Slashdot security articles

Syndicate content Slashdot: Generated for TarPitt (217247)
News for nerds, stuff that matters: Generated for TarPitt (217247)
Updated: 9 hours 17 min ago

Amazon's Ring May Also Be Working On Facial Recognition

Mon, 09/02/2019 - 03:34
"More than 10 million Ring doorbells have been installed worldwide, and BuzzFeed News found evidence that the company is working to develop facial recognition technology for its devices in Ukraine." An anonymous reader quotes their report: While Ring devices don't currently use facial recognition technology, the company's Ukraine arm appears to be working on it. "We develop semi-automated crime prevention and monitoring systems which are based on, but not limited to, face recognition," reads Ring Ukraine's website. BuzzFeed News also found a 2018 presentation from Ring Ukraine's "head of face recognition research" online and direct references to the technology on its website... In November 2018, Ring filed two patent applications that describe technology with the ability to identify "suspicious people" and create a "database of suspicious persons..." In December 2018, the Information reported that Ring gave its Ukraine-based research team access to customer videos in order to train image recognition software, potentially for use in Ring cameras. This use of customer videos is, in fact, allowed by the company's terms of service, which says that Ring has the right to unilaterally "access and use your User Recordings" for "developing new Products and Services" -- like facial recognition... As BuzzFeed News previously reported, Ring's terms of service gives the company an irrevocable, perpetual license to the video content users post on Neighbors. Buzzfeed News also quotes their op-ed last month by the deputy director of the digital rights group Fight for the Future. "We are on the verge of an unprecedented increase in state and private spying that will be built in plain sight."

All UK Airports To Install 3D Baggage Scanning Technology By 2022

Mon, 09/02/2019 - 01:34
"The UK government is requiring all major UK airports to introduce 3D baggage screening equipment before the end of 2022," writes Slashdot reader Hammeh. The BBC reports: Ministers say the technology will boost security, speed up pre-boarding checks, and could end the restrictions on travelling with liquids and laptops. The equipment, similar to CT scanners used in hospitals, is already being installed at London's Heathrow Airport. It provides a clearer picture of a bag's contents, which staff can zoom in to and rotate for inspection. Currently, passengers taking liquid in their cabin baggage are restricted to containers holding no more than 100ml, which must be shown to security staff in a single, transparent, resealable plastic bag of about 20cm (8in) x 20cm. The limits have been in place since November 2006. Their introduction ended a ban on liquids in the cabin imposed three months earlier, when British police said they had foiled a plot to blow up as many as 10 planes using explosives hidden in drinks bottles... The technology is already being used by US airports, including Atlanta's Hartsfield-Jackson and Chicago's O'Hare.

Feds Forced Google To Reveal All Google Users Within 100 Feet of a Bank Robbery

Sun, 09/01/2019 - 23:34
Federal investigators asked Google for help finding two men who'd robbed a Wisconsin bank in October of 2018: They left the bank at 9:09AM, just seven minutes after they entered, carrying the bag full of cash, three drawers from the vault and teller station, and the keys to the bank vault itself. In the months since, police and federal agents have struggled to track down the bank robbers. Local media sent out pictures from the bank's security cameras, but it produced no leads. Finally, police hit on a more aggressive strategy: ask Google to track down the bank robbers' phones. In November, agents served Google with a search warrant, asking for data that would identify any Google user who had been within 100 feet of the bank during a half-hour block of time around the robbery. They were looking for the two men who had gone into the bank, as well as the driver who dropped off and picked up the crew, and would potentially be caught up in the same dragnet. It was an aggressive technique, scooping up every Android phone in the area and trusting police to find the right suspects in the mess of resulting data. But the court found it entirely legal, and it was returned as executed shortly after. That kind of warrant, known as a reverse location search, has become increasingly common in recent years... In each case, police weren't tracking the location of a specific suspect -- where normal standards of reasonable suspicion would apply -- but instead pulling the names of every individual who had been in the vicinity when a crime took place. For civil liberties groups, it's a dangerous and potentially unconstitutional overreach of police power. But those concerns haven't been enough to keep police from filing reverse location search warrants when a case runs dry, or to convince judges to reject them. The Verge reports that Minnesota over 20 of the same kind of warrants have been served just in the state of Minnesota -- though in the Wisconsin case, it's not even clear that it did any good. "When The Verge reached out to the FBI's Milwaukee division to ask if any charges had been brought, officers said the case was ongoing and they could not provide any additional information as a result. With nearly a year elapsed since the warrant was served, that suggests this particular reverse location search may not have been as fruitful as investigators hoped."

iPhone-Monitoring Crackers Also Targeted Android and Windows, Targeted Ethnic Group in China

Sun, 09/01/2019 - 21:20
"The unprecedented attack on Apple iPhones revealed by Google this week was broader than first thought," reports Forbes: Multiple sources with knowledge of the situation said that Google's own Android operating system and Microsoft Windows PCs were also targeted in a campaign that sought to infect the computers and smartphones of the Uighur ethnic group in China. That community has long been targeted by the Chinese government, in particular in the Xinjiang region, where surveillance is pervasive. Google's and Microsoft's operating systems were targeted via the same websites that launched the iPhone hacks, according to the sources, who spoke on the condition of anonymity. That Android and Windows were targeted is a sign that the hacks were part of a broad, two-year effort that went beyond Apple phones and infected many more than first suspected. One source suggested that the attacks were updated over time for different operating systems as the tech usage of the Uighur community changed... The attacks appear to form part of a mass surveillance operation taking place on Uighur civilians, who've faced various forms of persecution in Xinjiang. Surveillance cameras are scattered across the region and facial recognition is prevalent.

Greg Kroah-Hartman Reveals His New Favorite Linux Distro

Sun, 09/01/2019 - 16:22
Top Linux kernel developer Greg Kroah-Hartman gave a new 30-minute interview with TFIR during the Open Source Summit, 2019. He discusses security in the post-Spectre world, remembers when Microsoft joined the Linux distros mailing list, and acknowledges good-naturedly that he and Richard Stallman "approach things from a different standpoint". An anonymous reader writes: In the interview Kroah-Hartman talks about downsides of living in the Hague. "My son's school actually mandates that they all have MacBooks. So he has a MacBook, my wife has a MacBook, and that's about it." But of course, Kroah-Hartman himself is always using Linux. So what distro does he use? "I don't use openSUSE any more, I use Arch. And my build system I think is actually running Fedora. I have a number of virtual machines still running Gentoo, Dubya, and Fedora to do some testing on some userspace tools. But yeah, all my laptops and everything is switched over to Arch these days... I have a Chromebook that I play around with, and you can run Linux applications, and you can of course SSH into anything..." Why Arch? "At the moment it had something that I needed. I don't remember what it was, the latest development version, what not -- and I've known a number of the Arch developers over the years. Their idea of a constantly rolling, forward-moving system is the way to go... It's neutral, it's community-based, it has everything I need. It works really really well. I've actually converted my cloud instances that I have all to Arch... It's nice." And in addition, "Their Wiki is amazing. The documentation -- it's like one of the best resources out there these days... If you look up any userspace program and how to configure it and use it. Actually, the systemd Arch Wiki pages are one of the most amazing resources out there... "One of the main policies of Arch, or philosophies, is you stay as close to the upstream as possible. And as a developer, I want that... They're really good in feedback to the community. Because I want that testing -- I want to make sure that things are fixed. And if it is broken, I learn about it quickly and I fix it and push the stuff out. So that's actually a really good feedback loop. And that's some of the reasons I need it."

Amazon Is Telling Police Departments What To Say About Its Ring Surveillance Cameras

Sun, 09/01/2019 - 10:43
Amazon isn't just partnering with hundreds of America's police departments. They're also "directing the departments' press releases, social media posts and comments on public posts," according to the Guardian: Ring says the program gives police more resources to solve crimes, while critics fear the company is quietly building up a for-profit private surveillance network. Ring's power over police departments' communications with the citizens they serve is just the latest question about the company's operations. Andrew Ferguson, a law professor and the author of The Rise of Big Data Policing said there has been a rise of tech company influence on police work over the past decade, but shaping marketing language within police departments represents a new level of "distortion of public safety rule". "Police should not have dual loyalty to a private company and the public -- their loyalty should be to the public," he said. "Any sort of blurring of that line causes us to question that loyalty...." Advocates fear that the cameras will allow police access to surveillance footage while bypassing the public process to approve more traditional security cameras. They have pointed out that contracts between police and Ring often face little public scrutiny and experts have raised concerns over requests from Ring to get access to police department's computer-aided dispatch feeds. Advocates have also questioned how comfortable users feel in denying law enforcement requests. When one Kansas police department announced their partnership with Ring, Amazon "sent the department a press release template and noted the final communique would have to be approved by Ring before release," according to the article. And for one police department in Georgia, Amazon's Ring "heavily edited the press release about the program," removing a sentence about their $15,920 donation of video doorbells and the fact that Amazon would even help install them in homes. "Ring also changed wording from the police department that said the department 'will be able to access videos submitted by subscribers of Ring' to say the department will 'join existing crime and safety conversations with local residents'." CNET also reports that Amazon "spent more than a year offering discounts and applying peer pressure with constant reminders and emails to convince officers to sign up.... When police didn't respond, Ring would follow up by noting neighboring law enforcement agencies that have joined, pushing for the Chula Vista police to join them."

Should We Be Allowed To Kick Robots?

Sun, 09/01/2019 - 02:34
"Seen in the wild, robots often appear cute and nonthreatening. This doesn't mean we shouldn't be hostile," argues a new article in Wired, reporting on what appears to be a pre-meditated kicking of a Knightscope K5 patrol robot in a parking lot in California: K5's siblings, it turns out, don't fare much better. In 2017 a drunk man attacked a K5 in a Mountain View parking lot. A few months later a group of angry protestors in San Francisco covered another one in a tarp, pushed it to the ground, and smeared barbecue sauce on it. Stacey Stephens, Knightscope's executive vice president, wouldn't say how many have been seriously damaged. "I don't want to challenge people," he says, afraid any number will inspire -- perhaps compel -- more miscreants to seek out K5s. (Stephens did specify that Knightscope prosecutes "to the fullest extent of the law," often pursuing felony charges for damaged K5s.) Hard numbers or not, the assaults will continue -- that's not the question... The question is: Do we care...? [A]s an otherwise law-abiding citizen...all I could think as I watch and rewatch the security video from August 3 is: Way to go, dude. Because K5 is not a friendly robot, even if the cutesy blue lights are meant to telegraph that it is. It's not there to comfort senior citizens or teach autistic children. It exists to collect data -- data about people's daily habits and routines. While Knightscope owns the robots and leases them to clients, the clients own the data K5 collects. They can store it as long as they want and analyze it however they want. K5 is an unregulated security camera on wheels, a 21st-century panopticon. The true power of K5 isn't to watch you -- it's to make you police yourself. It's designed to be at eye level, to catch your attention. Stephens likens it to a police car sitting on the side of the road: It makes everyone hyperaware of their surroundings. Even if you aren't speeding, you break, turn down the radio, and put your hands at 10 and 2. The debate over the proper treatment of robots can sometimes sound like the debate over violent videogames. Perhaps acting on violent impulses without hurting real-life humans is healthy, cathartic. Or it might be turning us into a race of psychopaths. Unlike the characters in videogames, though, robots don't exist virtually. In the case of K5 bots, they intrude, without permission, into the most mundane of activities: walking down the sidewalk, parking your car... It is a sham, an ersatz impression of power that should be pushed to its limits -- right down onto the hard parking lot floor.

Intel Engineer Launches Working Group To Bring Rust 'Full Parity With C'

Sat, 08/31/2019 - 12:34
Someone from the Rust language governance team gave an interesting talk at this year's Open Source Technology Summit. Josh Triplett (who is also a principal engineer at Intel), discussed "what Intel is contributing to bring Rust to full parity with C," in a talk titled Intel and Rust: the Future of Systems Programming. An anonymous reader quotes Packt: Triplett believes that C is now becoming what Assembly was years ago. "C is the new Assembly," he concludes. Developers are looking for a high-level language that not only addresses the problems in C that can't be fixed but also leverage other exciting features that these languages provide. Such a language that aims to be compelling enough to make developers move from C should be memory safe, provide automatic memory management, security, and much more... "Achieving parity with C is exactly what got me involved in Rust," says Triplett. Triplett's first contribution to the Rust programming language was in the form of the 1444 RFC, which was started in 2015 and got accepted in 2016. This RFC proposed to bring native support for C-compatible unions in Rust that would be defined via a new "contextual keyword" union... He is starting a working group that will focus on achieving full parity with C. Under this group, he aims to collaborate with both the Rust community and other Intel developers to develop the specifications for the remaining features that need to be implemented in Rust for system programming. This group will also focus on bringing support for systems programming using the stable releases of Rust, not just experimental nightly releases of the compiler. Last week Triplett posted that the FFI/C Parity working group "is in the process of being launched, and hasn't quite kicked off yet" -- but he promised to share updates when it does.

Company Behind Foxit PDF Reader Announces Security Breach

Fri, 08/30/2019 - 16:03
An anonymous reader quotes a report from ZDNet: Foxit Software, the company behind the Foxit PDF reader app, said today that hackers breached its servers and have made off with some user information. ZDNet learned of the breach from a Foxit customer who shared a copy of the email the company is sending out to affected users, asking them to choose new passwords when logging in the next time. According to this email, the security breach impacted the company's website, and, namely, information stored in the My Account section. Foxit web accounts are how the company manages its existing customers and is where users can access trial software, download purchased products, and access order histories. Foxit said hackers managed to access MyAccount data such as email addresses, passwords, real names, phone numbers, company names, and IP addresses from which users logged into their accounts. Due to the presence of IP addresses in the data hackers managed to access, this is believed to be a breach of Foxit's backend infrastructure, rather than a credential stuffing attack. The email did not mention if passwords were either hashed or salted. However, Foxit said it did invalidate all passwords for customers who it believed were impacted by the breach. What's also unknown is when exactly the security incident took place. It could've happened this week, last month, or in previous years.

Huawei's Next Phone Will Not Have Google Apps

Fri, 08/30/2019 - 14:03
Huawei's next flagship smartphone will not come with Google's popular apps, such as Maps, YouTube, and Drive. The BBC reports: Google confirmed that due to a U.S. government ban on sales to Huawei, it could not license its apps to the Chinese smartphone giant. It also means the next Huawei phone will not have access to the Google Play app store, which could leave customers without access to other popular apps. The U.S. government restricted American companies from selling products and services to Huawei in May, citing national security concerns, which Huawei rejects. Huawei is just weeks away from launching its next flagship phone, the Mate 30 Pro. It will be Huawei's first major phone launch since the U.S. restrictions were applied in May. But analysts say launching without Google's apps in Europe will be a major blow. Consumers expect to have access to all the major apps they are used to - including Maps and YouTube. Without them, Huawei's phones will seem a lot less appealing. And losing the Play Store means Huawei will need to provide another way for customers to access other popular apps such as Facebook, Twitter and BBC News. Huawei said in a statement: "Huawei will continue to use the Android OS and ecosystem if the U.S. government allows us to do so. Otherwise, we will continue to develop our own operating system and ecosystem." Tom's Guide notes that consumers can still download apps from APK repositories like "While this is certainly a nuisance, it's far from crippling."

Twitter's Jack Dorsey Has Own Account Hacked

Fri, 08/30/2019 - 12:43
The co-founder and chief executive of Twitter has had his own account on the service taken over by hackers. From a report: A group referring to itself as the Chuckling Squad said it was behind the breach of Jack Dorsey's account. A spokeswoman for Twitter told the BBC that the site was urgently investigating. The account tweeted out a flurry of highly offensive and racist remarks. The offending tweets appear to have been mostly removed.

Google Says Hackers Have Put 'Monitoring Implants' in iPhones For Years

Fri, 08/30/2019 - 06:47
An unprecedented iPhone hacking operation, which attacked "thousands of users a week" until it was disrupted in January, has been revealed by researchers at Google's external security team. From a report: The operation, which lasted two and a half years, used a small collection of hacked websites to deliver malware on to the iPhones of visitors. Users were compromised simply by visiting the sites: no interaction was necessary, and some of the methods used by the hackers affected even fully up-to-date phones. Once hacked, the user's deepest secrets were exposed to the attackers. Their location was uploaded every minute; their device's keychain, containing all their passwords, was uploaded, as were their chat histories on popular apps including WhatsApp, Telegram and iMessage, their address book, and their Gmail database. The one silver lining is that the implant was not persistent: when the phone was restarted, it was cleared from memory unless the user revisited a compromised site. However, according to Ian Beer, a security researcher at Google: "Given the breadth of information stolen, the attackers may nevertheless be able to maintain persistent access to various accounts and services by using the stolen authentication tokens from the keychain, even after they lose access to the device."

China Intercepts WeChat Texts From US and Abroad, Researcher Says

Thu, 08/29/2019 - 15:30
China is intercepting texts from WeChat users living outside of the country, mostly from the U.S. Taiwan, South Korea, and Australia. NPR reports: The popular Chinese messaging app WeChat is Zhou Fengsuo's most reliable communication link to China. That's because he hasn't been back in over two decades. Zhou, a human rights activist, had been a university student in 1989, when the pro-democracy protests broke out in Beijing's Tiananmen Square. After a year in jail and another in political reeducation, he moved to the United States in 1995. But WeChat often malfunctions. Zhou began noticing in January that his chat groups could not read his messages. "I realized this because I was expecting some feedback [on a post] but there was no feedback," Zhou tells NPR at from his home in New Jersey. As Chinese technology companies expand their footprint outside China, they are also sweeping up vast amounts of data from foreign users. Now, analysts say they know where the missing messages are: Every day, millions of WeChat conversations held inside and outside China are flagged, collected and stored in a database connected to public security agencies in China, according to a Dutch Internet researcher. Zhou is not the only one experiencing recent issues. NPR spoke to three other U.S. citizens who have been blocked from sending messages in WeChat groups or had their accounts frozen earlier this year, despite registering with U.S. phone numbers. This March, [Victor Gevers, co-founder of the nonprofit GDI Foundation, an open-source data security collection] found a Chinese database storing more than 1 billion WeChat conversations, including more than 3.7 billion messages, and tweeted out his findings. Each message had been tagged with a GPS location, and many included users' national identification numbers. Most of the messages were sent inside China, but more than 19 million of them had been sent from people outside the country, mostly from the U.S., Taiwan, South Korea and Australia.

Ransomware Hits Hundreds of Dentist Offices in the US

Thu, 08/29/2019 - 09:30
Hundreds of dental practice offices in the US have had their computers infected with ransomware this week, ZDNet reported Thursday. From a report: The incident is another case of a ransomware gang compromising a software provider and using its product to deploy ransomware on customers' systems. In this case, the software providers are The Digital Dental Record and PerCSoft, two Wisconsin-based companies who collaborated on DDS Safe, a medical records retention and backup solution advertised to dental practice offices in the US. Over the last weekend, a hacker group breached the infrastructure behind this software, and used it to deploy the REvil (Sodinokibi) ransomware on computers at hundreds of dentist offices across the US. The security breach came to light on Monday, when dentists returned to work, only to find out they couldn't access any patient information. A source impacted by the ransomware tells ZDNet that the two companies opted to pay the ransom demand. The Digital Dental Record and PerCSoft have been sharing a decrypter with impacted dental offices since Monday, helping companies recover encrypted files.

Mozilla CEO Chris Beard Will Step Down at the End of the Year

Thu, 08/29/2019 - 08:08
Chris Beard announced today his plans to step down as Mozilla Corporation CEO at the end of 2019. Beard joined the web software company in 2004, remaining an employee since then, with the exception of 2013, when he left to become Greylock's "executive-in-residence," while remaining on as an advisor. From a report: Beard was appointed interim CEO for Mozilla in April 2014, coming on as full time chief executive in July of that same year. The company has seen a bit of a resurgence in recent years, after having ceded much of its browser marketshare to the likes of Google and Apple. Firefox has undergone something of a renaissance over the past year, as have the company's security tools. "Today our products, technology and policy efforts are stronger and more resonant in the market than ever, and we have built significant new organizational capabilities and financial strength to fuel our work," Beard said in the blog post. "From our new privacy-forward product strategy to initiatives like the State of the Internet we're ready to seize the tremendous opportunity and challenges ahead to ensure we're doing even more to put people in control of their connected lives and shape the future of the internet for the public good."

Cops Hijack Botnet, Remotely Wipe Malware From 850,000 Computers

Wed, 08/28/2019 - 18:03
French police, with help from an antivirus firm, took control of a server that was used by cybercriminals to spread a worm programmed to mine cryptocurrency from more than 850,000 computers. Once in control of the server, the police remotely removed the malware from those computers. Motherboard reports: Antivirus firm Avast, which helped France's National Gendarmerie cybercrime center, announced the operation on Wednesday. Avast said that they found that the command and control server, which was located in France, had a design flaw in its protocol that made it possible to remove the malware without "making the victims execute any extra code," as the company explained in its lengthy report. Cybersecurity firms such as Avast, as well as Trend Micro, had been tracking the worm, called Retadup, since last spring. Most of the infected computers were used by the malware authors to mine the cryptocurrency Monero, but in some cases it was also used to push ransomware and password-stealing malware, according to Avast. As the antivirus firm reported, most Retadup victims were in South America, with Peru, Venezuela, Bolivia and Mexico at the top of the list.

US Cyberattack Hurt Iran's Ability To Target Oil Tankers, Officials Say

Wed, 08/28/2019 - 17:25
"A secret cyberattack against Iran in June wiped out a critical database used by Iran's paramilitary arm to plot attacks against oil tankers and degraded Tehran's ability to covertly target shipping traffic in the Persian Gulf, at least temporarily," reports The New York Times, citing senior American officials. From the report: Iran is still trying to recover information destroyed in the June 20 attack and restart some of the computer systems -- including military communications networks -- taken offline, the officials said. Senior officials discussed the results of the strike in part to quell doubts within the Trump administration about whether the benefits of the operation outweighed the cost -- lost intelligence and lost access to a critical network used by the Islamic Revolutionary Guards Corps, Iran's paramilitary forces. The United States and Iran have long been involved in an undeclared cyberconflict, one carefully calibrated to remain in the gray zone between war and peace. The June 20 strike was a critical attack in that ongoing battle, officials said, and it went forward even after President Trump called off a retaliatory airstrike that day after Iran shot down an American drone. Iran has not escalated its attacks in response, continuing its cyberoperations against the United States government and American corporations at a steady rate, according to American government officials.

Australian Who Says He Invented Bitcoin Ordered To Hand Over Up To $5B

Wed, 08/28/2019 - 10:00
The Australian man who claimed to have invented cryptocurrency bitcoin has been ordered to hand over half of his alleged bitcoin holdings, reported to be worth up to $5 billion. From a report: The IT security consultant Craig Wright, 49, was sued by the estate of David Kleiman, a programmer who died in 2013, for a share of Wright's bitcoin haul over the pair's involvement in the inception of the cryptocurrency from 2009 to 2013. Kleiman's estate alleges Wright and Kleiman were partners, and therefore his family is entitled to a share of the bitcoin that was mined by the pair in that time. Wright denies there was a partnership. A US district court in Florida on Tuesday ruled that half of the bitcoin mined and half of the intellectual property held by Wright from that time belongs to Kleiman. One issue is it is not known exactly how much bitcoin Wright holds. It has been claimed that the Kleiman estate could get anywhere between 410,000 and 500,000 bitcoin, putting the value at between $4.1 billion and $4.99 billion as of Wednesday. Wright claimed to the court that he couldn't access the bitcoin because he doesn't have a list of the public addresses of that bitcoin. He claimed in 2011, after seeing the cryptocurrency had begun to be associated with drug dealers and human traffickers, he put the bitcoin he mined in 2009 and 2010 into an encrypted file and into a blind trust. The encrypted key was divided into multiple key slices, and the key slices were given to Kleiman who distributed them to people through the trust.

Apple is Turning Siri Audio Clip Review Off by Default and Bringing it in House

Wed, 08/28/2019 - 07:20
Apple is making changes to the way that Siri audio review, or 'grading' works across all of its devices. From a report: First, it is making audio review an explicitly opt-in process in an upcoming software update. This will be applicable for every current and future user of Siri. Second, only Apple employees, not contractors, will review any of this opt-in audio in an effort to bring any process that uses private data closer to the company's core processes. Apple has released a blog post outlining some Siri privacy details that may not have been common knowledge as they were previously described in security white papers. Apple apologizes for the issue. In a statement, the company said, "as a result of our review, we realize we haven't been fully living up to our high ideals, and for that we apologize. As we previously announced, we halted the Siri grading program. We plan to resume later this fall when software updates are released to our users -- but only after making the following changes..."

National-Security Concerns Threaten Undersea Data Link Backed by Google, Facebook

Wed, 08/28/2019 - 06:40
U.S. officials are seeking to block an undersea cable backed by Google, Facebook, and a Chinese partner, in a national-security review that could rewrite the rules of internet connectivity between the U.S. and China, WSJ reported Wednesday [Editor's note: the link may be paywalled; alternative source], citing people involved in the discussions. From the report: The Justice Department, which leads a multiagency panel that reviews telecommunications matters, has signaled staunch opposition to the project because of concerns over its Chinese investor, Beijing-based Dr. Peng Telecom & Media Group, and the direct link to Hong Kong the cable would provide, the people said. Ships have already draped most of the 8,000-mile Pacific Light Cable Network across the seafloor between the Chinese territory and Los Angeles, promising faster connections for its investors on both sides of the Pacific. The work so far has been conducted under a temporary permit expiring in September. But people familiar with the review say it is in danger of failing to win the necessary license to conduct business because of the objections coming from the panel, known as Team Telecom. Team Telecom has consistently approved past cable projects, including ones directly linking the U.S. to mainland China or involving state-owned Chinese telecom operators, once they were satisfied the company responsible for its U.S. beachhead had taken steps to prevent foreign governments from blocking or tapping traffic.