×
United States

US Expects To Make Multi-Billion Chips Awards Within the Next Year (reuters.com) 13

David Shepardson reports via Reuters: U.S. Commerce Secretary Gina Raimondo said she expects to make around a dozen semiconductor chips funding awards within the next year, including multi-billion dollar announcements that could drastically reshape U.S. chip production. She announced the first award on Monday -- $35 million to a BAE Systems facility in Hampshire to produce chips for fighter planes from the "Chips for America" semiconductor manufacturing and research subsidy program approved by Congress in August 2022.

"Next year we'll get into some of the bigger ones with leading-edge fabs," Raimondo told reporters. "A year from now I think we will have made 10 or 12 similar announcements, some of them multi-billion dollar announcements." In an interview with Reuters, Raimondo said that the number of awards could go higher than 12. She said she wants the percentage of semiconductors produced in the United States to rise from about 12% to closer to 20% -- though that is still down from 40% in 1990 -- and to have at least two "leading-edge" U.S. manufacturing clusters. In addition, she wants the U.S. to have cutting-edge memory and packaging production and to "meet the military's needs for current and mature" chips. Raimondo noted that the U.S. currently does not have any cutting-edge manufacturing production and wants to get that to about 10%.

Crime

Cloud Engineer Gets 2 Years For Wiping Ex-Employer's Code Repos (bleepingcomputer.com) 121

Bill Toulas reports via BleepingComputer: Miklos Daniel Brody, a cloud engineer, was sentenced to two years in prison and a restitution of $529,000 for wiping the code repositories of his former employer in retaliation for being fired by the company. According to the U.S. Department of Justice (DoJ) announcement, Brody was fired on March 11, 2020, from First Republic Bank (FRB) in San Francisco, where he worked as a cloud engineer. The court documents state that Brody's employment was terminated after he violated company policies by connecting a USB drive containing pornography to company computers.

Following his dismissal, Brody allegedly refused to return his work laptop and instead used his still-valid account to access the bank's computer network and cause damages estimated to be above $220,000. "Among other things, Brody deleted the bank's code repositories, ran a malicious script to delete logs, left taunts within the bank's code for former colleagues, and impersonated other bank employees by opening sessions in their names," describes the U.S. DOJ announcement. "He also emailed himself proprietary bank code that he had worked on as an employee, which was valued at over $5,000."

After the incident, Brody falsely reported to the San Francisco Police Department that the FRB-issued laptop had been stolen from his car. He continued to uphold this story when interviewed by United States Secret Service agents following his arrest in March 2021. Eventually, in April 2023, Brody pleaded guilty to lying about the laptop and to two charges concerning violation of the Computer Fraud and Abuse Act. In addition to the two-year prison term and the payment of the restitution, Brody will serve three years of supervised release.

Piracy

Italy's 'Piracy Shield' Anti-Piracy System Launches, Applies To All DNS and VPN Providers (torrentfreak.com) 39

An anonymous reader quotes a report from TorrentFreak: A document detailing technical requirements of Italy's Piracy Shield anti-piracy system confirms that ISPs are not alone in being required to block pirate IPTV services. All VPN and open DNS services must also comply with blocking orders, including through accreditation to the Piracy Shield platform. [...] Italy's Piracy Shield anti-piracy system reportedly launched last week, albeit in limited fashion. Whether the platform had any impact on pirate IPTV providers offering the big game last Friday is unclear but plans supporting a full-on assault are pressing ahead.

When lawmakers gave Italy's new blocking regime the green light during the summer, the text made it clear that blocking instructions would not be limited to regular ISPs. The document issued by AGCOM [...] specifically highlights that VPN and DNS providers are no exception. "[A]ll parties in any capacity involved in the accessibility of illegally disseminated content -- and therefore also, by way of example and not limitation -- VPN and open DNS service providers, will have to execute the blocks requested by the Authority [AGCOM] including through accreditation to the Piracy Shield platform or otherwise implementing measures that prevent the user from reaching that content," the notice reads. [...]

The relevant section of the new law is in some ways even more broad when it comes to search engines such as Google. Whether they are directly involved in accessibility or not, they're still required to take action. AGCOM suggests that Google understands its obligations and is also prepared to take things further. The company says it will deindex offending platforms from search and also remove their ability to advertise. "Since this is a dynamic blocking, the search engine therefore undertakes to perform de-indexing of all websites/telematic addresses that are the subject of subsequent reports that can also be communicated by rights holders accredited to the platform," AGCOM writes. "Google has shared a procedural mode for the communication of the blocking list, and the Company has also committed to the timely removal of all advertisements that do not comply with the company's policies, having particular regard to those that invest the promotion of pirate sites referring to protected sporting events."

Microsoft

FTC Wants Microsoft's Relationship With OpenAI Under the Microscope (theregister.com) 13

The FTC is considering an investigation into Microsoft's investment in OpenAI to determine if the company broke any antitrust laws. The Register reports: Despite the money poured into it over the years, OpenAI was founded as a non-profit in 2015, and Microsoft's investment does not amount to control of the company. Microsoft chief communications officer Frank X Shaw underlined attempts to dampen down industry talk of a probe: "While details of our agreement remain confidential, it is important to note that Microsoft does not own any portion of OpenAI and is simply entitled to share of profit distributions."

At the end of last week, the UK's Competition and Markets Authority (CMA) launched a consultation to ask interested parties to comment on Microsoft's relationship with ChatGPT developer, and if it could be construed as a merger that potentially skews competition. If so, the CMA will itself launch an official inspection.

AI

MIT Group Releases White Papers On Governance of AI (mit.edu) 46

An anonymous reader quotes a report from MIT News: Providing a resource for U.S. policymakers, a committee of MIT leaders and scholars has released a set of policy briefs that outlines a framework for the governance of artificial intelligence. The approach includes extending current regulatory and liability approaches in pursuit of a practical way to oversee AI. The aim of the papers is to help enhance U.S. leadership in the area of artificial intelligence broadly, while limiting harm that could result from the new technologies and encouraging exploration of how AI deployment could be beneficial to society.

The main policy paper, "A Framework for U.S. AI Governance: Creating a Safe and Thriving AI Sector," suggests AI tools can often be regulated by existing U.S. government entities that already oversee the relevant domains. The recommendations also underscore the importance of identifying the purpose of AI tools, which would enable regulations to fit those applications. "As a country we're already regulating a lot of relatively high-risk things and providing governance there," says Dan Huttenlocher, dean of the MIT Schwarzman College of Computing, who helped steer the project, which stemmed from the work of an ad hoc MIT committee. "We're not saying that's sufficient, but let's start with things where human activity is already being regulated, and which society, over time, has decided are high risk. Looking at AI that way is the practical approach." [...]

"The framework we put together gives a concrete way of thinking about these things," says Asu Ozdaglar, the deputy dean of academics in the MIT Schwarzman College of Computing and head of MIT's Department of Electrical Engineering and Computer Science (EECS), who also helped oversee the effort. The project includes multiple additional policy papers and comes amid heightened interest in AI over last year as well as considerable new industry investment in the field. The European Union is currently trying to finalize AI regulations using its own approach, one that assigns broad levels of risk to certain types of applications. In that process, general-purpose AI technologies such as language models have become a new sticking point. Any governance effort faces the challenges of regulating both general and specific AI tools, as well as an array of potential problems including misinformation, deepfakes, surveillance, and more.
These are the key policies and approaches mentioned in the white papers:

Extension of Current Regulatory and Liability Approaches: The framework proposes extending current regulatory and liability approaches to cover AI. It suggests leveraging existing U.S. government entities that oversee relevant domains for regulating AI tools. This is seen as a practical approach, starting with areas where human activity is already being regulated and deemed high risk.

Identification of Purpose and Intent of AI Tools: The framework emphasizes the importance of AI providers defining the purpose and intent of AI applications in advance. This identification process would enable the application of relevant regulations based on the specific purpose of AI tools.

Responsibility and Accountability: The policy brief underscores the responsibility of AI providers to clearly define the purpose and intent of their tools. It also suggests establishing guardrails to prevent misuse and determining the extent of accountability for specific problems. The framework aims to identify situations where end users could reasonably be held responsible for the consequences of misusing AI tools.

Advances in Auditing of AI Tools: The policy brief calls for advances in auditing new AI tools, whether initiated by the government, user-driven, or arising from legal liability proceedings. Public standards for auditing are recommended, potentially established by a nonprofit entity or a federal entity similar to the National Institute of Standards and Technology (NIST).

Consideration of a Self-Regulatory Organization (SRO): The framework suggests considering the creation of a new, government-approved "self-regulatory organization" (SRO) agency for AI. This SRO, similar to FINRA for the financial industry, could accumulate domain-specific knowledge, ensuring responsiveness and flexibility in engaging with a rapidly changing AI industry.

Encouragement of Research for Societal Benefit: The policy papers highlight the importance of encouraging research on how to make AI beneficial to society. For instance, there is a focus on exploring the possibility of AI augmenting and aiding workers rather than replacing them, leading to long-term economic growth distributed throughout society.

Addressing Legal Issues Specific to AI: The framework acknowledges the need to address specific legal matters related to AI, including copyright and intellectual property issues. Special consideration is also mentioned for "human plus" legal issues, where AI capabilities go beyond human capacities, such as mass surveillance tools.

Broadening Perspectives in Policymaking: The ad hoc committee emphasizes the need for a broad range of disciplinary perspectives in policymaking, advocating for academic institutions to play a role in addressing the interplay between technology and society. The goal is to govern AI effectively by considering both technical and social systems.
The Courts

Google's App Store Ruled an Illegal Monopoly, as a Jury Sides With Epic Games (wired.com) 103

A jury in San Francisco unanimously found (PDF) that Google violated California and federal antitrust laws through deals that stifled competition for its mobile app store. "The verdict delivers the first significant US courtroom loss for big tech in the years-long campaign by rivals, regulators, and prosecutors to tame the power of internet gatekeepers," reports Wired. From the report: The lawsuit next moves to a remedies phase, meaning a judge as soon as the coming weeks will hear arguments about and decide whether to order changes to Google's business practices. Users of devices powered by Google's Android operating system could find more app options to choose from, at lower prices, if Google is forced to allow downloads of rival app stores from Play or share a greater portion of sales with developers selling digital items inside their apps.

The ruling came in a case first filed in 2020 by Epic Games, known for its blockbuster game Fortnite and tools for developers, and argued before a jury since early November. The jury of nine -- a 10th juror dropped out early in the trial -- deliberated for three hours before reaching its verdict. They faced 11 questions such as defining product and geographic markets and whether Google engaged in anticompetitive conduct in those areas. Epic had accused Google of restricting smartphone makers, wireless carriers, and app developers from providing any competition to the Play store, which accounts for over 95 percent of all downloads onto Android phones in the US. Google had denied any wrongdoing, saying that its sole aim was to provide a safe and attractive experience to users, especially as it faced competition from Apple, its iPhone, and its App Store.

Security

US Healthcare Giant Norton Says Hackers Stole Millions of Patients' Data During Ransomware Attack (techcrunch.com) 27

An anonymous reader quotes a report from TechCrunch: Kentucky-based nonprofit healthcare system Norton Healthcare has confirmed that hackers accessed the personal data of millions of patients and employees during an earlier ransomware attack. Norton operates more than 40 clinics and hospitals in and around Louisville, Kentucky, and is the city's third-largest private employer. The organization has more than 20,000 employees, and more than 3,000 total providers on its medical staff, according to its website. In a filing with Maine's attorney general on Friday, Norton said that the sensitive data of approximately 2.5 million patients, as well as employees and their dependents, was accessed during its May ransomware attack.

In a letter sent to those affected, the nonprofit said that hackers had access to "certain network storage devices between May 7 and May 9," but did not access Norton Healthcare's medical record system or Norton MyChart, its electronic medical record system. But Norton admitted that following a "time-consuming" internal investigation, which the organization completed in November, Norton found that hackers accessed a "wide range of sensitive information," including names, dates of birth, Social Security numbers, health and insurance information and medical identification numbers. Norton Healthcare says that, for some individuals, the exposed data may have also included financial account numbers, driver licenses or other government ID numbers, as well as digital signatures. It's not known if any of the accessed data was encrypted.

Norton says it notified law enforcement about the attack and confirmed it did not pay any ransom payment. The organization did not name the hackers responsible for the cyberattack, but the incident was claimed by the notorious ALPHV/BlackCat ransomware gang in May, according to data breach news site DataBreaches.net, which reported that the group claimed it exfiltrated almost five terabytes of data. TechCrunch could not confirm this, as the ALPHV website was inaccessible at the time of writing.

Privacy

Ex-Commissioner For Facial Recognition Tech Joins Facewatch Firm He Approved (theguardian.com) 12

The recently-departed watchdog in charge of monitoring facial recognition technology in UK has joined the private firm he controversially approved, paving the way for the mass roll-out of biometric surveillance cameras in high streets across the country. From a report: In a move critics have dubbed an "outrageous conflict of interest," Professor Fraser Sampson, former biometrics and surveillance camera commissioner, has joined Facewatch as a non-executive director. Sampson left his watchdog role on 31 October, with Companies House records showing he was registered as a company director at Facewatch the following day, 1 November.

Campaigners claim this might mean he was negotiating his Facewatch contract while in post, and have urged the advisory committee on business appointments to investigate if it may have "compromised his work in public office." It is understood that the committee is currently considering the issue. Facewatch uses biometric cameras to check faces against a watch list and, despite widespread concern over the technology, has received backing from the Home Office, and has already been introduced in hundreds of high-street shops and supermarkets.

Government

US Diet Committee Debates Whether Potatoes are Vegetables or 'Starchy Grain' (msn.com) 129

Every five years America's federal Department of Health updates its dietary guidelines with the latest nutrition science, affecting federal nutrition programs and various other government health initiatives.

Now an anonymous reader shared this report from the Wall Street Journal: Botanists count potatoes as a vegetable. But should Americans? The U.S. Dietary Guidelines Advisory Committee has sparked the question... White potatoes, which come in various colors, are classified as "starchy vegetables." But the committee could uproot potatoes from the vegetable bin and toss them in with a broader category of rice, other grains and carbohydrates as the Departments of Agriculture and Health and Human Services weigh updates to national diet guidelines for 2025.

The scientific debate isn't easy to follow. But it sounds like a half-baked idea to Kam Quarles, chief executive of the National Potato Council, a potato-industry group. The dietary guidelines shape nutrition advice to Americans, as well as what foods are served in school cafeterias. Potatoes, according to Quarles, should be respected as a gateway vegetable. "Kids are far more likely to eat" dishes with other vegetables if potatoes are involved, he said.

Not all parents swallow that a trail of tubers leads to leafy greens. Some complained about a Peppa Pig animated cartoon that featured a potato preaching the nutritional value of vegetables. "By the power of vegetables, I am here," Super Potato said, soaring through the sky, singing, "Fruit and vegetables keep us alive. Always remember to eat your five." The U.K.'s National Health Service, for one, doesn't count spuds toward the U.K.'s recommended five portions of fruits and vegetables a day. "It's a giant spud singing it. You're, like, 'Really? A potato's one of your five a day?'" said Dan Greef, the owner of Deliciously Guilt Free, a sugar-free bakery in Cambridge, U.K. He spent years persuading his two children to eat vegetables. Then, he said, "a drawing of a potato tells you it's fine, and you don't listen to your dad...."

Nutrition researchers say the potato contains helpful nutrients, including potassium and vitamin C, but its health benefits are diminished when it is fried. Nearly half of all U.S. potatoes eaten as food go into frozen products, mostly french fries, the USDA found.

For comparison, the article points out that under U.S. dietary guidelines, "corn on the cob is a starchy vegetable, while cornmeal is a grain."
Privacy

Republican Presidential Candidates Debate Anonymity on Social Media (cnbc.com) 174

Four Republican candidates for U.S. president debated Wednesday — and moderator Megyn Kelly had a tough question for former South Carolina governor Nikki Haley. "Can you please speak to the requirement that you said that every anonymous internet user needs to out themselves?" Nikki Haley: What I said was, that social media companies need to show us their algorithms. I also said there are millions of bots on social media right now. They're foreign, they're Chinese, they're Iranian. I will always fight for freedom of speech for Americans; we do not need freedom of speech for Russians and Iranians and Hamas. We need social media companies to go and fight back on all of these bots that are happening. That's what I said.

As a mom, do I think social media would be more civil if we went and had people's names next to that? Yes, I do think that, because I think we've got too much cyberbullying, I think we've got child pornography and all of those things. But having said that, I never said government should go and require anyone's name.

DeSantis: That's false.

Haley: What I said —

DeSantis:You said I want your name. As president of the United States, her first day in office, she said one of the first things I'm going to do --

Haley: I said we were going to get the millions of bots.

DeSantis: "All social medias? I want your name." A government i.d. to dox every American. That's what she said. You can roll the tape. She said I want your name — and that was going to be one of the first things she did in office. And then she got real serious blowback — and understandably so, because it would be a massive expansion of government. We have anonymous speech. The Federalist Papers were written with anonymous writers — Jay, Madison, and Hamilton, they went under "Publius". It's something that's important — and especially given how conservatives have been attacked and they've lost jobs and they've been cancelled. You know the regime would use that to weaponize that against our own people. It was a bad idea, and she should own up to it.

Haley: This cracks me up, because Ron is so hypocritical, because he actually went and tried to push a law that would stop anonymous people from talking to the press, and went so far to say bloggers should have to register with the state --

DeSantis:That's not true.

Haley: — if they're going to write about elected officials. It was in the — check your newpaper. It was absolutely there.

DeSantis quickly attributed the introduction of that legislation to "some legislator".

The press had already extensively written about Haley's position on anonymity on social media. Three weeks ago Business Insider covered a Fox News interview, and quoted Nikki Haley as saying: "When I get into office, the first thing we have to do, social media companies, they have to show America their algorithms. Let us see why they're pushing what they're pushing. The second thing is every person on social media should be verified by their name." Haley said this was why her proposals would be necessary to counter the "national security threat" posed by anonymous social media accounts and social media bots. "When you do that, all of a sudden people have to stand by what they say, and it gets rid of the Russian bots, the Iranian bots, and the Chinese bots," Haley said. "And then you're gonna get some civility when people know their name is next to what they say, and they know their pastor and their family member's gonna see it. It's gonna help our kids and it's gonna help our country," she continued... A representative for the Haley campaign told Business Insider that Haley's proposals were "common sense."

"We all know that America's enemies use anonymous bots to spread anti-American lies and sow chaos and division within our borders. Nikki believes social media companies need to do a better job of verifying users so we can crack down on Chinese, Iranian, and Russian bots," the representative said.

The next day CNBC reported that Haley "appeared to add a caveat... suggesting Wednesday that Americans should still be allowed to post anonymously online." A spokesperson for Haley's campaign added, "Social media companies need to do a better job of verifying users as human in order to crack down on anonymous foreign bots. We can do this while protecting America's right to free speech and Americans who post anonymously."

Privacy issues had also come up just five minutes earlier in the debate. In March America's Treasury Secretary had recommended the country "advance policy and technical work on a potential central bank digital currency, or CBDC, so the U.S. is prepared if CBDC is determined to be in the national interest."

But Florida governor Ron DeSantis spoke out forecefully against the possibility. "They want to get rid of cash, crypto, they want to force you to do that. They'll take away your privacy. They will absolutely regulate your purchases. On Day One as president, we take the idea of Central Bank Digital Currency, and we throw it in the trash can. It'll be dead on arrival." [The audience applauded.]
Businesses

US Postal Service Warns Rural Mail Carriers: Don't Publicly Blame Delays on Amazon (msn.com) 119

15,279 people live in the rural Minnesota town of Bemidji. But now mail carriers there, "overwhelmed by Amazon packages, say they've been warned not to use the word 'Amazon,' including when customers ask why the mail is delayed," reports the Washington Post: "We are not to mention the word 'Amazon' to anyone," said a mail carrier who spoke on the condition of anonymity to protect their job. "If asked, they're to be referred to as 'Delivery Partners' or 'Distributors,'" said a second carrier. "It's ridiculous." The directive, passed down Monday morning from U.S. Postal Service management, comes three weeks after mail carriers in the northern Minnesota town staged a symbolic strike outside the post office, protesting the heavy workloads and long hours caused by the sudden arrival of thousands of Amazon packages...

In addition to being banned from saying "Amazon," postal workers have also been told their jobs could be at risk if they speak publicly about post office issues. Staffers were told they could attend Tuesday's meeting only on their 30-minute lunch break if they changed out of uniform, mail carriers said. One mail carrier said he'd been warned there could be "consequences" for those who showed up.

Postal customers in Bemidji have been complaining about late and missing mail since the beginning of November, when the contract for delivering Amazon packages in town switched from UPS to the post office. Mail carriers told The Post last month that they were instructed to deliver packages before the mail, leaving residents waiting for tax rebates, credit card statements, medical documents and checks...

The post office has held a contract to deliver Amazon packages on Sundays since 2013. The agency, which has lost $6.5 billion in the past year, has said that it's crucial to increase package volume by cutting deals with Amazon and other retailers.

Tuesday the town's mayor held a listening session for the state's two senators with Bemidji residents, whose complaints included "missing medications and late bills resulting in fees." Senator Amy Klobuchar later told the Post that "We need a very clear commitment that we're not going to be prioritizing Amazon packages over regular mail," promising to explore improving postal staffing and pay for rural carriers. On Monday, the Minnesota senators introduced a bill called the Postal Delivery Accountability Act, which would require the post office to improve tracking and reporting of delayed and undelivered mail nationally.
Patents

White House Threatens Patents of High-Priced Drugs (apnews.com) 151

The Biden administration is threatening to cancel the patents of some costly medications to allow rivals to make their own more affordable versions. The Associated Press reports: Under a plan announced Thursday, the government would consider overriding the patent for high-priced drugs that have been developed with the help of taxpayer money and letting competitors make them in hopes of driving down the cost. In a 15-second video released to YouTube on Wednesday night, President Joe Biden promised the move would lower prices. "Today, we're taking a very important step toward ending price gouging so you don't have to pay more for the medicine you need," he said.

White House officials would not name drugs that might potentially be targeted. The government would consider seizing a patent if a drug is only available to a "narrow set of consumers," according to the proposal that will be open to public comment for 60 days. Drugmakers are almost certain to challenge the plan in court if it is enacted. [...] The White House also intends to focus more closely on private equity firms that purchase hospitals and health systems, then often whittle them down and sell quickly for a profit. The departments of Justice and Health and Human Services, and the Federal Trade Commission will work to share more data about health system ownership.

While only a minority of drugs on the market relied so heavily on taxpayer dollars, the threat of a government "march-in" on patents will make many pharmaceutical companies think twice, said Jing Luo, a professor of medicine at University of Pittsburgh. "If I was a drug company that was trying to license a product that had benefited heavily from taxpayer money, I'd be very careful about how to price that product," Luo said. "I wouldn't want anyone to take my product away from me."

EU

Europe Reaches a Deal On the World's First Comprehensive AI Rules (apnews.com) 36

An anonymous reader quotes a report from the Associated Press: European Union negotiators clinched a deal Friday on the world's first comprehensive artificial intelligence rules, paving the way for legal oversight of technology used in popular generative AI services like ChatGPT that has promised to transform everyday life and spurred warnings of existential dangers to humanity. Negotiators from the European Parliament and the bloc's 27 member countries overcame big differences on controversial points including generative AI and police use of facial recognition surveillance to sign a tentative political agreement for the Artificial Intelligence Act.

"Deal!" tweeted European Commissioner Thierry Breton, just before midnight. "The EU becomes the very first continent to set clear rules for the use of AI." The result came after marathon closed-door talks this week, with one session lasting 22 hours before a second round kicked off Friday morning. Officials provided scant details on what exactly will make it into the eventual law, which wouldn't take effect until 2025 at the earliest. They were under the gun to secure a political victory for the flagship legislation but were expected to leave the door open to further talks to work out the fine print, likely to bring more backroom lobbying.

The AI Act was originally designed to mitigate the dangers from specific AI functions based on their level of risk, from low to unacceptable. But lawmakers pushed to expand it to foundation models, the advanced systems that underpin general purpose AI services like ChatGPT and Google's Bard chatbot. Foundation models looked set to be one of the biggest sticking points for Europe. However, negotiators managed to reach a tentative compromise early in the talks, despite opposition led by France, which called instead for self-regulation to help homegrown European generative AI companies competing with big U.S rivals including OpenAI's backer Microsoft. [...] Under the deal, the most advanced foundation models that pose the biggest "systemic risks" will get extra scrutiny, including requirements to disclose more information such as how much computing power was used to train the systems.

Privacy

Verizon Gave Phone Data To Armed Stalker Who Posed As Cop Over Email (404media.co) 27

Slash_Account_Dot writes: The FBI investigated a man who allegedly posed as a police officer in emails and phone calls to trick Verizon to hand over phone data belonging to a specific person that the suspect met on the dating section of porn site xHamster, according to a newly unsealed court record. Despite the relatively unconvincing cover story concocted by the suspect, including the use of a clearly non-government ProtonMail email address, Verizon handed over the victim's data to the alleged stalker, including their address and phone logs. The stalker then went on to threaten the victim and ended up driving to where he believed the victim lived while armed with a knife, according to the record.

The news is a massive failure by Verizon who did not verify that the data request was fraudulent, and the company potentially put someone's safety at risk. The news also highlights the now common use of fraudulent emergency data requests (EDRs) or search warrants in the digital underworld, where criminals pretend to be law enforcement officers, fabricate an urgent scenario such as a kidnapping, and then convince telecoms or tech companies to hand over data that should only be accessible through legitimate law enforcement requests. As 404 Media previously reported, some hackers are using compromised government email accounts for this purpose.

The Courts

FTC Tries Again To Stop Microsoft's Already-Closed Deal For Activision (reuters.com) 37

U.S. antitrust regulators told a federal appeals court Wednesday that a federal judge got it wrong when she allowed Microsoft's $69 billion purchase of Activision to close. Reuters reports: Speaking for the Federal Trade Commission, lawyer Imad Abyad argued that the lower-court judge held the agency to too high a standard, effectively requiring it to prove that the deal was anticompetitive. He told a three-judge appeals court panel in California that the FTC had only to show that Microsoft had the ability and incentive to withhold Activision's games from rival game platforms to prove the agency's case. He said the FTC "showed that in the past that's what Microsoft did," referring to allegations that Microsoft made some Zenimax games exclusive after buying that company.

Speaking for Microsoft, lawyer Rakesh Kilaru called the FTC case "weak" and said that the agency had asked the lower-court judge for too much leeway. "It is also clear that the standard can't be as low as the FTC is suggesting," he said. "It can't be kind of a mere scintilla of evidence." He argued that the agency failed to show that Microsoft had an incentive to withhold "Call of Duty" from rival gaming platforms. The judges actively questioned both attorneys, with Judge Daniel Collins pressing the FTC's attorney on how concessions that Microsoft gave British antitrust enforcers affect the U.S. market. He also appeared to take issue with Abyad's assertions that more analysis of the deal was necessary, especially since Microsoft had struck agreements with rivals recently, including one with Sony this past summer. "This was not a rush job on the part of the FTC," he said.

Two antitrust scholars who listened to the arguments said the FTC faced a tough slog to prevail. A finding of "clear error" by a lower court judge is "really stark," said Alden Abbott, a former FTC general counsel, comparing it to the idea that a court ignored key evidence from a witness. Abbott said the appeals court noted that the trial judge had considered "a huge amount of record evidence."

The Courts

A Massive Repair Lawsuit Against John Deere Clears a Major Hurdle (404media.co) 39

Jason Koebler reports via 404 Media: A judge rejected John Deere's motion to dismiss a landmark class action lawsuit over the agricultural giant's repair monopolies, paving the way for a trial that will determine whether the company's repair practices are illegal. The case will specifically examine whether Deere has engaged in a "conspiracy" in which Deere and its dealerships have driven up the cost of repair while preventing independent and self-repair of tractors that farmers own.

In a forceful, 89-page memorandum, U.S. District Court Judge Iain Johnson wrote that the founder of John Deere "was an innovative farmer and blacksmith who -- with his own hands -- fundamentally changed the agricultural industry." Deere the man "would be deeply disappointed in his namesake corporation" if the plaintiffs can ultimately prove their antitrust allegations against Deere the company, which are voluminous and well-documented. Reuters first reported on Johnson's memo.

At issue are the many tactics Deere has used to make it more difficult and often impossible for farmers to repair their own tractors, from software locks and "parts pairing" that prevent farmers from replacing parts without the authorization of a Deere dealership. "Only Deere and Dealer authorized technicians have access to the Repair Tools, and Deere withholds these resources from farmers and independent repair shops," Johnson wrote.

EU

EU Mulls Expansion of Geo-Blocking 'Bans' To Video Streaming Platforms (torrentfreak.com) 44

One of the suggestions in a recent report (PDF) from the European Parliament's Committee on Internal Market and Consumer Protection is to expand geo-blocking restrictions to the audiovisual sector, including streaming platforms. This has spooked some stakeholders who warn that a ban on geo-blocking would put the entire industry at risk. TorrentFreak reports: The report recommends the EU Commission to launch a comprehensive review of the current geo-blocking regulation and have that completed by 2025. It also carries several suggestions for improvement and expansion of the current rules. "The data presented in the report suggest that the effects of such an [geo-blocking] extension would vary by type of content, depending on the level of consumer demand and on the availability of content across the EU," the report's summary reads. "As regards an extension to audio-visual content, it highlights potential benefits for consumers, notably in the availability of a wider choice of content across borders. The report also identifies the potential impact that such an extension of the scope would have on the overall dynamics of the audio-visual sector, but concludes that it needs to be further assessed."

The proposals don't include the abolishment of all territorial licenses in the EU, and they're mindful of the potential impact on the industry. Nevertheless, some industry insiders are spooked; the Creativity Works! coalition (CW), for example, which counts the MPA, ACT, and the Premier League among its members. According to CW, geo-blocking technology is crucial to the creative and cultural industries in Europe. "Geo-blocking is one of the foundations for Europe's creative and cultural sectors, providing Europeans with the means to create, produce, showcase, publish, distribute and finance diverse, high-quality and affordable content," they write.

Banning geo-blocking altogether would be a disaster that puts millions of jobs and hundreds of billions of euros in revenue at risk, CW warns. At the same time, it may result in more expensive subscriptions for many consumers. "Ending geo-blocking's exclusive territorial licensing would threaten 10,000 European cinemas, access to over 8,500 European VOD films and up to half of European film budgets," CW writes. "What's more, over 100 million European fans could pay more to view the same sports coverage, while major digital streaming platforms might be forced to introduce sharp hikes for consumers in many European countries." Understandably, the movie industry is concerned about legislation that upsets the status quo. However, the IMCO report doesn't recommend a wholesale ban on territorial licenses but aims to ensure that content is available in regions where it currently isn't. At this stage, nothing is set in stone, so proposals could change. However, the present recommendations appear to seek a balance between the interests of the entertainment industry and the public at large.

Bug

Nearly Every Windows and Linux Device Vulnerable To New LogoFAIL Firmware Attack (arstechnica.com) 69

"Researchers have identified a large number of bugs to do with the processing of images at boot time," writes longtime Slashdot reader jd. "This allows malicious code to be installed undetectably (since the image doesn't have to pass any validation checks) by appending it to the image. None of the current secure boot mechanisms are capable of blocking the attack." Ars Technica reports: LogoFAIL is a constellation of two dozen newly discovered vulnerabilities that have lurked for years, if not decades, in Unified Extensible Firmware Interfaces responsible for booting modern devices that run Windows or Linux. The vulnerabilities are the product of almost a year's worth of work by Binarly, a firm that helps customers identify and secure vulnerable firmware. The vulnerabilities are the subject of a coordinated mass disclosure released Wednesday. The participating companies comprise nearly the entirety of the x64 and ARM CPU ecosystem, starting with UEFI suppliers AMI, Insyde, and Phoenix (sometimes still called IBVs or independent BIOS vendors); device manufacturers such as Lenovo, Dell, and HP; and the makers of the CPUs that go inside the devices, usually Intel, AMD or designers of ARM CPUs. The researchers unveiled the attack on Wednesday at the Black Hat Security Conference in London.

As its name suggests, LogoFAIL involves logos, specifically those of the hardware seller that are displayed on the device screen early in the boot process, while the UEFI is still running. Image parsers in UEFIs from all three major IBVs are riddled with roughly a dozen critical vulnerabilities that have gone unnoticed until now. By replacing the legitimate logo images with identical-looking ones that have been specially crafted to exploit these bugs, LogoFAIL makes it possible to execute malicious code at the most sensitive stage of the boot process, which is known as DXE, short for Driver Execution Environment. "Once arbitrary code execution is achieved during the DXE phase, it's game over for platform security," researchers from Binarly, the security firm that discovered the vulnerabilities, wrote in a whitepaper. "From this stage, we have full control over the memory and the disk of the target device, thus including the operating system that will be started." From there, LogoFAIL can deliver a second-stage payload that drops an executable onto the hard drive before the main OS has even started. The following video demonstrates a proof-of-concept exploit created by the researchers. The infected device -- a Gen 2 Lenovo ThinkCentre M70s running an 11th-Gen Intel Core with a UEFI released in June -- runs standard firmware defenses, including Secure Boot and Intel Boot Guard.
LogoFAIL vulnerabilities are tracked under the following designations: CVE-2023-5058, CVE-2023-39538, CVE-2023-39539, and CVE-2023-40238. However, this list is currently incomplete.

"A non-exhaustive list of companies releasing advisories includes AMI (PDF), Insyde, Phoenix, and Lenovo," reports Ars. "People who want to know if a specific device is vulnerable should check with the manufacturer."

"The best way to prevent LogoFAIL attacks is to install the UEFI security updates that are being released as part of Wednesday's coordinated disclosure process. Those patches will be distributed by the manufacturer of the device or the motherboard running inside the device. It's also a good idea, when possible, to configure UEFIs to use multiple layers of defenses. Besides Secure Boot, this includes both Intel Boot Guard and, when available, Intel BIOS Guard. There are similar additional defenses available for devices running AMD or ARM CPUs."
Google

Governments Spying on Apple, Google Users Through Push Notifications (reuters.com) 33

Unidentified governments are surveilling smartphone users via their apps' push notifications, a U.S. senator warned on Wednesday. From a report: In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from Alphabet's Google and Apple. Although details were sparse, the letter lays out yet another path by which governments can track smartphones. Apps of all kinds rely on push notifications to alert smartphone users to incoming messages, breaking news, and other updates. [...] That gives the two companies unique insight into the traffic flowing from those apps to their users, and in turn puts them "in a unique position to facilitate government surveillance of how users are using particular apps," Wyden said.

He asked the Department of Justice to "repeal or modify any policies" that hindered public discussions of push notification spying. In a statement, Apple said that Wyden's letter gave them the opening they needed to share more details with the public about how governments monitored push notifications. "In this case, the federal government prohibited us from sharing any information," the company said in a statement. "Now that this method has become public we are updating our transparency reporting to detail these kinds of requests."

AI

AI Models May Enable a New Era of Mass Spying, Says Bruce Schneier (arstechnica.com) 37

An anonymous reader quotes a report from Ars Technica: In an editorial for Slate published Monday, renowned security researcher Bruce Schneier warned that AI models may enable a new era of mass spying, allowing companies and governments to automate the process of analyzing and summarizing large volumes of conversation data, fundamentally lowering barriers to spying activities that currently require human labor. In the piece, Schneier notes that the existing landscape of electronic surveillance has already transformed the modern era, becoming the business model of the Internet, where our digital footprints are constantly tracked and analyzed for commercial reasons.

Spying, by contrast, can take that kind of economically inspired monitoring to a completely new level: "Spying and surveillance are different but related things," Schneier writes. "If I hired a private detective to spy on you, that detective could hide a bug in your home or car, tap your phone, and listen to what you said. At the end, I would get a report of all the conversations you had and the contents of those conversations. If I hired that same private detective to put you under surveillance, I would get a different report: where you went, whom you talked to, what you purchased, what you did." Schneier says that current spying methods, like phone tapping or physical surveillance, are labor-intensive, but the advent of AI significantly reduces this constraint. Generative AI systems are increasingly adept at summarizing lengthy conversations and sifting through massive datasets to organize and extract relevant information. This capability, he argues, will not only make spying more accessible but also more comprehensive. "This spying is not limited to conversations on our phones or computers," Schneier writes. "Just as cameras everywhere fueled mass surveillance, microphones everywhere will fuel mass spying. Siri and Alexa and 'Hey, Google' are already always listening; the conversations just aren't being saved yet." [...]

In his editorial, Schneier raises concerns about the chilling effect that mass spying could have on society, cautioning that the knowledge of being under constant surveillance may lead individuals to alter their behavior, engage in self-censorship, and conform to perceived norms, ultimately stifling free expression and personal privacy. So what can people do about it? Anyone seeking protection from this type of mass spying will likely need to look toward government regulation to keep it in check since commercial pressures often trump technological safety and ethics. [...] Schneier isn't optimistic on that front, however, closing with the line, "We could prohibit mass spying. We could pass strong data-privacy rules. But we haven't done anything to limit mass surveillance. Why would spying be any different?" It's a thought-provoking piece, and you can read the entire thing on Slate.

Slashdot Top Deals