A long-awaited bill in the U.S. Congress proposes $79 billion (over 10 years) to boost U.S. semiconductor production, reports the Associated Press, "mostly as a result of new grants and tax breaks that would subsidize the cost that computer chip manufacturers incur when building or expanding chip plants in the United States."

But opposing the bill are 31 Republican senators — and democratic socialist senator Bernie Sanders: Supporters say that countries all over the world are spending billons of dollars to lure chipmakers. The U.S. must do the same or risk losing a secure supply of the semiconductors that power the nation's automobiles, computers, appliances and some of the military's most advanced weapons systems. Sanders (Independent — Vermont), and a wide range of conservative lawmakers, think tanks and media outlets have a different take. To them, it's "corporate welfare...."

"Not too many people that I can recall — I have been all over this country — say: 'Bernie, you go back there and you get the job done, and you give enormously profitable corporations, which pay outrageous compensation packages to their CEOs, billions and billions of dollars in corporate welfare,'" Sanders said.

Senator Mitt Romney (Republican — Utah), is among the likely Republican supporters. Asked about the Sanders' argument against the bill, Romney said that when other countries subsidize the manufacturing of high technology chips, the U.S. must join the club. "If you don't play like they play, then you are not going to be manufacturing high technology chips, and they are essential for our national defense as well as our economy," Romney said....

"My fear is that more and more companies will locate their manufacturing facilities in other countries and that we will be increasingly vulnerable," said Senator Susan Collin (Republican — Maine).
The bill's supporters remain confident it will pass the U.S. Senate, but then "the window for passing the bill through the House is narrow if progressives join with Sanders and if most Republicans line up in opposition based on fiscal concerns.

"The White House says the bill needs to pass by the end of the month because companies are making decisions now about where to build."

There's been "a dramatic escalation of Chinese espionage on US soil over the past decade," sources in the U.S. counterintelligence community have told CNN this weekend.

But some dramatic new examples have been revealed. For example, in 2017 China's government offered to build a $100 million pavilion in Washington D.C. with an ornate 70-foot pagoda. U.S. counterintelligence officials realized its location — two miles from the U.S. Capitol — appeared "strategically placed on one of the highest points in Washington DC...a perfect spot for signals intelligence collection." Also alarming was that Chinese officials wanted to build the pagoda with materials shipped to the US in diplomatic pouches, which US Customs officials are barred from examining, the sources said. Federal officials quietly killed the project before construction was underway...

Since at least 2017, federal officials have investigated Chinese land purchases near critical infrastructure, shut down a high-profile regional consulate believed by the US government to be a hotbed of Chinese spies and stonewalled what they saw as clear efforts to plant listening devices near sensitive military and government facilities.

Among the most alarming things the FBI uncovered pertains to Chinese-made Huawei equipment atop cell towers near US military bases in the rural Midwest. According to multiple sources familiar with the matter, the FBI determined the equipment was capable of capturing and disrupting highly restricted Defense Department communications, including those used by US Strategic Command, which oversees the country's nuclear weapons.... It's unclear if the intelligence community determined whether any data was actually intercepted and sent back to Beijing from these towers. Sources familiar with the issue say that from a technical standpoint, it's incredibly difficult to prove a given package of data was stolen and sent overseas.

The Chinese government strongly denies any efforts to spy on the US.... But multiple sources familiar with the investigation tell CNN that there's no question the Huawei equipment has the ability to intercept not only commercial cell traffic but also the highly restricted airwaves used by the military and disrupt critical US Strategic Command communications, giving the Chinese government a potential window into America's nuclear arsenal.... As Huawei equipment began to proliferate near US military bases, federal investigators started taking notice, sources familiar with the matter told CNN. Of particular concern was that Huawei was routinely selling cheap equipment to rural providers in cases that appeared to be unprofitable for Huawei — but which placed its equipment near military assets.

This week America's Department of Defense "created an office to track unidentified objects in space and air, [and] under water," reports Space.com, "or even those that appear to travel between these domains." UFOs, or as they are now known, unidentified aerial phenomena (UAP) have been receiving newfound levels of government scrutiny not seen in decades. Multiple hearings and classified briefings have taken place in the halls of the U.S. Congress in recent months, and many lawmakers have expressed concern that America's airspace may not be as safe as we think due to the many sightings of unidentified objects military aviators and other armed forces personnel have reported.

With that in mind, the Department of Defense announced the creation of this new office in a statement published Wednesday (July 20). The office is known as the All-domain Anomaly Resolution Office, or AARO, and was established within the Office of the Under Secretary of Defense for Intelligence and Security... The office has six primary lines of effort: surveillance, collection and reporting; system capabilities and design; intelligence operations and analysis; mitigation and defeat; governance; and science and technology.
A statement from the U.S. Department of Defense spells out its mission:

• To synchronize efforts across the Department of Defense, and with other U.S. federal departments and agencies
• To detect, identify and attribute objects of interest in, on or near military installations, operating areas, training areas, special use airspace and other areas of interest
• As necessary, to mitigate any associated threats to safety of operations and national security.

Long-time Slashdot reader schwit1 notes the office already has its own Twitter feed, providing "updates and information relative to our examinations of unidentified anomalous phenomena across space, air, and maritime domains."

An anonymous reader quotes a report from Motherboard: A video started circulating on Twitter Thursday of a Boston Dynamics-style robot dog firing a submachine gun into targets amid a snowy backdrop. This type of robot dog (it doesn't seem like the robot in the video is a Boston Dynamics Spot, just looks a lot like it) is famous for dancing, but now appears to have fulfilled every warning given by journalists and analysts. It's got a gun and it's ready to kill. A lot of questions remain. First, the robot dog doesn't seem to be able to handle the recoil of the gun well. As it fires its rounds, the barrel trails up and the dog has to take a minute to get its balance back. We also don't know if the dog is firing on its own or if, and this is more likely, someone is off-camera pulling the trigger remotely.

The robot's feet, various ports, and its front are completely different from Boston Dynamics' Spot. There's dozens of knockoffs of the Boston Dynamics dog selling on the international market. The one in the video appears to be a UnitreeYusu "technology dog" selling on AliExpress for about $3,000. The feet, port placement, and joint coverings are all the same. The robot also has strips of Velcro on either of its flanks. The left flank bears a Russian flag and the other appears with a wolf's head. In another video on the channel, a man wears a similar patch on his arm. It appears to be a wolf's head insignia commonly associated with Russian Special Operations Forces or Spetsnaz. That doesn't mean that Spetsnaz is using armed robot dogs, as pretty much anyone can buy a similar patch online in various places.

The gun is also Russian. It appears to be a PP-19 Vityaz, a submachine gun based on the AK-74 design. As the dog wanders around and fires, it sometimes moves in front of an armored personnel carrier with a unique triangular door. That's a BDRM-2, a Russian armored car that's been spotted recently in Ukraine. Finally, there's the account the video originally appeared on. Before making its way to Twitter, the video of the dog was posted to the YouTube account of Alexander Atamov on March 22, 2022. Atamov is listed on his LinkedIn profile as the founder of "HOVERSURF" and his Facebook page lists him as living in Moscow. He posted a picture of the robot dog on March 21. According to Facebook's translation of his post, he called the dog "Skynet."

The Biden administration is investigating Chinese telecoms equipment maker Huawei over concerns that U.S. cell towers fitted with its gear could capture sensitive information from military bases and missile silos that the company could then transmit to China, Reuters reported Thursday, citing people familiar with the matter. From the report: Authorities are concerned Huawei could obtain sensitive data on military drills and the readiness status of bases and personnel via the equipment, one of the people said, requesting anonymity because the investigation is confidential and involves national security. The previously unreported probe was opened by the Commerce Department shortly after Joe Biden took office early last year, the sources said, following the implementation of rules to flesh out a May 2019 executive order that gave the agency the investigative authority.

NSO Group's Pegasus spyware was used to target Thai pro-democracy protesters and leaders calling for reforms to the monarchy. "We forensically confirmed that at least 30 individuals were infected with NSO Group's Pegasus spyware," reports Citizen Lab. "The observed infections took place between October 2020 and November 2021." Here's an excerpt from the report: Introduction: Surveillance & Repression in Thailand: The Kingdom of Thailand is a constitutional monarchy with a parliamentary-style government divided into executive, legislative, and judiciary branches. The country has been beset by intense political conflict since 2005, during the government of former Prime Minister Thaksin Shinawatra. Corruption allegations against the regime culminated in a military coup on September 19, 2006 that ousted Thaksin. The military launched another coup on May 22, 2014 and seized power following mass protests against the civilian government led by Thaksin's sister, Yingluck Shinawatra. The junta claimed that the 2014 coup was needed to restore order and called itself the National Council for Peace and Order (NCPO).

Findings: Pegasus Infections in Thailand: On November 23, 2021, Apple began sending notifications to iPhone users targeted by state-backed attacks with mercenary spyware. The recipients included individuals that Apple believes were targeted with NSO Group's FORCEDENTRY exploit. Many Thai civil society members received this warning. Shortly thereafter, multiple recipients of the notification made contact with the Citizen Lab and regional groups. In collaboration with Thai organizations iLaw and DigitalReach, forensic evidence was obtained from notification recipients, and other suspected victims, who consented to participate in a research study with the Citizen Lab. We then performed a technical analysis of forensic artifacts to determine whether these individuals were infected with Pegasus or other spyware. Victims publicly named in this report consented to be identified as such, while others chose to remain anonymous, or have their cases described with limited detail.

Civil Society Pegasus Infections: We have identified at least 30 Pegasus victims among key civil society groups in Thailand, including activists, academics, lawyers, and NGO workers. The infections occurred from October 2020 to November 2021, coinciding with a period of widespread pro-democracy protests, and predominantly targeted key figures in the pro-democracy movement. In numerous cases, multiple members of movements or organizations were infected. Many of the victims included in this report have been repeatedly detained, arrested, and imprisoned for their political activities or criticism of the government. Many of the victims have also been the subject of lese-majeste prosecutions by the Thai government. While many of the infections were detected on the devices of prominent figures, hacking was also observed against individuals who are not publicly involved in the protests. Speculatively, this may reflect the attackers' intent to uncover details about how opposition movements were organized, and may have been prompted by specific financial transactions that would have been known to Thai financial institutions and the government, but not the public.

Russia has hit Google with a $373 million fine for failing to restrict access to "prohibited" material about the war in Ukraine and other content. The BBC reports: Roskomnadzor, the country's communications regulator, said the information included "fake" reports that discredited Russia's military and posts urging people to protest. It called the US tech giant a "systematic" violator of its laws. Google did not comment immediately.

The company's local subsidiary declared bankruptcy last month. The move came after Russian authorities seized its local bank account, allowing them to recover 7.2bn roubles that the firm had been ordered to pay for similar reasons last year. [...] The fine announced on Monday, which was calculated as a share of the firm's local revenue, marks the biggest penalty ever imposed on a tech company in Russia, according to state media.

An anonymous reader quotes a report from MIT Technology Review: "People are realizing now: wait a minute, literally everything we do is underpinned by Linux," says Dave Aitel, a cybersecurity researcher and former NSA computer security scientist. "This is a core technology to our society. Not understanding kernel security means we can't secure critical infrastructure." Now DARPA, the US military's research arm, wants to understand the collision of code and community that makes these open-source projects work, in order to better understand the risks they face. The goal is to be able to effectively recognize malicious actors and prevent them from disrupting or corrupting crucially important open-source code before it's too late. DARPA's "SocialCyber" program is an 18-month-long, multimillion-dollar project that will combine sociology with recent technological advances in artificial intelligence to map, understand, and protect these massive open-source communities and the code they create. It's different from most previous research because it combines automated analysis of both the code and the social dimensions of open-source software.

Here's how the SocialCyber program works. DARPA has contracted with multiple teams of what it calls "performers," including small, boutique cybersecurity research shops with deep technical chops. One such performer is New York -- based Margin Research, which has put together a team of well-respected researchers for the task. Margin Research is focused on the Linux kernel in part because it's so big and critical that succeeding here, at this scale, means you can make it anywhere else. The plan is to analyze both the code and the community in order to visualize and finally understand the whole ecosystem.

Margin's work maps out who is working on what specific parts of open-source projects. For example, Huawei is currently the biggest contributor to the Linux kernel. Another contributor works for Positive Technologies, a Russian cybersecurity firm that -- like Huawei -- has been sanctioned by the US government, says Aitel. Margin has also mapped code written by NSA employees, many of whom participate in different open-source projects. "This subject kills me," says d'Antoine of the quest to better understand the open-source movement, "because, honestly, even the most simple things seem so novel to so many important people. The government is only just realizing that our critical infrastructure is running code that could be literally being written by sanctioned entities. Right now." This kind of research also aims to find underinvestment -- that is critical software run entirely by one or two volunteers. It's more common than you might think -- so common that one common way software projects currently measure risk is the "bus factor": Does this whole project fall apart if just one person gets hit by a bus? SocialCyber will also tackle other open-source projects too, such as Python which is "used in a huge number of artificial-intelligence and machine-learning projects," notes the report. "The hope is that greater understanding will make it easier to prevent a future disaster, whether it's caused by malicious activity or not."

US security technology provider L3Harris has courted controversial Israeli spyware firm NSO with an aim to buy it, according to reports. The Register reports: The New York Times claims L3Harris in recent months sent a team to Israel to try to smooth passage of the deal, which was made challenging by US president Joe Biden's decision to blacklist NSO following the use of its Pegasus software to crack phones of politicians and campaigners. The L3Harris executives delivered a message that the US government offers tacit support of its acquisition bid, although public statements were unlikely, according to five separate sources.

The claims run counter to statements from US officials who were said to be outraged to learn about the negotiations for an American company to purchase a blacklisted spy-tech vendor. Later, L3Harris told officials it planned to end its attempt to buy the company while conflicting accounts said it hoped to restart them. The Times says that the US military contractor hired lawyer Daniel Reisner, who once worked for Israeli Military Prosecutor's Office to advise on the deal. News website Intelligence Online has also reported L3Harris efforts to buy NSO, although it quoted White House officials as saying the deal could create "serious counterintelligence and security concerns" for the US.

The New York Times describes Pegasus as "a 'zero-click' hacking tool that can remotely extract everything from a target's mobile phone [and] turn the mobile phone into a tracking and recording device." But they also report that the tool's "notorious" maker, NSO Group, was visited "numerous times" in recent months by a executives from American military contractor L3Harris — makes of the cellphone-tracking Stingray tool — who'd wanted to negotiate a purchase of the company.

Their first problem? The U.S. government had blacklisted NSO Group in November, saying Pegasus had been used to compromise phones of political leaders, human rights activists and journalists. But five people familiar with the negotiations said that the L3Harris team had brought with them a surprising message that made a deal seem possible. American intelligence officials, they said, quietly supported its plans to purchase NSO, whose technology over the years has been of intense interest to many intelligence and law enforcement agencies around the world, including the F.B.I. and the C.I.A.

The talks continued in secret until last month, when word of NSO's possible sale leaked and sent all the parties scrambling. White House officials said they were outraged to learn about the negotiations, and that any attempt by American defense firms to purchase a blacklisted company would be met by serious resistance.... Left in place are questions in Washington, other allied capitals and Jerusalem about whether parts of the U.S. government — with or without the knowledge of the White House — had seized an opportunity to try to bring control of NSO's powerful spyware under U.S. authority, despite the administration's very public stance against the Israeli firm....

[NSO Group] had seen a deal with the American defense contractor as a potential lifeline after being blacklisted by the Commerce Department, which has crippled its business. American firms are not allowed to do business with companies on the blacklist, under penalty of sanctions. As a result, NSO cannot buy any American technology to sustain its operations — whether it be Dell servers or Amazon cloud storage — and the Israeli firm has been hoping that being sold to a company in the United States could lead to the sanctions being lifted....

L3 Harris's representatives told the Israelis that U.S. intelligence agencies supported the acquisition as long as certain conditions were met, according to five people familiar with the discussions. One of the conditions, those people said, was that NSO's arsenal of "zero days" — the vulnerabilities in computer source code that allow Pegasus to hack into mobile phones — could be sold to all of the United States' partners in the so-called Five Eyes intelligence sharing relationship. The other partners are Britain, Canada, Australia and New Zealand.
"Several people familiar with the talks said there have been attempts to resuscitate the negotiations..."

Howard Altman writes via The Drive: In an effort to protect those with information about unidentified aerial phenomena (UAP) and increase the influx of reports about them, Rep. Mike Gallagher (R-Wisc) has introduced (PDF) an amendment to the Fiscal Year 2023 National Defense Authorization Act. "The amendment would establish a process within the government for reporting UAPs and provide whistleblower-like protections," Gallagher's spokesman Jordan Dunn told The War Zone Thursday morning. For a multitude of reasons, U.S. troops and government contractors have traditionally been reluctant to come forward with information about these incidents, regardless of their validity. Beyond that, there have also been long-standing allegations that the government and defense contractors could be hiding previous UFO-related programs and evidence. This would allow those with information to come forward without retribution. Some have even posited that language like that in Gallagher's amendment could lead to "UFO disclosure."

In essence, it says that regardless of any previous written or oral non-disclosure agreements "that could be interpreted as a legal constraint on reporting by a witness of an unidentified aerial phenomena," those with information about UAPs, more commonly known as UFOs, would not be violating federal classified information laws if they come forward. The amendment also calls for the head of the new Airborne Object Identification and Management Synchronization Group (AOIMSG), tasked with investigating UAPs on behalf of the Defense Secretary and Director of National Intelligence, to establish "a secure system" for receiving reports of "any events relating to" UAPs and any government or government contractor activity or program related to UAPs. The reporting system shall be administered by "designated and widely known, easily accessible, and appropriately cleared Department of Defense and intelligence community employees or contractors" as part of AOIMSG, which is a much enhanced and more deeply mandated effort that replaced the Unidentified Aerial Phenomena Task Force.

Any information would first be screened "to prevent unauthorized public reporting or compromise of properly classified military and intelligence systems, programs, and related activity, including all categories and levels of special access and compartmented access programs, current, historical, and future." However, federal agencies and contractors working with the government would be precluded from taking actions, including suspending security clearances, for those who report UAP incidents and information. And those who are retaliated against "may bring a private civil action for all appropriate remedies, including injunctive relief and compensatory and punitive damages, against the Government or other employer who took the personnel action, in the United States Court of Federal Claims," the amendment states.

Airbus is conducting a very-high-altitude flight of its uncrewed Zephyr S solar-powered aircraft, a report from The Drive reveals. It is more than 17 days into the flight. Interesting Engineering reports: The Zephyr S aircraft, which has also been described as a drone and a pseudo-satellite, took off from the U.S. Army's Yuma Proving Ground in Arizona in June. It was built to stay airborne for long stretches, allowing it to serve as a sensor platform for the military. The Zephyr S was spotted on online flight tracking software after it took off from an airstrip at Yuma Proving Ground on June 15. The aircraft has since flown several patterns over the Yuma Test Range and Kofa National Wildfire Refuge.

Airbus has been running Zephyr S test flights over this area for some time, but according to the flight tracking data, the drone also started conducting runs to the southeast near Arizona's border and the southwest toward the Gulf of Mexico. On June 27, Zephyr S flew over the Gulf of Mexico before flying over the Caribbean Sea and then onto the airspace over the Central American country of Belize. Last week, the aircraft turned back towards the U.S. When the Zephyr S first flew in 2018, it remained in the skies for almost 26 days. Whether the latest flight will go on even longer than that world-record milestone is yet to be confirmed.

An anonymous reader quotes a report from the Guardian: In May 2021, a celebration for Portsmouth, New Hampshire's new $17m water treatment facility drew local and national officials who declared the city's water free of toxic "forever chemicals." Firefighting foam from the nearby Pease air force base had polluted the water for decades with per- and polyfluoroalkyl substances (PFAS), and in recognition of the public health threat the US military funded the city's new filtration system. Officials said after implementing the upgraded filtration, testing no longer found detectable levels of PFAS chemicals in the water. They called the work in Portsmouth a "national model" for addressing PFAS water contamination. "We are here to celebrate clean water," Senator Maggie Hassan said at the time. But the water may not be clean after all.

A Guardian analysis of water samples taken in Portsmouth and from eight other locations around the United States shows that the type of water testing relied on by the US Environmental Protection Agency (EPA) -- and officials in towns such as Portsmouth -- is so limited in scope that it is probably missing significant levels of PFAS pollutants. The undercount leaves regulators with an incomplete picture of the extent of PFAS contamination and reveals how millions of people may be facing an unknown health risk in their drinking water.

The analysis checked water samples from PFAS hot spots around the country with two types of tests: an EPA-developed method that detects 30 types of the approximately 9,000 PFAS compounds, and another that checks for a marker of all PFAS. The Guardian found that seven of the nine samples collected showed higher levels of PFAS in water using the test that identifies markers for PFAS, than levels found when the water was tested using the EPA method -- and at concentrations as much as 24 times greater. "The EPA is doing the bare minimum it can and that's putting people's health at risk," said Kyla Bennett, policy director at the advocacy group Public Employees for Environmental Responsibility. "PFAS are a class of chemicals used since the 1950s to make thousands of products repel water, stains and heat," notes the Guardian. "They are often called 'forever chemicals' because they don't fully break down, accumulating in the environment, humans and animals. Some are toxic at very low levels and have been linked to cancer, birth defects, kidney disease, liver problems, decreased immunity and other serious health issues."

"[W]hen it comes to identifying PFAS-contaminated water, the limitations of the test used by state and federal regulators, which is called the EPA 537 method, virtually guarantees regulators will never have a full picture of contamination levels as industry churns out new compounds much faster than researchers can develop the science to measure them," adds the report. "That creates even more incentive for industry to shift away from older compounds: if chemical companies produce newer PFAS, regulators won't be able to find the pollution."

An anonymous reader quotes a report from the BBC: The heads of UK and US security services have made an unprecedented joint appearance to warn of the threat from China. FBI director Christopher Wray said China was the "biggest long-term threat to our economic and national security" and had interfered in politics, including recent elections. MI5 head Ken McCallum said his service had more than doubled its work against Chinese activity in the last three years and would be doubling it again. MI5 is now running seven times as many investigations related to activities of the Chinese Communist Party compared to 2018, he added. The FBI's Wray warned that if China was to forcibly take Taiwan it would "represent one of the most horrific business disruptions the world has ever seen."

The first ever joint public appearance by the two directors came at MI5 headquarters in Thames House, London. McCallum also said the challenge posed by the Chinese Communist Party was "game-changing," while Wray called it "immense" and "breath-taking." Wray warned the audience -- which included chief executives of businesses and senior figures from universities -- that the Chinese government was "set on stealing your technology" using a range of tools. He said it posed "an even more serious threat to western businesses than even many sophisticated businesspeople realized." He cited cases in which people linked to Chinese companies out in rural America had been digging up genetically modified seeds which would have cost them billions of dollars and nearly a decade to develop themselves. He also said China deployed cyber espionage to "cheat and steal on a massive scale," with a hacking program larger than that of every other major country combined.

The MI5 head said intelligence about cyber threats had been shared with 37 countries and that in May a sophisticated threat against aerospace had been disrupted. McCallum also pointed to a series of examples linked to China. [...] The MI5 head said new legislation would help to deal with the threat but the UK also needed to become a "harder target" by ensuring that all parts of society were more aware of the risks. He said that reform of the visa system had seen over 50 students linked to the Chinese military leaving the UK. "China has for far too long counted on being everybody's second-highest priority," Wray said, adding: "They are not flying under the radar anymore."

Edge Autonomy announced a deal with the US Department of Defense (DoD) to produce an unspecified amount of long-endurance Penguin drones for the US Army. From a report: The company manufactures a range of light drones capable of carrying a range of payloads for intelligence, surveillance and reconnaissance (ISR), as well as targeting. Edge Autonomy's press release indicates that the company has previously supplied its products to the DoD. However, it did not disclose the extent of either the new or existing orders. Penguin C, one of the models the company manufactures, has a payload capacity of 25 kilograms (55 pounds), a range of 180 kilometers (112 miles) and a payload-dependent endurance of up to 25 hours. While outwardly similar to the famous Bayraktar TB2, the Penguin is significantly smaller and occupies a different niche while retaining similar endurance.

On Tuesday Brendan Carr, a commissioner on America's Federal Communications Commission,warned on Twitter that TikTok, owned by China-based company ByteDance, "doesn't just see its users dance videos: It collects search and browsing histories, keystroke patterns, biometric identifiers, draft messages and metadata, plus it has collected the text, images, and videos that are stored on a device's clipboard. Tiktok's pattern of misrepresentations coupled with its ownership by an entity beholden to the Chinese Community Party has resulted in U.S. military branches and national security agencies banning it from government devices.... The CCP has a track record longer than a CVS receipt of conducting business & industrial espionage as well as other actions contrary to U.S. national security, which is what makes it so troubling that personnel in Beijing are accessing this sensitive and personnel data.
Today CNN interviewed Carr, while also bringing viewers an update. TikTok's China-based employees accessed data on U.S. TikTok users, BuzzFeed had reported — after which TikTok announced it intends to move backup data to servers in the U.S., allowing them to eventually delete U.S. data from their servers. But days later Republican Senator Blackburn was still arguing to Bloomberg that "Americans need to know if they are on TikTok, communist China has their information."

And FCC commissioner Carr told CNN he remains suspicious too: Carr: For years TikTok has been asked directly by U.S. lawmakers, 'Is any information, any data, being accessed by personnel back in Beijing?' And rather than being forthright and saying 'Yes, and here's the extent of it and here's why we don't think it's a problem,' they've repeatedly said 'All U.S. user data is stored in the U.S.," leaving people with the impression that there's no access.... This recent bombshell reporting from BuzzFeed shows at least some of the extent to which massive amounts of data has allegedy been going back to Beijing.

And that's a problem, and not just a national security problem. But to me it looks like a violation of the terms of the app store, and that's why I wrote a letter to Google and Apple saying that they should remove TikTok and boot them out of the app store... I've left them until July 8th to give me a response, so we'll see what they say. I look forward to hearing from them. But there's precedence for this. Before when applications have taken data surreptitiously and put it in servers in China or otherwise been used for reasons other than servicing the application itself, they have booted them from the app store. And so I would hope that they would just apply the plain terms of their policy here.
When CNN points out the FCC doesn't have jurisdiction over social media, Carr notes "speaking for myself as one member" they've developed "expertise in terms of understanding how the CCP can effectively take data and infiltrate U.S. communications' networks. And he points out that the issue is also being raised by Congressional hearings and by Republican and Democrat Senators signing joint letters together, so "I'm just one piece of a broader federal effort that's looking at the very serious risks that come from TikTok." Carr: At the end of the day, it functions as sophisticated surveillance tool that is harvesting vast amounts of data on U.S. users. And I think TikTok should answer point-blank, has any CCP member obtained non-public user data or viewed it. Not to answer with a dodge, and say they've never been asked for it or never received a request. Can they say no, no CCP member has ever seen non-public U.S. user data.
Carr's appearance was followed by an appearance by TikTok's VP and head of public policy for the Americas. But this afternoon Carr said on Twitter that TikTok's response contradicted its own past statements: Today, a TikTok exec said it was "simply false" for me to say that they collect faceprints, browsing history, & keystroke patterns.

Except, I was quoting directly from TikTok's own disclosures.

TikTok's concerning pattern of misrepresentations about U.S. user data continues.

"A metallic NATO is starting to take shape," writes the senior metals columnist at Reuters, "though no-one is calling it that just yet." The Minerals Security Partnership is in theory open to all countries that are committed to "responsible critical mineral supply chains to support economic prosperity and climate objectives". But the coalition assembled by the United States is one of like-minded countries such as Australia, Canada, the United Kingdom, France and Germany with an Asian axis in the form of Japan and South Korea. [Also the European Commission, as well as Finland and Sweden.]

It is defined as much as anything by who is not on the invite list — China and Russia.

China's dominance of key enabling minerals such as lithium and rare earths is the single biggest reason why Western countries are looking to build their own supply chains. Russia, a major producer of nickel, aluminium and platinum group metals, is now also a highly problematic trading partner as its war in Ukraine that the Kremlin calls a "special military operation" grinds on. A previously highly globalised minerals supply network looks set to split into politically polarised spheres of influence, a tectonic realignment with far-reaching implications. The United States and Europe have realised that they can't build out purely domestic supply chains quickly enough to meet demand from the electric vehicle transition....

The process was already well underway before the U.S. State Department announced the formation of the Minerals Security Partnership on June 14. U.S. and Canadian officials have been working closely as Canada fleshes out a promised C$3.8 billion ($3.02 billion) package to boost production of lithium, copper and other strategic minerals. European Commission Vice-President Maros Sefcovic has just been in Norway to seal "a strategic partnership" on battery technologies and critical raw materials.
The article points out America's Department of Defense is already investing $120 million in a new plant for heavy rare earths separation — and has chosen an Australian company as its partner.

Shortly thereafter the Defense Department noted an online disinformation campaign against its new partner (according to U.S.-based cybersecurity firm Mandiant), disinformation which Reuters describes as "a pro-China propaganda campaign" using fake social media accounts to try to stir up opposition.

A flight test of a hypersonic missile system in Hawaii ended in failure due to a problem that took place after ignition, the Department of Defense said, delivering a fresh blow to a program that has suffered stumbles. Bloomberg reports: It didn't provide further details of what took place in the Wednesday test, but said in a statement sent by email "the Department remains confident that it is on track to field offensive and defensive hypersonic capabilities on target dates beginning in the early 2020s." [...] The trial marked the second unsuccessful test flight of the prototype weapon known as Conventional Prompt Strike. There was a booster failure in its first flight test in October, which prevented the missile from leaving the launch pad. The Conventional Prompt Strike weapon is envisioned to be installed on Zumwalt destroyers and Virginia-class submarines. "An anomaly occurred following ignition of the test asset," Pentagon spokesman Navy Lieutenant Commander Tim Gorman said in the statement. "Program officials have initiated a review to determine the cause to inform future tests." he said. "While the Department was unable to collect data on the entirety of the planned flight profile, the information gathered from this event will provide vital insights."

An anonymous reader quotes a report from ProPublica: The day after Russia's February invasion of Ukraine, Senate Intelligence Committee Chairman Mark Warner sent a letter (PDF) to Google warning it to be on alert for "exploitation of your platform by Russia and Russian-linked entities," and calling on the company to audit its advertising business's compliance with economic sanctions. But as recently as June 23, Google was sharing potentially sensitive user data with a sanctioned Russian ad tech company owned by Russia's largest state bank, according to a new report provided to ProPublica.

Google allowed RuTarget, a Russian company that helps brands and agencies buy digital ads, to access and store data about people browsing websites and apps in Ukraine and other parts of the world, according to research from digital ad analysis firm Adalytics. Adalytics identified close to 700 examples of RuTarget receiving user data from Google after the company was added to a U.S. Treasury list of sanctioned entities on Feb. 24. The data sharing between Google and RuTarget stopped four months later on June 23, the day ProPublica contacted Google about the activity.

RuTarget, which also operates under the name Segmento, is owned by Sberbank, a Russian state bank that the Treasury described as "uniquely important" to the country's economy when it hit the lender with initial sanctions. RuTarget was later listed in an April 6 Treasury announcement that imposed full blocking sanctions on Sberbank and other Russian entities and people. The sanctions mean U.S. individuals and entities are not supposed to conduct business with RuTarget or Sberbank. Of particular concern, the analysis showed that Google shared data with RuTarget about users browsing websites based in Ukraine. This means Google may have turned over such critical information as unique mobile phone IDs, IP addresses, location information and details about users' interests and online activity, data that U.S. senators and experts say could be used by Russian military and intelligence services to track people or zero in on locations of interest. Google spokesperson Michael Aciman told ProPublica that the company blocked RuTarget from using its ad products in March, and that RuTarget has not purchased ads directly via Google since then. "He acknowledged the Russian company was still receiving user and ad buying data from Google before being alerted by ProPublica and Adalytics," adds the report.

"Aciman said this action includes not only preventing RuTarget from further accessing user data, but from purchasing ads through third parties in Russia that may not be sanctioned. He declined to say whether RuTarget had purchased ads via Google systems using such third parties, and he did not comment on whether data about Ukrainians had been shared with RuTarget."

Russia's invasion of Ukraine is "the first full-scale battle in which traditional and cyberweapons have been used side by side," reports the New York Times. But the biggest surprise is that "many of the attacks were thwarted, or there was enough redundancy built into the Ukrainian networks that the efforts did little damage... more than two-thirds of them failed, echoing its poor performance on the physical battlefield."

Microsoft president Brad Smith says the ultimate result is Russia's attempted cyberatacks get underreported, according to the Times: [A study published by Microsoft Wednesday] indicated that Ukraine was well prepared to fend off cyberattacks, after having endured them for many years. That was at least in part because of a well-established system of warnings from private-sector companies, including Microsoft and Google, and preparations that included moving much of Ukraine's most important systems to the cloud, onto servers outside Ukraine....

In many instances, Russia coordinated its use of cyberweapons with conventional attacks, including taking down the computer network of a nuclear power plant before moving in its troops to take it over, Mr. Smith said. Microsoft officials declined to identify which plant Mr. Smith was referring to. While much of Russia's cyberactivity has focused on Ukraine, Microsoft has detected 128 network intrusions in 42 countries. Of the 29 percent of Russian attacks that have successfully penetrated a network, Microsoft concluded, only a quarter of those resulted in data being stolen. Outside Ukraine, Russia has concentrated its attacks on the United States, Poland and two aspiring members of NATO, Sweden and Finland...

But Microsoft, other technology companies and government officials have said that Russia has paired those infiltration attempts with a broad effort to deliver propaganda around the world. Microsoft tracked the growth in consumption of Russian propaganda in the United States in the first weeks of the year. It peaked at 82 percent right before the Feb. 24 invasion of Ukraine, with 60 million to 80 million monthly page views. That figure, Microsoft said, rivaled page views on the biggest traditional media sites in the United States. One example Mr. Smith cited was that of Russian propaganda inside Russia pushing its citizens to get vaccinated, while its English-language messaging spread anti-vaccine content. Microsoft also tracked the rise in Russian propaganda in Canada in the weeks before a trucker convoy protesting vaccine mandates tried to shut down Ottawa, and that in New Zealand before protests there against public health measures meant to fight the pandemic.
Russians successfully "sabotaged a satellite communications network called Viasat in the opening days of the war," notes the Washington Post, "with the damage spilling over into other European countries. But Ukraine, working with private tech companies, Western intelligence and its own expert software engineers, has quickly fixed most of the damage..."

"The close partnerships that have emerged between U.S. technology companies and Western cybersecurity agencies is one of the unheralded stories of the war...." "Cyber responses must rely on greater public and private collaboration," argues Brad Smith, Microsoft's president, in a new study... published Wednesday on Microsoft's "lessons learned" from cyber conflict in Ukraine. A White House cyber official explains the new cooperative approach this way: "Where companies see destructive attacks, that has driven partnerships with the intelligence community and other government agencies to see how best we can share information to protect infrastructure around the world." The tech world's sympathies lie with the underdog, Ukraine. That applies to giant firms such as Microsoft and Google....

Ukraine's cybersecurity defense benefited from an early start. U.S. Cyber Command experts went to Ukraine months before the war started, according to its commander, Gen. Paul Nakasone. Microsoft and Google became involved even earlier. Microsoft began monitoring Russian phishing attacks against Ukrainian military networks in early 2021, and through the rest of last year observed increasingly aggressive hacks by six different attackers linked to Russia's three intelligence services, the GRU, SVR and FSB, according to a Microsoft report released in April. Microsoft has spent a total of $239 million on financial and technical assistance to Ukraine, a company official said....

Google, a part of Alphabet, has also helped Ukraine fend off threats. Back in 2014, prompted by Russia's use of DDOS ("distributed denial-of-service") malware in its seizure of Crimea and eastern Ukraine, Google began what it called "Project Shield." Software protected news sites, human rights groups and election sites against crippling DDOS floods of junk internet messages. Today, Project Shield is used by 200 sites in Ukraine and 2,300 others in 140 countries around the world, according to Jared Cohen, the chief executive of Google's Jigsaw unit.