Bay Area: Join us 1/9 to talk about personal data security in 2019

Researcher Ashkan Soltani will discuss what happens when companies sell your data.

Askhan Soltani has worked with the FTC and as an independent researcher, exploring data privacy issues. Recently, he testified about Facebook's privacy policies before the US and UK governments.

Enlarge / Askhan Soltani has worked with the FTC and as an independent researcher, exploring data privacy issues. Recently, he testified about Facebook's privacy policies before the US and UK governments. (credit: Ashkan Soltani)

The Cambridge Analytica scandal. Data breaches at hotels, banks, rideshare companies, and hospitals. Facial recognition. DNA databases. We're living through the data privacy apocalypse and now it's time to figure out what happens next. Here to discuss that with us at the next Ars Technica Live is Ashkan Soltani, an independent researcher and technologist who specializes in data privacy.

Recently, Soltani testified before the US and UK governments about Facebook's privacy practices and how they make user data available to third parties. Soltani also authored the California Consumer Privacy Act of 2018, which regulates large companies that make more than 50 percent of their revenues from selling California residents' personal information. The CCPA was signed into law earlier this year.

Soltani will be in conversation with Ars Technica editors Cyrus Farivar and Annalee Newitz.

Read 4 remaining paragraphs | Comments

Apple to Congress: Chinese spy-chip story is “simply wrong”

“Our internal investigations directly contradict every consequential assertion.”

Article intro image

Enlarge / Apple CEO Tim Cook. (credit: Drew Angerer/Getty Images)

Apple isn't relenting in its attacks on last week's Bloomberg story claiming that tiny Chinese chips had compromised the security of Apple and Amazon data centers. In a Monday letter to Congress, Apple wrote that the claims in the Bloomberg story were "simply wrong."

Bloomberg's story, published last Thursday, claimed that the Chinese government had secretly added spy chips to the motherboards of servers sold by Supermicro. According to Bloomberg, these servers wound up in the data centers of almost 30 companies, including Apple and Amazon. But the three companies featured in the story—Apple, Amazon, and Supermicro—have all issued broad and strongly worded denials.

The stakes here are high for Apple. Millions of Americans rely on the company to protect the privacy of their data on iCloud and other online services. If there were really Chinese chips infiltrating Apple data centers, it could call into question the security of those services. But Apple insists that the story was simply bogus.

Read 9 remaining paragraphs | Comments

Bloomberg: Super Micro motherboards used by Apple, Amazon contained Chinese spy chips

Super Micro, Amazon, and Apple deny everything in the report.

Article intro image

(credit: Wikipedia)

Tiny Chinese spy chips were embedded onto Super Micro motherboards that were then sold to companies in the US, including Amazon and Apple, reports Bloomberg. The report has attracted strenuous denials from Amazon, Apple, and Super Micro.

Bloomberg claims that the chips were initially and independently discovered by Apple and Amazon in 2015 and that the companies reported their findings to the FBI, prompting an investigation that remains ongoing. The report alleges that the tiny chips, disguised to look like other components or even sandwiched into the fiberglass of the motherboards themselves, were connected to the management processor, giving them far-reaching access to both networking and system memory. The report says that the chips would connect to certain remote systems to receive instructions and could then do things like modify the running operating system to remove password validation, thereby opening a machine up to remote attackers.

The boards were all designed by California-based Super Micro and built in Taiwan and China. The report alleges that operatives masquerading as Super Micro employees or government representatives approached people working at four particular factories to request design changes to the motherboards to include the extra chips. Bloomberg further reports that the attack was made by a unit of the People's Liberation Army, the Chinese military.

Read 3 remaining paragraphs | Comments

Georgia says switching back to all-paper voting is logistically impossible

In Curling v. Kemp, both sides are set to duke it out in court on Wednesday.

Article intro image

Enlarge / A stack of voter access cards sit on a table at a polling location during the Georgia primary runoff elections in Atlanta, Georgia, on Tuesday, July 24, 2018. (credit: Elijah Nouvelage/Bloomberg via Getty Images)

A group of activists in Georgia has gone to court with a simple request to election officials: in the name of election security, do away with electronic voting entirely and let the more-than 6.1 million voters in the upcoming November 2018 election cast ballots entirely by paper. Georgia is just one of five American states that use purely digital voting without any paper record.

As part of this ongoing federal lawsuit, known as Curling v. Kemp, Georgia Secretary of State Brian Kemp's office says that such a change would be "reckless" with the election less than 60 days away. Plus, modifying the voting process would be too expensive, too unwieldy, and, in the end, not worth it.

"Plaintiffs raise only spectral fears that [Direct Recording Electronic machines] will be hacked and votes Miscounted," John Salter, an attorney representing the state, wrote in a recent court filing.

Read 18 remaining paragraphs | Comments