×
Privacy

Missouri County Declares State of Emergency Amid Suspected Ransomware Attack (arstechnica.com) 41

An anonymous reader quotes a report from Ars Technica: Jackson County, Missouri, has declared a state of emergency and closed key offices indefinitely as it responds to what officials believe is a ransomware attack that has made some of its IT systems inoperable. "Jackson County has identified significant disruptions within its IT systems, potentially attributable to a ransomware attack," officials wrote Tuesday. "Early indications suggest operational inconsistencies across its digital infrastructure and certain systems have been rendered inoperative while others continue to function as normal."

The systems confirmed inoperable include tax and online property payments, issuance of marriage licenses, and inmate searches. In response, the Assessment, Collection and Recorder of Deeds offices at all county locations are closed until further notice. The closure occurred the same day that the county was holding a special election to vote on a proposed sales tax to fund a stadium for MLB's Kansas City Royals and the NFL's Kansas City Chiefs. Neither the Jackson County Board of Elections nor the Kansas City Board of Elections have been affected by the attack; both remain open.

The Jackson County website says there are 654,000 residents in the 607-square-mile county, which includes most of Kansas City, the biggest city in Missouri. The response to the attack and the investigation into it have just begun, but so far, officials said they had no evidence that data had been compromised. Jackson County Executive Frank White, Jr. has issued (PDF) an executive order declaring a state of emergency. The County has notified law enforcement and retained IT security contractors to help investigate and remediate the attack.
"The potential significant budgetary impact of this incident may require appropriations from the County's emergency fund and, if these funds are found to be insufficient, the enactment of additional budgetary adjustments or cuts," White wrote. "It is directed that all county staff are to take whatever steps are necessary to protect resident data, county assets, and continue essential services, thereby mitigating the impact of this potential ransomware attack."
AI

UK and US Sign Landmark Agreement On AI Safety (bbc.com) 6

The UK and US have signed a landmark deal to work together on testing advanced artificial intelligence (AI) and develop "robust" safety methods for AI tools and their underlying systems. "It is the first bilateral agreement of its kind," reports the BBC. From the report: UK tech minister Michelle Donelan said it is "the defining technology challenge of our generation." "We have always been clear that ensuring the safe development of AI is a shared global issue," she said. "Only by working together can we address the technology's risks head on and harness its enormous potential to help us all live easier and healthier lives."

The secretary of state for science, innovation and technology added that the agreement builds upon commitments made at the AI Safety Summit held in Bletchley Park in November 2023. The event, attended by AI bosses including OpenAI's Sam Altman, Google DeepMind's Demis Hassabis and tech billionaire Elon Musk, saw both the UK and US create AI Safety Institutes which aim to evaluate open and closed-source AI systems. [...]

Gina Raimondo, the US commerce secretary, said the agreement will give the governments a better understanding of AI systems, which will allow them to give better guidance. "It will accelerate both of our Institutes' work across the full spectrum of risks, whether to our national security or to our broader society," she said. "Our partnership makes clear that we aren't running away from these concerns - we're running at them."

Medicine

'Russia Might Have Caused Havana Syndrome' (washingtonpost.com) 188

An anonymous reader quotes an opinion piece from the Washington Post, published by the Editorial Board: A just-published investigation by Russian, American and German journalists has unearthed startling new information about the so-called Havana syndrome, or "Anomalous Health Incidents," as the government calls the unexplained bouts of painful disorientation that U.S. diplomats and intelligence officers have suffered in recent years. The new information suggests but does not prove that Russia's military intelligence agency is responsible. Earlier, agencies in the U.S. intelligence community had concluded that "it is very unlikely a foreign adversary is responsible." They need to look again. [...]

[T]he new investigation by the Insider, a Russian investigative news outlet, in collaboration with CBS's "60 Minutes" and Germany's Der Spiegel, paints a different picture. It identifies the possible culprit as Unit 29155, a "notorious assassination and sabotage squad" of the GRU, Moscow's military intelligence service. Senior members of the unit received "awards and political promotions for work related to the development of 'non-lethal acoustic weapons'" -- a term used in the Russian military-scientific literature to describe both sound- and radiofrequency-based directed energy devices. The investigation found documentary evidence that Unit 29155 "has been experimenting with exactly the kind of weaponized technology" experts suggest is a plausible cause. Moreover, the Insider reported, geolocation data shows that operators attached to Unit 29155, traveling undercover, were present in places where Havana syndrome struck, just before the incidents took place.

Even more concerning, the investigation found that a commonality among the Americans targeted was their work history on Russia issues. This included CIA officers who were helping Ukraine build up its intelligence capabilities in the years before Russia's full-scale invasion in 2022. One veteran of the CIA Kyiv station was named the new chief of station in Vietnam and was hit there. A second veteran of the CIA in Ukraine was hit in his apartment in Tashkent, Uzbekistan. Both these intelligence officers had to be medevaced and were treated at Walter Reed National Military Medical Center. The wife of a third CIA officer who had served in Kyiv was hit in London. "Of all the cases" examined by the news organizations, they said, "the most well-documented involve U.S. intelligence and diplomatic personnel with subject matter expertise in Russia or operational experience in countries such as Georgia and Ukraine," both of which were the scene of popular pro-Western uprisings in the past two decades. The news organizations point out that Russian President Vladimir Putin has often blamed these "color revolutions" on the CIA and the State Department. They conclude, "Putin would have every interest in neutralizing scores of U.S. intelligence officers he deemed responsible for his loss of the former satellites."
The Editorial Board is advocating for a thorough and aggressive investigation by the U.S. intelligence community that "takes into account all aspects of the incidents."

"If the incidents are a deliberate attack, the perpetrator must be identified and held to account. Along with sending a message to those who might harm American personnel, the United States needs to show all those who might join the diplomatic and intelligence services that the government will protect them abroad and at home from foreign adversaries, no matter what."
The Internet

FCC To Vote To Restore Net Neutrality Rules (reuters.com) 60

An anonymous reader quotes a report from Reuters: The U.S. Federal Communications Commission will vote to reinstate landmark net neutrality rules and assume new regulatory oversight of broadband internet that was rescinded under former President Donald Trump, the agency's chair said. The FCC told advocates on Tuesday of the plan to vote on the final rule at its April 25 meeting. The commission voted 3-2 in October on the proposal to reinstate open internet rules adopted in 2015 and re-establish the commission's authority over broadband internet.

Net neutrality refers to the principle that internet service providers should enable access to all content and applications regardless of the source, and without favoring or blocking particular products or websites. FCC Chair Jessica Rosenworcel confirmed the planned commission vote in an interview with Reuters. "The pandemic made clear that broadband is an essential service, that every one of us -- no matter who we are or where we live -- needs it to have a fair shot at success in the digital age," she said. "An essential service requires oversight and in this case we are just putting back in place the rules that have already been court-approved that ensures that broadband access is fast, open and fair."

Security

New XZ Backdoor Scanner Detects Implants In Any Linux Binary (bleepingcomputer.com) 33

Bill Toulas reports via BleepingComputer: Firmware security firm Binarly has released a free online scanner to detect Linux executables impacted by the XZ Utils supply chain attack, tracked as CVE-2024-3094. CVE-2024-3094 is a supply chain compromise in XZ Utils, a set of data compression tools and libraries used in many major Linux distributions. Late last month, Microsoft engineer Andres Freud discovered the backdoor in the latest version of the XZ Utils package while investigating unusually slow SSH logins on Debian Sid, a rolling release of the Linux distribution.

The backdoor was introduced by a pseudonymous contributor to XZ version 5.6.0, which remained present in 5.6.1. However, only a few Linux distributions and versions following a "bleeding edge" upgrading approach were impacted, with most using an earlier, safe library version. Following the discovery of the backdoor, a detection and remediation effort was started, with CISA proposing downgrading the XZ Utils 5.4.6 Stable and hunting for and reporting any malicious activity.

Binarly says the approach taken so far in the threat mitigation efforts relies on simple checks such as byte string matching, file hash blocklisting, and YARA rules, which could lead to false positives. This approach can trigger significant alert fatigue and doesn't help detect similar backdoors on other projects. To address this problem, Binarly developed a dedicated scanner that would work for the particular library and any file carrying the same backdoor. [...] Binarly's scanner increases detection as it scans for various supply chain points beyond just the XZ Utils project, and the results are of much higher confidence.
Binarly has made a free API available to accomodate bulk scans, too.
Piracy

The Pirate Bay's Oldest Torrent Is Now 20 Years Old (torrentfreak.com) 15

An anonymous reader quotes a report from TorrentFreak: Today, more than two decades have passed and most of the files shared on The Pirate Bay in the early years are no longer available. BitTorrent requires at least one person to share a full file copy, which is hard to keep up for decades. Surprisingly, however, several torrents have managed to stand the test of time and remain available today. A few days ago the site's longest surviving torrent turned 20 years old. While a few candidates have shown up over the years, we believe that an episode of "High Chaparral" has the honor of being the oldest Pirate Bay torrent that's still active today. The file was originally uploaded on March 25, 2004, and several people continue to share it today. The screenshot [here] only lists one seeder but according to information passed on by OpenTrackr.org, there are four seeders with a full copy. This is quite a remarkable achievement, especially since people complained about a lack of seeders shortly after it was uploaded.

Over the years, the "High Chaparral" torrent achieved cult status among a small group of people who likely keep sharing it, simply because it's the oldest surviving torrent. This became evident in the Pirate Bay comment section several years ago, when TPB still had comments. Record or not, other old torrents on The Pirate Bay also continue to thrive. On March 31, 2004, someone uploaded a pirated copy of the documentary "Revolution OS" to the site which is alive and kicking today.

While these torrents are quite old, they're not the oldest active torrents available on the Internet. That honor goes to "The Fanimatrix", which was created in September 2003 and, after being previously resurrected, continues to be available today with more than 100 people seeding. Ten years ago, we were surprised to see that any of the mentioned torrents were still active. By now, however, we wouldn't be shocked to see these torrents survive for decades. Whether The Pirate Bay will still be around then is another question.

Google

Google Pledges To Destroy Browsing Data To Settle 'Incognito' Lawsuit (wsj.com) 35

Google plans to destroy a trove of data that reflects millions of users' web-browsing histories, part of a settlement of a lawsuit that alleged the company tracked millions of users without their knowledge. WSJ: The class action, filed in 2020, accused Google of misleading users about how Chrome tracked the activity of anyone who used the private "Incognito" browsing option. The lawsuit alleged that Google's marketing and privacy disclosures didn't properly inform users of the kinds of data being collected, including details about which websites they viewed. The settlement details, filed Monday in San Francisco federal court, set out the actions the company will take to change its practices around private browsing. According to the court filing, Google has agreed to destroy billions of data points that the lawsuit alleges it improperly collected, to update disclosures about what it collects in private browsing and give users the option to disable third-party cookies in that setting.

The agreement doesn't include damages for individual users. But the settlement will allow individuals to file claims. Already the plaintiff attorneys have filed 50 in California state court. Attorney David Boies, who represents the consumers in the lawsuit, said the settlement requires Google to delete and remediate "in unprecedented scope and scale" the data it improperly collected. "This settlement is an historic step in requiring honesty and accountability from dominant technology companies," Boies said.

Government

Arizona's Governor Signs Bill Making Pluto the Official State Planet (azcapitoltimes.com) 118

"Be it enacted by the Legislature of the State of Arizona..." reads the official text of House Bill #2,477. "PLUTO IS THE OFFICIAL STATE PLANET."

An anonymous reader shared this report from Capital Media Services: The governor signed legislation Friday designating Pluto as Arizona's "official state planet." It joins a list of other items the state has declared to be "official,'' ranging from turquoise as the state gemstone and copper as the state metal to the Sonorasaurus as the state dinosaur. "I am proud of Arizona's pioneering work in space discovery," governor Hobbs said.

What makes Pluto unique and ripe for claim by Arizona is that it is the only planet actually discovered in the United States, and the discovery was made in Flagstaff. Rep. Justin Wilmeth, a Phoenix Republican and self-described "history nerd,'' said that needed to be commemorated, starting with the legacy of astronomer Clyde Tombaugh. In 1930, Tombaugh was working at the Lowell Observatory in Flagstaff. "The whole story of Clyde is just amazing, just sitting there under the telescope'' looking for planets by taking photos over a period of time, said Wilmeth. "It was two different glass planes that had one little spec of light moving in a different direction,'' showing it wasn't just another star — and all by observation and not computers. "To me, that's something that's just mind boggling."

"The International Astronomical Union voted years ago to strip Pluto of its official status as a planet," the article points out, noting that its official definition specifies that planets "clear the neighboring region of other objects." (While Pluto "has such a small gravitational pull, it has not attracted and absorbed other space rocks in its orbit".)

So in 2006 Pluto was reclassified as a dwarf planet, according to a NASA web page. "Pluto is about 1/6 the width of Earth," and has a radius of 715 miles or 1,151 kilometers. "If Earth was the size of a nickel, Pluto would be about as big as a popcorn kernel."

Long-time Slashdot reader Baron_Yam called Arizona's new legislation "How to advertise you are ignorant. Scientists said something we don't like, so we'll make a law!" They can call it their "State Planet" all they want, but people who actually know about the skies will be mocking them for it. While there is nostalgia for the old classification, and the new one isn't perfect... it's certainly more meaningful when trying to divide up the objects of a planetary system for study.
Reached for a comment by Capital Media Services, Representative Wilmeth said "It might matter to some that are going to get picky or persnickety about stuff... There's several generations of Americans ... who believe that Pluto's a planet — or at least that's what we were taught. I'm never going to think differently. That's just my personal opinion." (The news site adds that "What is important, Wilmeth said, is remembering the history and promoting it.")

Five senators in Arizona's state legislatur did vote against the measure — though not all of them did so for scientific reasons, Senator Anthony Kern explained to Capital Media Services. "I did not want to discriminate against those who wanted Mars, Venus, Jupiter, or everyone's favorite, Uranus."
Medicine

America's FDA Forced to Settle 'Groundless' Lawsuit Over Its Ivermectin Warnings (msn.com) 350

As a department of America's federal Health agency, the Food and Drug Administration is responsible for public health rules, including prescription medicines. And the FDA "has not changed its position that currently available clinical trial data do not demonstrate that ivermectin is effective against COVID-19," they confirmed to CNN this week. "The agency has not authorized or approved ivermectin for use in preventing or treating COVID-19."

But there was also a lawsuit. In "one of its more popular pandemic-era social media campaigns," the agency tweeted out "You are not a horse. You are not a cow. Seriously, y'all. Stop it." The post attracted nearly 106,000 likes — and over 46,000 reposts, and was followed by another post on Instagram. "Stop it with the #ivermectin. It's not authorized for treating #COVID."

Los Angeles Times business columnist Michael Hiltzik writes that the posts triggered a "groundless" lawsuit: It was those latter two lines that exercised three physicians who had been prescribing ivermectin for patients. They sued the FDA in 2022, asserting that its advisory illegally interfered with the practice of medicine — specifically with their ability to continue prescribing the drug. A federal judge in Texas threw out their case, but the 5th Circuit Court of Appeals — the source of a series of chuckleheaded antigovernment rulings in recent years — reinstated it last year, returning it to the original judge for reconsideration.

Now the FDA has settled the case by agreeing to delete the horse post and two similar posts from its accounts on the social media platforms X, LinkedIn and Facebook. The agency also agreed to retire a consumer advisory titled "Why You Should Not Use Ivermectin to Treat or Prevent COVID-19." In defending its decision, the FDA said it "has chosen to resolve this lawsuit rather than continuing to litigate over statements that are between two and nearly four years old."

That sounds reasonable enough, but it's a major blunder. It leaves on the books the 5th Circuit's adverse ruling, in which a panel of three judges found that the FDA's advisory crossed the line from informing consumers, which they said is all right, to recommending that consumers take some action, which they said is not all right... That's a misinterpretation of the law and the FDA's actions, according to Dorit Rubinstein Reiss of UC College of the Law in San Francisco. "The FDA will seek to make recommendations against the misuse of products in the future, and having that decision on the books will be used to litigate against it," she observed after the settlement.

"A survey by Boston University and the University of Michigan estimated that Medicare and private insurers had wasted $130 million on ivermectin prescriptions for COVID in 2021 alone."
AT&T

AT&T Says Data From 73 Million Customers Has Leaked Onto the Dark Web (cnn.com) 21

Personal data from 73 million AT&T customers has leaked onto the dark web, reports CNN — both current and former customers.

AT&T has launched an investigation into the source of the data leak... In a news release Saturday morning, the telecommunications giant said the data was "released on the dark web approximately two weeks ago," and contains information such as account holders' Social Security numbers. ["The information varied by customer and account," AT&T said in a statement, " but may have included full name, email address, mailing address, phone number, social security number, date of birth, AT&T account number and passcode."]

"It is not yet known whether the data ... originated from AT&T or one of its vendors," the company added. "Currently, AT&T does not have evidence of unauthorized access to its systems resulting in exfiltration of the data set."

The data seems to have been from 2019 or earlier. The leak does not appear to contain financial information or specifics about call history, according to AT&T. The company said the leak shows approximately 7.6 million current account holders and 65.4 million former account holders were affected.

CNN says the first reports of the leak came two weeks ago from a social media account claiming "the largest collection of malware source code, samples, and papers. Reached for a comment by CNN, AT&T had said at the time that "We have no indications of a compromise of our systems."

AT&T's web site now includes a special page with an FAQ — and the tagline that announces "We take cybersecurity very seriously..."

"It has come to our attention that a number of AT&T passcodes have been compromised..."

The page points out that AT&T has already reset the passcodes of "all 7.6 million impacted customers." It's only further down in the FAQ that they acknowledge that the breach "appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and 65.4 million former account holders." Our internal teams are working with external cybersecurity experts to analyze the situation... We encourage customers to remain vigilant by monitoring account activity and credit reports. You can set up free fraud alerts from nationwide credit bureaus — Equifax, Experian, and TransUnion. You can also request and review your free credit report at any time via Freecreditreport.com...

We will reach out by mail or email to individuals with compromised sensitive personal information and offering complimentary identity theft and credit monitoring services... If your information was impacted, you will be receiving an email or letter from us explaining the incident, what information was compromised, and what we are doing for you in response.

Government

Do Age Verification Laws Drag Us Back to the Dark Ages of the Internet? (404media.co) 159

404 Media claims to have identified "the fundamental flaw with the age verification bills and laws" that have already passed in eight state legislatures (with two more taking effect in July): "the delusional, unfounded belief that putting hurdles between people and pornography is going to actually prevent them from viewing porn."

They argue that age verification laws "drag us back to the dark ages of the internet." Slashdot reader samleecole shared this excerpt: What will happen, and is already happening, is that people — including minors — will go to unmoderated, actively harmful alternatives that don't require handing over a government-issued ID to see people have sex. Meanwhile, performers and companies that are trying to do the right thing will suffer....

The legislators passing these bills are doing so under the guise of protecting children, but what's actually happening is a widespread rewiring of the scaffolding of the internet. They ignore long-established legal precedent that has said for years that age verification is unconstitutional, eventually and inevitably reducing everything we see online without impossible privacy hurdles and compromises to that which is not "harmful to minors." The people who live in these states, including the minors the law is allegedly trying to protect, are worse off because of it. So is the rest of the internet.

Yet new legislation is advancing in Kentucky and Nebraska, while the state of Kansas just passed a law which even requires age-verification for viewing "acts of homosexuality," according to a report: Websites can be fined up to $10,000 for each instance a minor accesses their content, and parents are allowed to sue for damages of at least $50,000. This means that the state can "require age verification to access LGBTQ content," according to attorney Alejandra Caraballo, who said on Threads that "Kansas residents may soon need their state IDs" to access material that simply "depicts LGBTQ people."
One newspaper opinion piece argues there's an easier solution: don't buy your children a smartphone: Or we could purchase any of the various software packages that block social media and obscene content from their devices. Or we could allow them to use social media, but limit their screen time. Or we could educate them about the issues that social media causes and simply trust them to make good choices. All of these options would have been denied to us if we lived in a state that passed a strict age verification law. Not only do age verification laws reduce parental freedom, but they also create myriad privacy risks. Requiring platforms to collect government IDs and face scans opens the door to potential exploitation by hackers and enemy governments. The very information intended to protect children could end up in the wrong hands, compromising the privacy and security of millions of users...

Ultimately, age verification laws are a misguided attempt to address the complex issue of underage social media use. Instead of placing undue burdens on users and limiting parental liberty, lawmakers should look for alternative strategies that respect privacy rights while promoting online safety.

This week a trade association for the adult entertainment industry announced plans to petition America's Supreme Court to intervene.
Government

Can Apps Turn Us Into Unpaid Lobbyists? (msn.com) 73

"Today's most effective corporate lobbying no longer involves wooing members of Congress..." writes the Wall Street Journal. Instead the lobbying sector "now works in secret to influence lawmakers with the help of an unlikely ally: you." [Lobbyists] teamed up with PR gurus, social-media experts, political pollsters, data analysts and grassroots organizers to foment seemingly organic public outcries designed to pressure lawmakers and compel them to take actions that would benefit the lobbyists' corporate clients...

By the middle of 2011, an army of lobbyists working for the pillars of the corporate lobbying establishment — the major movie studios, the music industry, pharmaceutical manufacturers and the U.S. Chamber of Commerce — were executing a nearly $100 million campaign to win approval for the internet bill [the PROTECT IP Act, or "PIPA"]. They pressured scores of lawmakers to co-sponsor the legislation. At one point, 99 of the 100 members of the U.S. Senate appeared ready to support it — an astounding number, given that most bills have just a handful of co-sponsors before they are called up for a vote. When lobbyists for Google and its allies went to Capitol Hill, they made little headway. Against such well-financed and influential opponents, the futility of the traditional lobbying approach became clear. If tech companies were going to turn back the anti-piracy bills, they would need to find another way.

It was around this time that one of Google's Washington strategists suggested an alternative strategy. "Let's rally our users," Adam Kovacevich, then 34 and a senior member of Google's Washington office, told colleagues. Kovacevich turned Google's opposition to the anti-piracy legislation into a coast-to-coast political influence effort with all the bells and whistles of a presidential campaign. The goal: to whip up enough opposition to the legislation among ordinary Americans that Congress would be forced to abandon the effort... The campaign slogan they settled on — "Don't Kill the Internet" — exaggerated the likely impact of the bill, but it succeeded in stirring apprehension among web users.

The coup de grace came on Jan. 18, 2012, when Google and its allies pulled off the mother of all outside influence campaigns. When users logged on to the web that day, they discovered, to their great frustration, that many of the sites they'd come to rely on — Wikipedia, Reddit, Craigslist — were either blacked out or displayed text outlining the detrimental impacts of the proposed legislation. For its part, Google inserted a black censorship bar over its multicolored logo and posted a tool that enabled users to contact their elected representatives. "Tell Congress: Please don't censor the web!" a message on Google's home page read. With some 115,000 websites taking part, the protest achieved a staggering reach. Tens of millions of people visited Wikipedia's blacked-out website, 4.5 million users signed a Google petition opposing the legislation, and more than 2.4 million people took to Twitter to express their views on the bills. "We must stop [these bills] to keep the web open & free," the reality TV star Kim Kardashian wrote in a tweet to her 10 million followers...

Within two days, the legislation was dead...

Over the following decade, outside influence tactics would become the cornerstone of Washington's lobbying industry — and they remain so today.

"The 2012 effort is considered the most successful consumer mobilization in the history of internet policy," writes the Washington Post — agreeing that it's since spawned more app-based, crowdsourced lobbying campaigns. Sites like Airbnb "have also repeatedly asked their users to oppose city government restrictions on the apps." Uber, Lyft, DoorDash and other gig work companies also blitzed the apps' users with scenarios of higher prices or suspended service unless people voted for a 2020 California ballot measure on contract workers. Voters approved it."

The Wall Street Journal also details how lobbyists successfully killed higher taxes for tobacco products, the oil-and-gas industry, and even on private-equity investors — and note similar tactics were used against a bill targeting TikTok. "Some say the campaign backfired. Lawmakers complained that the effort showed how the Chinese government could co-opt internet users to do their bidding in the U.S., and the House of Representatives voted to ban the app if its owners did not agree to sell it.

"TikTok's lobbyists said they were pleased with the effort. They persuaded 65 members of the House to vote in favor of the company and are confident that the Senate will block the effort."

The Journal's article was adapted from an upcoming book titled "The Wolves of K Street: The Secret History of How Big Money Took Over Big Government." But the Washington Post argues the phenomenon raises two questions. "How much do you want technology companies to turn you into their lobbyists? And what's in it for you?"
AI

More AI Safeguards Coming, Including Right to Refuse Face-Recognition Scans at US Airports (cnn.com) 23

This week every U.S. agency was ordered to appoint a "chief AI officer".

But that wasn't the only AI policy announced. According to CNN, "By the end of the year, travelers should be able to refuse facial recognition scans at airport security screenings without fear it could delay or jeopardize their travel plans." That's just one of the concrete safeguards governing artificial intelligence that the Biden administration says it's rolling out across the U.S. government, in a key first step toward preventing government abuse of AI. The move could also indirectly regulate the AI industry using the government's own substantial purchasing power... The mandates aim to cover situations ranging from screenings by the Transportation Security Administration to decisions by other agencies affecting Americans' health care, employment and housing. Under the requirements taking effect on December 1, agencies using AI tools will have to verify they do not endanger the rights and safety of the American people. In addition, each agency will have to publish online a complete list of the AI systems it uses and their reasons for using them, along with a risk assessment of those systems...

[B]ecause the government is such a large purchaser of commercial technology, its policies around procurement and use of AI are expected to have a powerful influence on the private sector.

CNN notes that Vice President Harris told reporters that the administration intends for the policies to serve as a global model. "Meanwhile, the European Union this month gave final approval to a first-of-its-kind artificial intelligence law, once again leapfrogging the United States on regulating a critical and disruptive technology."

CNN adds that last year, "the White House announced voluntary commitments by leading AI companies to subject their models to outside safety testing."
Cellphones

America's DHS Is Expected to Stop Buying Access to Your Phone Movements (notus.org) 49

America's Department of Homeland Security "is expected to stop buying access to data showing the movement of phones," reports the U.S. news site NOTUS.

They call the purchasers "a controversial practice that has allowed it to warrantlessly track hundreds of millions of people for years." Since 2018, agencies within the department — including Immigration and Customs Enforcement, U.S. Customs and Border Protection and the U.S. Secret Service — have been buying access to commercially available data that revealed the movement patterns of devices, many inside the United States. Commercially available phone data can be bought and searched without judicial oversight.

Three people familiar with the matter said the Department of Homeland Security isn't expected to buy access to more of this data, nor will the agency make any additional funding available to buy access to this data. The agency "paused" this practice after a 2023 DHS watchdog report [which had recommended they draw up better privacy controls and policies]. However, the department instead appears to be winding down the use of the data...

"The information that is available commercially would kind of knock your socks off," said former top CIA official Michael Morell on a podcast last year. "If we collected it using traditional intelligence methods, it would be top-secret sensitive. And you wouldn't put it in a database, you'd keep it in a safe...." DHS' internal watchdog opened an investigation after a bipartisan outcry from lawmakers and civil society groups about warrantless tracking...

"Meanwhile, U.S. spy agencies are fighting to preserve the same capability as part of the renewal of surveillance authorities," the article adds.

"A bipartisan coalition of lawmakers, led by Democratic Sen. Ron Wyden in the Senate and Republican Rep. Warren Davidson in the House, is pushing to ban U.S. government agencies from buying data on Americans."
Power

Are State Governments Slowing the Build-Out of America's EV Charging Stations? (msn.com) 120

In November of 2021 America passed a "Bipartisan Infrastructure Law" which included $7.5 billion for up to 20,000 EV charging spots, or around 5,000 stations, notes the Washington Post (citing an analysis from the EV policy analyst group Atlas Public Policy).

And new stations are now already open in Hawaii, New York, Ohio and Pennsylvania, "and under construction in four other states. Twelve additional states have awarded contracts for constructing the charging stations." A White House spokesperson said America should reach its goal of 500,000 charging stations by 2026.

So why is it that right now — more than two years after the bill's passage — why does the Federal Highway System say the program has so far only delivered seven open charging stations with a total of 38 charging spots? Nick Nigro, founder of Atlas Public Policy, said that some of the delays are to be expected. "State transportation agencies are the recipients of the money," he said. "Nearly all of them had no experience deploying electric vehicle charging stations before this law was enacted." Nigro says that the process — states have to submit plans to the Biden administration for approval, solicit bids on the work, and then award funds — has taken much of the first two years since the funding was approved. "I expect it to go much faster in 2024," he added.

"We are building a national EV charging network from scratch, and we want to get it right," a spokesperson for the Federal Highway Administration said in an email. "After developing program guidance and partnering with states to guide implementation plans, we are hitting our stride as states move quickly to bring National Electric Vehicle Infrastructure stations online...."

Part of the slow rollout is that the new chargers are expected to be held to much higher standards than previous generations of fast chargers. The United States currently has close to 10,000 "fast" charging stations in the country, of which over 2,000 are Tesla Superchargers, according to the Department of Energy. Tesla Superchargers — some of which have been opened to drivers of other vehicles — are the most reliable fast-charging systems in the country. But many non-Tesla fast chargers have a reputation for poor performance and sketchy reliability. EV advocates have criticized Electrify America, the company created by Volkswagen after the company's "Dieselgate" emissions scandal, for spending hundreds of millions of dollars on chargers that don't work well. The company has said they are working to improve reliability. The data analytics company J.D. Power has estimated that only 80 percent of all charging attempts in the country are successful.

Biden administration guidance requires the new publicly funded chargers to be operational 97% of the time, provide 150kW of power at each charger, and be no more than one mile from the interstate, among many other requirements.EV policy experts say those requirements are critical to building a good nationwide charging program — but also slow down the build-out of the chargers. "This funding comes with dozens of rules and requirements," Laska said. "That is the nature of what we're trying to accomplish....

"States are just not operating with the same urgency that some of the rest of us are."

The article notes that private companies are also building charging stations — but the publicly-funded spots would increase America's car-charging capacity by around 50 percent, "a crucial step to alleviating 'range anxiety' and helping Americans shift into battery electric cars.

"States just have to build them first."
Government

Congress Bans Staff Use of Microsoft's AI Copilot (axios.com) 32

The U.S. House has set a strict ban on congressional staffers' use of Microsoft Copilot, the company's AI-based chatbot, Axios reported Friday. From the report: The House last June restricted staffers' use of ChatGPT, allowing limited use of the paid subscription version while banning the free version. The House's Chief Administrative Officer Catherine Szpindor, in guidance to congressional offices obtained by Axios, said Microsoft Copilot is "unauthorized for House use."

"The Microsoft Copilot application has been deemed by the Office of Cybersecurity to be a risk to users due to the threat of leaking House data to non-House approved cloud services," it said. The guidance added that Copilot "will be removed from and blocked on all House Windows devices."

AI

NYC's Government Chatbot Is Lying About City Laws and Regulations (arstechnica.com) 57

An anonymous reader quotes a report from Ars Technica: NYC's "MyCity" ChatBot was rolled out as a "pilot" program last October. The announcement touted the ChatBot as a way for business owners to "save ... time and money by instantly providing them with actionable and trusted information from more than 2,000 NYC Business web pages and articles on topics such as compliance with codes and regulations, available business incentives, and best practices to avoid violations and fines." But a new report from The Markup and local nonprofit news site The City found the MyCity chatbot giving dangerously wrong information about some pretty basic city policies. To cite just one example, the bot said that NYC buildings "are not required to accept Section 8 vouchers," when an NYC government info page says clearly that Section 8 housing subsidies are one of many lawful sources of income that landlords are required to accept without discrimination. The Markup also received incorrect information in response to chatbot queries regarding worker pay and work hour regulations, as well as industry-specific information like funeral home pricing. Further testing from BlueSky user Kathryn Tewson shows the MyCity chatbot giving some dangerously wrong answers regarding treatment of workplace whistleblowers, as well as some hilariously bad answers regarding the need to pay rent.

MyCity's Microsoft Azure-powered chatbot uses a complex process of statistical associations across millions of tokens to essentially guess at the most likely next word in any given sequence, without any real understanding of the underlying information being conveyed. That can cause problems when a single factual answer to a question might not be reflected precisely in the training data. In fact, The Markup said that at least one of its tests resulted in the correct answer on the same query about accepting Section 8 housing vouchers (even as "ten separate Markup staffers" got the incorrect answer when repeating the same question). The MyCity Chatbot -- which is prominently labeled as a "Beta" product -- does tell users who bother to read the warnings that it "may occasionally produce incorrect, harmful or biased content" and that users should "not rely on its responses as a substitute for professional advice." But the page also states front and center that it is "trained to provide you official NYC Business information" and is being sold as a way "to help business owners navigate government."
NYC Office of Technology and Innovation Spokesperson Leslie Brown told The Markup that the bot "has already provided thousands of people with timely, accurate answers" and that "we will continue to focus on upgrading this tool so that we can better support small businesses across the city."
The Courts

Apple Sues Former Employee For Leaking Journal App, Vision Pro Details (macrumors.com) 47

Apple has sued its former employee Andrew Aude for leaking information about more than a half-dozen Apple products and policies, including its then-unannounced Journal app and Vision Pro headset, product development policies, strategies for regulatory compliance, employee headcounts, and more. MacRumors reports: Aude joined Apple as an iOS software engineer in 2016, shortly after graduating college. He worked on optimizing battery performance, making him "privy to information regarding dozens of Apple's most sensitive projects," according to the complaint. In April 2023, for example, Apple alleges that Aude leaked a list of finalized features for the iPhone's Journal app to a journalist at The Wall Street Journal on a phone call. That same month, The Wall Street Journal's Aaron Tilley published a report titled "Apple Plans iPhone Journaling App in Expansion of Health Initiatives."

Using the encrypted messaging app Signal, Aude is said to have sent "over 1,400" messages to the same journalist, who Aude referred to as "Homeboy." He is also accused of sending "over 10,000 text messages" to another journalist at the website The Information, and he allegedly traveled "across the continent" to meet with her. Other leaks relate to the Vision Pro and other hardware: "As another example, an October 2020 screenshot on Mr. Aude's Apple-issued work iPhone shows that he disclosed Apple's development of products within the spatial computing space to a non-Apple employee. Mr. Aude made this disclosure even though Apple's development efforts were confidential and not known to the public. Over the following months, Mr. Aude disclosed additional Apple confidential information -- including information concerning unannounced products, and hardware information."

Apple believes that Aude's actions were "extensive and purposeful," with Aude allegedly admitting that he leaked information so he could "kill" products and features with which he took issue. The company alleges that his wrongful disclosures resulted in at least five news articles discussing the company's confidential and proprietary information. Apple says these public revelations impeded its ability to "surprise and delight" with its latest products. Apple said it learned of Aude's wrongful disclosures in late 2023, and the company fired him for his alleged misconduct in December of that year. [...] Apple is seeking both compensatory and punitive damages in an amount to be determined at trial, and it is also seeking other legal remedies.
The full complaint can be read here (PDF).
Cloud

Cloud Server Host Vultr Rips User Data Ownership Clause From ToS After Web Outage (theregister.com) 28

Tobias Mann reports via The Register: Cloud server provider Vultr has rapidly revised its terms-of-service after netizens raised the alarm over broad clauses that demanded the "perpetual, irrevocable, royalty-free" rights to customer "content." The red tape was updated in January, as captured by the Internet Archive, and this month users were asked to agree to the changes by a pop-up that appeared when using their web-based Vultr control panel. That prompted folks to look through the terms, and there they found clauses granting the US outfit a "worldwide license ... to use, reproduce, process, adapt ... modify, prepare derivative works, publish, transmit, and distribute" user content.

It turned out these demands have been in place since before the January update; customers have only just noticed them now. Given Vultr hosts servers and storage in the cloud for its subscribers, some feared the biz was giving itself way too much ownership over their stuff, all in this age of AI training data being put up for sale by platforms. In response to online outcry, largely stemming from Reddit, Vultr in the past few hours rewrote its ToS to delete those asserted content rights. CEO J.J. Kardwell told The Register earlier today it's a case of standard legal boilerplate being taken out of context. The clauses were supposed to apply to customer forum posts, rather than private server content, and while, yes, the terms make more sense with that in mind, one might argue the legalese was overly broad in any case.

"We do not use user data," Kardwell stressed to us. "We never have, and we never will. We take privacy and security very seriously. It's at the core of what we do globally." [...] According to Kardwell, the content clauses are entirely separate to user data deployed in its cloud, and are more aimed at one's use of the Vultr website, emphasizing the last line of the relevant fine print: "... for purposes of providing the services to you." He also pointed out that the wording has been that way for some time, and added the prompt asking users to agree to an updated ToS was actually spurred by unrelated Microsoft licensing changes. In light of the controversy, Vultr vowed to remove the above section to "simplify and further clarify" its ToS, and has indeed done so. In a separate statement, the biz told The Register the removal will be followed by a full review and update to its terms of service.
"It's clearly causing confusion for some portion of users. We recognize that the average user doesn't have a law degree," Kardwell added. "We're very focused on being responsive to the community and the concerns people have and we believe the strongest thing we can do to demonstrate that there is no bad intent here is to remove it."
Government

Biden Orders Every US Agency To Appoint a Chief AI Officer 48

An anonymous reader quotes a report from Ars Technica: The White House has announced the "first government-wide policy (PDF) to mitigate risks of artificial intelligence (AI) and harness its benefits." To coordinate these efforts, every federal agency must appoint a chief AI officer with "significant expertise in AI." Some agencies have already appointed chief AI officers, but any agency that has not must appoint a senior official over the next 60 days. If an official already appointed as a chief AI officer does not have the necessary authority to coordinate AI use in the agency, they must be granted additional authority or else a new chief AI officer must be named.

Ideal candidates, the White House recommended, might include chief information officers, chief data officers, or chief technology officers, the Office of Management and Budget (OMB) policy said. As chief AI officers, appointees will serve as senior advisers on AI initiatives, monitoring and inventorying all agency uses of AI. They must conduct risk assessments to consider whether any AI uses are impacting "safety, security, civil rights, civil liberties, privacy, democratic values, human rights, equal opportunities, worker well-being, access to critical resources and services, agency trust and credibility, and market competition," OMB said. Perhaps most urgently, by December 1, the officers must correct all non-compliant AI uses in government, unless an extension of up to one year is granted.

The chief AI officers will seemingly enjoy a lot of power and oversight over how the government uses AI. It's up to the chief AI officers to develop a plan to comply with minimum safety standards and to work with chief financial and human resource officers to develop the necessary budgets and workforces to use AI to further each agency's mission and ensure "equitable outcomes," OMB said. [...] Among the chief AI officer's primary responsibilities is determining what AI uses might impact the safety or rights of US citizens. They'll do this by assessing AI impacts, conducting real-world tests, independently evaluating AI, regularly evaluating risks, properly training staff, providing additional human oversight where necessary, and giving public notice of any AI use that could have a "significant impact on rights or safety," OMB said. Chief AI officers will ultimately decide if any AI use is safety- or rights-impacting and must adhere to OMB's minimum standards for responsible AI use. Once a determination is made, the officers will "centrally track" the determinations, informing OMB of any major changes to "conditions or context in which the AI is used." The officers will also regularly convene "a new Chief AI Officer Council to coordinate" efforts and share innovations government-wide.
Chief AI officers must consult with the public and maintain options to opt-out of "AI-enabled decisions," OMB said. "However, these chief AI officers also have the power to waive opt-out options "if they can demonstrate that a human alternative would result in a service that is less fair (e.g., produces a disparate impact on protected classes) or if an opt-out would impose undue hardship on the agency."

Slashdot Top Deals