Back in April, we told you about Project SAM, a Chevrolet Corvette specially modified by Arrow to enable the vehicle to be driven by Sam Schmidt. Schmidt is a successful IndyCar team owner these days, but he used to be an IndyCar driver until an accident in 2000 paralyzed him from the neck down. On Wednesday, Nevada—which has a reputation as an early adopter when it comes to automotive technology—issued Schmidt the first "autonomous vehicle restricted driver's license."
Project SAM works with a combination of head tracking (for the steering) and a sip-and-puff controller for the throttle and brake. The system is sensitive enough to let Schmidt actually drive the car to its potential; at the Pikes Peak International Hill Climb this year, Schmidt gave a demonstration run up the mountain on race day. His co-driver, Robby Unser, confirmed to Ars that Schmidt did not take things easy.
However, Schmidt's license does come with a few restrictions. For one thing, like the autonomous vehicle testing licenses granted by the state to Google, it's only valid within Nevada. Also, Project SAM can't go out if there's snow or ice on the road, and there needs to be a pilot car ahead as well as a licensed driver ready to take control of the Z06 if necessary.
Should the government be able to get a warrant to search a potentially unlimited number of computers belonging to unknown people located anywhere in the world? That’s the question posed by the Playpen case, involving the FBI’s use of malware against over a thousand visitors to a site hosting child pornography. The prosecutions resulting from this mass hacking operation are unprecedented in many ways, but the scope of the single warrant that purportedly authorized the FBI’s actions represents perhaps the biggest departure from traditional criminal procedure.The Need for Particularity
More in this series:
Warrants are often considered the basic building block of the Fourth Amendment. Whenever the government seeks to engage in a search or seizure, it must first get a warrant, unless a narrow exception applies. In a previous post, we explained the significance of the Fourth Amendment “events”—several searches and seizures—that occurred each time the government employed its malware against visitors to Playpen.
But simply calling something a warrant doesn’t make it a constitutionally valid warrant. In fact, the “immediate evils” that motivated the drafters of the Bill of Rights were “general warrants,” also known as “writs of assistance,” which gave British officials broad discretion to search nearly everyone and everything for evidence of customs violations. In the words of colonial lawyer James Otis, general warrants “annihilate” the “freedom of one’s house” and place “the liberty of every man in the hands of every petty officer.”
As a result, the Fourth Amendment says exactly what a warrant has to look like in order to be constitutional: “no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”
These requirements—the demonstration of probable cause and the particular description—accomplish separate objectives, but both ultimately work to narrow the authority given to officers executing a warrant, ensuring they won’t go on fishing expeditions and will instead conduct only searches authorized by a neutral and detached magistrate. Probable cause is a notoriously nebulous concept, but it generally ensures that the government has significant evidence supporting its application for a search warrant. Meanwhile, the particularity requirement works to limit the scope of the warrant: law enforcement must tie the specific evidence they have to specific persons or places they want to search. But, critically, both elements must be satisfied for the warrant to be valid.
As with other unconstitutional searches, courts deter the government from obtaining insufficiently particular search warrants by throwing out or “suppressing” evidence that results from searches under these warrants.Was the Playpen Warrant Constitutional?
No. The warrant [.pdf] that the FBI obtained to install malware on computers visiting Playpen was astonishingly broad: it allowed the FBI to deploy the malware against any “activating computer,” defined as any computer logging into the site. The warrant and its attachments say nothing about whose computers these are or where they are located. Court documents reveal that the site had as many as 150,000 users, and that in the two weeks that the FBI operated the site and deployed its malware, the number of visitors subject to search was in the thousands. And when the FBI identified the visitors, they were located all over the country and indeed all over the world.
The argument—advanced by EFF in amicus briefs in several Playpen cases—is that this warrant fails the Fourth Amendment’s particularity requirement:
The Warrant here did not identify any particular person to search or seize. Nor did it identify any specific user of the targeted website. It did not even attempt to describe any series or group of particular users. Similarly, the Warrant failed to identify any particular device to be searched, or even a particular type of device. . . . Compounding matters, the Warrant failed to provide any specificity about the place to be searched—the location of the “activating computers.”
As the Ninth Circuit Court of Appeals has explained, "Search warrants . . . are fundamentally offensive to the underlying principles of the Fourth Amendment when they are so bountiful and expansive in their language that they constitute a virtual, all-encompassing dragnet[.]" A warrant that authorizes the FBI to search an potentially unbounded number of users without specifying their locations or otherwise limiting the search is far closer to a “virtual, all-encompassing dragnet” than a specific, particularized warrant that satisfies the Fourth Amendment.Uncharted Territory
The nature of the technology the FBI used in investigating Playpen puts the warrant in uncharted territory. As the noted professor of constitutional law and computer crime Orin Kerr writes, it’s a “serious question” whether searches conducted using the government’s malware pursuant to the Playpen warrant can be properly analogized to searches in the physical world.
Even when compared to extreme examples of warrants that seem to push against the boundaries of the particularity requirement, the Playpen warrant is vastly less specific in its description. For example, some courts have authorized “all persons warrants,” which allow officers to search everyone in a specific place, in scenarios where simply being on the premises provides probable cause that the person is committing a crime. But these searches are tied to a physical location and thus provide spatial limitations on both the area to be searched and the number of people who can be present. No court we’re aware of has ever upheld an all persons warrant authorizing the search of even 100 people, let alone thousands. Similar limitations are involved in a “roving wiretap,” a type of warrant that authorizes electronic surveillance of specific individuals who may move from place to place. Roving wiretaps allow the government to follow these people as they use burner phones, for example, but the warrant must specify who will be subject to such a wiretap. No court would authorize a roving wiretap on unspecified persons because such a wiretap would be indistinguishable from a general warrant.
Defenders of the Playpen warrant have described it as “anticipatory,” based on probable cause to believe that at some future time evidence of a crime will be found at a specific place. But anticipatory warrants require the government to demonstrate a likelihood that a “triggering condition” will occur in order to render the search valid. The Supreme Court has made clear that the government can’t get an anticipatory warrant to search every house in the country on the condition that a package containing contraband is delivered to the house; it has to demonstrate the likelihood that a specific house will receive such a package. The Playpen warrant does not demonstrate the likelihood of a specific user logging into the site, instead defining the activating condition as any user logging in. The result is a general search that can be executed on unknown computers in unknown places.
Finally, it’s worth noting that the particularity requirement doesn’t mean the FBI is helpless to investigate serious crime occurring on hidden sites like Playpen and committed by users who take steps to hide their locations. As we described in an earlier post, the FBI took over the site’s server, enabling it to serve visitors with malware. But that also meant that the FBI had access to the server logs and a wealth of information about individual users (though the use of Tor would of course have obscured their public IP addresses). As a result, the FBI could have sought warrants to go after these individual users, describing their illegal activity on the site in a particularized way. This is more than just requiring the government to jump through hoops—it’s what stands between a constitutional, particularized search and precisely the type of generalized warrant the Fourth Amendment was designed to prevent.
Related Cases: The Playpen Cases: Mass Hacking by U.S. Law Enforcement
For more than a decade, evidence has been piling up that humans colonized the Americas thousands of years before the Clovis people. The Clovis, who are the early ancestors of today's Native Americans, left abundant evidence of their lives behind in the form of tools and graves. But the mysterious pre-Clovis humans, who likely arrived 17,000 to 15,000 years ago, have left only a few dozen sources of evidence for their existence across the Americas, mostly at campsites where they processed animals during hunting trips. Now a fresh examination of one such campsite, a 14,000-year-old hunter's rest stop outside the city of Tres Arroyos in Argentina, has given us a new understanding of how the pre-Clovis people might have lived.
Archaeologists are still uncertain how the pre-Clovis people arrived in the Americas. They came after the end of the ice age but at a time when glaciers and an icy, barren environment would still have blocked easy entrance into the Americas via Northern Canada. So it's extremely unlikely that they marched over a land bridge and into the Americas through the middle of the continent—most scientists believe they would have come via a coastal route, frequently using boats for transport. That would explain why many pre-Clovis sites are on the coast, on islands, or on rivers that meet the ocean.
These early settlers were hunter-gatherers who used stone tools for a wide range of activities, including hunting, butchery, scraping hides, preparing food, and making other tools out of bone and wood. Many of the pre-Clovis stone tools look fairly simple and were made by using one stone to flake pieces off the other, thus creating sharp edges. At the campsite in Argentina, known as the Arroyo Seco 2 site, archaeologists have found more than 50 such tools made from materials like chert and quartzite. They're scattered across an area that was once a grassy knoll above a deep lake, which is rich with thousands of animal bone fragments that have been carbon dated to as early as 14,000 years ago. There are even a couple-dozen human burials at the site, dated to a later period starting roughly 9,000 years ago. The spot has the characteristic look of a hunter's camp, used for processing animals, that was revisited seasonally for thousands of years.
HP Inc. today said it will restore the ability of certain OfficeJet printers to use third-party ink cartridges, after being criticized for issuing a firmware update that rejects non-HP ink.
But HP is still defending its practice of preventing the use of non-HP ink and is making no promises about refraining from future software updates that force customers to use only official ink cartridges.
HP made its announcement in a blog post titled "Dedicated to the best printing experience."
It's a good time to be in the market for a streaming TV box. Roku just updated its lineup earlier this week with the tiny $30 Roku Express and some mainstream boxes that bring 4K video support for less than $100. Google is expected to release a 4K version of its popular Chromecast dongle at its product event next week. And Amazon has just announced a new version of its $40 Fire TV Stick.
For most people, the most noticeable upgrade will be the included Alexa Voice Remote, which can be used to search for media, launch apps, and control playback, among other things. Voice input can go a long way toward solving the normally frustrating experience of tapping out text using a giant on-screen keyboard, and Amazon is offering the feature in a cheaper package than either Roku or Apple.
4K TV and streamers are becoming more common and more affordable, but the Fire TV Stick is still aimed primarily at people with 720p and 1080p TVs and relatively basic needs. It's still getting a few hardware upgrades that should make the experience better, though. It trades its dual-core Broadcom SoC for a quad-core MT8127 chip from MediaTek. Its 1.3GHz ARM Cortex A7 cores and quad-core ARM Mali 450 GPU would be laughably outdated in any smartphone, but they're well-suited for 1080p media streaming and should provide a noticeable improvement to UI fluidity and general responsiveness. The SoC also supports 1080p decode for h.265/HEVC content.
In 2010, the Food and Drug Administration sent letters out to beverage makers warning that their caffeinated, alcoholic drinks were “unsafe.” The federal admonishment followed an exceptional string of reports that college kids were getting black-out drunk and severe alcohol poisoning after consuming them. Mixing alcohol and high levels of caffeine is a dangerous combination, the FDA and health experts cautioned; the drinks amp people up while dousing their ability to sense their own intoxication, leading to more drinking and riskier behavior.
But according to new research, highly caffeinated beverages can be linked to serious trouble.
In a six-year study following 1,000 college students, researchers found that the more non-alcoholic energy drinks a person reported throwing back, the more likely they were to drive drunk. The finding squares with past studies that have linked alcoholic energy drinks to such dangerous behaviors. However, the study, published Tuesday in Alcoholism: Clinical and Experimental Research, is the first to decouple the bad effects of alcohol from those of the energy drinks alone.
For more than a year, EFF has been investigating how police in California misuse the state’s law enforcement database with little oversight from officials. An investigation published by the Associated Press today shows that abuse of law enforcement systems is a nationwide problem.
The AP’s investigation analyzed records from all 50 states and three dozen of the country’s largest cities. The reporters found that officers have routinely used law enforcement and driver databases to stalk ex-partners, dig up dirt on their neighbors, and even spy on celebrities and journalists.
According to AP, between 2013 and 2015, more than 325 officers and employees either resigned or were fired or suspended for unauthorized database queries. In another 250 cases, staff received reprimands, counseling or other lower levels of discipline. The numbers are staggering, but also only the tip of the iceberg. As the AP reports:
The unauthorized searches demonstrate how even old-fashioned policing tools are ripe for abuse, at a time when privacy concerns about law enforcement have focused mostly on more modern electronic technologies. And incomplete, inconsistent tracking of the problem frustrates efforts to document its pervasiveness.
The AP investigation builds off more than a year's worth of research by EFF into the California Law Enforcement Telecommunications System (CLETS). EFF previously found that the oversight body charged with combatting misuse had been systematically giving law enforcement agencies a pass by either failing to make sure agencies filed required misuse data or to hold hearings to get to the bottom of persistent problems with misuse. As EFF reported, confirmed misuse cases have more than doubled in California between 2010 and 2015.
Other news organizations have shown the problem isn’t limited to California. In 2013, the Minneapolis Star-Tribune reported on a state audit that found more than half of the state’s 11,000 officers had misused driver data. In August of this year, the Tampa Bay Times found that over just 18 months, police had misused the Driver and Vehicle Information Database (DAVID) 432 times. But the AP’s report demonstrates that this is a pervasive issue throughout the entire country.Privacy info. This embed will serve content from youtube-nocookie.com
AP interviewed numerous victims of database misuse. As one woman explained:
It's personal. It's your address. It's all your information, it's your Social Security number, it's everything about you," said Alexis Dekany, the Ohio woman whose ex-boyfriend, a former Akron officer, pleaded guilty last year to stalking her. "And when they use it for ill purposes to commit crimes against you — to stalk you, to follow you, to harass you ... it just becomes so dangerous.
Some of the AP cases are especially egregious, such as a Michigan State Police dispatcher who sold confidential data to lawyers over a period of more than a decade. A Georgia police officer accepted a $1,000 bribe to search a database. A marshal in Colorado “asked his deputies to run license plates of every white pickup truck they saw because his girlfriend was seeing a man who drove a white pickup, according to an investigative report.”
EFF found similar examples in California, including a case where a Los Angeles police officer allegedly pulled information on witnesses in a murder case to provide to the family of a convicted killer. Other officers were caught screening online dates through CLETS or even stalking women. Database misuse has also come to the forefront in recent police controversies in the San Francisco Bay Area, with at least one officer at the center of a racist text scandal being charged for abusing a DMV database.
It’s a problem that spans all level of law enforcement and intelligence. The NSA even came up with a codeword—LOVEINT—when people used sensitive intelligence databases to spy on their romantic interests and ex-partners.
The AP’s story highlights the dangers of police misuse of sensitive databases, but it also prompts a bigger question: whether law enforcement is being vigilant enough in policing itself. This is further complicated when databases are shared across states, making it difficult for one state to know when an officer in another state has inappropriately accessed their data.
EFF is continuing to put pressure on the California Department of Justice’s CLETS Advisory Committee to fulfill its statutory obligations to control the system. So far, the agency has been stricter with ensuring that local police and sheriff departments disclose annual misuse data. However, the committee has yet to hold hearings on a single case for at least five years.
The committee has indicated that at its next meeting it may start looking at individual misuse cases. We plan to hold them to that, but in the meantime, we’re not holding our breath.var mytubes = new Array(1); mytubes = '%3Ciframe src=%22https://www.youtube-nocookie.com/embed/l-VX6qlWdxw?rel=0?autoplay=1%22 allowfullscreen=%22%22 width=%22560%22 height=%22315%22 frameborder=%220%22%3E%3C/iframe%3E';
Back in March, Oculus announced the creation of Launch Pad, a workshop and funding initiative created in part as a way to attract the development efforts of "women, people of color, members of the LGBTQ community and anyone who is willing to share how their perspective adds to the 'diversity of thought' in our community."
Now, in the wake of reports of Oculus cofounder Palmer Luckey's funding of a controversial pro-Trump "shitposting" group, some participants in that initiative are having doubts about their involvement with the company.
The 100 fellows chosen for the Launch Pad program took part in a one-day bootcamp to develop their project idea in May and have received feedback and mentorship from the company via online forums over the summer. Participants are also competing for scholarships of $5,000 to $50,000, the winners of which will be announced in October.
An Alabama man who worked as a Verizon Wireless technician has agreed to plead guilty to a federal hacking charge in connection to his illegal use of the company's computers to acquire customer calling and location data. The man, Daniel Eugene Traeger, faces a maximum five years in prison next month. He admitted Thursday that he sold customer data—from 2009 to 2014—to a private investigator whom the authorities have not named.
According to the man's signed plea deal (PDF):
At some point in 2009, the Defendant met a private investigator ("the PI") who wanted to buy Verizon customer information from the Defendant. The Defendant accepted the PI's offer. The defendant used Verizon computer systems and facilities to access customer call records and customer location data that he knew he was not authorized to access, and provided that information to the PI even though the Defendant knew that he was not authorized to provide it to a third party.
The Defendant accessed customer call records by logging into Verizon's MARS system. The Defendant then compiled the data in spreadsheets, which the Defendant provided to the PI, including by e-mail. The Defendant accessed customer location data using a Verizon system called Real Time Tool. Using RTT, the Defendant "pinged" cellular telephones on Verizon's network and provided location data for those telephones to the PI.
The plea agreement said that Traeger began making $50 monthly in 2009, when he sold two records a month. By mid-2013, he was earning $750 each month by selling 10 to 15 records. In all, the plea deal says he made more than $10,000 over a five-year period.
Debian has updated bind9 (two denial of service flaws).
Mageia has updated autotrace (code execution), firefox/rootcerts/nss (multiple vulnerabilities), gnutls (certificate verification bypass), graphicsmagick (multiple vulnerabilities), pdns (three denial of service flaws), thunderbird (multiple vulnerabilities), wget (two vulnerabilities), and zookeeper (buffer overflow).
Slackware has updated bind (denial of service).
SUSE has updated bind (SLE12-SP1; SLES12; SOSC5, SMP2.1, SM2.1, SLE11-SP4: denial of service), mariadb (SLE12-SP1; SLES12: SQL injection/privilege escalation), openssl (SLE12-SP1: multiple vulnerabilities), and php5 (SLESDK12-SP1, SLEM12: multiple vulnerabilities).
The Federal Trade Commission will appeal a court decision that let AT&T avoid punishment for throttling the Internet connections of customers with unlimited data plans.
The FTC sued AT&T in October 2014, seeking refunds for customers. But last month, a three-judge panel at the US Court of Appeals for the Ninth Circuit ruled in favor of AT&T, overturning a District Court decision that had gone in the FTC's favor.
The FTC's options include seeking a rehearing of the case in front of the entire Ninth Circuit appeals court, and that is what the commission will do. "We are going to be seeking a rehearing in that matter," FTC Chairwoman Edith Ramirez told US senators during an FTC oversight hearing yesterday. If the FTC fails at the appeals court level, it could take the matter to the US Supreme Court, but Ramirez did not address that possibility.
One of the year's best video game soundtracks is now available to buy—but its rippin', rockin' qualities aren't the only reason you should care. Doom 2016's soundtrack is just as notable for its path from video game to MP3.
During the late-'90s rise of CD-ROM gaming, Nintendo stubbornly held onto cartridges for many reasons. One lesser-known reason was the company's fondness for dynamic soundtracks. Nintendo wanted MIDI songs in N64 games that could transform based on action and player location, with elements like tempo and instrumentation changing on the fly. (Super Mario 64 introduced this concept, and Banjo-Kazooie ultimately perfected it.)
We haven't had a dynamic soundtrack that good in years, but the closest probably came in this March's surprisingly awesome Doom reboot—whose backing tracks are composed as sections that can turn ominous, eerie, or outright violent based on gameplay moments, such as whenever one of the game's memorable "monster closets" opens up, thus causing demons (and guitar riffs) to spill out.
A new postdoc student arrived at our department this semester, and after learning that he uses GNU/Linux for all his computing, I invited him along to TFUG. During some of our meetings people asked “how could I do X on my GNU/Linux desktop?” and, jokingly, the postdoc would respond “the answer to your question is ‘do you really need to do that?’” Sometimes the more experienced GNU/Linux users at the table would respond to questions by suggesting that the user should simply give up on doing X, and the postdoc would slap his thigh and laugh and say “see? I told you that’s the answer!”
The phenomenon here is that people who have at some point made a commitment to at least try to use GNU/Linux for all their computing quickly find that they have come to value using GNU/Linux more than they value engaging in certain activities that only work well/at all under a proprietary operating system. I think that this is because they get used to being treated with respect by their computer. And indeed, one of the reasons I’ve almost entirely given up on computer gaming is that computer games are non-free software. “Are you sure you need to do that?” starts sounding like a genuine question rather than simply a polite way of saying that what someone wants to do can’t be achieved.
I suggest that this is a blessing in disguise. The majority of the things that you can only do under a proprietary operating system are things that it would be good for you if you were to switch them out for other activities. I’m not suggesting that switching to a GNU/Linux is a good way to give up on the entertainment industry. It’s a good way of moderating your engagement with the entertainment industry. Rather than logging onto Netflix, you might instead pop in a DVD of a movie. You can still engage with contemporary popular culture, but the technical barriers give you an opportunity to moderate your consumption: once you’ve finished watching the movie, the software won’t try to get you to watch something else by making a calculation as to what you’re most likely to assent to watching next based on what you’ve watched before. For this behaviour of the Netflix software is just another example of non-free software working against its user’s interests: watching a movie is good for you, but binge-watching a TV series probably isn’t. In cases like this, living in the world of Free Software makes it easier to engage with media healthily.
BlackBerry CEO John Chen has been hinting at this move for almost a year now: today BlackBerry announced it will no longer design hardware. Say goodbye to all the crazy hardware QWERTY devices, ultra-wide phones, and unique slider designs.
Speaking to investors, BlackBerry CEO John Chen described the move as a "pivot to software," saying, "The company plans to end all internal hardware development and will outsource that function to partners. This allows us to reduce capital requirements and enhance return on invested capital." The "Outsourcing to partners" plan is something we've already seen with the "BlackBerry" DTEK50, which was just a rebranded Alcatel Idol 4.
Chen is now betting the future of the company on software, saying, "In Q2, we more than doubled our software revenue year over year and delivered the highest gross margin in the company's history. We also completed initial shipments of BlackBerry Radar, an end-to-end asset tracking system, and signed a strategic licensing agreement to drive global growth in our BBM consumer business."
With over 30 million players registered since its 2014 launch, Destiny is one of the most popular shooters on consoles today. Now it looks like PC players will be able to get in on the action with upcoming sequel Destiny 2, according to online reports.
The rumor got going yesterday with a NeoGAF poster citing "somebody that works at Activision" as confirming that PC support for the sequel was being communicated to Activision employees. That tidbit was then fleshed out by Kotaku's Jason Schreier, who says he heard about the PC plans "earlier this year" and cites "several sources" in confirming the information. Schreier seems well-positioned to know, too, as he previously wrote an in-depth report on Destiny's messy development history.
The reported addition of PC support will likely be aided by the fact that Activision and Bungie officially abandoned the last-generation consoles (i.e., Xbox 360 and PlayStation 3) for Destiny's last Rise of Iron expansion. That likely means any sequel won't have to worry about scaling back the PC experience so it also works on console hardware that is over a decade old at this point. The upcoming launch of the PS4 Pro and Xbox's Project Scorpio should also ensure that the development team can target relatively high-end PCs alongside the console market.
Elon Musk finally did it. Fourteen years after founding SpaceX, and nine months after promising to reveal details about his plans to colonize Mars, the tech mogul made good on that promise Tuesday afternoon in Guadalajara, Mexico. Over the course of a 90-minute speech Musk, always a dreamer, shared his biggest and most ambitious dream with the world—how to colonize Mars and make humanity a multiplanetary species.
And what mighty ambitions they are. The Interplanetary Transport System he unveiled could carry 100 people at a time to Mars. Contrast that to the Apollo program, which carried just two astronauts at a time to the surface of the nearby Moon, and only for brief sojourns. Moreover, Musk’s rocket that would lift all of those people and propellant into orbit would be nearly four times as powerful as the mighty Saturn V booster. Musk envisions a self-sustaining Mars colony with at least a million residents by the end of the century.
Beyond this, what really stood out about Musk’s speech on Tuesday was the naked baring of his soul. Considering his mannerisms, passion, and the utter seriousness of his convictions, it felt at times like the man's entire life had led him to that particular stage. It took courage to make the speech, to propose the greatest space adventure of all time. His ideas, his architecture for getting it done—they’re all out there now for anyone to criticize, second guess, and doubt.