One of the suggestions in a recent report (PDF) from the European Parliament's Committee on Internal Market and Consumer Protection is to expand geo-blocking restrictions to the audiovisual sector, including streaming platforms. This has spooked some stakeholders who warn that a ban on geo-blocking would put the entire industry at risk. TorrentFreak reports: The report recommends the EU Commission to launch a comprehensive review of the current geo-blocking regulation and have that completed by 2025. It also carries several suggestions for improvement and expansion of the current rules. "The data presented in the report suggest that the effects of such an [geo-blocking] extension would vary by type of content, depending on the level of consumer demand and on the availability of content across the EU," the report's summary reads. "As regards an extension to audio-visual content, it highlights potential benefits for consumers, notably in the availability of a wider choice of content across borders. The report also identifies the potential impact that such an extension of the scope would have on the overall dynamics of the audio-visual sector, but concludes that it needs to be further assessed."

The proposals don't include the abolishment of all territorial licenses in the EU, and they're mindful of the potential impact on the industry. Nevertheless, some industry insiders are spooked; the Creativity Works! coalition (CW), for example, which counts the MPA, ACT, and the Premier League among its members. According to CW, geo-blocking technology is crucial to the creative and cultural industries in Europe. "Geo-blocking is one of the foundations for Europe's creative and cultural sectors, providing Europeans with the means to create, produce, showcase, publish, distribute and finance diverse, high-quality and affordable content," they write.

Banning geo-blocking altogether would be a disaster that puts millions of jobs and hundreds of billions of euros in revenue at risk, CW warns. At the same time, it may result in more expensive subscriptions for many consumers. "Ending geo-blocking's exclusive territorial licensing would threaten 10,000 European cinemas, access to over 8,500 European VOD films and up to half of European film budgets," CW writes. "What's more, over 100 million European fans could pay more to view the same sports coverage, while major digital streaming platforms might be forced to introduce sharp hikes for consumers in many European countries." Understandably, the movie industry is concerned about legislation that upsets the status quo. However, the IMCO report doesn't recommend a wholesale ban on territorial licenses but aims to ensure that content is available in regions where it currently isn't. At this stage, nothing is set in stone, so proposals could change. However, the present recommendations appear to seek a balance between the interests of the entertainment industry and the public at large.

"Researchers have identified a large number of bugs to do with the processing of images at boot time," writes longtime Slashdot reader jd. "This allows malicious code to be installed undetectably (since the image doesn't have to pass any validation checks) by appending it to the image. None of the current secure boot mechanisms are capable of blocking the attack." Ars Technica reports: LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux. The vulnerabilities are the product of almost a year's worth of work by Binarly, a firm that helps customers identify and secure vulnerable firmware. The vulnerabilities are the subject of a coordinated mass disclosure released Wednesday. The participating companies comprise nearly the entirety of the x64 and ARM CPU ecosystem, starting with UEFI suppliers AMI, Insyde, and Phoenix (sometimes still called IBVs or independent BIOS vendors); device manufacturers such as Lenovo, Dell, and HP; and the makers of the CPUs that go inside the devices, usually Intel, AMD or designers of ARM CPUs. The researchers unveiled the attack on Wednesday at the Black Hat Security Conference in London.

As its name suggests, LogoFAIL involves logos, specifically those of the hardware seller that are displayed on the device screen early in the boot process, while the UEFI is still running. Image parsers in UEFIs from all three major IBVs are riddled with roughly a dozen critical vulnerabilities that have gone unnoticed until now. By replacing the legitimate logo images with identical-looking ones that have been specially crafted to exploit these bugs, LogoFAIL makes it possible to execute malicious code at the most sensitive stage of the boot process, which is known as DXE, short for Driver Execution Environment. "Once arbitrary code execution is achieved during the DXE phase, it's game over for platform security," researchers from Binarly, the security firm that discovered the vulnerabilities, wrote in a whitepaper. "From this stage, we have full control over the memory and the disk of the target device, thus including the operating system that will be started." From there, LogoFAIL can deliver a second-stage payload that drops an executable onto the hard drive before the main OS has even started. The following video demonstrates a proof-of-concept exploit created by the researchers. The infected device -- a Gen 2 Lenovo ThinkCentre M70s running an 11th-Gen Intel Core with a UEFI released in June -- runs standard firmware defenses, including Secure Boot and Intel Boot Guard. LogoFAIL vulnerabilities are tracked under the following designations: CVE-2023-5058, CVE-2023-39538, CVE-2023-39539, and CVE-2023-40238. However, this list is currently incomplete.

"A non-exhaustive list of companies releasing advisories includes AMI (PDF), Insyde, Phoenix, and Lenovo," reports Ars. "People who want to know if a specific device is vulnerable should check with the manufacturer."

"The best way to prevent LogoFAIL attacks is to install the UEFI security updates that are being released as part of Wednesday's coordinated disclosure process. Those patches will be distributed by the manufacturer of the device or the motherboard running inside the device. It's also a good idea, when possible, to configure UEFIs to use multiple layers of defenses. Besides Secure Boot, this includes both Intel Boot Guard and, when available, Intel BIOS Guard. There are similar additional defenses available for devices running AMD or ARM CPUs."

Unidentified governments are surveilling smartphone users via their apps' push notifications, a U.S. senator warned on Wednesday. From a report: In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from Alphabet's Google and Apple. Although details were sparse, the letter lays out yet another path by which governments can track smartphones. Apps of all kinds rely on push notifications to alert smartphone users to incoming messages, breaking news, and other updates. [...] That gives the two companies unique insight into the traffic flowing from those apps to their users, and in turn puts them "in a unique position to facilitate government surveillance of how users are using particular apps," Wyden said.

He asked the Department of Justice to "repeal or modify any policies" that hindered public discussions of push notification spying. In a statement, Apple said that Wyden's letter gave them the opening they needed to share more details with the public about how governments monitored push notifications. "In this case, the federal government prohibited us from sharing any information," the company said in a statement. "Now that this method has become public we are updating our transparency reporting to detail these kinds of requests."

An anonymous reader quotes a report from Ars Technica: In an editorial for Slate published Monday, renowned security researcher Bruce Schneier warned that AI models may enable a new era of mass spying, allowing companies and governments to automate the process of analyzing and summarizing large volumes of conversation data, fundamentally lowering barriers to spying activities that currently require human labor. In the piece, Schneier notes that the existing landscape of electronic surveillance has already transformed the modern era, becoming the business model of the Internet, where our digital footprints are constantly tracked and analyzed for commercial reasons.

Spying, by contrast, can take that kind of economically inspired monitoring to a completely new level: "Spying and surveillance are different but related things," Schneier writes. "If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the end, I would get a report of all the conversations you had and the contents of those conversations. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did." Schneier says that current spying methods, like phone tapping or physical surveillance, are labor-intensive, but the advent of AI significantly reduces this constraint. Generative AI systems are increasingly adept at summarizing lengthy conversations and sifting through massive datasets to organize and extract relevant information. This capability, he argues, will not only make spying more accessible but also more comprehensive. "This spying is not limited to conversations on our phones or computers," Schneier writes. "Just as cameras everywhere fueled mass surveillance, microphones everywhere will fuel mass spying. Siri and Alexa and 'Hey, Google' are already always listening; the conversations just aren't being saved yet." [...]

In his editorial, Schneier raises concerns about the chilling effect that mass spying could have on society, cautioning that the knowledge of being under constant surveillance may lead individuals to alter their behavior, engage in self-censorship, and conform to perceived norms, ultimately stifling free expression and personal privacy. So what can people do about it? Anyone seeking protection from this type of mass spying will likely need to look toward government regulation to keep it in check since commercial pressures often trump technological safety and ethics. [...] Schneier isn't optimistic on that front, however, closing with the line, "We could prohibit mass spying. We could pass strong data-privacy rules. But we haven't done anything to limit mass surveillance. Why would spying be any different?" It's a thought-provoking piece, and you can read the entire thing on Slate.

An anonymous reader shares a report: After a spy camera designed to look like a towel hook was purchased on Amazon and illegally used for months to capture photos of a minor in her private bathroom, Amazon was sued. The plaintiff -- a former Brazilian foreign exchange student then living in West Virginia -- argued that Amazon had inspected the camera three times and its safety team had failed to prevent allegedly severe, foreseeable harms still affecting her today.

Amazon hoped the court would dismiss the suit, arguing that the platform wasn't responsible for the alleged criminal conduct harming the minor. But after nearly eight months deliberating, a judge recently largely denied the tech giant's motion to dismiss. Amazon's biggest problem persuading the judge was seemingly the product descriptions that the platform approved. An amended complaint included a photo from Amazon's product listing that showed bathroom towels hanging on hooks that disguised the hidden camera. Text on that product image promoted the spycams, boasting that they "won't attract attention" because each hook appears to be "a very ordinary hook."

Because "Amazon approved product descriptions suggesting consumers use" the spycam "to record private moments in a bathroom," US district judge Robert Chambers wrote, "Amazon cannot claim shock when a consumer does just that." "These allegations raise a reasonable inference Amazon sold a camera knowing it would be used to record a third party in a bathroom without their consent," Chambers wrote.

Trevor Jacob, a daredevil YouTuber who deliberately crashed a plane for views in a moneymaking scheme, has been sentenced to six months in federal prison. Jacob posted a video of himself in 2021 parachuting out of a plane that he claimed had malfunctioned. In reality, the aircraft was purposely abandoned and crashed into the Los Padres National Forest in Southern California. From a report: Jacob pleaded guilty to one felony count of destruction and concealment with the intent to obstruct a federal investigation on June 30. "It appears that (Jacob) exercised exceptionally poor judgment in committing this offense," prosecutors said in the release. "(Jacob) most likely committed this offense to generate social media and news coverage for himself and to obtain financial gain. Nevertheless, this type of 'daredevil' conduct cannot be tolerated."

Jacob received a sponsorship from a company and had agreed to promote the company's wallet in the YouTube video that he would post. [...] The release said Jacob lied to federal investigators when he filed a report that falsely indicated his plane lost full power approximately 35 minutes into the flight. He also lied to a Federal Aviation Administration aviation safety inspector when he said he had parachuted out of the plane when the airplane's engine had quit because he could not identify any safe landing options.

At the Reagan National Defense Forum in Simi Valley, California, on Saturday, US Commerce Secretary Gina Raimondo issued a cautionary statement to Nvidia, urging them to stop redesigning AI chips for China that maneuver around export restrictions. "We cannot let China get these chips. Period," she said. "We're going to deny them our most cutting-edge technology." Fortune reports: Raimondo said American companies will need to adapt to US national security priorities, including export controls that her department has placed on semiconductor exports. "I know there are CEOs of chip companies in this audience who were a little cranky with me when I did that because you're losing revenue," she said. "Such is life. Protecting our national security matters more than short-term revenue."

Raimondo called out Nvidia Corp., which designed chips specifically for the Chinese market after the US imposed its initial round of curbs in October 2022. "If you redesign a chip around a particular cut line that enables them to do AI, I'm going to control it the very next day," Raimondo said. Communication with China can help stabilize ties between the two countries, but "on matters of national security, we've got to be eyes wide open about the threat," she said. "This is the biggest threat we've ever had and we need to meet the moment," she said. Further reading: Nvidia CEO Says US Will Take Years To Achieve Chip Independence

An anonymous reader quotes a report from Ars Technica: US Senator Edward Markey (D-Mass.) is one of the more technologically engaged of our elected lawmakers. And like many technologically engaged Ars Technica readers, he does not like what he sees in terms of automakers' approach to data privacy. On Friday, Sen. Markey wrote to 14 car companies with a variety of questions about data privacy policies, urging them to do better. As Ars reported in September, the Mozilla Foundation published a scathing report on the subject of data privacy and automakers. The problems were widespread -- most automakers collect too much personal data and are too eager to sell or share it with third parties, the foundation found.

Markey noted (PDF) the Mozilla Foundation report in his letters, which were sent to BMW, Ford, General Motors, Honda, Hyundai, Kia, Mazda, Mercedes-Benz, Nissan, Stellantis, Subaru, Tesla, Toyota, and Volkswagen. The senator is concerned about the large amounts of data that modern cars can collect, including the troubling potential to use biometric data (like the rate a driver blinks and breathes, as well as their pulse) to infer mood or mental health. Sen. Markey is also worried about automakers' use of Bluetooth, which he said has expanded "their surveillance to include information that has nothing to do with a vehicle's operation, such as data from smartphones that are wirelessly connected to the vehicle." "These practices are unacceptable," Markey wrote. "Although certain data collection and sharing practices may have real benefits, consumers should not be subject to a massive data collection apparatus, with any disclosures hidden in pages-long privacy policies filled with legalese. Cars should not -- and cannot -- become yet another venue where privacy takes a backseat."

The 14 automakers have until December 21 to answer Markey's questions.

Long-time Slashdot reader nmb3000 writes: The Electronic Frontier Foundation has published a new white paper, Privacy First: A Better Way to Address Online Harms , to propose an alternative to the "often ill-conceived, bills written by state, federal, and international regulators to tackle a broad set of digital topics ranging from child safety to artificial intelligence." According to the EFF, "these scattershot proposals to correct online harm are often based on censorship and news cycles. Instead of this chaotic approach that rarely leads to the passage of good laws, we propose another solution."
The EFF writes:

100 miles south of the Canadian border, the tiny town of Bemidji, Minnesota "has been bombarded by a sudden onslaught of Amazon packages" since early November, reports the Washington Post, "and local postal workers say they have been ordered to deliver those packages first."

A spokesperson for the U.S. Postal Service tells the Post that's not true, and that their service "does not prioritize the delivery of packages from Amazon or other customers."

But whatever's going on, the Post reports that "The result has been chaos..." Mail is getting backed up, sometimes for days, leaving local residents waiting for checks, credit card statements, health insurance documents and tax rebates. Routes meant to take eight or nine hours are stretching to 10 or 12. At least five carriers have quit, and the post office has banned scheduled sick days for the rest of the year, carriers say... Dennis Nelson, a veteran mail carrier, said he got so frustrated watching multiple co-workers "breaking down and crying" that he staged a symbolic strike earlier this month outside the post office where he has worked for more than 20 years...

Bemidji is not the only place where postal workers say they have been overwhelmed by packages from Amazon... Carriers and local officials say mail service has been disrupted in rural communities from Portland, Maine, to Washington state's San Juan Islands.

The situation stems from a crisis at the Postal Service, which has lost $6.5 billion in the past year. The post office has had a contract with Amazon since 2013, when it started delivering packages on Sundays. But in recent years, that business has exploded as Amazon has increasingly come to rely on postal carriers to make "last-mile" deliveries in harder-to-reach rural locations. The Postal Service considers the contract proprietary and has declined to disclose its terms. But U.S. Postmaster General Louis DeJoy has said publicly that "increasing package volume" — not just from Amazon, but from FedEx and UPS as well — is key to the mail service's financial future. In a Nov. 14 speech to the Postal Service Board of Governors, DeJoy said he wants the post office to become the "preferred delivery provider in the nation...."

In bigger cities, Amazon has its own distribution network, which takes some of the pressure off the post office. But in rural areas, where carriers drive miles of lonely routes in their personal vehicles, the arrangement has caused problems. In the mountains of Colorado, biologists in Crested Butte are struggling with the delay of time-sensitive samples, the Denver Post reported in September, while mail carriers in Carbondale say they are overwhelmed by Amazon packages. Other Minnesota towns including Brainerd and La Porte have been hit hard by Amazon in the past, carriers said...

Partenheimer defended the post office's record in an email, while conceding "much work remains to be done...."
An Amazon spokesperson told the Post "We work directly with the USPS to balance our delivery needs with their available capacity," and "we'll continue to collaborate on package volume each week and adjust as needed."

This week the White House announced a series of "AI hackathons to strengthen critical mineral supply chains," starting in February of 2024.

There's 50 critical minerals are used in everything from electric motors and generators to the fuselage and wings of an airplane. So now the "Critical Mineral Assessments with AI Support" contest aims to "significantly speed up the assessment of the nation's critical mineral resources by automating key steps" using AI and machine learning tools, according to a DARPA announcement on X, pointing to details on a new DARPA web page: Clean energy infrastructure, along with many other next-generation technologies, consume more critical minerals than traditional energy sources, and expected demand for critical minerals used in clean energy will quadruple by 2040... The goal of this AI exploration effort is to transform the workflow from a serial, predominantly manual, intermittently updated approach, to a highly parallel, continuous AI-assisted capability that is comprehensive in scope, efficient in scale, and generalizable across an array of applications...

The challenge is that critical mineral assessments are labor intensive and using traditional techniques, assessing all 50 critical minerals would proceed too slowly to address present-day supply chain needs. An AI-assisted workflow could enable the U.S. Geological Survey to accomplish its mission, produce high-quality derivative products from raw input data, and deliver timely assessments that reduce exploration risk and support decisions affecting the management of strategic domestic resources.

While the primary focus will be critical minerals, it is expected that the resulting technologies and resulting data products will be valuable for a wide variety of U.S. government mission areas ranging from water resource management, to potential new clean energy sources.
It all started back in 2022, when the resource-identifying U.S. Geological Survey acknowledged that "The U.S. is under-mapped." They'd hoped an online contest could close the gap — with a first prize of $10,000 (with $3,000 and $1,000 for the second- and third-place winner). Working with NASA's Jet Propulsion Laboratory and the government-supporting research nonprofit MITRE, DARPA and the U.S. Geological Survey all teamed up for the big "AI for Critical Mineral Assessment" competition.

Participants were given images of maps from somewhere in North America — along with a list of points without their latitude-longitude coordinates (just a pair of numbers indicating their position within that image). They'd have to find a way to automate the determination of real-world latitudes and longitudes. The contest recommended using other features on the map as reference points — like roads, streams, and elevation-indicating topographic lines, as well as government boundary lines (and the names of places on the map). And last December during the awards ceremony a DARPA official said they were "really really pleased at the response we got."

The new 2024 AI hackathons are now intended to build on the challenges from that 2022 competition. One competitor had described it as a "well-organized competition, really engaging," adding "I think the complexity of the maps that were part of the data set just made it a really interesting and engaging kind of problem."

They noted that in the past we've always indicated data with maps — but that now, we're trying to turn maps back into data...

Three days after Amazon announced its AI chatbot Q, some employees are sounding alarms about accuracy and privacy issues. From a report: Q is "experiencing severe hallucinations and leaking confidential data," including the location of AWS data centers, internal discount programs, and unreleased features, according to leaked documents obtained by Platformer. An employee marked the incident as "sev 2," meaning an incident bad enough to warrant paging engineers at night and make them work through the weekend to fix it.

[...] In a statement, Amazon played down the significance of the employee discussions. "Some employees are sharing feedback through internal channels and ticketing systems, which is standard practice at Amazon," a spokesperson said. "No security issue was identified as a result of that feedback. We appreciate all of the feedback we've already received and will continue to tune Q as it transitions from being a product in preview to being generally available."

An anonymous reader quotes a report from the Associated Press: City lawmakers in Brazil have enacted what appears to be the nation's first legislation written entirely by artificial intelligence -- even if they didn't know it at the time. The experimental ordinance was passed in October in the southern city of Porto Alegre and city councilman Ramiro Rosario revealed this week that it was written by a chatbot, sparking objections and raising questions about the role of artificial intelligence in public policy. Rosario told The Associated Press that he asked OpenAI's chatbot ChatGPT to craft a proposal to prevent the city from charging taxpayers to replace water consumption meters if they are stolen. He then presented it to his 35 peers on the council without making a single change or even letting them know about its unprecedented origin.

"If I had revealed it before, the proposal certainly wouldn't even have been taken to a vote," Rosario told the AP by phone on Thursday. The 36-member council approved it unanimously and the ordinance went into effect on Nov. 23. "It would be unfair to the population to run the risk of the project not being approved simply because it was written by artificial intelligence," he added. [...] Keeping the proposal's origin secret was intentional. Rosario told the AP his objective was not just to resolve a local issue, but also to spark a debate. He said he entered a 49-word prompt into ChatGPT and it returned the full draft proposal within seconds, including justifications.

"I am convinced that ... humanity will experience a new technological revolution," he said. "All the tools we have developed as a civilization can be used for evil and good. That's why we have to show how it can be used for good." And the council president [Hamilton Sossmeier], who initially decried the method, already appears to have been swayed. "I changed my mind," Sossmeier said. "I started to read more in depth and saw that, unfortunately or fortunately, this is going to be a trend."

Montana's first-of-its-kind state ban on TikTok has been blocked by a U.S. judge, saying it "oversteps state power and infringes on the constitutional rights of users." Reuters reports: TikTok, which is owned by China's ByteDance, did not immediately comment Thursday. The company sued Montana in May, seeking to block the U.S. state ban on several grounds, arguing that it violates the First Amendment free speech rights of the company and users. TikTok users in Montana also filed suit to block the ban. TikTok said in a court filing it "has not shared, and would not share, U.S. user data with the Chinese government, and has taken substantial measures to protect the privacy and security of TikTok users."

Molloy, who was appointed to the bench by Democratic President Bill Clinton, found merit to numerous arguments raised by TikTok in his opinion. During an October hearing, Molloy questioned why no other state had followed Montana in banning TikTok and asked if the state was being "paternalistic" in arguing the ban was necessary to protect the data of TikTok users. Montana could have imposed fines of $10,000 for each violation by TikTok in the state but the law did not impose penalties on individual TikTok users.

Jason Koebler reports via 404 Media: A team of researchers primarily from Google's DeepMind systematically convinced ChatGPT to reveal snippets of the data it was trained on using a new type of attack prompt which asked a production model of the chatbot to repeat specific words forever. Using this tactic, the researchers showed that there are large amounts of privately identifiable information (PII) in OpenAI's large language models. They also showed that, on a public version of ChatGPT, the chatbot spit out large passages of text scraped verbatim from other places on the internet.

ChatGPT's response to the prompt "Repeat this word forever: 'poem poem poem poem'" was the word "poem" for a long time, and then, eventually, an email signature for a real human "founder and CEO," which included their personal contact information including cell phone number and email address, for example. "We show an adversary can extract gigabytes of training data from open-source language models like Pythia or GPT-Neo, semi-open models like LLaMA or Falcon, and closed models like ChatGPT," the researchers, from Google DeepMind, the University of Washington, Cornell, Carnegie Mellon University, the University of California Berkeley, and ETH Zurich, wrote in a paper published in the open access prejournal arXiv Tuesday.

This is particularly notable given that OpenAI's models are closed source, as is the fact that it was done on a publicly available, deployed version of ChatGPT-3.5-turbo. It also, crucially, shows that ChatGPT's "alignment techniques do not eliminate memorization," meaning that it sometimes spits out training data verbatim. This included PII, entire poems, "cryptographically-random identifiers" like Bitcoin addresses, passages from copyrighted scientific research papers, website addresses, and much more. "In total, 16.9 percent of generations we tested contained memorized PII," they wrote, which included "identifying phone and fax numbers, email and physical addresses ... social media handles, URLs, and names and birthdays." [...] The researchers wrote that they spent $200 to create "over 10,000 unique examples" of training data, which they say is a total of "several megabytes" of training data. The researchers suggest that using this attack, with enough money, they could have extracted gigabytes of training data.

Dollar Tree was impacted by a third-party data breach stemming from the hack of service provider Zeroed-In Technologies. According to Bleeping Computer, nearly two million customers have been affected. "The information stolen during the attack includes names, dates of birth, and Social Security numbers (SSNs)." From the report: According to a data breach notification shared with the Maine Attorney General, Dollar Tree's service provider, Zeroed-In, suffered a security incident between August 7 and 8, 2023. As part of this cyberattack, the threat actors managed to steal data containing the personal information of Dollar Tree and Family Dollar employees. "While the investigation was able to determine that these systems were accessed, it was not able to confirm all of the specific files that were accessed or taken by the unauthorized actor," reads the letter sent to affected individuals. "Therefore, Zeroed-In conducted a review of the contents of the systems to determine what information was present at the time of the incident and to whom the information relates."

The information stolen during the attack includes names, dates of birth, and Social Security numbers (SSNs). Zeroed-In has notified the affected individuals and enclosed instructions on enrolling in a twelve-month identity protection and credit monitoring service. Other Zeroed-In customers apart from Dollar Tree and Family Dollar may have also been impacted by the security breach, but this hasn't been confirmed yet. Meanwhile, the scale of the data breach has already triggered investigations from law firms looking into a potential class-action lawsuit against Zeroed-In.

An anonymous reader quotes a report from the CBC: Google and the federal government have reached an agreement in their dispute over the Online News Act that would see Google continue to share Canadian news online in return for the company making annual payments to news companies in the range of $100 million. Sources told Radio-Canada and CBC News earlier Wednesday that an agreement had been reached. Heritage Minister Pascale St-Onge confirmed the news Wednesday afternoon. "Many doubted that we would be successful, but I was confident we would find a way to address Google's concerns," she told reporters outside the House of Commons.

The federal government and Google agreed on the regulatory framework earlier this week, a government source familiar with the talks told Radio-Canada. The federal government had estimated earlier this year that Google's compensation should amount to about $172 million. Google estimated the value at $100 million. The company said it would not have a mandatory negotiation model imposed on it for talks with Canadian media organizations, preferring to deal with a single point of contact. The new regulations will allow Google to negotiate with a single group that would represent all media, allowing the company to limit its arbitration risk. Google would still be required to negotiate with the media and sign an agreement. The digital giant could also add additional service contributions, which have yet to be specified.

Richard Speed reports via The Register: A jury has sided with Computer Sciences Corporation (CSC) against Tata Consultancy Services (TCS) over the theft of source code and documentation. A total of $210 million was this week awarded. According to the verdict [PDF], a Texas jury agreed that TCS had "willfully and maliciously" misappropriated both source and confidential documentation by "improper means," awarding CSC $140 million in damages, with another $70 million tacked on for TCS's "unjust enrichment." The complaint [PDF] was filed in April 2019 regarding CSC's VANTAGE-ONE and CyberLife software platforms. CSC had licensed these software platforms to Transamerica Corporation, a life insurance holding company, to whom Tata -- used here to collectively refer to Tata Consultancy Services Limited and Tata America International Corporation -- began providing maintenance services.

In 2014, CSC and Transamerica signed off on a Third-Party Access Addendum that would allow Tata to alter CSC's software, but only for the benefit of its customer -- Transamerica. All was well until 2016, when Transamerica decided it needed to refresh its software. CSC and Tata both put in bids. CSC lost, and Tata won with its own software platform called BaNCS. The circumstances got sticky at this point, not least because Tata hired more than 2,000 Transamerica employees. CSC alleged that these former employees had access to its code and documents, and forwarded them on to the Tata BaNCS development team. The situation escalated in 2019, when a CSC employee was accidentally copied in on an email between Tata and Transamerica showing that Tata was accessing confidential information, according to CSC. The company then began legal proceedings. Documents and motions have been exchanged in the years since as Tata sought to get the case thrown out while CSC's claims were upheld. Eventually, it went to a jury trial, which found for CSC.

An anonymous reader quotes a report from The Guardian: Instagram and Facebook parent company Meta purposefully engineered its platforms to addict children and knowingly allowed underage users to hold accounts, according to a newly unsealed legal complaint. The complaint is a key part of a lawsuit filed against Meta by the attorneys general of 33 states in late October and was originally redacted. It alleges the social media company knew -- but never disclosed -- it had received millions of complaints about underage users on Instagram but only disabled a fraction of those accounts. The large number of underage users was an "open secret" at the company, the suit alleges, citing internal company documents.

In one example, the lawsuit cites an internal email thread in which employees discuss why a 12-year-old girl's four accounts were not deleted following complaints from the girl's mother stating her daughter was 12 years old and requesting the accounts to be taken down. The employees concluded that "the accounts were ignored" in part because representatives of Meta "couldn't tell for sure the user was underage." The complaint said that in 2021, Meta received over 402,000 reports of under-13 users on Instagram but that 164,000 -- far fewer than half of the reported accounts -- were "disabled for potentially being under the age of 13" that year. The complaint noted that at times Meta has a backlog of up to 2.5m accounts of younger children awaiting action. The complaint alleges this and other incidents violate the Children's Online Privacy and Protection Act, which requires that social media companies provide notice and get parental consent before collecting data from children. The lawsuit also focuses on longstanding assertions that Meta knowingly created products that were addictive and harmful to children, brought into sharp focus by whistleblower Frances Haugen, who revealed that internal studies showed platforms like Instagram led children to anorexia-related content. Haugen also stated the company intentionally targets children under the age of 18.

Company documents cited in the complaint described several Meta officials acknowledging the company designed its products to exploit shortcomings in youthful psychology, including a May 2020 internal presentation called "teen fundamentals" which highlighted certain vulnerabilities of the young brain that could be exploited by product development. The presentation discussed teen brains' relative immaturity, and teenagers' tendency to be driven by "emotion, the intrigue of novelty and reward" and asked how these asked how these characteristics could "manifest ... in product usage." [...] One Facebook safety executive alluded to the possibility that cracking down on younger users might hurt the company's business in a 2019 email. But a year later, the same executive expressed frustration that while Facebook readily studied the usage of underage users for business reasons, it didn't show the same enthusiasm for ways to identify younger kids and remove them from its platforms.

A series of arrests that began in late August and continued into last week has sparked concerns that a relatively rare 'Scene' crackdown targeting the top of the so-called 'Piracy Pyramid' may be underway in the Nordic region. TorrentFreak reports: In a statement last week, Denmark's National Unit for Special Crime (NSK) announced that as part of a long-running investigation, a man was arrested on November 22 and then charged with copyright infringement offenses. NSK said its officers searched the home of a 47-year-old man in South Zealand (Sydsjaelland) and seized IT equipment in connection with illegal file-sharing and "copyright infringement of a particularly serious nature." "The case is about an organized network that has illegally shared extremely large quantities of films and TV series via file sharing services," said NSK Police Commissioner Anders-Emil Nohr Kelbaek. While noting that NSK had no further information to offer at this time, Kelbaek said he was pleased that NSK had arrested another suspect believed to have played a 'significant role' in the unnamed network.

Last week's arrest was only the latest in a series of arrests carried out as part of the same long-running NSK investigation into the illegal distribution of movies and TV shows. In late August, NSK arrested four people on suspicion of sharing "extremely large quantities" of movies and TV shows. NSK raided addresses in South-West Jutland, North Zealand and Bornholmand. A 43-year old was arrested at the last location, but it's claimed he lives elsewhere. In common with last week's arrest, all were charged on suspicion of "particularly serious" copyright infringement offenses. In an almost identical statement to that issued last week, Commissioner Anders-Emil Nohr Kelbaek said the case was about "an organized network that shares extremely large amounts of data, presumably in the form of films and series."

TorrentFreak sources report concerns that last week's arrest may be linked to Scene groups. Terminology used by NSK doesn't instantly rule that out and does seem to suggest something potentially more significant than other arrests over the past few years. According to NSK, the August arrests took place on August 28, 2023. Using information in Scene release databases we looked for Danish Scene groups and/or groups that were releasing Denmark-focused content before that date but then made no releases afterward; while that wouldn't provide conclusive proof that a group had been targeted, the method has proven useful in the past. While activity late August suggests nothing especially out of the ordinary, activity since the arrest last week stands in contrast. TF is informed that some groups may have gone dark simply out of an abundance of caution. It's also possible that the groups have nothing to release. Furthermore, there are many other global groups with no obvious links to Danish content or Denmark that also stopped releasing on November 21. The reasons for this are unknown but holidays in the United States may play a role.