Old Fucking Punk @lwriemen@librem.one

Security Bulletin: "Netflix has identified several TCP networking vulnerabilities in FreeBSD and Linux kernels.

The vulnerabilities specifically relate to the minimum segment size (MSS) and TCP Selective Acknowledgement (SACK) capabilities. The most serious, dubbed “SACK Panic,” allows a remotely-triggered kernel panic on recent Linux kernels."

#linux #FreeBSD #networking #security More here: https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md

Lovely... https://www.infosecurity-magazine.com/news/fbi-dont-trust-https-or-padlock-on-1/

The Lofgren-Amash Amendment Would Check Warrantless Surveillance

The NSA has used Section 702 of the FISA Amendments Act to justify collecting and storing millions of Americans’ online communications. Now, the House of Representatives has a chance to pull the plug on funding for Section 702 unless the government agrees to limit the reach of that program.

The House of Representatives must vote yes in order to make this important corrective. Amendment #24 offered by Representatives Lofgren (CA) and Amash (MI) would make sure that no money in next year’s budget would fund the warrantless surveillance of people residing in the United States. Specifically, their amendment would withhold money [PDF] intended to fund Section 702 unless the government commits not to knowingly collect the data of people communicating from within the U.S. to other U.S. residents, and who are not specifically communicating with a foreign surveillance target.

Section 702 allows the government to collect and store the communications of foreign intelligence targets outside of the U.S if a significant purpose is to collect “foreign intelligence” information.  Although the law contains some protections—for example, a prohibition on knowingly collecting communications between two U.S. citizens on U.S. soil—we have learned that the program actually does sweep up billions of communications involving people not explicitly targeted, including Americans. For example, a 2014 report by the Washington Post that reviewed of a “large cache of intercepted conversations” provided by Edward Snowden revealed that 9 out of 10 account holders “were not the intended surveillance targets but were caught in a net the agency had cast for somebody else.”

The Lofgren-Amash amendment would require the government to acknowledge the protections in the law and to explicitly promise not to engage in “about collection,” the practice of collecting communications that merely mention a foreign intelligence target. About collection has been one of the most controversial aspects of Section 702 surveillance, and although the government ended this practice in 2017, it has consisted claimed the right to restart it.

With a big fight looming later this year on whether Congress should renew another controversial national security law, Section 215 of the Patriot Act, we encourage the House of Representatives to vote Yes on the Lofgren-Amash Amendment to take a step toward reining in Section 702.

 

 

 

Scientists shocked by #Arctic #permafrost #thawing 70 years sooner than predicted | #Environment | The Guardian

https://www.theguardian.com/environment/2019/jun/18/arctic-permafrost-canada-science-climate-crisis

#GlobalWarming #ClimateChange

Teflon Toxin Safety Level Should Be 700 Times Lower Than Current EPA Guideline

New data suggests that the safety threshold for PFOA in drinking water should be as low as .1 parts per trillion, according to top U.S. toxicologist.

The post Teflon Toxin Safety Level Should Be 700 Times Lower Than Current EPA Guideline appeared first on The Intercept.

We Can’t Settle for Less Than Single Payer

In 1994, America was in the throes of healthcare reform. First Lady Hillary Rodham Clinton was leading the Clinton administration’s grand effort to implement a system of “managed competition,” a proposal that would expand healthcare coverage by putting big insurance companies in the driver’s seat but regulate how that care was administered. Her failed proposal, while not perfect, was not that far off from the Obamacare we got 16 years later.

Here at In These Times, the office was divided. Some supported Clinton’s plan on the grounds that it was an improvement, while others thought it folly to settle for less than single payer.

John Judis, a founding editor at In These Times, wrote in March 1994:

I am [not convinced] that a Canadian-style plan could pass Congress … .

As Congress strips away the ungainly features of Clinton’s plan … the real danger is that what remains will more closely resemble the prim [Rep. Jim] Cooper [D-Tenn.] plan [known as Clinton Lite] … . Given that danger, liberals’ priority will probably be defending what the Clinton plan, for all its deficiencies, has in common with the Canadian system: a commitment to universal coverage and control of costs.

What will I do? I’ll have to demonstrate my altruism by defending the Clinton plan against its conservative rivals, even as I anticipate the prospect of my health insurance fees doubling.

Vicente Navarro, a professor of health policy at Johns Hopkins and author of Dangerous to Your Health: Capitalism in Health Care, took the opposite tack in January 1994:

The implementation of the Clinton "managed competition” proposal will put large insurance companies in command of the health care system. … The profitability of the insurance industry is based not only on selecting and screening patients, but on favoring those providers who consume the fewest resources, a strategy that frequently interferes with the quality of care. …

And this is why managed competition is favored by large insurance companies. None other than Bill Link, vice president of Prudential Insurance, has indicated that “for Prudential, the best-case scenario for reform—preferable even to the status quo—would be enactment of a managed-competition proposal.”

What we need is a single-payer system that, as in Canada, provides comprehensive and universal coverage without co-payments and deductibles, and also allows people to choose their providers. …

There is an urgent need to mobilize support for the single-payer proposal, both to move the debate to the left and to expand and strengthen the single-payer elements in the legislation that Congress may finally approve.

Now, 25 years later, we are faced with a field of Democratic primary candidates who run the gamut from Bernie Sanders’ wholehearted push for Medicare for All to Joe Biden’s dismissal of it. God willing, in another 25 years, we will be having a different discussion. Of course, the nature of that debate will depend on the results of the 2020 election.

Ocasio-Cortez Amendment Shifts Some of DEA’s Funding to Opioid Treatment, as House Democrats Push to Increase Agency’s Budget

House Democrats originally allocated $80 million more to the law enforcement agency than the Trump administration had even requested.

The post Ocasio-Cortez Amendment Shifts Some of DEA’s Funding to Opioid Treatment, as House Democrats Push to Increase Agency’s Budget appeared first on The Intercept.

'Hot spots' increase efficiency of solar desalination

Researchers showed they could boost the efficiency of their nanotechnology-enabled solar membrane desalination system by more than 50% simply by adding inexpensive plastic lenses to concentrate sunlight into 'hot spots.'

Fracking linked to higher radon levels in Ohio homes

A new study connects the proximity of fracking to higher household concentrations of radon gas, the second leading cause of lung cancer in the US.

Please Don’t Be Mad!

Sorry! So sorry!

#1yrago In two days, an EU committee will vote to crown Google and Facebook permanent lords of internet censorship https://boingboing.net/2018/06/18/asymmetric-information-war.html

South Dakota’s “Riot-Boosting” Law Aims to Curb the Next Standing Rock Before it Even Starts

During the 2016 protests against the Dakota Access pipeline, Dallas Goldtooth became internet famous for his broadcasts from “Facebook Hill,” the one area of the prayer camps on the Standing Rock Reservation in North Dakota that had reliable cell service. Using humor honed doing sketch comedy, Goldtooth, an activist with the Indigenous Environmental Network, earned millions […]

Climate Change Deniers Aren’t Getting Very Far With America’s Judges

This story was originally published by Undark and appears here as part of the Climate Desk collaboration. In September 2017, San Francisco experienced its hottest day on record, with temperatures reaching a searing 106 degrees. Weeks later, the city joined Oakland to announce it would sue five major fossil fuel firms—BP, Shell, Exxon Mobil, Chevron, and ConocoPhillips—for the costs of building […]

https://ourworldindata.org/world-population-growth-past-future

A bit of a relief, but it's not soon enough...

Night of the Living Compromise

All Republicans have turned into brain-eating zombies! Time to reach across...the grave?!

Wheat myth debunked

Common opinion has it that modern wheat is so reliant on fertilizer and crop protection agrochemicals that the plants now lack the hardiness needed to remain productive under harsher environmental conditions. But comprehensive new research shows that modern wheat varieties out-perform older varieties even when grown under unfavorable conditions that include low agrochemical inputs and drought stress.

The Federal Minimum Wage Hardly Matters Anymore

Charts showing the history of the minimum wage usually adjust for inflation, which always begs the question of which inflation measure is “most accurate.” But the best way to see the trend of the minimum wage is to simply compare each year’s level to the median family income in the same year. Here it is: […]

EFF's Recommendations for Consumer Data Privacy Laws

Strong privacy legislation in the United States is possible, necessary, and long overdue. EFF emphasizes the following concrete recommendations for proposed legislation regarding consumer data privacy.

Three Top Priorities

First, we outline three of our biggest priorities: avoiding federal preemption, ensuring consumers have a private right of action, and using non-discrimination rules to avoid pay-for-privacy schemes.

No federal preemption of stronger state laws

We have long soundedthealarm against federal legislation that would wipe the slate clean of stronger state privacy laws in exchange for one, weaker federal one. Avoiding such preemption of state laws is our top priority when reviewing federal privacy bills.

State legislatures have long been known as “laboratories of democracy” and they are serving that role now for data privacy protections. In addition to passing strong laws, state legislation also allows for a more dynamic dialogue as technology and social norms continue to change. Last year, Vermont enacted a law reining in data brokers, and California enacted its ConsumerPrivacy Act. Nearly a decade ago, Illinois enacted its BiometricInformationPrivacy Act. Many other states have passed data privacy laws and many are considering data privacy bills.

But some tech giants aren’t happy about that, and they are trying to get Congress to pass a weak federal data privacy law that would foreclose state efforts. They are right about one thing: it would be helpful to have one nationwide set of protections. However, consumers lose—and big tech companies win—if those federal protections are weaker than state protections.

Private right of action

It is not enough for government to pass laws that protect consumers from corporations that harvest and monetize their personal data. It is also necessary for these laws to have bite, to ensure companies do not ignore them. The best way to do so is to empower ordinary consumers to bring their own lawsuits against the companies that violate their privacy rights.

Often, government agencies will lack the resources necessary to enforce the laws. Other times, regulated companies will “capture” the agency, and shut down enforcement actions. For these reasons, many privacy and other laws provide for enforcement by ordinary consumers.

Non-discrimination rules

Companies must not be able to punish consumers for exercising their privacy rights. New legislation should include non-discrimination rules, which forbid companies from denying goods, charging different prices, or providing a different level of quality to users who choose more private options.

Absent non-discrimination rules, companies will adopt and enforce “pay-for-privacy” schemes. But corporations should not be allowed to require a consumer to pay a premium, or waive a discount, in order to stop the corporation from vacuuming up—and profiting from—the consumer’s personal information. Privacy is a fundamentalhumanright. Pay-for-privacy schemes undermine this fundamental right. They discourage all people from exercising their right to privacy. They also lead to unequal classes of privacy “haves” and “have-nots,” depending upon the income of the user.

Critical Privacy Rights

In addition to the three priorities discussed above, strong data privacy legislation must also ensure certain rights: the right to opt-in consent, the right to know, and the right to data portability. Along with those core rights, EFF would like to see data privacy legislation including information fiduciary rules, data broker registration, and data breach protection and notification.

Right to opt-in consent

New legislation should require the operators of online services to obtain opt-in consent to collect, use, or share personal data, particularly where that collection, use, or transfer is not necessary to provide the service.

Any request for opt-in consent should be easy to understand and clearly advise the user what data the operator seeks to gather, how they will use it, how long they will keep it, and with whom they will share it. This opt-in consent should also be ongoing—that is, the request should be renewed any time the operator wishes to use or share data in a new way, or gather a new kind of data. And the user should be able to withdraw consent, including for particular purposes, at any time.

Opt-in consent is better than opt-out consent. The default should be against collecting, using, and sharing personal information. Many consumers cannot or will not alter the defaults in the technologies they use, even if they prefer that companies do not collect their information.

Some limits are in order. For example, opt-in consent might not be required for a service to take steps that the user has requested, like collecting a user's phone number to turn on two-factor authentication. But the service should always give the user clear notice of the data collection and use, especially when the proposed use is not part of the transaction, like using that phone number for targeted advertising.

There is a risk that extensive and detailed opt-out requirements can lead to “consent fatigue.” Any new regulations should encourage entities seeking consent to explore new ways of obtaining meaningful consent to avoid that fatigue. At the same time, research suggests companies are becoming skilled at manipulating consent and steering users to share personal data. 

Finally, for consent to be real, data privacy laws must prohibit companies from discriminating against consumers who choose not to consent. As discussed above, “pay-for-privacy” systems undermine privacy rules and must be prohibited.

Right to know

Users should have an affirmative “right to know” what personal data companies have gathered about them, where they got it, and with whom these companies have shared it (including the government). This includes the specific items of personal information, and the specific third parties who received it, and not just categorical descriptions of the general kinds of data and recipients.

Again, some limits are in order to ensure that the right to know doesn’t impinge on other important rights and privileges.  For example, there needs to be an exception for news gathering, which is protected by the First Amendment, when undertaken by professional reporters and lay members of the public alike. Thus, if a newspaper tracked visitors to its online edition, the visitors’ right-to-know could cover that information, but not extend to a reporter’s investigative file.

There also needs to be an effective verification process to ensure that an adversary cannot steal a consumer’s personal information by submitting a fraudulent right to know request to a business.

Right to data portability

Users should have a legal right to obtain a copy of the data they have provided to an online service provider. Such “data portability” lets a user take their data from a service and transfer or “port” it elsewhere.

One purpose of data portability is to empower consumers to leave a particular social media platform and take their data with them to a rival service. This may improve competition. Other equally important purposes include analyzing your data to better understand your relationship with a service, building something new out of your data, self-publishing what you learn, and generally achieving greater transparency.

Regardless of whether you are “porting” your data to a different service or to a personal spreadsheet, data that is “portable” should be easy to download, organized, tagged, and machine-parsable.

Information fiduciary rules

One tool in the data privacy legislation toolbox is “information fiduciary” rules. The basic idea is this: When you give your personal information to an online company in order to get a service, that company should have a duty to exercise loyalty and care in how it uses that information.

Professions that already follow fiduciary rules—such as doctors, lawyers, and accountants—have much in common with the online businesses that collect and monetize users’ personal data. Both have a direct relationship with customers; both collect information that could be used against those customers; and both have one-sided power over their customers.

Accordingly, severallawprofessors have proposed adapting these venerable fiduciary rules to apply to online companies that collect personal data from their customers. New laws would define such companies as “information fiduciaries.” However, such rules should not be a replacement for the other fundamental privacy protections discussed in this post.

Data broker registration

Data brokers harvest and monetize our personal information without our knowledge or consent. Worse, many data brokers fail to securely store this sensitive information, predictably leading to data breaches (likeEquifax) that put millions of people at risk of identity theft, stalking, and other harms for years to come.

Legislators should take a page from Vermont’s new data privacy law, which requires data brokers to register annually with the government (among other significant reforms). When data broker registration and the right-to-know are put together, the whole is greater than the sum of the parts. Consumers might want to learn what information data brokers have collected about them, but have no idea who those data brokers are or how to contact them. Consumers can use the data broker registry to help decide where to send their right-to-know requests.

Data breach protection and notification

Given the massive amounts of personal information about millions of people collected and stored by myriad companies, the inherent risk of data theft and misuse is substantial. Data privacy legislation must address this risk. Three tools deserveemphasis.

First, data brokers and other companies that gather large amounts of sensitive information must promptly notify consumers when their data is leaked, misused, or stolen.

Second, it must be simple, fast, and free for consumers to freeze their credit. When a consumer seeks credit from a company, that company runs a credit check with one of the major credit agencies. When a consumer places a credit freeze with these credit agencies, an identity thief cannot use their stolen personal information to borrow money in their name.

Third, companies must have a legal duty to securely store consumers’ personal information. Also, where a company fails to meet this duty, it should be easier for people harmed by data breaches—including those suffering non-financial harms—to take those companies to court.

Some Things To Avoid

Data privacy laws should not expand the scope or penalties of computer crime laws. Existing computer crime laws are already far too broad.

Any new regulations must be judicious and narrowly tailored, avoiding tech mandates.

Policymakers must take care that any of the above requirements don’t create an unfair burden for smaller companies, nonprofits, open source projects, and the like. To avoid one-size-fits-all rules, they should tailor new obligations based on size of the service in question. For example, policymakers might take account of the entity’s revenue, or the number of people whose data the entity collects.

Too often, users gain new rights only to effectively lose them when they “agree” to terms of service and end user license agreements that they haven’t read and aren’t expected to read. Policymakers should consider the effect such waivers have on the rights and obligations they create, and be especially wary of mandatory arbitration requirements.

Next Steps

There is a daily drip-drip of badnewsabouthowbigtechcompaniesareintrudingonourprivacy. It is long past time to enact new laws to protect consumer data privacy. We are pleased to see legislators across the country considering bills to do so, and we hope they will consider the principles above. 

Doctors Should Stop Lying to Patients

<grumble> I’m in the infusion center right now getting my monthly dose of cancer cure, and I asked the nurse for a copy of the results of my recent bloodwork. Last month I did this accidentally, and it turned out that the printed copy contained my M-protein levels. I normally have to wait for those […]

ProtonMail also encrypts messages at rest, which prevents us from being able to decrypt your inbox. This provides both better privacy and security as your unencrypted messages can't be shared with third parties nor stolen from us: https://protonmail.com/blog/zero-access-encryption/