An anonymous reader quotes a report from Reuters: TikTok is working on a clone of its recommendation algorithm for its 170 million U.S. users that may result in a version that operates independently of its Chinese parent and be more palatable to American lawmakers who want to ban it, according to sources with direct knowledge of the efforts. The work on splitting the source code ordered by TikTok's Chinese parent ByteDance late last year predated a bill to force a sale of TikTok's U.S. operations that began gaining steam in Congress this year. The bill was signed into law in April. The sources, who were granted anonymity because they are not authorized to speak publicly about the short-form video sharing app, said that once the code is split, it could lay the groundwork for a divestiture of the U.S. assets, although there are no current plans to do so. The company has previously said it had no plans to sell the U.S. assets and such a move would be impossible. [...]

In the past few months, hundreds of ByteDance and TikTok engineers in both the U.S. and China were ordered to begin separating millions of lines of code, sifting through the company's algorithm that pairs users with videos to their liking. The engineers' mission is to create a separate code base that is independent of systems used by ByteDance's Chinese version of TikTok, Douyin, while eliminating any information linking to Chinese users, two sources with direct knowledge of the project told Reuters. [...] The complexity of the task that the sources described to Reuters as tedious "dirty work" underscores the difficulty of splitting the underlying code that binds TikTok's U.S. operations to its Chinese parent. The work is expected to take over a year to complete, these sources said. [...] At one point, TikTok executives considered open sourcing some of TikTok's algorithm, or making it available to others to access and modify, to demonstrate technological transparency, the sources said.

Executives have communicated plans and provided updates on the code-splitting project during a team all-hands, in internal planning documents and on its internal communications system, called Lark, according to one of the sources who attended the meeting and another source who has viewed the messages. Compliance and legal issues involved with determining what parts of the code can be carried over to TikTok are complicating the work, according to one source. Each line of code has to be reviewed to determine if it can go into the separate code base, the sources added. The goal is to create a new source code repository for a recommendation algorithm serving only TikTok U.S. Once completed, TikTok U.S. will run and maintain its recommendation algorithm independent of TikTok apps in other regions and its Chinese version Douyin. That move would cut it off from the massive engineering development power of its parent company in Beijing, the sources said. If TikTok completes the work to split the recommendation engine from its Chinese counterpart, TikTok management is aware of the risk that TikTok U.S. may not be able to deliver the same level of performance as the existing TikTok because it is heavily reliant on ByteDance's engineers in China to update and maintain the code base to maximize user engagement, sources added.

Satellite-to-phones service provider AST SpaceMobile announced a deal with Verizon to provide remote coverage across the United States. "Verizon's deal effectively includes a $100 million raise for AST, as well, in the form of $65 million in commercial service prepayments and $35 million in debt via convertible notes," reports CNBC. "The companies said that $45 million of the prepayments 'are subject to certain conditions' such as needed regulatory approvals and signing of a definitive commercial agreement." Shares of AST jumped 69% in trading to close at $9.02 a share -- the largest single day rise for the company's stock since it went public in 2021. From the report: AST SpaceMobile is building satellites to provide broadband service to unmodified smartphones, in the nascent "direct-to-device" communications market. [...] The Verizon partnership follows a similar pattern to AT&T's work with AST. Back in January, AT&T was a co-debt investor in the company alongside Google and Vodafone. The companies then established the commercial agreement earlier this month, which "lays out in much more detail how we will ultimately offer service together," AST's Chief Strategy Officer Scott Wisniewski said in a statement to CNBC. [...] AST expects to launch its first five commercial satellites later this year.

An anonymous reader quotes an op-ed from The Globe and Mail, written by Kate Robertson and Ron Deibert. Robertson is a senior research associate and Deibert is director at the University of Toronto's Citizen Lab. From the piece: A federal cybersecurity bill, slated to advance through Parliament soon, contains secretive, encryption-breaking powers that the government has been loath to talk about. And they threaten the online security of everyone in Canada. Bill C-26 empowers government officials to secretly order telecommunications companies to install backdoors inside encrypted elements in Canada's networks. This could include requiring telcos to alter the 5G encryption standards that protect mobile communications to facilitate government surveillance. The government's decision to push the proposed law forward without amending it to remove this encryption-breaking capability has set off alarm bells that these new powers are a feature, not a bug.

There are already many insecurities in today's networks, reaching down to the infrastructure layers of communication technology. The Signalling System No. 7, developed in 1975 to route phone calls, has become a major source of insecurity for cellphones. In 2017, the CBC demonstrated how hackers only needed a Canadian MP's cell number to intercept his movements, text messages and phone calls. Little has changed since: A 2023 Citizen Lab report details pervasive vulnerabilities at the heart of the world's mobile networks. So it makes no sense that the Canadian government would itself seek the ability to create more holes, rather than patching them. Yet it is pushing for potential new powers that would infect next-generation cybersecurity tools with old diseases.

It's not as if the government wasn't warned. Citizen Lab researchers presented the 2023 report's findings in parliamentary hearings on Bill C-26, and leaders and experts in civil society and in Canada's telecommunications industry warned that the bill must be narrowed to prevent its broad powers to compel technical changes from being used to compromise the "confidentiality, integrity, or availability" of telecommunication services. And yet, while government MPs maintained that their intent is not to expand surveillance capabilities, MPs pushed the bill out of committee without this critical amendment last month. In doing so, the government has set itself up to be the sole arbiter of when, and on what conditions, Canadians deserve security for their most confidential communications -- personal, business, religious, or otherwise. The new powers would only make people in Canada more vulnerable to malicious threats to the privacy and security of all network users, including Canada's most senior officials. [...] "Now, more than ever, there is no such thing as a safe backdoor," the authors write in closing. "A shortcut that provides a narrow advantage for the few at the expense of us all is no way to secure our complex digital ecosystem."

"Against this threat landscape, a pivot is crucial. Canada needs cybersecurity laws that explicitly recognize that uncompromised encryption is the backbone of cybersecurity, and it must be mandated and protected by all means possible."

A new tool called Lifeseeker could help search and rescue teams find missing people in minutes using their cellphones. The technology acts as a miniature cellphone tower, allowing rescuers to pinpoint cellphone locations within a 3-mile radius, significantly improving the efficiency and success rate of search missions in challenging terrains. The Colorado Sun reports: "As we detect the phone, basically a blotch shows up on the map and as we fly around that area, that blotch gets smaller and smaller and smaller until we can see exactly where they are," said Dr. Tim Durkin, a search and rescue program coordinator for Colorado Highland Helicopters. "That process of detecting, focusing on one specific location takes about a minute -- not really very long at all." Depending on the situation, search and rescue teams can then send in ground crews with the person's location or land the helicopter if there's a clearing nearby and conditions allow for a safe landing, Durkin said. During a test mission in La Plata Canyon northwest of Durango, search crews found the two people they were looking for within two minutes and 14 seconds, Durkin said.

The technology, called Lifeseeker, was developed by Spain-based company CENTUM research & technology and is in the process of being approved by the Federal Communications Commission before it can be sold to the state or counties hoping to use it for their SAR efforts, he said. [...] The radio-based technology needs a clear view of the terrain without interference to pick up the signal of the cellphone. If the conditions and terrain are favorable, it can detect a cellphone up to nearly 20 miles away. It takes about three minutes to attach the Lifeseeker unit inside a helicopter when needed for a search and rescue mission, Durkin said. SAR can also use the tool to send text messages to the missing person, for example, advising them to stay in one area if they are hurt or move to a clearing for a helicopter to pick them up. The tool also has a broadcast function that allows SAR to send out a message to a group of people within a certain range, similar to an Amber Alert for a missing child, to warn them of a wildfire or flood, Durkin said.

An anonymous reader quotes a report from the BBC: A sophisticated joint European-Japanese satellite has launched to measure how clouds influence the climate. Some low-level clouds are known to cool the planet, others at high altitude will act as a blanket. The Earthcare mission will use a laser and a radar to probe the atmosphere to see precisely where the balance lies. It's one of the great uncertainties in the computer models used to forecast how the climate will respond to increasing levels of greenhouse gases. "Many of our models suggest cloud cover will go down in the future and that means that clouds will reflect less sunlight back to space, more will be absorbed at the surface and that will act as an amplifier to the warming we would get from carbon dioxide," Dr Robin Hogan, from the European Centre for Medium-Range Weather Forecasts, told BBC News.

The 2.3-tonne satellite was sent up from California on a SpaceX rocket. The project is led by the European Space Agency (ESA), which has described it as the organization's most complex Earth observation venture to date. Certainly, the technical challenge in getting the instruments to work as intended has been immense. It's taken fully 20 years to go from mission approval to launch. Earthcare will circle the Earth at a height of about 400km (250 miles). It's actually got four instruments in total that will work in unison to get at the information sought by climate scientists.

The simplest is an imager -- a camera that will take pictures of the scene passing below the spacecraft to give context to the measurements made by the other three instruments. Earthcare's European ultraviolet laser will see the thin, high clouds and the tops of clouds lower down. It will also detect the small particles and droplets (aerosols) in the atmosphere that influence the formation and behavior of clouds. The Japanese radar will look into the clouds, to determine how much water they are carrying and how that's precipitating as rain, hail and snow. And a radiometer will sense how much of the energy falling on to Earth from the Sun is being reflected or radiated back into space.

An anonymous reader quotes a report from the New York Times: The defense lawyer minced no words as he addressed a room full of plastic-industry executives. Prepare for a wave of lawsuits with potentially "astronomical" costs. Speaking at a conference earlier this year, the lawyer, Brian Gross, said the coming litigation could "dwarf anything related to asbestos," one of the most sprawling corporate-liability battles in United States history. Mr. Gross was referring to PFAS, the "forever chemicals" that have emerged as one of the major pollution issues of our time. Used for decades in countless everyday objects -- cosmetics, takeout containers, frying pans -- PFAS have been linked to serious health risks including cancer. Last month the federal government said several types of PFAS must be removed from the drinking water of hundreds of millions of Americans. "Do what you can, while you can, before you get sued," Mr. Gross said at the February session, according to a recording of the event made by a participant and examined by The New York Times. "Review any marketing materials or other communications that you've had with your customers, with your suppliers, see whether there's anything in those documents that's problematic to your defense," he said. "Weed out people and find the right witness to represent your company."

A wide swath of the chemicals, plastics and related industries are gearing up to fight a surge in litigation related to PFAS, or per- and polyfluoroalkyl substances, a class of nearly 15,000 versatile synthetic chemicals linked to serious health problems. [...] PFAS-related lawsuits have already targeted manufacturers in the United States, including DuPont, its spinoff Chemours, and 3M. Last year, 3M agreed to pay at least $10 billion to water utilities across the United States that had sought compensation for cleanup costs. Thirty state attorneys general have also sued PFAS manufacturers, accusing the manufacturers of widespread contamination. But experts say the legal battle is just beginning. Under increasing scrutiny are a wider universe of companies that use PFAS in their products. This month, plaintiffs filed a class-action lawsuit against Bic, accusing the razor company for failing to disclose that some of its razors contained PFAS. Bic said it doesn't comment on pending litigation, and said it had a longstanding commitment to safety.

The Biden administration has moved to regulate the chemicals, for the first time requiring municipal water systems to remove six types of PFAS. Last month, the Environmental Protection Agency also designated two of those PFAS chemicals as hazardous substances under the Superfund law, shifting responsibility for their cleanup at contaminated sites from taxpayers to polluters. Both rules are expected to prompt a new round of litigation from water utilities, local communities and others suing for cleanup costs. "To say that the floodgates are opening is an understatement," said Emily M. Lamond, an attorney who focuses on environmental litigation at the law firm Cole Schotz. "Take tobacco, asbestos, MTBE, combine them, and I think we're still going to see more PFAS-related litigation," she said, referring to methyl tert-butyl ether, a former harmful gasoline additive that contaminated drinking water. Together, the trio led to claims totaling hundreds of billions of dollars. Unlike tobacco, used by only a subset of the public, "pretty much every one of us in the United States is walking around with PFAS in our bodies," said Erik Olson, senior strategic director for environmental health at the Natural Resources Defense Council. "And we're being exposed without our knowledge or consent, often by industries that knew how dangerous the chemicals were, and failed to disclose that," he said. "That's a formula for really significant liability."

T-Mobile said Tuesday that it plans to acquire most of U.S. Cellular, including stores, some of the wireless operator's spectrum and its customers, in a deal worth $4.4 billion. The deal includes cash and up to $2 billion of debt. From a report: T-Mobile said it will use U.S. Cellular wireless spectrum to improve coverage in rural areas while offering better connectivity to U.S. Cellular customers around the United States. The company said it will allow U.S. Cellular customers to keep their current plans or switch to a T-Mobile plan. U.S. Cellular will retain some of its wireless spectrum and towers and will lease space on at least 2,100 additional towers to T-Mobile. The companies expect the deal to close in mid-2025.

Roughly 160,000 U.S.-based amateur radio enthusiasts belong to the American Radio Relay League, a nonprofit with 100 full-time and part-time staff members.

Nine days ago it announced "that it suffered a cyberattack that disrupted its network and systems," reports BleepingComputer, "including various online services hosted by the organization." "We are in the process of responding to a serious incident involving access to our network and headquarters-based systems. Several services, such as Logbook of The World and the ARRL Learning Center, are affected," explained ARRL in a press release... [T]he ARRL took steps to allay members' concerns about the security of their data, confirming that they do not store credit card information or collect social security numbers.

However, the organization confirmed that its member database contains some private information, including names, addresses, and call signs. While they do not specifically state email addresses are stored in the database, one is required to become a member of the organization.
"The ARRL has not specifically said that its member database has been accessed by hackers," Security Week points out, "but its statement suggests it's possible."

The site adds that it has also "reached out to ARRL to find out if this was a ransomware attack and whether the attackers made any ransom demand."

Thanks to Slashdot reader AzWa Snowbird for sharing the news.

Messaging app Signal's president Meredith Whittaker criticized rival Telegram's security on Friday, saying Telegram founder Pavel Durov is "full of s---" in his claims about Signal. "Telegram is a social media platform, it's not encrypted, it's the least secure of messaging and social media services out there," Whittaker told TechCrunch in an interview. The comments come amid a war of words between Whittaker, Durov and Twitter owner Elon Musk over the security of their respective platforms. Whittaker said Durov's amplification of claims questioning Signal's security was "incredibly reckless" and "actually harms real people."

"Play your games, but don't take them into my court," Whittaker said, accusing Durov of prioritizing being "followed by a professional photographer" over getting facts right about Signal's encryption. Signal uses end-to-end encryption by default, while Telegram only offers it for "secret chats." Whittaker said many in Ukraine and Russia use Signal for "actual serious communications" while relying on Telegram's less-secure social media features. She said the "jury is in" on the platforms' comparative security and that Signal's open source code allows experts to validate its privacy claims, which have the trust of the security community.

Australia's media regulator is taking legal action against telecom carrier Optus, owned by Singapore Telecommunications, over a cyber attack it faced in September 2022, the telecom operator said on Wednesday. From a report: Australia's No.2 telco, had in September 2022 faced a massive data breach which exposed customers' personal information, including home addresses, passport and phone numbers. Following the incident, the country's Prime Minister Anthony Albanese called for tougher privacy rules to force companies to notify banks faster when they experience similar data breaches.

About 10 million Australians, 40% of the population, are Optus customers and could not use smartphones, broadband internet or landlines for much of the day of the breach. The Australian Communications and Media Authority is alleging that Optus Mobile failed to protect the confidentiality of personally identifiable information of its customers from unauthorised interference or unauthorised access.

fjo3 quotes a report from Reuters: SpaceX on Wednesday launched an inaugural batch of operational spy satellites it built as part of a new U.S. intelligence network designed to significantly upgrade the country's space-based surveillance powers, the first deployment of several more planned this year. The spy network was revealed in a pair of Reuters reports earlier this year showing SpaceX is building hundreds of satellites for the U.S. National Reconnaissance Office, an intelligence agency, for a vast system in orbit capable of rapidly spotting ground targets almost anywhere in the world.

SpaceX's Falcon 9 rocket lifted off from the Vandenberg Space Force Base in Southern California at 4 a.m. EDT on Wednesday, carrying into space what the NRO said was the "first launch of the NRO's proliferated systems featuring responsive collection and rapid data delivery." "Approximately half a dozen launches supporting NRO's proliferated architecture are planned for 2024, with additional launches expected through 2028," the agency said, without naming the number of satellites deployed.

Political consultant Steven Kramer faces a $6 million fine and over two dozen criminal charges for using AI-generated robocalls mimicking President Joe Biden's voice to mislead New Hampshire voters ahead of the presidential primary. The Associated Press reports: The Federal Communications Commission said the fine it proposed Thursday for Steven Kramer is its first involving generative AI technology. The company accused of transmitting the calls, Lingo Telecom, faces a $2 million fine, though in both cases the parties could settle or further negotiate, the FCC said. Kramer has admitted orchestrating a message that was sent to thousands of voters two days before the first-in-the-nation primary on Jan. 23. The message played an AI-generated voice similar to the Democratic president's that used his phrase "What a bunch of malarkey" and falsely suggested that voting in the primary would preclude voters from casting ballots in November.

Kramer is facing 13 felony charges alleging he violated a New Hampshire law against attempting to deter someone from voting using misleading information. He also faces 13 misdemeanor charges accusing him of falsely representing himself as a candidate by his own conduct or that of another person. The charges were filed in four counties and will be prosecuted by the state attorney general's office. Attorney General John Formella said New Hampshire was committed to ensuring that its elections "remain free from unlawful interference."

Kramer, who owns a firm that specializes in get-out-the-vote projects, did not respond to an email seeking comment Thursday. He told The Associated Press in February that he wasn't trying to influence the outcome of the election but rather wanted to send a wake-up call about the potential dangers of artificial intelligence when he paid a New Orleans magician $150 to create the recording. "Maybe I'm a villain today, but I think in the end we get a better country and better democracy because of what I've done, deliberately," Kramer said in February.

A server maintained by Cogent Communications, one of the 13 root servers crucial to the Internet's domain name system, fell out of sync with its peers for over four days due to an unexplained glitch. This issue, which could have caused worldwide stability and security problems, was resolved on Wednesday.

The root servers store cryptographic keys necessary for authenticating intermediate servers under the DNSSEC mechanism. Inconsistencies in these keys across the 13 servers could lead to an increased risk of attacks such as DNS cache poisoning. Engineers postponed planned updates to the .gov and .int domain name servers' DNSSEC to use ECDSA cryptographic keys until the situation stabilized. Cogent stated that it became aware of the issue on Tuesday and resolved it within 25 hours. ArsTechnica, which has a great writeup about the incident, adds: Initially, some people speculated that the depeering of Tata Communications, the c-root site outage, and the update errors to the c-root itself were all connected somehow. Given the vagueness of the statement, the relation of those events still isn't entirely clear.

WhatsApp's security team warned that despite the app's encryption, users are vulnerable to government surveillance through traffic analysis, according to an internal threat assessment obtained by The Intercept. The document suggests that governments can monitor when and where encrypted communications occur, potentially allowing powerful inferences about who is conversing with whom. The report adds: Even though the contents of WhatsApp communications are unreadable, the assessment shows how governments can use their access to internet infrastructure to monitor when and where encrypted communications are occurring, like observing a mail carrier ferrying a sealed envelope. This view into national internet traffic is enough to make powerful inferences about which individuals are conversing with each other, even if the subjects of their conversations remain a mystery. "Even assuming WhatsApp's encryption is unbreakable," the assessment reads, "ongoing 'collect and correlate' attacks would still break our intended privacy model."

The WhatsApp threat assessment does not describe specific instances in which it knows this method has been deployed by state actors. But it cites extensive reporting by the New York Times and Amnesty International showing how countries around the world spy on dissident encrypted chat app usage, including WhatsApp, using the very same techniques. As war has grown increasingly computerized, metadata -- information about the who, when, and where of conversations -- has come to hold immense value to intelligence, military, and police agencies around the world. "We kill people based on metadata," former National Security Agency chief Michael Hayden once infamously quipped. Meta said "WhatsApp has no backdoors and we have no evidence of vulnerabilities in how WhatsApp works." Though the assessment describes the "vulnerabilities" as "ongoing," and specifically mentions WhatsApp 17 times, a Meta spokesperson said the document is "not a reflection of a vulnerability in WhatsApp," only "theoretical," and not unique to WhatsApp.

Longtime Slashdot reader DVega shares a report from Phoronix: ReiserFS lead developer and convicted murderer Hans Reiser a few months back wrote letters to be made public apologizing for his social mistakes and other commentary. In his written communications he also made a last request for ReiserFS in the Linux kernel: "Assuming that the decision is to remove [ReiserFS] V3 from the kernel, I have just one request: that for one last release the README be edited to add Mikhail Gilula, Konstantin Shvachko, and Anatoly Pinchuk to the credits, and to delete anything in there I might have said about why they were not credited. It is time to let go."

Hans credits his improved social and communication skills learned in prison among other details shared in the public letters. Per the indirect request by Hans Reiser, SUSE's Jan Kara has now altered the ReiserFS README file with the changes going in today to the Linux 6.10 kernel. The negative language was removed and instead acknowledging their contributions.

Apple is offering discounts of up to $318 on select iPhone models in China, hoping to "defend its position in the high-end smartphone market, where it faces increasing competition from local rivals such as Huawei," reports Reuters. From the report: The increased competitive pressure on Apple comes after Huawei last month introduced its new series of high-end smartphones, the Pura 70, following the launch of the Mate 60 last August. Apple's previous discounting effort in February appears to have helped the company mitigate a sales slowdown in China. Apple's shipments in China increased by 12% in March, according to Reuters' calculations based on data from the China Academy of Information and Communications Technology (CAICT). This marks a significant improvement from the first two months of 2024, when the company experienced a 37% slump in sales.

America's Federal Trade Commission and 17 states filed an antitrust suit against Amazon in September. This week Amazon responded in court about its usage of Signal's "disappearing messages" feature.

Long-time Slashdot reader theodp shares GeekWire's report: At a company known for putting its most important ideas and strategies into comprehensive six-page memos, quick messages between executives aren't the place for meaningful business discussions. That's one of the points made by Amazon in its response Monday to the Federal Trade Commission's allegations about executives' use of the Signal encrypted communications app, known for its "disappearing messages" feature. "For these individuals, just like other short-form messaging, Signal was not a means to send 'structured, narrative text'; it was a way to get someone's attention or have quick exchanges on sensitive topics like public relations or human resources," the company says as part of its response, filed Monday in U.S. District Court in Seattle. Of course, for regulators investigating the company's business practices, these offhanded private comments between Amazon executives could be more revealing than carefully crafted memos meant for wider internal distribution. But in its filing this week, Amazon says there is no evidence that relevant messages have been lost, or that Signal was used to conceal communications that would have been responsive to the FTC's discovery requests. The company says "the equally logical explanation — made more compelling by the available evidence — is that such messages never existed."

In an April 25 motion, the FTC argued that the absence of Signal messages from Amazon discussing substantive business issues relevant to the case was a strong indication that such messages had disappeared. "Amazon executives deleted many Signal messages during Plaintiffs' pre-Complaint investigation, and Amazon did not instruct its employees to preserve Signal messages until over fifteen months after Amazon knew that Plaintiffs' investigation was underway," the FTC wrote in its motion. "It is highly likely that relevant information has been destroyed as a result of Amazon's actions and inactions...."

Amazon's filing quotes the company's founder, Jeff Bezos, saying in a deposition in the case that "[t]o discuss anything in text messaging or Signal messaging or anything like that of any substance would be akin to business malpractice. It's just too short of a messaging format...." The company's filing traces the initial use of Signal by executives back to the suspected hacking of Bezos' phone in 2018, which prompted the Amazon founder to seek ways to send messages more securely.

Starting this week millions will see AI-generated answers in Google's search results by default. But the announcement Tuesday at Google's annual developer conference suggests a future that's "not without its risks, both to users and to Google itself," argues the Washington Post: For years, Google has been shielded for liability for linking users to bad, harmful or illegal information by Section 230 of the Communications Decency Act. But legal experts say that shield probably won't apply when its AI answers search questions directly. "As we all know, generative AIs hallucinate," said James Grimmelmann, professor of digital and information law at Cornell Law School and Cornell Tech. "So when Google uses a generative AI to summarize what webpages say, and the AI gets it wrong, Google is now the source of the harmful information," rather than just the distributor of it...

Adam Thierer, senior fellow at the nonprofit free-market think tank R Street, worries that innovation could be throttled if Congress doesn't extend Section 230 to cover AI tools. "As AI is integrated into more consumer-facing products, the ambiguity about liability will haunt developers and investors," he predicted. "It is particularly problematic for small AI firms and open-source AI developers, who could be decimated as frivolous legal claims accumulate." But John Bergmayer, legal director for the digital rights nonprofit Public Knowledge, said there are real concerns that AI answers could spell doom for many of the publishers and creators that rely on search traffic to survive — and which AI, in turn, relies on for credible information. From that standpoint, he said, a liability regime that incentivizes search engines to continue sending users to third-party websites might be "a really good outcome."

Meanwhile, some lawmakers are looking to ditch Section 230 altogether. [Last] Sunday, the top Democrat and Republican on the House Energy and Commerce Committee released a draft of a bill that would sunset the statute within 18 months, giving Congress time to craft a new liability framework in its place. In a Wall Street Journal op-ed, Reps. Cathy McMorris Rodgers (R-Wash.) and Frank Pallone Jr. (D-N.J.) argued that the law, which helped pave the way for social media and the modern internet, has "outlived its usefulness."

The tech industry trade group NetChoice [which includes Google, Meta, X, and Amazon] fired back on Monday that scrapping Section 230 would "decimate small tech" and "discourage free speech online."
The digital law professor points out Google has traditionally escaped legal liability by attributing its answers to specific sources — but it's not just Google that has to worry about the issue. The article notes that Microsoft's Bing search engine also supplies AI-generated answers (from Microsoft's Copilot). "And Meta recently replaced the search bar in Facebook, Instagram and WhatsApp with its own AI chatbot."

The article also note sthat several U.S. Congressional committees are considering "a bevy" of AI bills...

Security professional Bruce Schneier argues that large language models have the same vulnerability as phones in the 1970s exploited by John Draper.

"Data and control used the same channel," Schneier writes in Communications of the ACM. "That is, the commands that told the phone switch what to do were sent along the same path as voices." Other forms of prompt injection involve the LLM receiving malicious instructions in its training data. Another example hides secret commands in Web pages. Any LLM application that processes emails or Web pages is vulnerable. Attackers can embed malicious commands in images and videos, so any system that processes those is vulnerable. Any LLM application that interacts with untrusted users — think of a chatbot embedded in a website — will be vulnerable to attack. It's hard to think of an LLM application that isn't vulnerable in some way.

Individual attacks are easy to prevent once discovered and publicized, but there are an infinite number of them and no way to block them as a class. The real problem here is the same one that plagued the pre-SS7 phone network: the commingling of data and commands. As long as the data — whether it be training data, text prompts, or other input into the LLM — is mixed up with the commands that tell the LLM what to do, the system will be vulnerable. But unlike the phone system, we can't separate an LLM's data from its commands. One of the enormously powerful features of an LLM is that the data affects the code. We want the system to modify its operation when it gets new training data. We want it to change the way it works based on the commands we give it. The fact that LLMs self-modify based on their input data is a feature, not a bug. And it's the very thing that enables prompt injection.

Like the old phone system, defenses are likely to be piecemeal. We're getting better at creating LLMs that are resistant to these attacks. We're building systems that clean up inputs, both by recognizing known prompt-injection attacks and training other LLMs to try to recognize what those attacks look like. (Although now you have to secure that other LLM from prompt-injection attacks.) In some cases, we can use access-control mechanisms and other Internet security systems to limit who can access the LLM and what the LLM can do. This will limit how much we can trust them. Can you ever trust an LLM email assistant if it can be tricked into doing something it shouldn't do? Can you ever trust a generative-AI traffic-detection video system if someone can hold up a carefully worded sign and convince it to not notice a particular license plate — and then forget that it ever saw the sign...?

Someday, some AI researcher will figure out how to separate the data and control paths. Until then, though, we're going to have to think carefully about using LLMs in potentially adversarial situations...like, say, on the Internet.
Schneier urges engineers to balance the risks of generative AI with the powers it brings. "Using them for everything is easier than taking the time to figure out what sort of specialized AI is optimized for the task.

"But generative AI comes with a lot of security baggage — in the form of prompt-injection attacks and other security risks. We need to take a more nuanced view of AI systems, their uses, their own particular risks, and their costs vs. benefits."

An anonymous reader quotes a report from The Guardian: Proteins in the blood could warn people of cancer more than seven years before it is diagnosed, according to research [published in the journal Nature Communications]. Scientists at the University of Oxford studied blood samples from more than 44,000 people in the UK Biobank, including over 4,900 people who subsequently had a cancer diagnosis. They compared the proteins of people who did and did not go on to be diagnosed with cancer and identified 618 proteins linked to 19 types of cancer, including colon, lung, non-Hodgkin lymphoma and liver.

The study, funded by Cancer Research UK and published in Nature Communications, also found 107 proteins associated with cancers diagnosed more than seven years after the patient's blood sample was collected and 182 proteins that were strongly associated with a cancer diagnosis within three years. The authors concluded that some of these proteins could be used to detect cancer much earlier and potentially provide new treatment options, though further research was needed.