Netflix is cutting back on the bandwidth it takes to stream videos to members in the European Union after a European Commission member voiced concerns over network strain. From a report: "Following the discussions between Commissioner Thierry Breton and Reed Hastings -- and given the extraordinary challenges raised by the coronavirus -- Netflix has decided to begin reducing bit rates across all our streams in Europe for 30 days," a Netflix spokesperson told Protocol. "We estimate that this will reduce Netflix traffic on European networks by around 25 percent while also ensuring a good quality service for our members."

The European Union is urging Netflix and other streaming platforms to stop showing video in high definition to prevent the internet from breaking under the strain of unprecedented usage due to the coronavirus pandemic. From a report: With so many countries on forced lockdowns to fight the spread of the virus, hundreds of millions working from home and even more children out of school, EU officials are concerned about the huge strain on internet bandwidth. European Commissioner Thierry Breton, who is responsible for the EU internal market covering more than 450 million people, tweeted Wednesday evening that he had spoken with Netflix CEO Reed Hastings. Breton called on people and companies to "#SwitchtoStandard definition when HD is not necessary" in order to secure internet access for all. "Commissioner Breton is right to highlight the importance of ensuring that the internet continues to run smoothly during this critical time," the Netflix spokesperson said. "We've been focused on network efficiency for many years, including providing our open connect service for free to telecommunications companies."

German Chancellor Angela Merkel announced on Tuesday that European Union member nations will close EU's external borders for 30 days to slow the spread of the coronavirus pandemic. CNBC reports: Movement of people within European Union member nations will be still be allowed under the restrictions. "The union and its member states will do whatever it takes," said European Council President Charles Michel. Michel said the EU will arrange for the repatriation of citizens of member countries. Breaking...

An anonymous reader quotes a report from The Wall Street Journal: Amazon plans to hire an additional 100,000 employees in the U.S. as millions of people turn to online deliveries at an unprecedented pace and Americans continue to reorient their lives to limit the spread of the new coronavirus. Amazon plans to deploy the new workers to fuel its sprawling e-commerce machine and is raising pay for all employees in fulfillment centers, transportation, stores and deliveries in the U.S. and Canada by $2 an hour through April. In the U.K., it will go up $2.45 per hour and approximately $2.24 an hour in many EU countries, according to the company. Amazon now pays $15-per-hour as a starting wage to workers in its fulfillment centers around the U.S.

The tech giant's decision to go on a hiring spree and boost worker pay shows the dual challenge companies such as Amazon face as they seek to meet surging demand for food and key household items and also take care of employees at the front lines of the pandemic. Amazon employed nearly 800,000 full and part-time employees as of Dec. 31. More customers are turning to online shopping for everything from grocery delivery to paper towels, cleaning supplies and daily needs. Amazon, which also owns grocery store chain Whole Foods, was one of the companies Mr. Trump mentioned Sunday during his update on the coronavirus outbreak. Amazon accounts for 39% of all online orders in the U.S., according to eMarketer, and is shouldering a lot of those needs. Last week, Amazon asked employees at its New York and New Jersey offices to work from home. This came soon after the company told employees at its offices in the San Francisco Bay Area and the Seattle area to work from home, following reports that an Amazon employee in Seattle tested positive for the virus.

"On Wednesday, Amazon expanded its sick-leave policy to include part-time warehouse workers and set up a relief fund, with an initial $25 million for delivery partners such as drivers and others affected by the outbreak," adds The Wall Street Journal. "The company earlier eased its policy for unpaid time off, offering workers the option to take unlimited unpaid time off through the end of March without penalties."

An anonymous reader quotes the "Naked Security" blog of anti-virus company Sophos: Researchers have discovered another big database containing millions of European customer records left unsecured on Amazon Web Services (AWS) for anyone to find using a search engine. A total of eight million records were involved, collected via marketplace and payment system APIs belonging to companies including Amazon, eBay, Shopify, PayPal, and Stripe.

Discovered by Comparitech's noted breach hunter Bob Diachenko, the AWS instance containing the MongoDB database became visible on 3 February, where it remained indexable by search engines for five days. Data in the records included names, shipping addresses, email addresses, phone numbers, items purchased, payments, order IDs, links to Stripe and Shopify invoices, and partially redacted credit cards...

A total of eight million records were involved, collected via marketplace and payment system APIs belonging to companies including Amazon, eBay, Shopify, PayPal, and Stripe.
The article calls it "simply the latest example of how easy it is to leave sensitive data sitting in an unsecured state on cloud storage platforms." They cite two more high-profile databases that Comparitech found exposed on Elasticsearch just in 2020:

• A database containing 309 million Facebook user IDs, phone numbers and names
• A total of 250 million Microsoft customer support records dating back to 2005

An anonymous reader quotes VentureBeat: Sweden's Data Protection Authority (DPA) has slapped Google with a 75 million kronor ($8 million) fine for "failure to comply" with Europe's General Data Protection Regulation (GDPR) after the internet giant reportedly failed to adequately remove search result links under right-to-be-forgotten requests. In a notable twist, the DPA also demanded that Google refrain from informing website operators their URLs will be de-indexed... Rather than asking website operators to remove a web page, Google — and other search engines — are required to hide the page from European search results.

Since the ruling took effect, Google has received millions of de-indexing requests, though it reports that fewer than 45% have been fulfilled... The crux of the Swedish DPA's complaint is that Google did not "properly remove" two search result listings after it was instructed to do so back in 2017. "In one of the cases, Google has done a too narrow interpretation of what web addresses needed to be removed from the search result listing," the DPA wrote in its statement. "In the second case, Google has failed to remove the search result listing without undue delay." But inadequate and tardy removals are only part of the issue, according to Sweden's DPA, which also argues that Google should keep website operators in the dark about removal requests...

If Google's latest fine is upheld — the company has three weeks to appeal — it would rank among the seven largest GDPR penalties of all time. Google confirmed to VentureBeat that it does indeed intend to file an appeal. "We disagree with this decision on principle and plan to appeal," the spokesperson said.

Europe has become the new epicenter of the COVID-19 pandemic as cases in China slow and the deadly coronavirus runs through Italy and nearby countries, World Health Organization officials said Friday. CNBC reports: "More cases are now being reported [in Europe] every day than were reported in China at the height of its epidemic," WHO Director-General Dr. Tedros Adhanom Ghebreyesus said at a news conference at the organization's Geneva headquarters. WHO officials declared COVID-19 a global pandemic on Wednesday as the virus spreads rapidly across the world from Asia to Europe, the Middle East and now parts of the United States.

"When the virus is out there, the population has no immunity and no therapy exists, then 60% to 70% of the population will be infected," German Chancellor Angela Merkel told a news conference in Berlin on Wednesday, according to Reuters. The country has a population of more than 82 million. Italy currently has the most cases outside of China with at least 15,113 infections, followed by Spain at 4,334, Germany at 3,156 and France at 2,882, according to data compiled by Johns Hopkins University. Other countries in Europe are seeing cases soar. Switzerland currently has 1,125 cases, followed by Sweden at 809, the Netherlands at 804 and Denmark at 788. The United States had at least 1,701 cases as of Friday morning, according to Hopkins.

A new study reports that iron rain likely falls through the thick, turbulent air of WASP-76 b, a bizarre "ultrahot Jupiter" that lies about 640 light-years from the sun, in the constellation Pisces. Space.com reports: WASP-76 b zips around its host star once every 1.8 Earth days, an orbit so tight that the gaseous planet is "tidally locked," always showing the star the same face. Temperatures on this dayside climb above 4,350 degrees Fahrenheit (2,400 degrees Celsius) -- hot enough to vaporize metals -- whereas the nightside is a much cooler (but still ridiculous) 2,730 F (1,500 C), researchers said. WASP-76 b was discovered in 2013. The alien planet is about as massive as Jupiter but nearly twice as wide, likely because the massive radiation loads the exoplanet receives from its host star puff up its atmosphere considerably. (And one quick note about the object's distance: Some sources say that WASP-76 b is about 390 light-years away, but that number is inaccurate, Ehrenreich said. He and his colleagues calculated WASP-76 b's distance using data from Europe's ultraprecise star-mapping spacecraft Gaia.)

The European Commission has set out a plan to move towards a 'right to repair' for electronics devices, such as mobile phones, tablets and laptops. From a report: More generally it wants to restrict single-use products, tackle "premature obsolescence" and ban the destruction of unsold durable goods -- in order to make sustainable products the norm. The proposals are part of a circular economy action plan that's intended to deliver on a Commission pledge to transition the bloc to carbon neutrality by 2050. By extending the lifespan of products, via measures which target design and production to encourage repair, reuse and recycling, the policy push aims to reduce resource use and shrink the environmental impact of buying and selling stuff. The Commission also wants to arm EU consumers with reliable information about reparability and durability -- to empower them to make greener product choices.

An anonymous reader quotes Business Insider: Airlines have wasted thousands of gallons of fuel running empty "ghost" flights during the coronavirus outbreak because of European rules saying operators can lose their flight slots if they keep their planes on the ground.

Demand for flights has collapsed across the globe amid growing fears about the outbreak. Under Europe's rules, airlines operating out of the continent must continue to run 80% of their allocated slots or risk losing them to a competitor. This has led to some operators flying empty planes into and out of European countries at huge costs, The Times of London reported.

An anonymous reader quotes CNN: French automaker Citroën has unveiled the Ami, a tiny electric car that's designed from the outset to be as cheap as possible. The car isn't very fast and it looks a bit like a washing machine, but it only costs €6,000, or the equivalent of about $6,600.

It would be hard to get a good used car at that price, but the two-seat Ami is barely a car. In fact, Citroën refers to it as a "non-conformist mobility object." It has a top speed of just 45 kilometers an hour, roughly equal to 28 miles per hour. It's powered by a 6 kilowatt, or 8 horsepower, electric motor. For that reason, though, the Ami can be driven by kids as young as 14 in France, or 16 in many other European countries, without a license. Under the laws of these countries, the Ami qualifies as a voiture sans permis (literally "car without license"), or quadricycle, a category of small and slow vehicle that, for purposes of regulation, is treated like a four-wheeled scooter...

The Ami is built using as few unique parts as possible. For instance, the body parts used for the front end are exactly like those used in the back. Also, the right door is exactly like the left door. That means the driver's side door hinge is at the front while the passenger side door hinge is at the back... Since it's a lightweight car with a small battery intended mostly for use in cities, the Ami has a range of only about 70 kilometers, or 43 miles, per charge. On the plus side, though, it can be fully charged in only three hours using a household electrical outlet...

Besides buying the car, shoppers will also have the option to lease it for €20, the equivalent of $22, per month.

IBM and Microsoft have signed an "ethical resolution" with the Vatican to develop AI in a way that will protect the planet and the rights of all people [Editor's note: the link may be paywalled; alternative source]. From a report: The pledge, called the "Rome Call for AI Ethics," will be presented on Friday morning to Pope Francis by Brad Smith, the president of Microsoft, and John Kelly, IBM's executive vice-president, as well as Vatican officials and Qu Dongyu, the Chinese director-general of the UN Food and Agriculture Organization. The two US tech companies lead the world in AI development, measured by the number of patents they have amassed. The document calls for AI to safeguard the rights of all humankind, particularly the weak and underprivileged, and for new regulations in fields such as facial recognition. It said that there must be a "duty of explanation" that would show not only how AI algorithms come to their decisions but also what their purpose and objectives are.

The European Commission has told its staff to start using Signal, an end-to-end-encrypted messaging app, in a push to increase the security of its communications. From a report: The instruction appeared on internal messaging boards in early February, notifying employees that "Signal has been selected as the recommended application for public instant messaging." The app is favored by privacy activists because of its end-to-end encryption and open-source technology. "It's like Facebook's WhatsApp and Apple's iMessage but it's based on an encryption protocol that's very innovative," said Bart Preneel, cryptography expert at the University of Leuven. "Because it's open-source, you can check what's happening under the hood," he added. Signal was developed in 2013 by privacy activists. It is supported by a nonprofit foundation that has the backing of WhatsApp founder Brian Acton, who had left the company in 2017 after clashing with Facebook's leadership.

Long-time Slashdot reader zoobab shares this update from the Foundation for a Free Information Infrastructure, a Munich-based non-profit opposing ratification of a "Unified Patent Court" by Germany. They argue such a court will "validate and expand software patents in Europe," and they've come up with a novel argument to stop it.

"Germany cannot ratify the current Unitary Patent due to Brexit..." The U.K. is now a "third state" within the meaning of AETR case-law, [which] makes clear that:

"Each time the Community, with a view to implementing a common policy envisaged by the Treaty, adopts provisions laying down common rules, whatever form they may take, the Member States no longer have the right, acting individually or even collectively, to undertake obligations with third countries which affect those rules or alter their scope..."

This practically means that the ratification procedure for the Agreement on the Unified Patent Court must now come to an end, as that Agreement no longer applies due to the current significant changes (i.e. Brexit) in the membership requirements of its own ratification rules.
The nonprofit also argues that the Unitary Patent "is a highly controversial and extreme issue, as it allows new international patent courts to have the last word on the development and application of patent law and industrial property monopolies including, more seriously, the validation and expansion of software patents, that is the key sector on which whole industries and markets depend."

We live in a world where billions of login credentials have been stolen, enabling the brute-force cyberattacks known as "credential stuffing", reports CSO Online. And it's being made easier by APIs: New data from security and content delivery company Akamai shows that one in every five attempts to gain unauthorized access to user accounts is now done through application programming interfaces (APIs) instead of user-facing login pages. According to a report released today, between December 2017 and November 2019, Akamai observed 85.4 billion credential abuse attacks against companies worldwide that use its services. Of those attacks, around 16.5 billion, or nearly 20%, targeted hostnames that were clearly identified as API endpoints.

However, in the financial industry, the percentage of attacks that targeted APIs rose sharply between May and September 2019, at times reaching 75%.

"API usage and widespread adoption have enabled criminals to automate their attacks," the company said in its report. "This is why the volume of credential stuffing incidents has continued to grow year over year, and why such attacks remain a steady and constant risk across all market segments."
APIs also make it easier to extract information automatically, the article notes, while security experts "have long expressed concerns that implementation errors in banking APIs and the lack of a common development standard could increase the risk of data breaches."

Yet the EU's "Payment Services Directive" included a push for third-party interoperability among financial institutions, so "most banks started implementing such APIs... Even if no similar regulatory requirements exist in non-EU countries, market forces are pushing financial institutions in the same direction since they need to innovate and keep up with the competition."

Sources told Reuters that Google is planning to move its British users' accounts out of the control of European Union privacy regulators, placing them under U.S. jurisdiction instead. From the report: The shift, prompted by Britain's exit from the EU, will leave the sensitive personal information of tens of millions with less protection and within easier reach of British law enforcement. The change was described to Reuters by three people familiar with its plans. Google intends to require its British users to acknowledge new terms of service including the new jurisdiction.

Ireland, where Google and other U.S. tech companies have their European headquarters, is staying in the EU, which has one of the world's most aggressive data protection rules, the General Data Protection Regulation. Google has decided to move its British users out of Irish jurisdiction because it is unclear whether Britain will follow GDPR or adopt other rules that could affect the handling of user data, the people said. If British Google users have their data kept in Ireland, it would be more difficult for British authorities to recover it in criminal investigations.

U.S. and Chinese firms hoping to deploy artificial intelligence and other technology in Europe will have to submit to a slew of new rules and tests, under a set of plans unveiled by the European Union to boost the bloc's digital economy. From a report: The legislative plans, outlined on Wednesday by the European Commission, the bloc's executive body, are designed to help Europe compete with the U.S. and China's technological power while still championing EU rights. The move is the latest attempt by the bloc to leverage the power of its vast, developed market to set global standards that companies around the world are forced to follow. Big U.S. companies, like Facebook and Alphabet's Google, won't get any reprieve from the Commission, which in its Digital Services Act plans to overhaul rules around legal liability for tech firms, and is also exploring legislation for 'gate-keeping' platforms that control their ecosystems. "It's not us that need to adapt to today's platforms. It's the platforms that need to adapt to Europe," European Industry Commissioner Thierry Breton said at a press conference in Brussels. If they can't find a way adapt to the bloc's standards, "then we will have to regulate and we are ready to do this in the Digital Services Act at the end of this year."

Alphabet's appeal against a multibillion-dollar fine for alleged anticompetitive behavior by its Google unit risks backfiring after a European Union court floated the prospect of increasing the fine (Warning: source paywalled; alternative source), rather than scrapping it. The Wall Street Journal reports: In a surprise twist Friday at the end of a three-day hearing, one of five judges on the panel said the EU's General Court has the power to increase the $2.6 billion fine, levied in 2017, if it finds that the sum was insufficient to deter the company from further anticompetitive behavior. "The fine of ~$2.6 billion was described as eye-catching, but it is a small amount of cash in your hands," Judge Colm Mac Eochaidh said in court. "Did that level of fine deter you from repeating your behavior?" he asked Google's counsel. Increasing a fine has only one precedent in the court's history, according to Mr. Mac Eochaidh, when German chemicals giant BASF SE was ordered to pay ~$58,000 in 2007 on top of an initial ~$38 million fine for participating in a chemicals cartel.

Christopher Thomas, a counsel for Google, dismissed the idea that the fine was warranted and said the company takes the entire antitrust process "with extreme seriousness." Google disputes the findings of the commission that it had willingly or negligently squeezed competitors out of its shopping searches. The prospect of raising the fine was described as theoretical by the panel's presiding judge. Still, it sent Google lawyers scrambling for arguments, with one sitting on the floor outside the courtroom frantically researching how to contest such a move. If Google loses the case, it has the right to appeal to the bloc's highest court, the European Court of Justice.

An anonymous reader quotes a report from TechCrunch: Facebook has been left red-faced after being forced to call off the launch date of its dating service in Europe because it failed to give its lead EU data regulator enough advanced warning -- including failing to demonstrate it had performed a legally required assessment of privacy risks. Yesterday, Ireland's Independent.ie newspaper reported that the Irish Data Protection Commission (DPC) -- using inspection and document seizure powers set out in Section 130 of the country's Data Protection Act -- had sent agents to Facebook's Dublin office seeking documentation that Facebook had failed to provide.

In a statement on its website, the DPC said Facebook first contacted it about the rollout of the dating feature in the EU on February 3. "We were very concerned that this was the first that we'd heard from Facebook Ireland about this new feature, considering that it was their intention to roll it out tomorrow, February 13," the regulator writes. "Our concerns were further compounded by the fact that no information/documentation was provided to us on February 3 in relation to the Data Protection Impact Assessment [DPIA] or the decision-making processes that were undertaken by Facebook Ireland." At the time of its U.S. launch, Facebook said dating would arrive in Europe by early 2020. It just didn't think to keep its lead EU privacy regulator in the loop, despite the DPC having multiple (ongoing) investigations into other Facebook-owned products at this stage. A Facebook spokesperson said in a statement: "It's really important that we get the launch of Facebook Dating right so we are taking a bit more time to make sure the product is ready for the European market. We worked carefully to create strong privacy safeguards, and complete the data processing impact assessment ahead of the proposed launch in Europe, which we shared with the IDPC when it was requested."

In a second statement, the Facebook spokesperson added: "We're under no legal obligation to notify the IDPC of product launches. However, as a courtesy to the Office of the Data Protection Commission, who is our lead regulator for data protection in Europe, we proactively informed them of this proposed launch two weeks in advance. We had completed the data processing impact assessment well in advance of the European launch, which we shared with the IDPC when they asked for it."

Facebook has been left red-faced after being forced to call off the launch date of its dating service in Europe because it failed to give its lead EU data regulator enough advanced warning -- including failing to demonstrate it had performed a legally required assessment of privacy risks. From a report: Late yesterday Ireland's Independent.ie newspaper reported that the Irish Data Protection Commission (DPC) had sent agents to Facebook's Dublin office seeking documentation that Facebook had failed to provide -- using inspection and document seizure powers set out in Section 130 of the country's Data Protection Act. In a statement on its website the DPC said Facebook first contacted it about the rollout of the dating feature in the EU on February 3. "We were very concerned that this was the first that we'd heard from Facebook Ireland about this new feature, considering that it was their intention to roll it out tomorrow, 13 February," the regulator writes. "Our concerns were further compounded by the fact that no information/documentation was provided to us on 3 February in relation to the Data Protection Impact Assessment [DPIA] or the decision-making processes that were undertaken by Facebook Ireland." Facebook announced its plan to get into the dating game all the way back in May 2018, trailing its Tinder-encroaching idea to bake a dating feature for non-friends into its social network at its F8 developer conference.