google, before joining Uber. And Ed Baker, another senior executive, left this month as well.
Jones left Uber after less than six months, though McClendon's departure is said to be more amicable. "Mr. McClendon, in a statement, said he was returning to his hometown, Lawrence, Kansas, after 30 years away. 'This fall's election and the current fiscal crisis in Kansas is driving me to more fully participate in our democracy -- and I want to do that in the place I call home."

In other news, the Teamsters labor union plans to start organizing Uber's drivers into a union, after a Washington judge rejected Uber's attempt to overturn a right-to-unionize ordinance passed by the city of Seattle.
Crime

Company's Former IT Admin Accused of Accessing Backdoor Account 700+ Times (bleepingcomputer.com) 63

An anonymous reader writes: "An Oregon sportswear company is suing its former IT administrator, alleging he left backdoor accounts on their network and used them more than 700 times to search for information for the benefit of its new employer," reports BleepingComputer. Court papers reveal the IT admin left to be the CTO at one of the sportswear company's IT suppliers after working for 14 years at his previous employer. For more than two years, he's [allegedly] been using an account he created before he left to access his former colleagues' emails and gather information about the IT services they might need in the future. The IT admin was fired from his CTO job after his new employer found out what he was doing.
One backdoor, which enabled both VPN and VDI connections to the company's network, granted access to a "jmanming" account for a non-existent employee named Jeff Manning...
Canada

Court Fines Canadian $26,500 For 'Unconscionably Stupid' Balloon-Chair Flight (www.cbc.ca) 101

In 2015, 27-year-old Daniel Boria tied over 100 helium balloons to a lawn chair and floated 2.5 miles above Calgary, "getting in the way of commercial aircraft and putting hundreds of lives at risk," reports the CBC. An anonymous reader quotes their report: Boria was ordered to pay $26,500 [USD $18,822] in fines when he was sentenced Friday, after pleading guilty in December to dangerous operation of an aircraft for the 2015 stunt... In handing down the sentence provincial court Judge Bruce Fraser called Boria's stunt "dumb and dangerous" and "unconscionably stupid. There was nothing fantastic, fun or exhilarating about it... There is no precedent for so foolish an escapade"...

On July 5, 2015, Boria tied $13,000 worth of industrial-sized balloons to a Canadian Tire lawn chair and took to the skies to promote his cleaning company, with the plan to parachute into the Calgary Stampede chuckwagon races. Uncooperative weather forced him to bail early, and winds pushed his landing to Ogden Road, where he was arrested by police who had been monitoring Boria since he was spotted above the Stampede grounds... During the time he was in the air, 24 airplanes took off and landed in Calgary.

The judge agreed that $20,000 of the fine should be donated to a charity of Boria's choice, and later Boria "said the stunt was worthwhile and he has no regrets."
Crime

Judge Grants Search Warrant For Everyone Who Searched a Crime Victim's Name On Google (startribune.com) 101

Hennepin County District Judge Gary Larson has issued a search warrant to Edina, Minnesota police to collect information on people who searched for variations of a crime victim's name on Google from Dec. 1 through Jan. 7. Google would be required to provide Edina police with basic contact information for people targeted by the warrant, as well as Social Security numbers, account and payment information, and IP and MAC addresses. StarTribune reports: Information on the warrant first emerged through a blog post by public records researcher Tony Webster. Edina police declined to comment Thursday on the warrant, saying it is part of an ongoing investigation. Detective David Lindman outlined the case in his application for the search warrant: In early January, two account holders with SPIRE Credit Union reported to police that $28,500 had been stolen from a line of credit associated with one of their accounts, according to court documents. Edina investigators learned that the suspect or suspects provided the credit union with the account holder's name, date of birth and Social Security number. In addition, the suspect faxed a forged U.S. passport with a photo of someone who looked like the account holder but wasn't. Investigators ran an image search of the account holder's name on Google and found the photo used on the forged passport. Other search engines did not turn up the photo. According to the warrant application, Lindman said he had reason to believe the suspect used Google to find a picture of the person they believed to be the account holder. Larson signed off on the search warrant on Feb. 1. According to court documents, Lindman served it about 20 minutes later.
Crime

FBI Arrests Alleged Attacker Who Tweeted Seizure-Inducing Strobe at a Writer (theverge.com) 151

From a report on The Verge: An arrest has been made three months after someone tweeted a seizure-inducing strobe at writer and Vanity Fair contributing editor Kurt Eichenwald. The Dallas FBI confirmed the arrest to The Verge today, and noted that a press release with more details is coming. Eichenwald, who has epilepsy, tweeted details of the arrest and said that more than 40 other people also sent him strobes after he publicized the first attack. Their information is now with the FBI, he says. It isn't clear whether these "different charges" relate to similar online harassment incidents or something else entirely.
The Courts

Lack of Oxford Comma Could Cost Maine Company Millions in Overtime Dispute (nytimes.com) 331

Daniel VIctor, writing for The New York Times: A class-action lawsuit about overtime pay for truck drivers hinged entirely on a debate that has bitterly divided friends, families and foes: The dreaded -- or totally necessary -- Oxford comma, perhaps the most polarizing of punctuation marks. What ensued in the United States Court of Appeals for the First Circuit, and in a 29-page court decision handed down on Monday, was an exercise in high-stakes grammar pedantry that could cost a dairy company in Portland, Me., an estimated $10 million. In 2014, three truck drivers sued Oakhurst Dairy, seeking more than four years' worth of overtime pay that they had been denied (Editor's note: the link could be paywalled; alternate link from a syndicated partner). Maine law requires workers to be paid 1.5 times their normal rate for each hour worked after 40 hours, but it carves out some exemptions. [...] The debate over commas is often a pretty inconsequential one, but it was anything but for the truck drivers. Note the lack of Oxford comma -- also known as the serial comma -- in the following state law, which says overtime rules do not apply to: "The canning, processing, preserving, freezing, drying, marketing, storing, packing for shipment or distribution of: (1) Agricultural produce; (2) Meat and fish products; and (3) Perishable foods. Oakhurst Dairy is arguing that "packing for shipment" and "distribution" are two different items in the list. But that's not how the truck drivers are seeing it. They argue that "packing for shipment or distribution" is one item.
Cellphones

Class-Action Lawsuit Targets LG Over Legendary G4, V10 Bootloop Issues (arstechnica.com) 31

For those affected by LG's infamous bootloop issue with the G4 and V10, you might find some joy in this: several (upset) owners of these devices have lodged a proposed class-action lawsuit in a California federal court. They claim that a repeating bootloop issue "renders the phones inoperable and unfit for any use." In other words: bricked. Ars Technica reports: Thousands of complaints about the G4 have been highlighted on Twitter, Reddit, and YouTube. There was even an online petition to "launch a replacement program for defective LG G4s." Not to be outdone, the V10 has been the subject of many online complaints as well. One of the plaintiffs in the lawsuit (PDF) filed Wednesday said that LG replaced his G4 two times and that his third G4 constantly freezes. The new phone, says the suit, is "manifesting signs of the bootloop defect and is unmerchantable." A year ago, LG acknowledged the problem with the G4 and said it was the result of "loose contact between components." The company began offering replacement devices and fixes. The suit said that even after the January 2016 announcement, "LG continued to manufacture LG Phones with the bootloop defect." The suit claims that both models' processors were inadequately soldered to the motherboard, rendering them "unable to withstand the heat." Initially, the phones begin to freeze, suffer slowdowns, overheat, and reboot at random. Eventually, the suit says, they fail "entirely."
Google

Judge Rejects Google Deal Over Email Scanning (fortune.com) 48

A federal judge in San Francisco slammed a legal settlement that proposed to pay $2.2 million to lawyers, but nothing to consumers who had the contents of their email scanned by Google without their knowledge or permission. From a report: In a 6-page order, Judge Lucy Koh told Google and class action attorneys the proposed settlement was insufficient, in part because it failed to clearly tell consumers what the search giant had done. "This notice is difficult to understand and does not clearly disclose the fact that Google intercepts, scans and analyzes the content of emails sent by non-Gmail users to Gmail users for the purpose of creating user profiles of the Gmail users to create targeted advertising for the Gmail users," Koh wrote.
Piracy

Court Orders ISP To Hand Identities Behind 5,300 IP Addresses To Copyright Trolls (torrentfreak.com) 41

An anonymous reader quotes a report from TorrentFreak: An initiative, fronted by Danish law firm Njord and backed by known international copyright trolls Guardaley, made headlines when it began targeting the customers of several ISPs, including Telia, Tele2 and Bredbandsbolaget, the provider that was previously ordered to block The Pirate Bay. At the time it was unclear how many people the law firm had in its sights but the situation has become more clear following a recent legal development. Sweden's new Patent and Market Court, that was formed last year to handle specialist copyright complaints, handed down a ruling on Friday. It grants Njord and its partners the right to force ISP Telia to hand over the personal details of subscribers behind thousands of IP addresses, despite the ISP's objections. Telia says that although it places great value on its subscribers' right to privacy, complying with a court order is a legal requirement. In all, subscribers behind 5,300 Telia IP addresses will be affected, with claims that each unlawfully downloaded and shared a range of movie titles including CELL, IT, London Has Fallen, Mechanic: Resurrection, Criminal and September of Shiraz. All have featured in previous Guardaley trolling cases in the United States. It's not known how many of the 5,300 IP addresses Telia will be able to match to subscribers, or whether each IP address will identify a unique subscriber, but it's safe to say that thousands of households will be affected. "There is probable cause of infringement of copyright in the films in that they were unlawfully made available to the public via file sharing networks," the Court wrote in its judgement. "The applicants' interest in having access to the information outweighs any opposing interests, including the interest of the individual [subscribers] to remain anonymous." A Telia press spokesperson told SVT: "We believe that our customers' privacy is incredibly important, but now we must comply with this court decision."
The Courts

Hacking Victim Can't Sue Foreign Government For Hacking Him On US Soil, Says Court (vice.com) 102

According to Motherboard, a court of appeals in Washington D.C. ruled that an American citizen can't sue the Ethiopian government for hacking into his computer and monitoring him with spyware. "The decision on Tuesday is a blow to anti-surveillance and digital rights activists who were hoping to establish an important precedent in a widely documented case of illegitimate government-sponsored hacking." From the report: In late 2012, the Ethiopian government allegedly hacked the victim, an Ethiopian-born man who goes by the pseudonym Kidane for fear for government reprisals. Ethiopian government spies from the Information Network Security Agency (INSA) allegedly used software known as FinSpy to break into Kidane's computer, and secretly record his Skype conversations and steal his emails. FinSpy was made by the infamous FinFisher, a company that has sold malware to several governments around the world, according to researchers at Citizen Lab, a digital watchdog group at the University of Toronto's Munk School of Global Affairs, who studied the malware that infected Kidane's computer. The U.S. Court of Appeals for the District of Columbia Circuit ruled that Kidane didn't have jurisdiction to sue the Ethiopian government in the United States. Kidane and his lawyers invoked an exception to the Foreign Sovereign Immunities Act (FSIA), which says foreign governments can be sued in the U.S. as long as the entire tort on which the lawsuit is based occurred on American soil. According to the court, however, the hacking in this case didn't occur entirely in the U.S. "Ethiopia's placement of the FinSpy virus on Kidane's computer, although completed in the United States when Kidane opened the infected email attachment, began outside the United States," the decision read. "[It] gives foreign governments carte blanche to do whatever they want to Americans in America so long as they do it by remote control," Nate Cardozo, a staff attorney at the Electronic Frontier Foundation, a digital rights group who represented Kidane in this first-of-its-kind lawsuit, told Motherboard.
Software

Uber Is Using In-App Podcasts To Dissuade Seattle Drivers From Unionizing (theverge.com) 102

Uber doesn't like unionization, like many corporations. In January, the company sued the city of Seattle to challenge the city's authority to implement a law that would allow ride-share drivers to unionize. The Verge is reporting today that the company has been using in-app podcasts to dissuade their Seattle drivers from unionizing by explaining, in their view, how the city's unionization law would negatively affect drivers. From the report: Uber spokesperson Nathan Hambley pushed back on a story from The Wall Street Journal over the weekend that suggested Uber drivers in Seattle were forced to choose whether or not to listen to the company-produced podcasts every day before they can begin picking up riders. The podcasts, which are produced in a number of geographic markets for Uber drivers, appear as notifications at the bottom of the app that can be dismissed or ignored -- or acted upon to start the latest podcast episode, which usually run under 10 minutes. Drivers are not required to listen to the podcast, said Hambley in an interview. "They are not required to look down at the notification at all. The most prominent button is to go on or offline to accept rides." The notification first appears as the limited message on the left, and, if the driver swipes up, the full message appears. The notification remains at the bottom of the driver screen regardless of whether it is ignored, or if the podcast is listened to or not.
Privacy

Vibrator Maker To Pay Millions Over Claims It Secretly Tracked Use (npr.org) 113

An anonymous reader quotes a report from NPR: The makers of the We-Vibe, a line of vibrators that can be paired with an app for remote-controlled use, have reached a $3.75 million class action settlement with users following allegations that the company was collecting data on when and how the sex toy was used. The We-Vibe product line includes a number of Bluetooth-enabled vibrators that, when linked to the "We-Connect" app, can be controlled from a smartphone. It allows a user to vary rhythms, patterns and settings -- or give a partner, in the room or anywhere in the world, control of the device. Since the app was released in 2014, some observers have raised concerns that Internet-connected sex toys could be vulnerable to hacking. But the lawsuit doesn't involve any outside meddling -- instead, it centers on concerns that the company itself was tracking users' sex lives. The lawsuit was filed in federal court in Illinois in September. It alleges that -- without customers' knowledge -- the app was designed to collect information about how often, and with what settings, the vibrator was used. The lawyers for the anonymous plaintiffs contended that the app, "incredibly," collected users' email addresses, allowing the company "to link the usage information to specific customer accounts." Customers' email addresses and usage data were transmitted to the company's Canadian servers, the lawsuit alleges. When a We-Vibe was remotely linked to a partner, the connection was described as "secure," but some information was also routed through We-Connect and collected, the lawsuit says.

Slashdot Top Deals