According to Sacramento CBS affiliate KOVR-TV, Yana Sydnor called the police to report a possible home invasion. Turns out, it was a robovac that her son turned on before leaving for the weekend. Android Police reports: At 1 a.m., she and her 2-year-old daughter woke up to loud booms coming from her stairs disrupting her meditation music. She texted her friends about the sounds before they quickly responded, urging her to call 911. "I hear someone walking down my stairs, so it's like boom, boom, boom, boom, boom," Sydnor recalls telling the dispatcher. Desperate to exit the house and avoid a run-in with the invader, she ran to the bathroom, put her daughter in the tub, and thought about grabbing a ladder to get them both outside to ground level.

Officers arrived within 10 minutes of Sydnor's call. They rammed the front door wide open only to find a poor robovac, fresh from a tumble down a flight of stairs. "My son turned on the vacuum cleaner because he didn't want to do chores before he left for the weekend," she explained to the reporter after a moment of exasperated silence. The vacuum hadn't been used for 2 years and, even after the fall, it still works. We couldn't make out the make and model of the robovac, so we don't quite know if it could stop itself from going over the ledge much less what exactly happened in this case if it did have the ability.

Hmmmmmm shares a report from Politico: The Pentagon has briefed top lawmakers on intelligence surrounding suspected directed-energy attacks against U.S. troops, and officials identified Russia as a likely culprit, according to two people with direct knowledge of the matter. The briefings included information about injuries sustained by U.S. troops in Syria, the people said. The investigation includes one incident in Syria in the fall of 2020 in which several troops developed flu-like symptoms, two people familiar with the Pentagon probe said. After this article was published, Gen. Frank McKenzie, head of U.S. Central Command, told lawmakers during a Senate Armed Services Committee hearing that he has seen "no evidence" of such attacks against U.S. troops in the Middle East.

The investigation is part of a broader effort to look into directed-energy attacks on U.S. officials across multiple agencies in recent years. Since late 2016, close to 50 officials have reported symptoms of a mysterious illness that became known as "Havana syndrome" among U.S. diplomats posted in Cuba. Symptoms included acute ringing and pressure in the ears, as well as loss of hearing and balance, fatigue and residual headaches. Some victims have suffered long-term brain damage. A report commissioned by the State Department and released in December pointed to "directed, pulsed radiofrequency energy" as the most probable cause for the "Havana syndrome" incidents.

Britain's Court of Appeals has cleared a group of 42 sub-postmasters and postmistresses for theft, fraud and false accounting. They were convicted, with some imprisoned, after the Post Office installed faulty software in the branches where these office operators worked. The BBC reports: Following the convictions - including theft, fraud and false accounting -- some former postmasters went to prison, were shunned by their communities and struggled to secure work. Some lost their homes, and even failed to get insurance owing to their convictions. Some have since died. They always said the fault was in the computer system, which had been used to manage post office finances since 1999.

The Horizon system, developed by the Japanese company Fujitsu, was first rolled out in 1999 to some post offices to be used for a variety of tasks including accounting and stocktaking. But from an early stage it appeared to have significant bugs which could cause the system to misreport, sometimes involving substantial sums of money. Horizon-based evidence was used by the Post Office to successfully prosecute 736 people. But campaigners fought a long and series of legal battles for compensation in the civil courts, which have been followed by referrals by the Criminal Cases Review Commission. A Post Office spokesman said: "We sincerely apologize to the postmasters affected by our historical failures. Throughout this appeals process we have supported the quashing of the overwhelming majority of these convictions and the judgment will be an important milestone in addressing the past."

Long-time Slashdot reader Martin S. reacts: As a software geek, the part I find most troubling is that blind faith that those in authority placed in the software without proper accounting. Accounting systems and Software are deterministic, well they should be. IF the system/software worked correctly, this missing money must have shown up somewhere. Software defects are always traceable. It might be expensive and time consuming but persistence will win in the end. Somebody somewhere is responsible for this and defacto framing of these people is criminal in principle, if not in law.

If possession is nine-tenths of the law, what happens when possession gets slippery? From a report: That's a question for a federal courtroom in Sacramento, California, where Apple is facing a putative class action over the way consumers can "buy" or "rent" movies, TV shows and other content in the iTunes Store. David Andino, the lead plaintiff in this case, argues the distinction is deceptive. He alleges Apple reserves the right to terminate access to what consumers have "purchased," and in fact, has done so on numerous occasions. This week, U.S. District Court Judge John Mendez made clear he isn't ready to buy into Apple's view of consumer expectations in the digital marketplace. "Apple contends that '[n]o reasonable consumer would believe' that purchased content would remain on the iTunes platform indefinitely," writes Mendez. "But in common usage, the term 'buy' means to acquire possession over something. It seems plausible, at least at the motion to dismiss stage, that reasonable consumers would expect their access couldn't be revoked." Apple tried other ways to slip away from claims of false advertising and unfair competition. For example, it tried the time-tested approach of challenging Andino's "injury" to knock his potential standing as a plaintiff.

An anonymous reader quotes a report from Reuters: The Federal Aviation Administration (FAA) said that final rules announced in December took effect on Wednesday allowing for small drones to fly over people and at night, a significant step toward their eventual use for widespread commercial deliveries. The effective date was delayed about a month during the change in administration. The FAA said its long-awaited rules for the drones, also known as unmanned aerial vehicles, will address security concerns by requiring remote identification technology in most cases to enable their identification from the ground. Previously, small drone operations over people were limited to operations over people who were directly participating in the operation, located under a covered structure, or inside a stationary vehicle -- unless operators had obtained a waiver from the FAA.

Drone manufacturers have 18 months to begin producing drones with Remote ID, and operators will have an additional year to provide Remote ID. The new rules eliminate requirements that drones be connected to the internet to transmit location data but do require that they broadcast remote ID messages via radio frequency broadcast. One change, since the rules were first proposed in 2019, requires that small drones not have any exposed rotating parts that would lacerate human skin.

chicksdaddy shares a report from The Security Ledger: Websites for customers of agricultural equipment maker John Deere contained vulnerabilities that could have allowed a remote attacker to harvest sensitive information on the company's customers including their names, physical addresses and information on the Deere equipment they own and operate, The Security Ledger reported. The researcher known as "Sick Codes" published two advisories on Thursday warning about the flaws in the myjohndeere.com website and the John Deere Operations Center website and mobile applications. In a conversation with Security Ledger, the researcher said that a he was able to use VINs (vehicle identification numbers) taken from a farm equipment auction site to identify the name and physical address of the owner. Furthermore, a flaw in the myjohndeere.com website could allow an unauthenticated user to carry out automated attacks against the site, possibly revealing all the user accounts for that site.

Sick Codes disclosed both flaws to John Deere and also to the U.S. Government's Cybersecurity and Infrastructure Security Agency (CISA), which monitors food and agriculture as a critical infrastructure sector. The information obtained from the John Deere websites, including customer names and addresses, could put the company afoul of data security laws like California's CCPA or the Personal Information Protection Act in Deere's home state of Illinois. However, the national security consequences of the company's leaky website could be far greater. Details on what model combines and other equipment is in use on what farm could be of very high value to an attacker, including nation-states interested in disrupting U.S. agricultural production at key junctures, such as during planting or harvest time.

The consolidated nature of U.S. farming means that an attacker with knowledge of specific, Internet connected machinery in use by a small number of large-scale farming operations in the midwestern United States could launch targeted attacks on that equipment that could disrupt the entire U.S. food supply chain, researchers warn. The Agriculture sector and firms that supply it, like Deere, lag other industries in cyber security preparedness and resilience. A 2019 report (PDF) released by Department of Homeland Security concluded that the "adoption of advanced precision agriculture technology and farm information management systems in the crop and livestock sectors is introducing new vulnerabilities" (and that) "potential threats to precision agriculture were often not fully understood or were not being treated seriously enough by the front-line agriculture producers."

According to a complaint filed on Tuesday, Apple user Matthew Price spent nearly $25,000 on content attached to his Apple ID, which was terminated by the company for unknown reasons. The lawsuit targets a clause in Apple's media services terms and conditions, which states a user with a terminated Apple ID cannot access media content that they've purchased. AppleInsider reports: "Apple's unlawful and unconscionable clause as a prohibited de facto liquidated damages provision which is triggered when Apple suspects its customers have breached its Terms and Conditions," the lawsuit reads. Additionally, the complaint claims that users with Apple devices will find their products "substantially diminished in value" if their Apple IDs are terminated, since they won't be able to access Apple services or purchased content.

According to the complaint, the $25,000 worth of media included apps, in-app purchases, programs and platform extensions, and related services. The plaintiff also alleges that Apple prevents users from accessing unused funds attached to an Apple account. Price, for example, had about $7 in iTunes credit. The lawsuit doesn't specify why Price's account was terminated. However, it does claim that Apple shut down the Apple ID "without notice, explanation, policy or process." It goes on to claim that Apple's conduct -- specifically, the clause and resulting terminations -- are "unfair, unlawful, fraudulent, and illegal," and alleges that Apple is in violation of several consumer regulations in California. The lawsuit is seeking class action status, with a Nationwide Class consisting of people in the U.S. who have had their Apple IDs terminated.

A university student is suing exam proctoring software maker Proctorio to "quash a campaign of harassment" against critics of the company, including an accusation that the company misused copyright laws to remove his tweets that were critical of the software. From a report: The Electronic Frontier Foundation, which filed the lawsuit this week on behalf of Miami University student Erik Johnson, who also does security research on the side, accused Proctorio of having "exploited the DMCA to undermine Johnson's commentary." Twitter hid three of Johnson's tweets after Proctorio filed a copyright takedown notice under the Digital Millennium Copyright Act, or DMCA, alleging that three of Johnson's tweets violated the company's copyright. Schools and universities have increasingly leaned on proctoring software during the pandemic to invigilate student exams, albeit virtually. Further reading: Proctorio Is Using Racist Algorithms To Detect Faces; Cheating-Detection Software Provokes 'School-Surveillance Revolt'; and Students Are Easily Cheating 'State-of-the-Art' Test Proctoring Tech.

Technology giants led by Apple and Microsoft disclosed more than $100 billion in profit outside the U.S. in their last fiscal years, making them prime targets of President Joe Biden's proposals to boost taxes on earnings stashed overseas. From a report: The tax proposals, unveiled this month to help foot the bill for massive infrastructure plans, target common tactics used by U.S. multinationals such as stashing income-generating assets in low-tax offshore jurisdictions. The tech industry is particularly adept at shifting profits to tax-friendly locales because its main assets -- software code, patents and other intellectual property -- are relatively easy to move around compared to factories and other physical assets.

Former President Donald Trump's 2017 Tax Cuts and Jobs Act was supposed to crack down on offshore tax maneuvering, but Republicans neutered the rules by adding extra deductions and other benefits, according to Andrew Silverman, a tax policy analyst at Bloomberg Intelligence. Big Tech will find it harder to dodge Biden's plan because, if turned into law, it would close most of the loopholes left by Trump's 2017 legislation. The move threatens to leave the industry further at odds with Washington, where lawmakers are already scrutinizing the spread of misinformation on online platforms and regulators are embarking on antitrust investigations into large tech companies.

The operators of the Darkside ransomware are expanding their extortion tactics with a new technique aimed at companies that are listed on NASDAQ or other stock exchanges. From a report: In a message posted on their dark web portal, the Darkside crew said it is willing to notify crooked market traders in advance so they can short a company's stock price before they list its name on their website as a victim. The Darkside crew believes that the negative impact of having a traded company's name listed on its website would be enough to cause its stock price to fall and for a crooked trader to make a profit.

"While other ransomware families previously discussed how to leverage the effect of a publicly disclosed cyber attack on the stock market, they have never made it their official attack vector," Dmitry Smilyanets, threat intel analyst at Recorded Future, told The Record today. "DarkSide becomes the first ransomware variant to make it formal." However, the announcement also serves as an indirect method to threaten hacked companies that not paying the ransom demand could result in negative press large enough to impact their market listings and enough to push some victims into paying the asked ransom.

The U.S. Supreme Court slashed the Federal Trade Commission's power to seek monetary awards in court, throwing out a legal tool the consumer-protection agency has used to collect billions of dollars over the past decade. From a report: The justices on Thursday unanimously said the FTC can't seek consumer redress when it invokes a provision that lets the agency go straight to federal court to try to stop an alleged fraud. The ruling is a triumph for business trade groups, which urged the court to curb the agency's powers. The FTC in 2012 dramatically ramped up its use of the decades-old provision to recoup money. The agency reported winning so-called restitution and disgorgement of almost $12 billion in 2016 alone, including $10 billion in a settlement with Volkswagen AG stemming from its diesel-emissions scandal. Writing for the court, Justice Stephen Breyer said the FTC retains other avenues to get restitution for consumers, though those tools involve a more complicated process. "If the commission believes that authority too cumbersome or otherwise inadequate, it is, of course, free to ask Congress to grant it further remedial authority," Breyer wrote.

TikTok is facing a legal challenge from former children's commissioner for England Anne Longfield over how it collects and uses children's data. The BBC reports: The claim is being filed on behalf of millions of children in the UK and EU who have used the hugely popular video-sharing app. If successful, the children affected could each be owed thousands of pounds. TikTok said the case was without merit and it would fight it.

Lawyers will allege that TikTok takes children's personal information, including phone numbers, videos, exact location and biometric data, without sufficient warning, transparency or the necessary consent required by law, and without children or parents knowing what is being done with that information. The claim is being launched on behalf of all children who have used TikTok since 25 May 2018, regardless of whether they have an account or their privacy settings. Children not wishing to be represented can opt out. "TikTok is a hugely popular social media platform that has helped children keep in touch with their friends during an incredibly difficult year," says Ms. Longfield. "However, behind the fun songs, dance challenges and lip-sync trends lies something far more sinister."

She alleges the firm is "a data collection service that is thinly veiled as a social network" which has "deliberately and successfully deceived parents." She added that those parents have a "right to know" what private information is being collected via TikTok's "shadowy data collection practices."

In response, TikTok said: "Privacy and safety are top priorities for TikTok and we have robust policies, processes and technologies in place to help protect all users, and our teenage users in particular. We believe the claims lack merit and intend to vigorously defend the action."

An anonymous reader quotes a report from The New York Times: The European Union unveiled strict regulations on Wednesday to govern the use of artificial intelligence, a first-of-its-kind policy that outlines how companies and governments can use a technology seen as one of the most significant, but ethically fraught, scientific breakthroughs in recent memory. The draft rules would set limits around the use of artificial intelligence in a range of activities, from self-driving cars to hiring decisions, bank lending, school enrollment selections and the scoring of exams. It would also cover the use of artificial intelligence by law enforcement and court systems -- areas considered "high risk" because they could threaten people's safety or fundamental rights.

Some uses would be banned altogether, including live facial recognition in public spaces, though there would be several exemptions for national security and other purposes. The108-page policy is an attempt to regulate an emerging technology before it becomes mainstream. The rules have far-reaching implications for major technology companies that have poured resources into developing artificial intelligence, including Amazon, Google, Facebook and Microsoft, but also scores of other companies that use the software to develop medicine, underwrite insurance policies and judge credit worthiness. Governments have used versions of the technology in criminal justice and the allocation of public services like income support. Companies that violate the new regulations, which could take several years to move through the European Union policymaking process, could face fines of up to 6 percent of global sales.

The European Union regulations would require companies providing artificial intelligence in high-risk areas to provide regulators with proof of its safety, including risk assessments and documentation explaining how the technology is making decisions. The companies must also guarantee human oversight in how the systems are created and used. Some applications, like chatbots that provide humanlike conversation in customer service situations, and software that creates hard-to-detect manipulated images like "deepfakes," would have to make clear to users that what they were seeing was computer generated. [...] Release of the draft law by the European Commission, the bloc's executive body, drew a mixed reaction. Many industry groups expressed relief that the regulations were not more stringent, while civil society groups said they should have gone further.

The owner of the Daily Mail newspaper and MailOnline website is suing Google over allegations the search engine manipulates search results. The BBC reports: Associated Newspapers accuses Google of having too much control over online advertising and of downgrading links to its stories, favoring other outlets. It alleges Google "punishes" publishers in its rankings if they don't sell enough advertising space in its marketplace. Google called the claims "meritless."

Associated Newspapers' concerns stem from its assessment that its coverage of the Royal Family in 2021 has been downplayed in search results. For example, it claims that British users searching for broadcaster Piers Morgan's comments on the Duchess of Sussex following an interview with Oprah Winfrey were more likely to see articles about Morgan produced by smaller, regional outlets. That is despite the Daily Mail writing multiple stories a day about his comments around that time and employing him as a columnist. In response, a Google spokesperson said: "The Daily Mail's claims are completely inaccurate. The use of our ad tech tools has no bearing on how a publisher's website ranks in Google search. More generally, we compete in a crowded and competitive ad tech space where publishers have and exercise multiple options. The Daily Mail itself authorizes dozens of ad tech companies to sell and manage their ad space, including Amazon, Verizon and more. We will defend ourselves against these meritless claims."

The law enforcement arm of the U.S. Postal Service has been quietly running a program that tracks and collects Americans' social media posts, including those about planned protests, according to a document obtained by Yahoo News. From the report: The details of the surveillance effort, known as iCOP, or Internet Covert Operations Program, have not previously been made public. The work involves having analysts trawl through social media sites to look for what the document describes as "inflammatory" postings and then sharing that information across government agencies. "Analysts with the United States Postal Inspection Service (USPIS) Internet Covert Operations Program (iCOP) monitored significant activity regarding planned protests occurring internationally and domestically on March 20, 2021," says the March 16 government bulletin, marked as "law enforcement sensitive" and distributed through the Department of Homeland Security's fusion centers. "Locations and times have been identified for these protests, which are being distributed online across multiple social media platforms, to include right-wing leaning Parler and Telegram accounts."

A sweeping proposed piece of legislation with support from both Democrats and Republicans will ban law enforcement agencies from buying data from controversial firm Clearview AI, as well as force agencies to obtain a warrant before sourcing location data from brokers. From a report: The news presents significant action against two of the main avenues of law enforcement surveillance uncovered in recent years: the widespread proliferation of facial recognition technology using images scraped from social media, and the warrantless supply chain of location data from ordinary smartphone apps, through middlemen, and eventually to agencies. "The Fourth Amendment Is Not For Sale Act is, in my view, a critically important bill that will prevent agencies from circumventing core constitutional protections by purchasing access to data they would otherwise need a warrant to obtain," Kate Ruane, senior legislative counsel at the American Civil Liberties Union (ACLU), told Motherboard in a phone call. The ACLU and a host of civil, digital, and race activism groups have endorsed the bill, according to the office of Senator Ron Wyden, which has spearheaded the legislation. "I think it is a clear and good step for Congress to take, and I hope that the bill moves forward quickly,' Ruane added.

An anonymous reader quotes a report from Newsweek: YouTube CEO Susan Wojcicki received a "Free Expression" award from the Freedom Forum Institute in a virtual ceremony sponsored by YouTube, an online video platform owned by Google. On Thursday, YouTube creator Molly Burke presented Wojcicki with the accolade in a video shared to the platform. "I'm so excited to be here tonight to present Susan Wojcicki with the Free Expression award. As the CEO of YouTube, Susan is facing some of the most critical issues around free expression today," Burke said.

Following the ceremony, some Twitter users mocked Wojcicki for receiving an award that was sponsored by her own platform. "YouTube CEO won a Free Speech award...sponsored by YouTube. Hahahahhhaahhhahhahahahaaaaaaa," one user wrote. Another wrote, "Lol, youtube receiving an award for free expression/pro first amendment is Orwellian s***. What's next, Facebook getting an award for respecting privacy?"

The Federal Trade Commission has signaled that it's taking a hard look at bias in AI, warning businesses that selling or using such systems could constitute a violation of federal law. From a report: "The FTC Act prohibits unfair or deceptive practices," the post reads. "That would include the sale or use of -- for example -- racially biased algorithms." The post also notes that biased AI can violate the Fair Credit Reporting Act and the Equal Credit Opportunity Act. "The FCRA comes into play in certain circumstances where an algorithm is used to deny people employment, housing, credit, insurance, or other benefits," it says. "The ECOA makes it illegal for a company to use a biased algorithm that results in credit discrimination on the basis of race, color, religion, national origin, sex, marital status, age, or because a person receives public assistance." The post mirrors comments made by acting FTC chair Rebecca Slaughter, who recently told Protocol of her intention to ensure that FTC enforcement efforts "continue and sharpen in our long, arduous and very large national task of being anti-racist."

Geico, the second-largest auto insurer in the U.S., has fixed a security bug that let fraudsters steal customers' driver's license numbers from its website. From a report: In a data breach notice filed with the California attorney general's office, Geico said information gathered from other sources was used to "obtain unauthorized access to your driver's license number through the online sales system on our website." The insurance giant did not say how many customers were affected by the breach but said the fraudsters accessed customer driver's license numbers between January 21 and March 1. Companies are required to alert the state's attorney general's office when more than 500 state residents are affected by a security incident. Geico said it had "reason to believe that this information could be used to fraudulently apply for unemployment benefits in your name." Many financially driven criminals target government agencies using stolen identities or data. But many U.S. states require a government ID -- like a driver's license -- to file for unemployment benefits. To get a driver's license number, fraudsters take public or previously breached data and exploit weaknesses in auto insurance websites to obtain a customer's driver's license number. That allows the fraudsters to obtain unemployment benefits in another person's name.

The White House unveiled on Tuesday a 100-day plan intended to protect the U.S. power grid from cyber-attacks, mainly by creating a stronger relationship between U.S. national security agencies and the mostly private utilities that run the electrical system. From a report: The plan is among the first big steps toward fulfilling the Biden administration's promise to urgently improve the country's cyber defenses. The nation's power system is both highly vulnerable to hacking and a target for nation-state adversaries looking to counter the U.S. advantage in conventional military and economic power. "The United States faces a well-documented and increasing cyber threat from malicious actors seeking to disrupt the electricity Americans rely on to power our homes and businesses," Secretary of Energy Jennifer Granholm said. Although the plan is billed as a 100-day sprint -- which includes a series of consultations between utilities and the government -- it will likely take years to fully implement, experts say. It will ask utilities to pay for and install technology to better detect hacks of the specialized computers that run the country's power systems, known as industrial control systems. The Edison Electric Institute, the trade group that represents all U.S. investor-owned electric companies, praised the White House plan and the Biden administration's focus on cybersecurity. "Given the sophisticated and constantly changing threats posed by adversaries, America's electric companies remain focused on securing the industrial control systems that operate the North American energy grid," said EEI president Tom Kuhn.