Connect with us

Technology

Damages class certified • The Register

Voice Of EU

Published

on

A US judge has approved a limited class action against Apple for breach of contract following allegations it used third-party servers including “cloud storage facilities belonging to Amazon, Microsoft, or Google” to host customers’ data instead of its own premium iCloud service.

The case – which has been running since 2019 – was brought by Andrea Williams from Florida and California resident James Stewart, according to court papers published last week [PDF].

The pair sued Apple for “breach of contract”, claiming they had paid Apple for iCloud storage above the 5GB of data that is offered for free. They cited the agreed Terms of Service, stating: “When iCloud is enabled, your content will be automatically sent to and stored by Apple.”

What appears to lie at the heart of the case is the allegation that “Apple failed to inform Williams and Stewart that their data was being stored on ‘non-Apple remote servers and facilities’ despite alleged assurances to the contrary”, as well as upset over allegedly being charged a “price premium” that they claim “harmed” class members “who would have otherwise utilized… cheaper cloud storage alternatives.”

According to northern California District Judge Lucy Koh’s order:

“According to the [complaint]… Apple lacked the facilities needed to readily provide the cloud storage space being sold to class members through iCloud.”

An amended complaint filed on April 27, 2020, cited an internal presentation on Apple’s first in-house iCloud servers (codenamed “Project McQueen”), which according to court docs “discusse[d] the ‘dual writing’ of iCloud data on both McQueen servers and Amazon’s S3.”

It also cited a slide from another undated internal Apple presentation allegedly “show[ing] the percentage of total storage on and daily uploads to third-party servers. The other slide graph[ed], over time, iCloud storage across five different storage providers — of which ‘Apple’ is only one source.”

Apple had previously retorted in its response to the amended complaint that the plaintiffs lacked “proof that every member of the class had their iCloud data placed on third-party servers during the Damages Class Period [i.e., September 16, 2015 until October 31, 2018].”

Lawyers for Apple also argued the plaintiffs lacked proof that could “determine which US paid iCloud subscribers may have had some data stored historically on third-party servers.”

Judge Koh denied the motion for a separate injunctive relief class certification that would have forced Apple to make changes to its iCloud terms of service.

She also added that presentations showing “as of approximately March 2019, Apple stored about 40 per cent of all iCloud data on Apple servers” suggested “a substantial percentage of class members did not have their iCloud data stored on third-party servers.”

The court certified the class to all persons in the United States who paid for a subscription to iCloud at any time during the period September 16, 2015 to January 31, 2016, with Judge Koh finding the plaintiffs lacked “common proof of outsourcing” after January 2016.

The Reg has asked Apple for comment. ®

Source link

Technology

‘I was just really scared’: Apple AirTags lead to stalking complaints | Technology

Voice Of EU

Published

on

In early January, Brooks Nader, a 26-year-old Sports Illustrated swimsuit model, was walking home alone from a night out in New York when she received a disturbing iPhone notification telling her she was carrying an “unknown accessory”.

“This item has been moving with you for a while,” the alert read. “The owner can see its location.”

That’s when she knew “something wasn’t right”, Nader told the NBC news program Today. Nader discovered that somebody had slipped an Apple AirTag into her coat pocket while she was sitting in a restaurant earlier. Unbeknown to her, the device tracked her location for four hours before Apple’s abuse prevention system triggered the notification to her phone.

AirTags are wireless, quarter-sized Bluetooth devices that retail for $29 each. Apple launched the product in April 2021 as tracking tools that users can pair with the company’s Find My app to help locate lost belongings, like backpacks or car keys.

Yet AirTags have proven easy to abuse – police in New York, Maryland, Idaho, Colorado, Georgia, Michigan, Texas and elsewhere both within the US and internationally, have reported instances of AirTags being used to stalk individuals, as well as to target cars for theft.

Last week, the New Jersey Regional Operations & Intelligence Center issued a warning to police that AirTags posed an “inherent threat to law enforcement, as criminals could use them to identify officers’ sensitive locations” and personal routines.

AirTags have abuse-mitigation features, including pop-ups like the one Nader received, and an alarm that beeps at 60 decibels (a conversational volume) after the AirTag has been away from its owner anywhere between eight to 24 hours.

Near the end of 2021, the company released a new Android app called Tracker Detect, which was designed to help people who own Androids discover suspicious AirTags near them – yet the app must be proactively downloaded and kept active to be effective, and is only compatible with Android 9 or higher.

The outcome of more anti-stalking mechanisms is that more people are realizing they are being stalked. On 14 January, police in Montgomery county, Maryland, responded to a call from a person who was stalked home from a movie theater after an AirTag was planted on their car. Around the same time, two California women called 911 after receiving a notification that their whereabouts were being tracked while out shopping. A 30 December report from the New York Times cites seven women who believe AirTags were used to surveil them. On social media, posts from mainly women sharing their own experiences of being tracked by AirTags have drawn attention to the issue, with one TikTok video from November 2021 receiving more than 31m views.

If you suspect you’re being tracked, the conventional wisdom is not to head home, but rather call – or go to – the police. However, law enforcement responses to incidences of AirTag stalking have thus far been inconsistent, and help is not always guaranteed.

When Arizona’s Kimberly Scroop went to local police after receiving an iPhone notification that she was being tracked in September last year, “they were not interested in taking a report, they didn’t take my name or phone number,” she says. “They said if I noticed someone following me, to call the police then.”

Scroop went home and made a TikTok video about her experience being tracked, thinking she should “make as much noise as possible, so there was some public record of it” online in case anything bad happened to her. “I was having a mini panic attack, just really scared,” she says in the post that has now been viewed more than 5.5m times.

In New York, Jackie’s Law – passed in 2014 to allow police to charge people using GPS tracking devices to stalk victims even if the victims have not pressed charges – contributed to police in West Seneca’s decision to subpoena Apple for information about a case involving an AirTag attached to a victim’s car bumper. Nonetheless, Nader claims she was unable to file a report after being tracked in Tribeca, New York City, as police told her no crime had been committed.

In an official statement, Apple says it will cooperate with police “to provide any available information” about unknown AirTags people discover on their person or property. “We take customer safety very seriously and are committed to AirTags’ privacy and security,” says a spokesperson.

Ultimately, their built-in anti-stalking mechanisms and the fact that they can be easily disabled when discovered render AirTags less dangerous than other forms of stalkerware. “If you really are nefarious and evil and you really want to find someone, there are things that are much better than an AirTag,” in the $100 to $300 range, says Jon Callas, director of technology projects at the Electronic Frontier Foundation.

Indeed, stalking affects an estimated 7.5 million people in the United States each year, and one in four victims report being stalked through some form of technology, according to the Stalking Prevention Awareness & Resource Center. And it’s on the rise: a 2021 international study by the security company Norton found the number of devices reporting stalkerware daily “increased markedly by 63% between September 2020 and May 2021” with the 30-day average increasing from 48,000 to 78,000 detections. There are thousands of different stalkerware variants, such as Cerberus, GPS tracking devices and Tile, a Bluetooth-enabled AirTag competitor that announced a partnership with Amazon last spring.

To Callas, the conversation around AirTags is drawing much-needed attention to the potential for technology to be misused; he hopes more people will consider the safety risks of tracking devices, regardless of how innocent they seem. “If you make a generalized technology that helps you find your lost keys, it can help you find anything,” he says, “and that includes people”.

Source link

Continue Reading

Technology

UK mulls making MSPs subject to mandatory security standards • The Register

Voice Of EU

Published

on

Small and medium-sized managed service providers (MSPs) could find themselves subject to the Network and Information Systems Regulations under government plans to tighten cybersecurity laws – and have got three months to object to the tax hikes that will follow.

Plans to amend the EU-derived Network and Information Systems Regulations (NIS) are more likely than ever to see SMEs brought into scope, as The Register reported last year when these plans were first floated.

NIS is the main law controlling security practices in the UK today. Currently a straight copy of the EU NIS Directive, one of the benefits of Brexit leapt upon by the Department for Digital, Culture, Media and Sport (DCMS) is the new ability to amend NIS’s reporting thresholds.

Bringing MSPs under NIS “would provide a baseline for expected cybersecurity provision and better protect the UK economy and critical national infrastructure from cyber security threats,” as UK.gov said in a consultation document issued on Wednesday. Its plans are for MSPs, currently not subject to NIS, to be brought into the fold. This includes defining what an MSP does, legally, and possibly ending NIS’ existing exemption on SMEs.

“The government recognises the strong need to minimise regulatory burden on small and micro-businesses particularly in a rapidly evolving industry such as this. However, recent incidents have highlighted the scale of risk that can be associated with managed service providers – regardless of their size,” said the consultation document.

In essence, if an “operator of essential services” or a critical national infrastructure business outsources something to your MSP, prepare for NIS compliance.

And the flip side: money

Enforcement of NIS is carried out by the ICO, which is getting a funding bonus if Parliament nods through the NIS amendments. Initially coming from general taxation, in time DCMS wants to “extend the existing cost recovery provisions to allow regulators (for example, Ofcom, Ofgem, and the ICO) to recover the entirety of reasonable implementation costs from the companies that they regulate.”

SMEs across the whole British economy are already familiar with this kind of “cost recovery” activity through stealth taxes such as the ICO’s data protection registration fee.

Andy Kays, chief exec of a managed detection and response firm in London called Socura, agreed that “further market intervention is required to help raise the bar to protect the UK economy.”

“However,” he added, “I do believe that interventions like Cyber Essentials, GDPR and NIS have raised the profile of cyber and data security in the UK, and have improved understanding and investment where they are applicable among businesses.”

Jake Moore, global cybersecurity advisor with Slovakian infosec firm ESET, also agreed, saying in a statement: “Essential services are desperately in need of better protection so these new laws will help direct businesses into a more secure offering with the help and direction required. Laws often may seem like they do not go far enough but digital crime is fast paced and the goal posts constantly move making such plans difficult to project or even become out of date by the time they land.”

The consultation closes on 22 April. As well as questions about money, DCMS is also asking about whether the regs should be extended to SMEs and how detailed they ought to be. Have your say via theses 66 pre-formatted questions. ®

Source link

Continue Reading

Technology

7 early-stage start-ups NDRC is accelerating in 2022

Voice Of EU

Published

on

The first cohort of the NDRC accelerator by Dogpatch Labs has four female co-founded start-ups and two international ones.

After taking over the NDRC accelerator from the Government in 2020, Dogpatch Labs gave it a makeover and launched its first cohort of 11 early-stage start-ups last year.

This year, they are running two accelerators with two separate cohorts and increasing the total number of participating start-ups from 11 to 14. The first cohort, H1, has a total of seven start-ups – four of which have female co-founders.

Announced yesterday (19 January), the first cohort also has two regional start-ups and two international start-ups co-founded by Irish CEOs who graduated from top international talent accelerators Antler and Entrepreneur First.

Here we list NDRC’s first cohort of seven early-stage start-ups in 2022 representing the next generation of Ireland’s start-up ecosystem who are gearing up for Demo Day on 7 April.

Image: Dogpatch Labs

Filter

This start-up helps patients with breathing difficulties such as asthma or chronic obstructive pulmonary disease (COPD) to monitor their health. A device called Filter can be used by patients in conjunction with an AI-powered digital health coach called Kos to track their respiratory health and get alerts when something’s wrong.

Filter was founded in 2020 by Andrew Gallagher and Stephen Keenan, both University College Dublin alums. Gallagher, who is the chief technology officer, is an engineer by profession, while Keenan has a background in both law and computer science.

GreyScout

GreyScout offers a business tool for companies that want to protect their brand against intellectual property (IP) infringements and counterfeits. The start-up’s product scans across online domains including marketplaces, search engines, websites, social media channels and web forums to identify and remove policy violations and unauthorised content, alerting clients in real time.

On a mission to ‘democratise IP protection’, GreyScout was founded in 2019 by chief executive John Killian and chief technology officer Chris McCauley.

Herd

This start-up has built a novel social platform for sports fans to discuss live matches with friends and make predictions on the outcome. In a game-like interface, users have to compete against each other in guessing next moves of sports payers and the winning side – enriching the virtual live entertainment experience.

Herd was co-founded by Jack Cantillon, who is the chief executive, and Robert Minford, who is the chief technology officer. A qualified lawyer in New York, Ireland and the UK, Cantillon was featured in Sports for Business 30 Under 30 in 2020.

Jama AI

Jama is a start-up that uses natural language processing to help B2B sales reps with communication intelligence and analytics. The platform is a one-stop-shop for all the messaging channels used by sales reps, such as WhatsApp, WeChat and Line, to make customer relationship management simpler and win more deals.

It was co-founded by Kerry-based Aisling Hayes, who is the chief executive of Jama with prior experience in founding and running start-ups in Ireland. Jama graduated from the global accelerator by Antler, an early-stage VC firm based in Singapore.

Öogo

This Dublin-founded start-up connects people who need childcare with those who are looking to provide it. Childcare providers called Minders who can be booked to offer a wide range of services including online tutoring, baby-sitting and maternity nursing.

With changes in the nature of work for many parents because of remote and hybrid work, Öogo hopes to act as a Tinder for childcare, making it simple. It was founded in 2019 by Kate Clark, who worked in sales in New York for five years before starting the business.

Squid

Squid aims to promote customer loyalty towards businesses by incentivising buy from them through loyalty cards. By partnering with Squid, brands can ask their customers to download the Squid app and get rewards for purchases. And additional business portal helps brands get customer insights and track customer loyalty.

The start-up also helps businesses get discovered on their app through a marketplace where they can advertise special offer and sell vouchers to their community. Squid was co-founded by Katie Farrell and Matthew Coffey

Upskill Marketplace

This online platform helps the HR and learning & development teams of businesses to connect with soft skills trainers and professional coaches. It aims to make the process of finding trainers simpler through its online portal that has all details, including pricing, listed upfront. Trainers with Upskill go through a selection process before listing, and user reviews help businesses determine who to book.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Source link

Continue Reading

Trending

Subscribe To Our Newsletter

Join our mailing list to receive the latest news and updates 
directly on your inbox.

You have Successfully Subscribed!