VW’s Massive Emissions Cheating Scandal May Now Include Porsche

porscheVolkswagen’s emissions cheating scandal isn’t ending.

The EPA sent out a second notice of violation of the Clean Air Act to Volkswagen to now include VW-owned Audi and Porsche in their investigation. According to the notice, VW installed cheating software on their Porsche and Audi diesel vehicles released between 2014 and 2016 that ended up increasing the car’s nitrogen oxide (NOx) emissions to levels up to nine times the EPA’s standard.

This “defeat device” software is able to sense when cars are being put through federal emissions testing and will automatically put the car into a lower-emissions mode. In that mode, according to the EPA, “the vehicle meets emission standards.” However, one second after the test is completed, the car switches back into normal mode and emits a very high amount of pollutants. VW’s “clean diesel” engines are anything but clean.

This second notice of violation includes 10,000 vehicles sold since 2014, and an “unknown volume of 2016 vehicles.”

“Today we are requiring VW Group to address these issues,” Richard Corey, executive officer of the California Air Resources Board, said in a statement. “This is a very serious public health matter. ARB and EPA will continue to conduct a rigorous investigation that includes testing more vehicles until all of the facts are out in the open.”

NOx can react with other compounds in the air to form tiny particles that can go deep into a person’s lungs and cause or aggravate respiratory diseases such as emphysema. It can also exacerbate heart diseases and cause increased hospital visits and even death. When NOx reacts with heat and sunlight, it forms ozone, which can also be dangerous to human health.

In September, Michael Horn, VW’s U.S. chief stated, “let’s be clear about this: Our company was dishonest with the EPA, and the California Air Resources Board and with all of you. And in my German words: We have totally screwed up. We must fix the cars to prevent this from ever happening again and we have to make this right. This kind of behavior is totally inconsistent with our qualities.”

There are many questions, including the reason why VW chose to install this software in the first place. A criminal investigation into the scandal is being done by the U.S. Justice Department, according to the Wall Street Journal.

“All companies should be playing by the same rules,” Cynthia Giles, assistant administrator at the EPA, said in a statement. “EPA, with our state, and federal partners, will continue to investigate these serious matters, to secure the benefits of the Clean Air Act, ensure a level playing field for responsible businesses, and to ensure consumers get the environmental performance they expect.”

Lenovo and Superfish Are Giving Us Deja-vu

lenova superfishEver since Edward Snowden’s revelations about the NSA’s extensive spying program, security has been in the spotlight. Over the past several weeks, the adware known as Superfish has been the hot topic.

Back in 2014, China-based OEM admitted to pre-loading Superfish adware on Lenovo PCs during the second half of 2014. Two new lawsuits were filed on February 23, 2015 against Lenovo and adware maker Superfish in the federal courts of California for putting consumers at risk of information theft and hacker spying.

One plaintiff, David Hunter of NC, claims that both Lenovo and Superfish violated the U.S. Electronic Communications Privacy Act among other laws and has requested that the court demand for the firms to hand back any revenue acquired by selling consumer’s browsing data and also the money earned from the adware advertising.

Another plaintiff, Jessica Bennett, stated that her laptop was damaged as a result of Superfish. She further accuses Lenovo and Superfish of making money at the expense of invading her privacy.

Security researcher Marc Rogers wrote that it’s “quite possibly the single worst thing I have seen a manufacturer do to its customer base…I cannot overstate how evil this is.” The Superfish adware is said to be more than just pesky. It’s the most virulent, evil adware you could find.

By installing a single self-signed root certificate across all of Lenovo’s affected machines, Superfish intentionally pokes a gigantic hole into your browser security and allows anyone on your Wi-Fi network to hijack your browser silently and collect your bank credentials, passwords and anything else you might conceivably type there.

This can be even more of a nightmare for companies who risk their private information, and their employees, from being exposed.

Errata Security’s Robert Graham said, “I can intercept the encrypted communications of Superfish’s victims (people with Lenovo laptops) while hanging out near them at a café wifi hotspot.”

Our deja-vu comes from the Sony DRM rootkit scandal of 2005, in which Sony automatically installed malware onto users’ computers whenever someone loaded certain CDs. That rootkit malware could be hijacked by another hacker and in its greed, Sony did nothing to stop piracy and compromised the security of millions of users.

Lenovo claims it installed Superfish to “enhance our user’s shopping experience.”


Court upholds Privacy Policy Lawsuit Against Google, For Now..

In the tech world, Google may be the 800-pound gorilla that usually gets its way, but that doesn’t mean the federal court system is going to roll over and play dead when it comes to possible privacy concerns about tech behemoth’s actions when it uses personal data across its various platforms and tools.

A federal judge rejected the search engine giant’s request to dismiss a privacy lawsuit in California that alleged Google acted inappropriately when it decided to update different privacy policies from it’s wide range of products into one single unified policy, a policy that would allow Google to to merge user data gathered from multiple different tools, including the Android mobile operating system. The suit accuses Google of making this change without the consent of the users, many of whom had agreed to different privacy policies than the new one. According to the plaintiff’s attorneys, Google not only made this unauthorized change which would expose user’s information potentially to third parties without informed consent, but that Google still continues to provide no way for consumers affected by the change to “opt-out”.

While having one giant database of user data to crunch in an era of “big data” is no doubt appealing to companies like Google, there is getting to be more push back from angry consumers, some of it leading to litigation. Lawyers have had to be creative though, as the current state of the law is still trying to come to terms with how to value a person’s right to privacy when they have willingly engaged with a website. While some suits have had success in making companies like Amazon change their tracking behavior, Plaintiffs still face an uphill battle in getting compensated by the legal system for privacy issues.

Even when these cases are able to be filed in courts and survive summary judgment motions from the big tech companies, there is a perception problem of what actual “harm” they have suffered (especially in some less meritorious cases) when a website the user chose to go to didn’t alert them of cookie tracking, or provide an written Privacy Policy that the vast majority of website visitors will simply never view. Where no financial data is breached, and the “victim” can point towards no monetary loss, lawsuits are unlikely to be costly to these companies, and they have little incentive to change their behavior.

With this resistance by the courts to award more than nominal damages in such suits, privacy advocates are getting increasingly concerned by the courts’ “no harm done” view that arises because it is difficult for the “victims” to point towards actual economic damage when their personally identifiable information is at stake. in a post-Snowden era, consumers (and their attorneys) are showing far more resistance to violations of the privacy policies written by the very same tech companies that are now attempting to skirt them to maximize revenue.

NSA had overseen disposal of Snowden data at The Guardian

SurveillanceThe Associated Press has obtained a series of redacted emails and other documents which indicate that US intelligence officials knew beforehand about British intelligence agents’ effort to destroy data in possession of UK newspaper The Guardian. The emails shed light on the fact that former National Security Agency director General Keith Alexander had been briefed on the plan days before GCHQ analysts oversaw the covert destruction of a laptop at The Guardian’s offices in London, UK.

On July 19, 2013, Guardian editor Alan Rusbridger consented to destroy the data and the laptop it was stored on instead of handing it over to GCHQ. This response was seen as a follow-up after British officials had increased pressure on the newspaper using threats of police raid and prosecution under the Official Secrets Act of the United Kingdom. The AP documents obtained from the NSA under the Freedom of Information Act indicate that Richard Ledgett, then director of NSA’s Threat Operations Center, and one anonymous member of the NSA’s “Media Leaks Task Force”, had replied in an email to Alexander, hours within of Rusbridger’s confirmation to the destroyal of the data; the email was headed “Guardian data being destroyed.”

Ledgett wrote then “Good news, at least on this front” and forwarded an email from one of the redacted sources. In his turn NSA director Keith Alexander relayed the infromation to Director of National Intelligence James Clapper; “Jim- Here is the report I got.”

A day later, on July 20 2013, only a few hours after the destruction of the Guardian laptop and its contents, Clapper was briefed verbally by Alexander on the operation. He sent a thank-you e-mail to Alexander as a reply to the original e-mail thread.

One month later, on August 20, during a White House press briefing, press secretary Josh Earnest replied to a number of questions regarding on whether the US government had been foretold about the destruction of the data stating “I’ve seen the published reports of those accusations, but I don’t have any information for you on that… The only thing I know about this are the public reports about this.”