An anonymous reader quotes a report from Ars Technica: An unknown hacker gained administrative control of Sourcegraph, an AI-driven service used by developers at Uber, Reddit, Dropbox, and other companies, and used it to provide free access to resources that normally would have required payment. In the process, the hacker(s) may have accessed personal information belonging to Sourcegraph users, Diego Comas, Sourcegraph's head of security, said in a post on Wednesday. For paid users, the information exposed included license keys and the names and email addresses of license key holders. For non-paying users, it was limited to email addresses associated with their accounts. Private code, emails, passwords, usernames, or other personal information were inaccessible.

The hacker gained administrative access by obtaining an authentication key a Sourcegraph developer accidentally included in a code published to a public Sourcegraph instance hosted on Sourcegraph.com. After creating a normal user Sourcegraph account, the hacker used the token to elevate the account privileges to those of an administrator. The access token appeared in a pull request posted on July 14, the user account was created on August 28, and the elevation to admin occurred on August 30. "The malicious user, or someone connected to them, created a proxy app allowing users to directly call Sourcegraph's APIs and leverage the underlying LLM [large language model]," Comas wrote. "Users were instructed to create free Sourcegraph.com accounts, generate access tokens, and then request the malicious user to greatly increase their rate limit. On August 30 (2023-08-30 13:25:54 UTC), the Sourcegraph security team identified the malicious site-admin user, revoked their access, and kicked off an internal investigation for both mitigation and next steps."

The resource free-for-all generated a spike in calls to Sourcegraph programming interfaces, which are normally rate-limited for free accounts. "The promise of free access to Sourcegraph API prompted many to create accounts and start using the proxy app," Comas wrote. "The app and instructions on how to use it quickly made its way across the web, generating close to 2 million views. As more users discovered the proxy app, they created free Sourcegraph.com accounts, adding their access tokens, and accessing Sourcegraph APIs illegitimately." [...] While most data was available for all paid and community users, the number of license keys exposed was limited to 20.

An anonymous reader quotes a report from the Associated Press: A federal judge on Thursday temporarily blocked Arkansas from enforcing a new law that would have required parental consent for minors to create new social media accounts, preventing the state from becoming the first to impose such a restriction. U.S. District Judge Timothy L. Brooks granted a preliminary injunction that NetChoice -- a tech industry trade group whose members include TikTok, Facebook parent Meta, and X, formerly known as Twitter -- had requested against the law. The measure, which Republican Gov. Sarah Huckabee Sanders signed into law in April, was set to take effect Friday.

In a 50-page ruling, Brooks said NetChoice was likely to succeed in its challenge to the Arkansas law's constitutionality and questioned the effectiveness of the restrictions. "Age-gating social media platforms for adults and minors does not appear to be an effective approach when, in reality, it is the content on particular platforms that is driving the state's true concerns," wrote Brooks, who was appointed to the bench by former President Barack Obama. NetChoice argued the requirement violated the constitutional rights of users and arbitrarily singled out types of speech that would be restricted.

Arkansas' restrictions would have only applied to social media platforms that generate more than $100 million in annual revenue. It also wouldn't have applied to certain platforms, including LinkedIn, Google and YouTube. Brooks' ruling said the the exemptions nullified the state's intent for imposing the restrictions, and said the law also didn't adequately define which platforms they would apply to. As an example, he cited confusion over whether the social media platform Snapchat would be subject to the age-verification requirement. Social media companies that knowingly violate the age verification requirement would have faced a $2,500 fine for each violation under the now-blocked law. The law also prohibited social media companies and third-party vendors from retaining users' identifying information after they've been granted access to the social media site. In a statement on X, Sanders wrote: "Big Tech companies put our kids' lives at risk. They push an addictive product that is shown to increase depression, loneliness, and anxiety and puts our kids in human traffickers' crosshairs. Today's court decision delaying this needed protection is disappointing but I'm confident the Attorney General will vigorously defend the law and protect our children."

During the Black Lives Matter protests in 2020, IBM announced that it would no longer offer "general purpose" facial recognition technology due to concerns about racial profiling, mass surveillance, and other human rights violations. Now, according to The Verge and Liberty Investigates, "IBM signed a $69.8 million contract with the British government to develop a national biometrics platform that will offer a facial recognition function to immigration and law enforcement officials." From the report: A contract notice for the Home Office Biometrics Matcher Platform outlines how the project initially involves developing a fingerprint matching capability, while later stages introduce facial recognition for immigration purposes -- described as "an enabler for strategic facial matching for law enforcement." The final stage of the project is described as delivery of a "facial matching for law enforcement use-case." The platform will allow photos of individuals to be matched against images stored on a database -- what is sometimes known as a "one-to-many" matching system. In September 2020, IBM described such "one-to-many" matching systems as "the type of facial recognition technology most likely to be used for mass surveillance, racial profiling, or other violations of human rights."

IBM spokesman Imtiaz Mufti denied that its work on the contract was in conflict with its 2020 commitments. "IBM no longer offers general-purpose facial recognition and, consistent with our 2020 commitment, does not support the use of facial recognition for mass surveillance, racial profiling, or other human rights violations," he said. "The Home Office Biometrics Matcher Platform and associated Services contract is not used in mass surveillance. It supports police and immigration services in identifying suspects against a database of fingerprint and photo data. It is not capable of video ingest, which would typically be needed to support face-in-a-crowd biometric usage."

Human rights campaigners, however, said IBM's work on the project is incompatible with its 2020 commitments. Kojo Kyerewaa of Black Lives Matter UK said: "IBM has shown itself willing to step over the body and memory of George Floyd to chase a Home Office contract. This won't be forgotten." Matt Mahmoudi, PhD, tech researcher at Amnesty International, said: "The research across the globe is clear; there is no application of one-to-many facial recognition that is compatible with human rights law, and companies -- including IBM -- must therefore cease its sale, and honor their earlier statements to sunset these tools, even and especially in the context of law and immigration enforcement where the rights implications are compounding."

The U.S. Department of Health and Human Services (HHS) has recommended easing restrictions on marijuana, a department spokesperson said on Wednesday, following a review request from the Biden Administration last year. Reuters reports: The scheduling recommendation for marijuana was provided to the Drug Enforcement Agency (DEA) on Tuesday as part of President Biden's directive to HHS, the spokesperson said. "As part of this process, HHS conducted a scientific and medical evaluation for consideration by DEA. DEA has the final authority to schedule or reschedule a drug under the Controlled Substances Act. DEA will now initiate its review," a DEA spokesperson said.

Marijuana is currently classified as a schedule I drug under the Controlled Substances Act, meaning it has a high potential for abuse and no accepted medical use, along with drugs like heroin and LSD. HHS is recommending reclassifying marijuana to say it has a moderate to low potential for dependence and a lower abuse potential, which would put it in a class with ketamine and testosterone. "If marijuana classification were to ease at the federal level, that could allow major stock exchanges to list businesses that are in the cannabis trade, and potentially allow foreign companies to begin selling their products in the United States," notes Reuters.

While marijuana remains illegal on the federal level, nearly 40 U.S. states have legalized it in some form. According to a survey last year from the Pew Research Center, "an overwhelming share of U.S. adults (88%) say either that marijuana should be legal for medical and recreational use by adults (59%) or that it should be legal for medical use only (30%)."

An anonymous reader quotes a report from Ars Technica: The day before a Texas antiporn law that requires age verification to access adult websites was set to take effect, the state's attorney general, Angela Colmenero, has been at least temporarily blocked from enforcing the law. US District Judge David Alan Ezra granted a preliminary injunction temporarily blocking enforcement after the Free Speech Coalition (FSC) joined adult performers and sites like Pornhub in a lawsuit opposing the law. Today, they convinced Ezra that Texas' law violates the First Amendment and would have "a chilling effect on legally-protected speech," FSC said in a press release.

"This is a huge and important victory against the rising tide of censorship online," Alison Boden, FSC's executive director, said. "From the beginning, we have argued that the Texas law, and those like it, are both dangerous and unconstitutional. We're pleased that the court agreed with our view that [the law's] true purpose is not to protect young people, but to prevent Texans from enjoying First Amendment protected expression. The state's defense of the law was not based in science or technology, but ideology and politics." Now, Texas will have to wait until this lawsuit is litigated to enforce the law. [...] According to FSC, in addition to free speech concerns, the law needed to be blocked because it would have exposed consumers to "significant privacy risks" by forcing adult-website visitors to show digital IDs. A spokesperson for Pornhub's parent company Aylo told Ars: "We are pleased with the court's decision today, which reaffirms our position that the age verification law implemented in Texas is unconstitutional. We have publicly supported mandatory age verification of viewers of adult content for years, but any method of age verification must preserve user privacy and safety."

"The only solution that makes the Internet safer, preserves user privacy, and stands to prevent children from accessing age-inappropriate content is performing age verification at the device level," Aylo's spokesperson said. "We are pleased that the court recognizes the severity of compelled speech and its presence in this law that Texas has implemented. We are proud to fight for our industry and the performers that use it to legally earn a living, and we are glad to see the court recognize that this law is unconstitutional and would have required adult entertainers to falsely imply that their content poses health risks."

A similar age verification initiative in Australia was halted yesterday, citing concerns around privacy and security of the technology.

UK's Home Office is looking to increase its use of controversial facial recognition technologies to track and find criminals within policing and other security agencies. From a report: In a document released on Wednesday, the government outlined its ambitions to potentially deploy new biometric systems nationally over the next 12 to 18 months. The move comes after privacy campaigners and independent academics criticised the technology for being inaccurate and biased, particularly against darker-skinned people.

MPs have previously called for a moratorium on its use on the general population until clear laws are established by parliament. The government is calling for submissions from companies for technologies that "can resolve identity using facial features and landmarks," including for live facial recognition which involves screening the general public for specific individuals on police watch lists.

In particular, the Home Office is highlighting its interest in novel artificial intelligence technologies that could process facial data efficiently to identify individuals, and software that could be integrated with existing technologies deployed by the department and with CCTV cameras. Facial recognition software has been used by South Wales Police and London's Metropolitan Police over the past five years across multiple trials in public spaces including shopping centres, during events such as the Notting Hill Carnival and, more recently, during the coronation.

To date, Google has processed more than seven billion copyright takedown requests for its search engine. The majority of the reported links are purged from Google's search index, as required by the DMCA. Recently, however, Google appears to gone a step further, using search takedowns to "moderate" users' privately saved links collections. TorrentFreak: A few hours ago, Eddie Roosenmaallen shared an email from Google, notifying him that a link had been removed from his Google Saved collection because it violates Google's policy. The reason cited for the removal is the "downstream impact," as the URL in question is "blocked by Google Search."

"The following saved item in one of your collections was determined to violate Google's policy. As a result, the item will be moderated..," Google writes, pointing out a defunct KickassTorrents domain as the problem. Initially, it was suggested that this removal impacted Google's synched Chrome bookmarks but further research reveals that's not the case. Instead, the removals apply to Google's saved feature. This Google service allows users to save and organize links, similar to what Pinterest does. These link collections can be private or shared with third parties.

The US Copyright Office is opening a public comment period around AI and copyright issues beginning August 30th as the agency figures out how to approach the subject. From a report: As announced [PDF] in the Federal Register, the agency wants to answer three main questions: how AI models should use copyrighted data in training; whether AI-generated material can be copyrighted even without a human involved; and how copyright liability would work with AI. It also wants comments around AI possibly violating publicity rights but noted these are not technically copyright issues. The Copyright Office said if AI does mimic voices, likenesses, or art styles, it may impact state-mandated rules around publicity and unfair competition laws. Written comments are due on October 18th, and replies must be submitted to the Copyright Office by November 15th.

The copyright status of AI training data and the output of generative AI tools has become a hot topic for politicians, artists, authors, and even civil rights groups, making it a potential testing ground for coming AI regulation. The Copyright Office says that "over the past several years, the Office has begun to receive applications to register works containing AI-generated material." It may use the comments to inform how it decides to grant copyright in the future. The Copyright Office was involved in a lawsuit last year after it refused to grant Stephen Thaler rights to an image created by an AI platform. Earlier this month, a Washington, DC, court sided with the US Copyright Office in the case, stating copyright has never been handed to any work without a human involved.

Researchers say they have found fake apps in Google Play that masqueraded as legitimate ones for the Signal and Telegram messaging platforms. The malicious apps could pull messages or other sensitive information from legitimate accounts when users took certain actions. ArsTechnica: An app with the name Signal Plus Messenger was available on Play for nine months and had been downloaded from Play roughly 100 times before Google took it down last April after being tipped off by security firm ESET. It was also available in the Samsung app store and on signalplus[.]org, a dedicated website mimicking the official Signal.org. An app calling itself FlyGram, meanwhile, was created by the same threat actor and was available through the same three channels. Google removed it from Play in 2021. Both apps remain available in the Samsung store.

Both apps were built on open source code available from Signal and Telegram. Interwoven into that code was an espionage tool tracked as BadBazaar. The Trojan has been linked to a China-aligned hacking group tracked as GREF. BadBazaar has been used previously to target Uyghurs and other Turkic ethnic minorities. The FlyGram malware was also shared in a Uyghur Telegram group, further aligning it to previous targeting by the BadBazaar malware family. Signal Plus could monitor sent and received messages and contacts if people connected their infected device to their legitimate Signal number, as is normal when someone first installs Signal on their device. Doing so caused the malicious app to send a host of private information to the attacker, including the device IMEI number, phone number, MAC address, operator details, location data, Wi-Fi information, emails for Google accounts, contact list, and a PIN used to transfer texts in the event one was set up by the user.

The organization that represents the literary works of Scientology founder L. Ron Hubbard has filed a petition with the Federal Government, asking it to make it illegal to circumvent software locks for the repair of a highly specific set of electronic devices, according to a letter reviewed by 404 Media. From the report: The letter doesn't refer to any single device, but experts say the petition covers Scientology's "E-Meter," a "religious artifact" and electronic that is core to Scientology. Author Services Inc., a group "representing the literary, theatrical, and musical works of L. Ron Hubbard," told the U.S. Copyright Office that it opposes the renewal of an exemption to Section 1201 of the Digital Millennium Copyright Act that makes it legal for consumers to hack their personal electronics for the purposes of repair.

This exemption to copyright law is needed because many electronics manufacturers put arbitrary software locks, Digital Rights Management systems, or other technological prevention measures that stop consumers from diagnosing or repairing devices unless they are authorized to do so. Special exemptions to copyright law make it legal for farmers to hack past John Deere's DRM to fix their tractors, consumers to use software tools to help them repair certain parts of game consoles, or use third-party software to circumvent repair locks on printers, air conditioners, laptops, etc.

Timothy Geigner writes via Techdirt: Paramount has gone after fan-made works playing off of the franchise for years and years. Even Paramount's release of guidelines by which fans could create fan films served mostly as a giant middle finger to the fandom, so stringent were the rules. This apparently represents the owners of Star Trek's IP being completely deaf to the history of Star Trek and the internet and what the fans have meant to the franchise. And this all continued into the present day.

Recently, a fan-made project called Wolf 359 Project suffered a DMCA takedown from Paramount. If you're a Next Generation fan, that name will likely sound familiar: "The Battle of Wolf 359 hearkens to a classic The Next Generation two-episode event called 'The Best of Both Worlds.' Captain Picard is assimilated by the Borg, and before the Enterprise crew rescues him, the relentless Borg forces fight a battle that kills 11,000 people. Star Trek: Picard Season 3 dealt with this, specifically through the character of Captain Liam Shaw. It was the first time someone described the Starfleet experience during one of the costliest battles in Star Trek history. Star Trek fans are never one to let a good idea go to waste, and The Wolf 359 Project is a fan-written oral history of the battle. The 'book' ran over 500 pages long, and its authors were giving it away for free. However, Paramount issued a Digital Millennium Copyright Act strike against it."

So here's what this essentially is: fans who love TNG filling in the gaps of the original story they love with the unexplored rest of the universe of people who would have been impacted by that storyline. That's important for two reasons. First and foremost, this doesn't take anything away from Paramount's Star Trek production, and in fact does the opposite. The project doesn't replace the original episodes, but rather builds upon them. In other words, this project could only possibly serve to draw more interest to Paramount's product, since the book isn't going to make much sense to anyone who hasn't seen the original episodes. Second, this is a work being done for free, given away for free, all by fans that are doing what Star Trek fans have always done: create. [...] ]

An anonymous reader quotes a report from the Associated Press: A Saudi court has sentenced a man to death over his posts on X, formerly known as Twitter, and his activity on YouTube, the latest in a widening crackdown on dissent in the kingdom that has drawn international criticism. The judgement against Mohammed bin Nasser al-Ghamdi, seen Wednesday by The Associated Press, comes against the backdrop of doctoral student Salma al-Shehab and others facing decades-long prison sentences over their comments online. The sentences appear part of Crown Prince Mohammed bin Salman's wider effort to stamp out any defiance in the kingdom as he pursues massive building projects and other diplomatic deals to raise his profile globally.

According to court documents, the charges levied against al-Ghamdi include "betraying his religion," "disturbing the security of society," "conspiring against the government" and "impugning the kingdom and the crown prince" -- all for his activity online that involved re-sharing critics' posts. Saudi officials offered no reason for why they specifically targeted al-Ghamdi, a retired school teacher living in the city of Mecca. However, his brother, Saeed bin Nasser al-Ghamdi, is a well-known critic of the Saudi government living in the United Kingdom. "This false ruling aims to spite me personally after failed attempts by the investigators to have me return to the country," the brother tweeted last Thursday. Saudi Arabia has used arrests of family members in the past as a means to pressure those abroad into returning home, activists and those targeted in the past say. [...]

Saudi Arabia is one of the world's top executioners, behind only China and Iran in 2022, according to Amnesty International. The number of people Saudi Arabia executed last year -- 196 inmates -- was the highest recorded by Amnesty in 30 years. In one day alone last March, the kingdom executed 81 people, the largest known mass execution carried out in the kingdom in its modern history. However, al-Ghamdi's case appears to be the first in the current crackdown to level the death penalty against someone for their online behavior.

Slash_Account_Dot shares a report from 404 Media, written by cybersecurity journalist Joseph Cox: In the mid-afternoon one Saturday earlier this month, the target got on the New York subway. I knew what station they entered the subway at and at what specific time. They then entered another station a few hours later. If I had kept monitoring this person, I would have figured out the subway station they often start a journey at, which is near where they live. I would also know what specific time this person may go to the subway each day. During all this monitoring, I wasn't anywhere near the rider. I didn't even need to see them with my own eyes. Instead, I was sitting inside an apartment, following their movements through a feature on a Metropolitan Transportation Authority (MTA) website, which runs the New York City subway system. With their consent, I had entered the rider's credit card information -- data that is often easy to buy from criminal marketplaces, or which might be trivial for an abusive partner to obtain -- and punched that into the MTA site for OMNY, the subway's contactless payments system. After a few seconds, the site churned out the rider's travel history for the past 7 days, no other verification required.

On the OMNY website, the MTA offers the ability for riders to "Check trip history." This feature works for people who use contactless bank cards when entering the subway, or other solutions like Apple Pay and Google Pay. The issue is that the feature requires no other authentication -- no account linked to an email, for example -- meaning that anyone with a target's details can enter it and snoop on their movements. The MTA does offer the option of an OMNY account, which requires a password. The website says having an account lets riders "Securely access your trip history." But the first option that appears on the trip history website is the unauthenticated version. After 404 Media raised the concerns to the MTA, a spokesperson said the agency will look into improving the system. "But at the moment, the tracking feature is still accessible without any authentication," notes Cox.

UPDATE 8/31/23: The MTA says it will disable the feature that leaked trip history.

An anonymous reader quotes a report from NPR: The Environmental Protection Agency removed federal protections for a majority of the country's wetlands on Tuesday to comply with a recent U.S. Supreme Court ruling. The EPA and Department of the Army announced a final rule amending the definition of protected "waters of the United States" in light of the decision in Sackett v. EPA in May, which narrowed the scope of the Clean Water Act and the agency's power to regulate waterways and wetlands. A 2006 Supreme Court decision determined that wetlands would be protected if they had a "significant nexus" to major waterways. This year's court decision undid that standard. The EPA's new rule "removes the significant nexus test from consideration when identifying tributaries and other waters as federally protected," the agency said.

In May, Justice Samuel Alito said the navigable U.S. waters regulated by the EPA under the Clean Water Act do not include many previously regulated wetlands. Writing the court's decision, he said the law includes only streams, oceans, rivers and lakes, and wetlands with a "continuous surface connection to those bodies." The EPA said the rule will take effect immediately. "The agencies are issuing this amendment to the 2023 rule expeditiously -- three months after the Supreme Court decision -- to provide clarity and a path forward consistent with the ruling," the agency said. As a result of the rule change, protections for many waterways and wetlands will now fall to states.

Hundreds of thousands of people are being forcibly engaged by organised criminal gangs into online criminality in Southeast Asia - from romance-investment scams and crypto fraud to illegal gambling - a report issued today by the UN Human Rights Office shows. From a report: Victims face a range of serious violations and abuses, including threats to their safety and security; and many have been subjected to torture and cruel, inhuman and degrading treatment or punishment, arbitrary detention, sexual violence, forced labour, and other human rights abuses, the report says. "People who are coerced into working in these scamming operations endure inhumane treatment while being forced to carry out crimes. They are victims. They are not criminals," said UN High Commissioner for Human Rights Volker Turk.

"In continuing to call for justice for those who have been defrauded through online criminality, we must not forget that this complex phenomenon has two sets of victims." The enormity of online scam trafficking in Southeast Asia is difficult to estimate, the reports says, because of the clandestine nature and gaps in the official response. Credible sources indicate that at least 120,000 people across Myanmar may be held in situations where they are forced to carry out online scams, with estimates in Cambodia similarly at around 100,000. Other States in the region, including Lao PDR, the Philippines and Thailand, have also been identified as main countries of destination or transit where at least tens of thousands of people have been involved. The scam centres generate revenue amounting to billions of US dollars each year.

OpenAI has responded to a pair of nearly identical class-action lawsuits from book authors -- including Sarah Silverman, Paul Tremblay, Mona Awad, Chris Golden, and Richard Kadrey -- who earlier this summer alleged that ChatGPT was illegally trained on pirated copies of their books. From a report: In OpenAI's motion to dismiss (filed in both lawsuits), the company asked a US district court in California to toss all but one claim alleging direct copyright infringement, which OpenAI hopes to defeat at "a later stage of the case." The authors' other claims -- alleging vicarious copyright infringement, violation of the Digital Millennium Copyright Act (DMCA), unfair competition, negligence, and unjust enrichment -- need to be "trimmed" from the lawsuits "so that these cases do not proceed to discovery and beyond with legally infirm theories of liability," OpenAI argued.

OpenAI claimed that the authors "misconceive the scope of copyright, failing to take into account the limitations and exceptions (including fair use) that properly leave room for innovations like the large language models now at the forefront of artificial intelligence." According to OpenAI, even if the authors' books were a "tiny part" of ChatGPT's massive dataset, "the use of copyrighted materials by innovators in transformative ways does not violate copyright." Unlike plagiarists who seek to directly profit off distributing copyrighted materials, OpenAI argued that its goal was "to teach its models to derive the rules underlying human language" in order to do things like help people "save time at work," "make daily life easier," or simply entertain themselves by typing prompts into ChatGPT.

The purpose of copyright law, OpenAI argued is "to promote the Progress of Science and useful Arts" by protecting the way authors express ideas, but "not the underlying idea itself, facts embodied within the author's articulated message, or other building blocks of creative," which are arguably the elements of authors' works that would be useful to ChatGPT's training model. Citing a notable copyright case involving Google Books, OpenAI reminded the court that "while an author may register a copyright in her book, the 'statistical information' pertaining to 'word frequencies, syntactic patterns, and thematic markers' in that book are beyond the scope of copyright protection."

An anonymous reader quotes a report from Ars Technica: Sports leagues are urging the US to require "instantaneous" takedowns of pirated livestreams and new requirements for Internet service providers to block pirate websites. The Digital Millennium Copyright Act of 1998 requires websites to "expeditiously" remove infringing material upon being notified of its existence. But pirated livestreams of sports events often aren't taken down while the events are ongoing, said comments submitted last week by Ultimate Fighting Championship, the National Basketball Association, and National Football League.

The "DMCA does not define 'expeditiously,' and OSPs [online service providers] have exploited this ambiguity in the statutory language to delay removing content in response to takedown requests," the leagues told the US Patent and Trademark Office in response to a request for comments on addressing counterfeiting and piracy. The leagues urged the US "to establish that, in the case of live content, the requirement to 'expeditiously' remove infringing content means that content must be removed 'instantaneously or near-instantaneously' in response to a takedown request." The leagues claimed the change "would be a relatively modest and non-controversial update to the DMCA that could be included in the broader reforms being considered by Congress or could be addressed separately." They also want stricter "verification measures before a user is permitted to livestream."

The UFC separately submitted comments on its own, urging the US to require that ISPs block pirate sites. The UFC said that a "significant and growing" number of websites, typically operated from outside the US, don't respond to takedown requests and thus should be blocked by broadband network operators. The UFC wrote: "Unlike many other jurisdictions around the world, the US lacks a 'site-blocking' regime whereby copyright owners may obtain no-fault injunctions requiring domestic Internet service providers to block websites that are primarily geared at infringing activity. A 'site-blocking' regime, with appropriate safeguards to prevent abuse, would substantially facilitate all copyright owners' ability to address piracy, including UFC's." Website-blocking is bound to be a controversial topic, although the Federal Communications Commission's now-repeated net neutrality rules only prohibited blocking of "lawful Internet traffic." While the UFC said it just wants "websites that are primarily geared at infringing activity" to be blocked, a site-blocking regime could be used more expansively if there aren't strict limits.

samleecole writes: A group of right to repair activists and consumer rights advocates are petitioning the Librarian of Congress for the right to hack McDonald's notoriously unreliable McFlurry machines for the purposes of repair, according to a copy of the petition obtained by 404 Media.

"This is a request to expand the repair exemption for consumer electronic devices to include commercial industrial equipment such as automated building management systems and industrial equipment (i.e. soft serve ice cream machines and other industrial kitchen equipment)," the proposal, written by right to repair group iFixit and the nonprofit Public Knowledge, says. In addition, iFixit got its hands on a Taylor ice cream machine and tore it down in an effort to determine why they are broken so damn often and published a new video showing the process of taking the machine apart and explaining why they're always broken when you want fast food ice cream.

Under an ambitious program, dubbed Replicator, the Pentagon aims to field thousands of autonomous systems within two years to counter China. The effort is being spearheaded by Deputy Defense Secretary Kathleen Hicks. Politico reports: Hicks said the time is right to push to rapidly scale up innovative technology. The move comes as the U.S. looks to get creative to deter China in the Indo-Pacific and Pentagon leadership has taken stock of how Ukraine has fended off Russia's invasion. "Industry is ready. The culture is ready to shift," Hicks said. "We have to drive that from the top, and we need to give it a hard target." "The great paradox of military innovation is you're going to have to make big bets and you've got to execute on those bets," she added.

With Replicator, the Pentagon aims to have thousands of autonomous systems across various domains produced and delivered in 18 to 24 months. Hicks declined to discuss what specific platforms might be produced under the program -- such as aerial drones or unmanned ships -- citing the "competition landscape" in the defense industry as well as concerns about tipping DOD's hand to China. The Pentagon will instead "say more as we get to production on capabilities."

Autonomous weapons are seen as a potential way to counter China's numerical advantages in ships, missiles and troops in a rapidly narrowing window. Fielding large numbers of cheap, expendable drones, proponents argue, is faster and lower-cost than exquisite weapons systems and puts fewer troops at risk. Another major aim of the Replicator initiative is to provide a template for future efforts to rapidly field military technology. She said lessons from the Replicator program could be applied throughout the Pentagon, military services and combatant commands.

An anonymous reader quotes a report from Motherboard: Cities across the country are suing Kia and Hyundai for failing to install basic anti-theft technology, with a subsequent massive surge of stolen cars burdening police departments, according to lawsuits filed in recent months. Since the beginning of the year, Seattle, Baltimore, Cleveland, New York, Chicago, St. Louis, and Columbus have all sued Kia and Hyundai, which are owned by the same parent company, for selling cars without engine immobilizers, a technology that has served as a major contributor to the plummeting rate of stolen vehicles in the U.S. As the rest of the industry adopted immobilizers, Kia and Hyundai didn't, with only 26 percent of their cars including them in 2015, compared to 96 percent for other manufacturers.

Without the immobilizers, the cars are trivially easy to steal, requiring just a USB cable. A viral Youtube and Tiktok trend instructed people how to steal the cars. Kia and Hyundai cars manufactured without the immobilizers between 2015 and 2020, especially lower-end models like the Accent, Rio, and Sportage, are especially vulnerable. A lawsuit filed by dozens of insurance companies against Kia and Hyundai allege the lack of immobilizers violated federal regulations. The surge in Kia and Hyundai thefts in cities around the country has been staggering and it shows no sign of abating. In a lawsuit filed last week, the City of Chicago said that in 2022, more than 8,800 Kia and Hyundai vehicles were stolen in the city, which accounts for 41 percent of all of Chicago's car thefts, despite Kia and Hyundai making up just seven percent of the city's vehicles. In a press release announcing the lawsuit, the city said it is getting even worse in 2023, with Kias and Hyundais making up more than half of all stolen cars in the city this year. Chicago is hardly alone. [...]

In statements to Motherboard, Kia spokesperson James Bell said the lawsuits filed by cities against the company are "without merit" and that the National Highway Traffic Safety Administration determined it did not violate any regulations or safety standards. In June, NHTSA's acting associate director of enforcement Cem Hatipoglu responded to 18 state attorneys general that asked for a recall of the cars by saying, "At this time, NHTSA has not determined that this issue constitutes either a safety defect or noncompliance requiring a recall." A NHTSA spokesperson told Motherboard the agency has been meeting with Kia and Hyundai about the issue but wouldn't say if it agreed with Kia's interpretation. Hyundai spokesperson Ira Gabriel similarly said that all its vehicles are "fully compliant with federal anti-theft requirements." Hyundai and Kia owners can get steering wheel locks from their local police departments or through dedicated websites. Both companies also offer a free software patch that they say removes the threat of theft, which requires visiting a dealer. Bell of Kia says the company has distributed more than 190,000 wheel locks and that 650,000 vehicles have gotten the software update, out of three million total. Both companies now include immobilizers on all their new cars.