Over 300 musicians have signed an open letter defending the Internet Archive against a $621 million copyright infringement lawsuit over its preservation of 78 rpm records. The letter, organized by Fight for the Future, opposes the lawsuit filed by major record labels including Universal Music Group and Sony Music.

The labels claim the Archive's Great 78 Project, which digitizes shellac discs from the 1890s-1950s, amounts to widespread copyright infringement. Musicians argue the lawsuit prioritizes corporate profits over artists' interests.

The head of America's FCC "has drafted plans to regulate the cybersecurity of telecommunications companies," reports the Washington Post, and the plans could include financial penalties phone network operators with insufficient security — "the first time the agency has asserted such powers under federal wiretapping law." Rosenworcel said the FCC's authority in this matter comes from Section 105 of the Communications Assistance for Law Enforcement Act [passed in 1994] — a single sentence that stipulates, without elaboration, that telecommunications carriers should ensure systems security "in accordance with regulations prescribed by the Commission." As one of the measures, she is seeking to require network providers to submit an annual certification to the FCC that they are implementing a cybersecurity risk management plan. In addition to imposing fines, the FCC could coordinate with other agencies to pursue criminal penalties against carriers deemed too careless on cybersecurity...

Biden administration officials said voluntary efforts to protect against aggressive Chinese hacking activity have fallen short. "We've had for the last decade voluntary public-private partnership efforts," Neuberger told The Post in a recent interview. "But we continue to see successful breaches, and in many cases, as with ransomware attacks, we continue to see pretty basic cybersecurity practices not being followed." With China's hackers becoming more brazen, pre-positioning themselves in U.S. critical networks, "we need to lock our digital doors," Neuberger said...

Cyber requirements can make a difference, she said. After the Colonial Pipeline ransomware attack in 2021 shut down one of the nation's largest energy pipelines for several days, creating a national security scare, the Transportation Security Administration issued several security directives, and today, all of the country's several dozen critical pipeline companies are in compliance, she said. Similar directives were subsequently issued for rail and aviation sectors, and the compliance rates in those industries are now at 68 and 57 percent respectively, she said.

China-linked spies may still be lurking in U.S. telecommunications networks — but the breach could be much, much wider. In fact, a "couple dozen" countries were hit by the attack, the Wall Street Journal reported this week, citing a top U.S. national security adviser. "Chinese government hackers have compromised telecommunications infrastructure across the globe as part of a massive espionage campaign..." Speaking during a press briefing Wednesday, Anne Neuberger, President Biden's deputy national security adviser for cyber and emerging technology, said the so-called Salt Typhoon campaign is ongoing and that at least eight telecommunications firms in the U.S. had been breached... The Journal previously identified Verizon, AT&T, T-Mobile and Lumen Technologies among the victims... [M]etadata grabs appeared to be "regional" in focus, and were likely a means to identify phone lines of valuable senior government officials, which the hackers then targeted to steal encrypted text messages and listen in on some phone calls, the official said... President-elect Donald Trump, Vice President-elect JD Vance, senior congressional staffers and an array of U.S. security officials were among scores of individuals to have their calls and texts directly targeted, an intelligence-collection coup that likely ensnared their private communications with thousands of Americans, the Journal has reported.

The senior administration official said the global tally of countries victimized was currently believed to be in the "low, couple dozen" but didn't give a precise figure. The global campaign of hacking activity dates back at least a year or two, the official said.
"Neuberger, on the press briefing, said that it wasn't believed that classified communications were accessed in the breaches."

"The U.S. government on Friday ordered testing of the nation's milk supply for bird flu," reports the Associated Press, "to better monitor the spread of the virus in dairy cows." Raw or unpasteurized milk from dairy farms and processors nationwide must be tested on request starting Dec. 16, the Agriculture Department said. Testing will begin in six states — California, Colorado, Michigan, Mississippi, Oregon and Pennsylvania.

Officials said the move is aimed at "containing and ultimately eliminating the virus," known as Type A H5N1, which was detected for the first time in March in U.S. dairy cows. Since then, more than 700 herds have been confirmed to be infected in 15 states. "This will give farms and farmworkers better confidence in the safety of their animals and ability to protect themselves, and it will put us on a path to quickly controlling and stopping the virus' spread nationwide," Agriculture Secretary Tom Vilsack said in a statement.

The risk to people from bird flu remains low, health officials said. Pasteurization, or heat treatment, kills the virus in milk, leaving it safe to drink... At least 58 people in the U.S. have been infected with bird flu, mostly farm workers who became mildly ill after close contact with infected cows, including their milk, or infected poultry.

"TikTok has lost its bid to strike down a law that could result in the platform being banned in the United States," reports CNN.

A U.S. federal appeals court just unanimously ruled in favor of the new U.S. law requiring TikTok's China-based owners to either sell the app next month or face an effective ban in the United States. Denying TikTok's argument that the law was unconstitutional, the judges found that the law does not "contravene the First Amendment to the Constitution of the United States," nor does it "violate the Fifth Amendment guarantee of equal protection of the laws"... After the [January 25] deadline, U.S. app stores and internet services could face hefty fines for hosting TikTok if it is not sold. (Under the legislation, President Biden may issue a one-time extension of the deadline.)

In a statement, TikTok indicated it would appeal the decision. "The Supreme Court has an established historical record of protecting Americans' right to free speech, and we expect they will do just that on this important constitutional issue," said company spokesperson Michael Hughes. "Unfortunately, the TikTok ban was conceived and pushed through based upon inaccurate, flawed and hypothetical information, resulting in outright censorship of the American people. The TikTok ban, unless stopped, will silence the voices of over 170 million Americans here in the US and around the world on January 19th, 2025"....

"People in the United States would remain free to read and share as much PRC propaganda (or any other content) as they desire on TikTok or any other platform of their choosing," the judges said. "What the Act targets is the PRC's ability to manipulate the content covertly. Understood in that way, the Government's justification is wholly consonant with the First Amendment."
The judges also wrote that "in part precisely because of the platform's expansive reach, Congress and multiple Presidents determined that divesting it from the PRC's control is essential to protect our national security... Congress judged it necessary to assume that risk given the grave national-security threats it perceived."

CNN notes that ByteDance "has previously indicated it will not sell TikTok."

The Solana JavaScript SDK "was temporarily compromised yesterday in a supply chain attack," reports BleepingComputer, "with the library backdoored with malicious code to steal cryptocurrency private keys and drain wallets." Solana offers an SDK called "@solana/web3.js" used by decentralized applications (dApps) to connect and interact with the Solana blockchain. Supply chain security firm Socket reports that Solana's Web3.js library was hijacked to push out two malicious versions to steal private and secret cryptography keys to secure wallets and sign transactions... Solana confirmed the breach, stating that one of their publish-access accounts was compromised, allowing the attackers to publish two malicious versions of the library... Solana is warning developers who suspect they were compromised to immediately upgrade to the latest v1.95.8 release and to rotate any keys, including multisigs, program authorities, and server keypairs...

Once the threat actors gain access to these keys, they can load them into their own wallets and remotely drain all stored cryptocurrency and NFTs... Socket says the attack has been traced to the FnvLGtucz4E1ppJHRTev6Qv4X7g8Pw6WPStHCcbAKbfx Solana address, which currently contains 674.86 Solana and varying amounts of the Irish Pepe , Star Atlas, Jupiter, USD Coin, Santa Hat, Pepe on Fire, Bonk, catwifhat, and Genopets Ki tokens. Solscan shows that the estimated value of the stolen cryptocurrency is $184,000 at the time of this writing.

For anyone whose wallets were compromised in this supply chain attack, you should immediately transfer any remaining funds to a new wallet and discontinue the use of the old one as the private keys are now compromised.
Ars Technica adds that "In social media posts, one person claimed to have lost $20,000 in the hack."

The compromised library "receives more than ~350,000 weekly downloads on npm," Socket posted. (Although Solana's statement says the compromised versions "were caught within hours and have since been unpublished."

11 years ago his hard drive ended up in a U.K. landfill — with 8,000 bitcoin. It's now worth $800 million... and James Howell wants it back.

The Guardian reports that his "bid to become extremely rich reached a judge on Tuesday with a team of lawyers arguing that it was still possible to launch a hunt for his missing hard drive containing the bitcoin." They claimed that rather than searching for a "needle in a haystack", the position of the bitcoin hoard had been narrowed down to a small area and there was a "finely tuned" plan to retrieve it... [Howells] has been asking Newport city council for help in getting the hard drive back, and even said he would share the money with the authority, to no avail... James Goudie KC, representing the council, said Howells had no legal claim to the hard drive. He said: "Anything that goes into the landfill goes into the council's ownership."

Goudie said Howells' offer to share some of the bitcoin with Newport council amounted to a bribe. He said: "He is trying to buy something the council is not in a position to sell...." Before the hearing, a spokesperson for Newport council said: "The council has told Mr Howells multiple times that excavation is not possible under our environmental permit and that work of that nature would have a huge negative environmental impact on the surrounding area. "Responding to Mr Howells' baseless claims are costing the council and Newport taxpayers time and money which could be better spent on delivering services."
Howells was 28 when he lost the hard drive, and has said he may as well keep trying to recover it — because he'll always know that it's out there. Howells' legal teams are "working pro bono," the article notes, "on the basis that they get a share of the bitcoin profits if successful..." And TechSpot points out that "There's also the question of whether the data on the drive would still be accessible after more than a decade of sitting under a pile of rotting garbage.

"Howells has a team of data recovery engineers who are also working pro bono..."

Thanks to Slashdot reader jjslash for sharing the news.

The Carnegie Endowment for Peace, a nonpartisan international affairs think tank, points out that when subsea internet cables were cut in November, Europe was more prepared: Where in the past there were no contingency plans for sabotage, there are now more maritime patrols, an attempt to forge deeper intelligence connections, and the beginnings of a new relationship with the private sector...

Even before the October 2023 incident, NATO, the EU, and certain European governments began to increase their efforts to boost subsea cable resilience and security. In February 2023, NATO stood up a new Critical Undersea Infrastructure Coordination Cell in Brussels to convene stakeholders and enhance coordination between the public and private sectors. In July 2023, NATO allies at the Vilnius Summit established a Maritime Center for the Security of Critical Undersea Infrastructure as part of the alliance's Maritime Command in Northwood, UK. In October 2023, after the first incident, NATO defense ministers endorsed a new Digital Ocean Vision, an initiative aimed at improving undersea surveillance. And in February 2024, the European Commission released its first "Recommendation on Secure and Resilient Submarine Cable Infrastructures," encouraging member states to conduct regular stress tests, improve information sharing amongst themselves, and improve cable maintenance and repair capabilities.
The article points out that the Chinese ship suspected in the 2023 cable cutting "ignored requests from Finnish and Estonian authorities to halt" and returned to China. But the Chinese ship suspected in November's cable-cutting "remains in international waters in the Kattegat, with naval and coast guard vessels from Denmark, Germany, and Sweden circling close by." Yet "Under international maritime law, these countries' authorities are not allowed to board..." Current provisions of international law are neither formulated to adequately protect subsea data cables from sabotage nor hold perpetrators accountable. This reality should lead the EU, as a body inherently focused on the resilience of international legal regimes, to push for updates that are better suited for the current geopolitical reality... Lawmakers should also explore ways to increase penalties for subsea cable damage, in part to deter acts of sabotage in the first place....

A forthcoming Carnegie Endowment report will detail more in-depth recommendations on how Europe can both protect itself against future subsea cable damage and help expand trusted networks around the world.
The article also notes that "Of the hundreds of disruptions to cables that occur each year, the vast majority are caused by accidental human activity, like fishing, or natural events, like earthquakes."

In March, 2023 the Internet Archive lost in court, with a judge ruling they couldn't scan entire books and then lend them as ebooks. The Internet Archive appealed to a higher court, which also ruled against them in September of 2024.

Today, the Internet Archive made an announcement: that "While we are deeply disappointed with the Second Circuit's opinion in Hachette v. Internet Archive, the Internet Archive has decided not to pursue Supreme Court review." We will continue to honor the Association of American Publishers agreement to remove books from lending at their member publishers' requests.

We thank the many readers, authors and publishers who have stood with us throughout this fight. Together, we will continue to advocate for a future where libraries can purchase, own, lend and preserve digital books.

America's next president "announced Wednesday he has selected Jared Isaacman, a billionaire businessman and space enthusiast who twice flew to orbit with SpaceX, to become the next NASA administrator," reports Ars Technica: In a post on X, Isaacman said he was "honored" to receive Trump's nomination. "Having been fortunate to see our amazing planet from space, I am passionate about America leading the most incredible adventure in human history," Isaacman wrote. "On my last mission to space, my crew and I traveled farther from Earth than anyone in over half a century. I can confidently say this second space age has only just begun...."

"Jared Isaacman will be an outstanding NASA Administrator and leader of the NASA family," said Jim Bridenstine, who led NASA as administrator during Trump's first term in the White House. "Jared's vision for pushing boundaries, paired with his proven track record of success in private industry, positions him as an ideal candidate to lead NASA into a bold new era of exploration and discovery. I urge the Senate to swiftly confirm him." Lori Garver, NASA's deputy administrator during the Obama administration, wrote on X that Isaacman's nomination was "terrific news," adding that "he has the opportunity to build on NASA's amazing accomplishments to pave our way to an even brighter future."

Isaacman, 41, is the founder and CEO of Shift4, a mobile payment processing platform, and co-founded Draken International, which owns a fleet of retired fighter jets to pose as adversaries for military air combat training... Isaacman, an evangelist for the commercial space industry, has criticized some of NASA's decisions on the Artemis program. In several posts on X, he questioned the agency's decision to fund two redundant lunar landers, while not planning for any backup to the Space Launch System (SLS) rocket, which costs $2.2 billion per copy, not including expenses for ground infrastructure or the Orion spacecraft itself. One of those casualties might be the SLS rocket. The program is managed by NASA, with suppliers spread across the United States and prime contractors working under cost-plus arrangements with the space agency, meaning the government is on the hook to pay for any delays or cost overruns.
If confirmed he'll be the 4th NASA administrator who's actually flown in space, according to the article.

And according to Wikipedia, Isaacman was the commander of Inspiration4, a private spaceflight using SpaceX's Crew Dragon Resilience that launched in 2021. The crew returned to Earth on September 18, 2021, after orbiting at 585 km (364 mi) in altitude. The mission was part of a fundraiser for St. Jude Children's Research Hospital, to which Isaacman pledged to donate $100 million.
Thanks to Slashdot reader FallOutBoyTonto for sharing the news.

59-year-old Alex Mashinsky, the founder/former CEO of cryptocurrency lender Celsius Network, "pleaded guilty on Tuesday to two counts of fraud," reports Reuters.

He'd been indicted in July on seven counts of fraud, conspiracy and market manipulation charges, according to the article, and federal prosecutors in Manhattan "said he misled customers of Celsius to persuade them to invest, and artificially inflated the value of his company's proprietary crypto token." On Tuesday, during a hearing before U.S. District Judge John Koeltl, Mashinsky said he pleaded guilty to two out of the seven counts he was initially charged with: commodities fraud, and a fraudulent scheme to manipulate the price of CEL, Celsius' in-house token. In court, Mashinsky admitted to giving Celsius customers "false comfort" by giving an interview in 2021 in which he said Celsius had received approval from regulators for its "Earn" program, which it had not. That program offered to deploy customers' cryptocurrency assets to yield investment returns. He said he also failed to disclose that he had been selling his holdings of CEL, the platform's in-house token.

"I know what I did was wrong, and I want to try to do whatever I can to make it right," Mashinsky said. As part of his plea deal with prosecutors, Mashinsky agreed not to appeal any sentence of 30 years or less — the maximum he faces for the two counts. Koeltl is set to sentence him on April 8, 2025.

Federal prosecutors in Manhattan have said Mashinsky also personally reaped approximately $42 million in proceeds from selling his holdings of the Cel token. "Mashinsky made tens of millions of dollars selling his own CEL at artificially high prices, while his customers were left holding the bag when the company went bankrupt," Damian Williams, the U.S. Attorney in Manhattan, said in a statement on Tuesday... Founded in 2017, Celsius filed for Chapter 11 bankruptcy protection in July 2022 after customers rushed to withdraw deposits as crypto prices fell. Many were initially unable to access their funds... Celsius' former chief revenue officer, Roni Cohen-Pavon, pleaded guilty in September 2023 and agreed to cooperate with prosecutors' investigation.
"The company exited bankruptcy on Jan. 31, and has pivoted to Bitcoin mining..."

An anonymous reader shared this report from NBC News: Amid an unprecedented cyberattack on telecommunications companies such as AT&T and Verizon, U.S. officials have recommended that Americans use encrypted messaging apps to ensure their communications stay hidden from foreign hackers...

In the call Tuesday, two officials — a senior FBI official who asked not to be named and Jeff Greene, executive assistant director for cybersecurity at the Cybersecurity and Infrastructure Security Agency — both recommended using encrypted messaging apps to Americans who want to minimize the chances of China's intercepting their communications. "Our suggestion, what we have told folks internally, is not new here: Encryption is your friend, whether it's on text messaging or if you have the capacity to use encrypted voice communication. Even if the adversary is able to intercept the data, if it is encrypted, it will make it impossible," Greene said. The FBI official said, "People looking to further protect their mobile device communications would benefit from considering using a cellphone that automatically receives timely operating system updates, responsibly managed encryption and phishing resistant" multi-factor authentication for email, social media and collaboration tool accounts...

The FBI and other federal law enforcement agencies have a complicated relationship with encryption technology, historically advocating against full end-to-end encryption that does not allow law enforcement access to digital material even with warrants. But the FBI has also supported forms of encryption that do allow some law enforcement access in certain circumstances.
Officials said the breach seems to include some live calls of specfic targets and also call records (showing numbers called and when). "The hackers focused on records around the Washington, D.C., area, and the FBI does not plan to alert people whose phone metadata was accessed."

"The scope of the telecom compromise is so significant, Greene said, that it was 'impossible" for the agencies "to predict a time frame on when we'll have full eviction.'"

The Federal Trade Commission on Tuesday announced sweeping action against some of the most important companies in the location data industry, including those that power surveillance tools used by a wide spread of U.S. law enforcement agencies and demanding they delete data related to certain sensitive areas like health clinics and places of worship. From a report: Venntel, through its parent company Gravy Analytics, takes location data from smartphones, either through ordinary apps installed on them or through the advertising ecosystem, and then provides that data feed to other companies who sell location tracking technology to the government or sells the data directly itself.

Venntel is the company that provides the underlying data for a variety of other government contractors and surveillance tools, including Locate X. 404 Media and a group of other journalists recently revealed Locate X could be used to pinpoint phones that visited abortion clinics. The FTC says in a proposed order that Gravy and Venntel will be banned from selling, disclosing, or using sensitive location data, except in "limited circumstances" involving national security or law enforcement.

schwit1 writes: Recruiters approach students with tempting offers, often after observing them for weeks. Promising salaries of over $800 per month -- double the average pay for chemists in Mexican companies, along with potential bonuses like cars or housing -- recruiters capitalize on the financial struggles of young professionals.

These "cooks" are tasked with improving fentanyl's addictive quality and finding alternative synthesis methods to mitigate supply chain disruptions caused by stricter chemical export controls from China and pandemic-induced bottlenecks. The Times interviewed seven drug "cooks," three university chemistry students recruited by the Sinaloa cartel, two agents, a recruiter, and a university professor -- all anonymously to avoid cartel retaliation. According to the recruiter, candidates must be passionate, discreet, and indifferent to the ethical consequences of their work.

The university professor highlighted a disturbing trend: students openly expressed interest in synthesizing illicit drugs during lectures.

America's FBI "has been investigating a longtime Exxon Mobil consultant," reports Reuters, "over the contractor's alleged role in a hack-and-leak operation that targeted hundreds of the oil company's biggest critics, according to three people familiar with the matter." The operation involved mercenary hackers who successfully breached the email accounts of environmental activists and others, the sources told Reuters. The scheme allegedly began in late 2015, when U.S. authorities contend that the names of the hacking targets were compiled by the DCI Group, a public affairs and lobbying company working for Exxon at the time, one of the sources said. DCI provided the names to an Israeli private detective, who then outsourced the hacking, according to the source.

In an effort to push a narrative that Exxon was the target of a political vendetta aimed at destroying its business, some of the stolen material was subsequently leaked to the media by DCI, Reuters determined. The Federal Bureau of Investigation found that DCI shared the information with Exxon before leaking it, the source said. Some environmental activists interviewed by Reuters say the hacking operation disrupted preparations for lawsuits by cities and state attorneys general against Exxon and other energy companies... The stolen material continues to be used today to counter litigation claiming the oil giant misled the public and its investors about the risks of climate change...

The investigation into the hack-and-leak operation comes amid growing concern among law enforcement agencies worldwide about how such cyberespionage schemes threaten to taint judicial proceedings. The FBI has been investigating the broader use of mercenary hackers to tamper with lawsuits since early 2018, Reuters has previously reported. The Israeli private detective hired by DCI, Amit Forlit, was arrested this year at London's Heathrow Airport and is fighting extradition to the United States on charges of hacking and wire fraud... Federal prosecutors have secured a related conviction: that of Forlit's former business associate, private investigator Aviram Azari. Azari pleaded guilty in 2022 to wire fraud, conspiracy to commit hacking and aggravated identity theft, which included targeting the environmental activists.

United Nations members gathered this week in Busan, South Korea to negotiate the first treaty reducing plastic pollution. But Politico reports that "talks collapsed late Sunday after negotiators failed to resolve their differences and agree on a global plastic treaty. At the heart of the disagreement was a refusal by oil-rich nations led by Saudi Arabia to accept a deal that put limits on plastic production... Throughout the two years of talks, oil-rich and plastic-producing states had repeatedly clashed with nations that wanted to reduce plastic production to solve a worsening plastic pollution crisis. Many went to Busan hopeful differences would be put aside in the name of combatting a common global threat. But in the end this proved too optimistic...

The EU, alongside more than 100 other countries that included the U.K., on Thursday had backed a new proposal spearheaded by Panama pushing for a global target to reduce plastic production to "sustainable levels", drawing a clear battle line for the talks. But three negotiators from countries in the High Ambition Coalition to End Plastic Pollution — granted anonymity to discuss closed-door talks — told POLITICO Saudi Arabia had coordinated a push from oil-rich and plastic-producing countries to block any proposals for the treaty that threatened to reduce plastic production. The vast majority of plastic is made from oil or natural gas...

Along with disagreements over plastic production, countries were also unable to agree on whether and how to target particularly polluting plastic products, and how to finance the treaty. Two of the "high-ambition" negotiators referenced above suggested the talks were doomed to fail from the beginning, arguing that there was never going to be enough time given the scope of the mandate. "I think the pressure on us to deliver that in 18 months ... was kind of stupid then, and it's still stupid now," said one. "Usually these processes take a number of years — beyond what we are doing...." But many observers and some delegates said the summit's collapse demonstrated the failures of consensus-based environmental multilateralism, arguing that requiring all countries to agree by consensus gave reluctant nations too much veto power. NGOs like the Center for International Environmental Law hope this week's failed talks will serve as a lesson for future U.N. talks...

The date and time of the next round of talks is yet to be announced.
Greenpeace issued a statement saying "over 100 Member States, representing billions of people, rejected a toothless deal that would have accomplished nothing, and stood before the world committing to an ambitious treaty."

And they argued that the message is clear. "Ambitious countries must not allow the fossil fuel and petrochemical industries, backed by a small minority of countries, to prevent the will of the vast majority. A strong agreement that protects people and the planet is our only option."

The Washington Post reports on tens of thousands of Americans "forced to pay for medication" to prevent the HIV infections, "despite federal requirements guaranteeing free access to treatment...according to multiple studies and interviews with medical professionals, activists and patients." Insurance companies are skirting rules compelling them to pay for pre-exposure prophylaxis treatment, known as PrEP, researchers and HIV advocacy organizations say — leaving patients to shell out hundreds of dollars each year for medication co-pays, doctor visits and screenings required to stay on drugs that reduce the risk of contracting HIV through sex by 99 percent.

Under the Affordable Care Act, commercial insurers must cover certain preventive health services. This is supposed to include at least one form of oral PrEP and related health services, such as regular testing for HIV and other sexually transmitted diseases, for people at increased risk of contracting HIV, according to 2021 guidance from the Biden administration. Responding to complaints that patients were still being charged, the Biden administration in October released new guidance instructing private insurers to cover all forms of PrEP without prior authorization, including new long-acting injections.

Nearly a third of a national sample of 325 health coverage plans on government insurance marketplaces did not include PrEP on their lists of covered preventive services, according to the AIDS Institute, a New York-based nonprofit. Between 20 and 30 percent of PrEP users with commercial insurance still had to pay for it despite the coverage mandate, with an average cost of $227 for 2022, according to the Centers for Disease Control and Prevention. Government regulators have been slow to crack down on insurer violations, activists say, creating a barrier to getting more at-risk Americans on the medication. The CDC estimates that only a third of the more than 1 million people who could benefit from PrEP have received a prescription, according to its most recent data.
The issue appears to be lax enforcement against insurers who break rules, a policy advocate told the newspaper. America's Centers for Medicare and Medicaid Services, which enforces regulations for preventive care, "said it takes enforcement seriously and recently found two insurance plans in violation of coverage requirements following consumer complaints."

And the Post spoke to an official at America's Labor Department, who said they were investigating a complaint against a large insurance company, but "said the agency does not have enough staff to conduct proactive investigations and lacks the authority to sue and penalize insurers that break the rules."

A bipartisan group of 12 senators has urged the TSA inspector general to investigate the agency's use of facial recognition technology, citing concerns over privacy, civil liberties, and its expansion to over 430 airports without sufficient safeguards or proven effectiveness. Gizmodo reports: "This technology will soon be in use at hundreds of major and mid-size airports without an independent evaluation of the technology's precision or an audit of whether there are sufficient safeguards in place to protect passenger privacy," the senators wrote. The letter was signed by Jeffrey Merkley (D-OR), John Kennedy (R-LA), Ed Markey (D-MA), Ted Cruz (R-TX), Roger Marshall (R-Kansas), Ron Wyden (D-OR), Steve Daines (R-MT), Elizabeth Warren (D-MA), Bernie Sanders (I-VT), Cynthia Lummis (R-WY), Chris Van Hollen (D-MD), and Peter Welch (D-VT).

While the TSA's facial recognition program is currently optional and only in a few dozen airports, the agency announced in June that it plans to expand the technology to more than 430 airports. And the senators' letter quotes a talk given by TSA Administrator David Pekoske in 2023 in which he said "we will get to the point where we require biometrics across the board." [...] The latest letter urges the TSA's inspector general to evaluate the agency's facial recognition program to determine whether it's resulted in a meaningful reduction in passenger delays, assess whether it's prevented anyone on no-fly lists from boarding a plane, and identify how frequently it results in identity verification errors.

A security researcher discovered an unprotected database belonging to SL Data Services containing over 600,000 sensitive files, including criminal histories and background checks with names, addresses, and social media accounts. The Register reports: We don't know how long the personal information was openly accessible. Infosec specialist Jeremiah Fowler says he found the Amazon S3 bucket in October and reported it to the data collection company by phone and email every few days for more than two weeks. [The info service provider eventually closed up the S3 bucket, says Fowler, although he never received any response.] In addition to not being password protected, none of the information was encrypted, he told The Register. In total, the open bucket contained 644,869 PDF files in a 713.1 GB archive.

Some 95 percent of the documents Fowler saw were labeled "background checks," he said. These contained full names, home addresses, phone numbers, email addresses, employment, family members, social media accounts, and criminal record history belonging to thousands of people. In at least one of these documents, the criminal record indicated that the person had been convicted of sexual misconduct. It included case details, fines, dates, and additional charges. While court records and sex offender status are usually public records in the US, this exposed cache could be combined with other data points to make complete profiles of people -- along with their family members and co-workers -- providing everything criminals would need for targeted phishing and/or social engineering attacks.

A U.S. federal appeals court ruled that sanctions against Tornado Cash, a crypto transaction anonymization service, must be abandoned, stating that its immutable smart contracts do not constitute "property" under U.S. law and that the Treasury overstepped its authority. The ruling is available here (PDF). CoinDesk reports: The decision answers a controversial privacy debate on whether the government -- via a sanctions list maintained by the U.S. Treasury Department -- has a right to target the technology because it's associated with criminals. The ruling reversed a district court's August ruling that had sided with the government's pursuit of what it had characterized as a "notorious" crypto-mixing service.

OFAC had sanctioned Tornado Cash last year, contending that it was a vital tool used by bad actors including North Korea's Lazarus Group to launder crypto tokens pilfered from platforms and games such as Axie Infinity. Coinbase (COIN) and others had sued the government, claiming it had overreached. Paul Grewal, chief legal officer of crypto exchange Coinbase, cheered the ruling in a Tuesday post on X, calling it a "historic win for crypto." "These smart contracts must now be removed from the sanctions list and U.S. persons will once again be allowed to use this privacy-protecting protocol," Grewal wrote. "Put another way, the government's overreach will not stand." "We readily recognize the real-world downsides of certain uncontrollable technology falling outside of OFAC's sanctioning authority," the judges said, referencing the ineffectiveness of a law that was established well before the world moved online. "But we must uphold the statutory bargain struck (or mis-struck) by Congress, not tinker with it."

Tornado Cash's TORN token has since rallied 500%, passing the $20 mark.