disclosure
Latest
Elon Musk faces a federal probe over late disclosure of his initial Twitter stake
The US Securities and Exchange Commission (SEC) is investigating Elon Musk's belated disclosure of his purchase of more than 5 percent of Twitter's share.
Facebook: Creators must disclose paid partnerships with political campaigns
Mike Bloomberg's ploy to reach voters through bad Instagram memes may be tacky, but it is not violating any Facebook or Instagram rules, as long as creators disclose paid partnerships. "After hearing from multiple campaigns, we agree that there's a place for branded content in political discussion on our platforms," Facebook said in a statement provided to Engadget.
Google's new policy gives developers more time to address security flaws
Google's Project Zero disclosure program is supposed to encourage releases of security fixes in a timely fashion, but things haven't gone according to plan. Premature disclosures, half-hearted fixes and other issues have been a little too common. The company might address some of those problems in 2020, though. It recently revised its policies in a bid to encourage both more "thorough" security patches and wider adoption of those patches. Most notably, Google will wait 90 days to disclose a flaw even if it's fixed well ahead of that deadline. If developers act quickly, they'll have more time to both distribute patches and make sure that fixes address the root cause of a flaw.
US says digital assets are covered by money laundering and disclosure laws
US regulators issued a blunt warning to cryptocurrency holders who think they're not beholden to the usual rules. The Securities and Exchange Commission, the Commodity Futures Trading Commission and the Financial Crimes Enforcement Network have put out a joint statement to "remind" people that digital assets like crypto, tokens and other digital assets are subject to laws that bar money laundering and require reporting of suspicious activity. The Bank Secrecy Act's rules "apply very broadly," the officials said.
Facebook once again tightens requirements for US political advertisers
Facebook is bracing itself for the 2020 US election by further toughening its requirements for political ads. The social network now requires more information from advertisers before it approves their disclaimers, including a tax-registered organization ID number, a Federal Election Commission ID number and a government website domain (either .gov or .mil). If they're a local politician or business that wants to run ads for social issues, they'll have to provide verifiable address, contact and website info or else accept that they can't use a registered organization's name in disclaimers.
Mental health apps are sharing data without proper disclosure
It's important for health apps to keep your data under lock and key, but it's not clear that's the case for some mental health apps. A study of 36 mental health apps (not named in the public release) has revealed that 29 of them were sharing data for advertising or analytics to Facebook or Google, but many of them weren't disclosing that to users. Only six out of 12 Facebook-linked apps told users what was happening, while 12 out of 28 Google-linked apps did the same. Out of the entire bunch, just 25 apps had policies detailing how they used data in any form, while 16 described secondary uses.
AMD vows to fix newly-disclosed processor vulnerabilities
Semiconductor company AMD has finally acknowledged there's a problem with its Platform Security Processor. Earlier this month Israel-based CTS labs found 13 critical vulnerabilities (including RyzenFall, MasterKey, Fallout and Chimera) with AMD's product, which could allow attackers to access sensitive data, install malware and gain complete access to compromised machines (although doing so would require admin access). Today, AMD has published a statement that largely underplays the threat, but claims that patches will be coming soon.
SEC guidelines push for clearer data breach disclosures
American companies haven't always been forthright about disclosing data breaches in a responsible way, and regulators want to encourage better behavior. The Securities and Exchange Commission has issued "interpretive guidance" that it hopes will both promote clearer disclosures and fewer ethical conflicts. The guidance asks companies to share more information about cyberattacks and other risks, and warns executives against trading securities before they've publicly shared the details of a breach -- they shouldn't dump shares knowing a hack will tank the company's stock price.
Facebook will require political advertisers to disclose their identities
Facebook has had a rough few months since the election. At least 10 million people saw Russian-placed political ads on the platform, which may have helped widen the rift between political sides during the 2016 US presidential election. In reaction, the social network has pledged to hand-review any new ads that target politics and race. Further, Facebook has just announced that it will be rolling out new transparency features for all ads, including political ones, starting next month in Canada. The US will get the new tools by next summer, in time for the US midterm elections next November.
FTC letters warn social media stars about advertising labels
Over the last few months, the feds have slowly turned their attention to the spread of advertising over social media. With a lack of rules and information, celebrity "influencers" paid to push products on their growing audiences haven't had consistent guidelines on how to reveal those relationships. Last year, the FTC pressed brands to educate influencers, and now it has sent over 90 letters to influencers and marketers alike. Those letters indicate that any material connection between an endorser and advertiser "should be clearly and conspicuously disclosed, unless it is already clear from the context of the communication."
LeakedSource and its database of hacked accounts is gone
A website that sold access to a database of more than 3 billion hacked accounts has suddenly vanished. LeakedSource had built a business on collecting and packaging information exposed through various data breaches. It gathered compromised account details and made it searchable so users could see which of their email addresses, phone numbers and passwords were vulnerable. The site was controversial, however, because anyone could pay for advanced search capabilities. LeakedSource said its mission was to educate people who might be affected, and pressure companies to disclose breaches. Critics argued, however, that it gave hackers the means to access innocent people's accounts.
FTC vows to crack down on sponsored internet posts
The FTC's settlement with Warner Bros. over poor disclosure in sponsored internet posts was just the beginning. The Commission tells Bloomberg that the government is planning a crackdown on paid posts that will require both stars and advertisers to be much more explicit when telling viewers that it's a paid piece. A disclosure through a social hashtag or a below-the-fold YouTube description won't be enough -- the FTC wants celebrities to reveal their endorsements up front, and to mention them in videos. There's "no effective disclosure" if people don't see it, the agency says.
NSA discloses most security flaws, but that's not the whole story
The National Security Agency is opening up a bit about how it discloses security exploits... though not by much. Officials have posted an infographic boasting that the NSA shares details about 91 percent of the security flaws it finds, with the remaining 9 percent either fixed by vendors first or held back for "national security reasons." As it argues, it's in the country's best interests to protect the internet by "responsibly" letting software developers know about these dangerous bugs. There wouldn't be much point to holding back on these details if it wrecked the internet, the surveillance outfit says.
Apple's rebranded Music Festival will be livestreamed on Beats 1
Apple's iTunes Festival is coming back to London with a new name and a slightly different format. For starters, it's now called Apple Music Festival -- an obvious move to promote the recently launched music streaming service. It's still being held at the city's Roundhouse venue, but this year the company is opting for a 10 night run (September 19-28) rather than its usual month-long affair. That could put extra pressure on its free and seemingly randomised ticket allocations, so Apple will also be streaming the festival through Apple Music. Everyone will be able to watch the performances both live and on-demand, with coverage on Beats 1 and social media snippets on Apple Music Connect.
Google is giving companies a break on security disclosures
Google's Project Zero is supposed to goad companies into patching software security flaws before they pose a threat, but that's not exactly how the effort has panned out. As Apple and Microsoft will tell you, the strict 90-day disclosure deadline sometimes leaves developers scrambling to finish patches after the details of an exploit go public. Thankfully, Google appears to be listening to those gripes -- the Project Zero team has tweaked its policies to give programmers a better chance at mending holes. Companies now get a 14-day "grace period" to release fixes if they let Google know that the code won't be ready within the usual 90-day window. Also, the folks in Mountain View won't ruin tech workers' days off by revealing vulnerabilities on holidays and weekends.
Steam now requires disclosure from sponsored Curators
Valve updated its policies for Steam Curators this week, requiring that curators disclose any compensation received for recommending games on the service. The company introduced Curators late last month, allowing any person or brand (such as good old Joystiq) to list their favorite games on the distribution service while linking out to reviews, videos or blogs about the games. Additionally, Gunpoint developer Tom Francis noted on Twitter that "Steam actually has just given devs the ability to curate which Curators appear on our Store pages" in its update. With Steam Curators being one large piece of a major shift in Steam's increasingly hands-off storefront, paid placement on curator's lists was among the biggest concerns both developers and the service's top Curator, TotalBiscuit, told Joystiq last month. Valve's updated rules alleviate those worries, providing curators adequately disclose sponsored placement: "If you've accepted money or other compensation for making a product review or for posting a recommendation, you must disclose this fact in your recommendation," the policies state. Valve also added that recommendations "should not link to or promote any stores other than Steam." [Image: Steam]
The White House explains why it keeps quiet on internet security flaws
We wouldn't blame you for worrying about the US government's willingness to remain silent on internet vulnerabilities in the name of national security; no one wants to be left open to a preventable attack. However, the White House sees these disclosures as a complicated issue, and has posted an explanation of its reasoning in an attempt to assuage fears. The administration argues that it has a "disciplined, rigorous and high-level" decision system that balances the risks to the public against the value of any intelligence. Agencies are more likely to share details of security flaws if there's a great potential for damage, or if it's likely that someone will use the exploits. At the same time, officials are more likely to stay hush-hush when there's a high-priority target, or if it's relatively safe to use an exploit for a short while.
ESA spent over $1m last quarter, partially for SOPA/PIPA lobbying
Between October 1 and December 31, 2011, when the Entertainment Software Association wasn't having its quartet of lobbyists pushing lawmakers on subjects such as international trade, constitutional rights, immigration policy, and STEM initiatives, it was petitioning in favor of "copyright/patent/trademark" issues. More specifically, it was supporting SOPA and PIPA in the two Congressional houses up until January 20 when lawmakers pulled support.And all that lobbying can add up, as the association's disclosure filing reveals expenditures of $1,082,167 across all lobbying initiatives in the fourth quarter -- that figure also includes regular overhead expenses, to be clear. How much of that was spent on SOPA/PIPA is unknown, but by comparison, the Motion Picture Association of America spent $850K during the same period, which also includes its own support for SOPA/PIPA.The ESA collectively spent $4,391,201 last year, and declined a request for specifics regarding its spending in 2011.
Tesla Motors CEO 'does not devote his full time and attention to Tesla'
We've already discussed the seemingly suicidal situation Tesla finds itself in with relation to its 2011 Roadster production cessation, but that SEC submission for the company's IPO is a long, long affair (which you may read below), and there were more nuggets of madness to be found. Apparently, CEO Elon Musk is a busy man -- with CEO and CTO functions at SpaceX and a chairmanship at SolarCity to attend to -- and so he couldn't possibly be expected to focus his full attention on ensuring that the half billion dollar state loan his company received gets spent as wisely as possible. Add Musk's corporate bigamy to an expectation of "continuing losses" and dwindling waiting lists and you have to wonder who, other than the US government, will be buying shares when this offering goes public.
Divining just what that "non-personal system information" might be
As Eliah noted the other day, Blizzard is running another hardware survey -- your WoW client will be sending them information about what kinds of hardware are in your computer. They've done this before, and as you may have realized, this type of information helps them determine system requirements for future games. A few people have already speculated that they're testing the waters for another WoW expansion, but I doubt any expansion is that far along in the process yet: my guess is that this latest round of hardware testing is actually being done for final calibration on Starcraft II, due out this fall. Blizzard doesn't share this hardware information with us, but Valve, another company that has a really wide install base with its Steam service, does release regular information about the kinds of computers its games are running on.There is, of course, another question here: do we really want Blizzard jumping in and taking this information from us? There aren't any obvious reasons to protect this information (most computers will give it up to any Internet-connected application without issue), but you never know: do you really want Blizzard checking out what's on your hard drive or what accessories you've hooked up to your computer? We'd presume that they don't dive into software information (like checking your computer's HD for signs of competing MMO installs), but certainly they could. The list of what they check includes: "CPU, RAM, operating system, video, audio, HD/CD/DVD, and network connection," but we don't know if that's everything or not (the Terms of Use, under "XVIII Acknowledgements" says something similar). And as Blizzard's alert says, while we do get a momentary notification that this information is being sent, users who have merged their Battle.net accounts will no longer even see that flash of a message, even though their info is still being sent. The ToS says Blizzard doesn't have to notify us of the survey, but they have in the past anyway.
