An anonymous reader shared this investigative report from The Markup: Over the past quarter-century, privacy policies — the lengthy, dense legal language you quickly scroll through before mindlessly hitting "agree" — have grown both longer and denser. A study released last year found that not only did the average length of a privacy policy quadruple between 1996 and 2021, they also became considerably more difficult to understand. "Analyzing the content of privacy policies, we identify several concerning trends, including the increasing use of location data, increasing use of implicitly collected data, lack of meaningful choice, lack of effective notification of privacy policy changes, increasing data sharing with unnamed third parties, and lack of specific information about security and privacy measures," wrote De Montfort University Associate Professor Isabel Wagner, who used machine learning to analyze some 50,000 website privacy policies for the study...

To get a sense of what all of this means, I talked to Jesse Woo — a data engineer at The Markup who previously helped write institutional data use policies as a privacy lawyer. Woo explained that, while he can see why the language in Zoom's terms of service touched a nerve, the sentiment — that users allow the company to copy and use their content — is actually pretty standard in these sorts of user agreements. The problem is that Zoom's policy was written in a way where each of the rights being handed over to the company are specifically enumerated, which can feel like a lot. But that's also kind of just what happens when you use products or services in 2023 — sorry, welcome to the future!

As a point of contrast, Woo pointed to the privacy policy of the competing video-conferencing service Webex, which reads: "We will not monitor Content, except: (i) as needed to provide, support or improve the provision of the Services, (ii) investigate potential or suspected fraud, (iii) where instructed or permitted by you, or (iv) as otherwise required by law or to exercise or protect Our legal rights." That language feels a lot less scary, even though, as Woo noted, training AI models could likely be covered under a company taking steps to "support or improve the provision of the Services."
The article ends with a link to a helpful new guide showing "how to read any privacy policy and quickly identify the important/creepy/enraging parts."

An anonymous reader shared this report from the Wall Street Journal: U.S. spy agencies will share more intelligence with U.S. companies, nongovernmental organizations and academia under a new strategy released this week that acknowledges concerns over new threats, such as another pandemic and increasing cyberattacks. The National Intelligence Strategy, which sets broad goals for the sprawling U.S. intelligence community, says that spy agencies must reach beyond the traditional walls of secrecy and partner with outside groups to detect and deter supply-chain disruptions, infectious diseases and other growing transnational threats. The intelligence community "must rethink its approach to exchanging information and insights," the strategy says.

The U.S. government in recent years has begun sharing vast amounts of cyber-threat intelligence with U.S. companies, utilities and others who are often the main targets of foreign hackers, as well as information on foreign-influence operations with social-media companies... The emphasis on greater intelligence sharing is part of a broader trend toward declassification that the Biden administration has pursued.
"The new strategy is meant to guide 18 U.S. intelligence agencies with an annual budget of about $90 billion... "

An anonymous reader shared this report from CNBC: The mastermind behind a ransomware hosting service that allegedly helped criminals collect more than 5,000 bitcoin in ransom from hundreds of victims was indicted in federal court this week, prosecutors announced Thursday. Artur Grabowski's LolekHosted service operated for about a decade and advertised itself as a haven for "everything but child porn," according to Florida prosecutors. Clients allegedly used the hosting service to deploy ransomware viruses that infected around 400 networks around the world... [That's 400 just for the Netwalker ransomware, which the announcement calls "one of the ransomware variants facilitated by LolekHosted."]

Grabowski was charged with computer fraud, wire fraud, and conspiracy to commit international money laundering. Grabowski himself is also the subject of a $21.5 million seizure order... Grabowski, a Polish national, faces a maximum sentence of 45 years, if he is ever detained and convicted.
Grabowski also "remains a fugitive," according to an announcement from the U.S. Department of Justice. It notes that the 36-year-old's site — registered in 2014 — also "facilitated" brute-force attacks, and phishing.

"Grabowski allegedly facilitated the criminal activities of LolekHosted clients by allowing clients to register accounts using false information, not maintaining Internet Protocol (IP) address logs of client servers, frequently changing the IP addresses of client servers, ignoring abuse complaints made by third parties against clients, and notifying clients of legal inquiries received from law enforcement."

Last year, Queens resident David Leacraft filed a lawsuit against Canon claiming that his Canon Pixma All-in-One printer won't scan documents unless it has ink. According to The Verge's Sean Hollister, it has quietly ended in a private settlement rather than becoming a big class-action. From the report: I just checked, and a judge already dismissed David Leacraft's lawsuit in November, without (PDF) Canon ever being forced to show what happens when you try to scan without a full ink cartridge. (Numerous Canon customer support reps wrote that it simply doesn't work.) Here's the good news: HP, an even larger and more shameless manufacturer of printers, is still possibly facing down a class-action suit for the same practice.

As Reuters reports, a judge has refused to dismiss a lawsuit by Gary Freund and Wayne McMath that alleges many HP printers won't scan or fax documents when their ink cartridges report that they've run low. Among other things, HP tried to suggest that Freund couldn't rely on the word of one of HP's own customer support reps as evidence that HP knew about the limitation. But a judge decided it was at least enough to be worth exploring in court. "Plaintiffs have plausibly alleged that HP had a duty to disclose and had knowledge of the alleged defect," wrote Judge Beth Labson Freeman, in the order denying almost all of HP's current attempts to dismiss the suit.

Interestingly, neither Canon nor HP spent any time trying to argue their printers do scan when they're low on ink in the lawsuit responses I've read. Perhaps they can't deny it? Epson, meanwhile, has an entire FAQ dedicated to reassuring customers that it hasn't pulled that trick since 2008. (Don't worry, Epson has other forms of printer enshittification.) HP does seem to be covering its rear in one way. The company's original description on Amazon for the Envy 6455e claimed that you could scan things "whenever". But when I went back now to check the same product page, it now reads differently: HP no longer claims this printer can scan "whenever" you want it to. Now, we wait to see whether the case can clear the bars needed to potentially become a big class-action trial, or whether it similarly settles like Canon, or any number of other outcomes.

Pornhub, along with several other members and activists in the adult industry are suing Texas to block the state's impending law that would require age verification to view adult content. Motherboard reports: The complaint was filed on August 4 in US District Court for the Western District of Texas, and the law will take effect on September 1 unless the court agrees to block it. Governor Greg Abbott passed HB 1181 into law in June. The plaintiffs, including Pornhub, adult industry advocacy group Free Speech Coalition, and several other site operators and industry members, claim that the law violates both the Constitution of the United States and the federal Communications Decency Act.

In the complaint, the plaintiffs write that the act employs "the least effective and yet also the most restrictive means of accomplishing Texas' stated purpose of allegedly protecting minors," and that minors can easily use VPNs or Tor; on-device content filtering would be a better method of restricting access to porn for children, they write. "But such far more effective and far less restrictive means don't really matter to Texas, whose true aim is not to protect minors but to squelch constitutionally protected free speech that the State disfavors."

Under the law, porn sites would be required to display a "Texas Health and Human Services Warning" on their websites in 14-point font or larger font, in addition to age verification. "Texas could easily spread its ideological, anti-pornography message through public service announcements and the like without foisting its viewpoint upon others through mandated statements that are a mix of falsehoods, discredited pseudo-science, and baseless accusations," the complaint says.

An anonymous reader quotes a report from Ars Technica: Last Friday, Illinois became one of the few states to pass an anti-doxxing law, making it possible for victims to sue attackers who "intentionally" publish their personally identifiable information with intent to harm or harass them. (Doxxing is sometimes spelled "doxing.") The Civil Liability for Doxing Act, which takes effect on January 1, 2024, passed after a unanimous vote. It allows victims to recover damages and to request "a temporary restraining order, emergency order of protection, or preliminary or permanent injunction to restrain and prevent the disclosure or continued disclosure of a person's personally identifiable information or sensitive personal information."

It's the first law of its kind in the Midwest, the Daily Herald reported, and is part of a push by the Anti-Defamation League (ADL) to pass similar laws at the state and federal levels. ADL's Midwest regional director, David Goldenberg, told the Daily Herald that ADL has seen doxxing become "over the past few years" an effective way of "weaponizing" the Internet. ADL has helped similar laws pass in Maryland, Nevada, Oregon, and Washington. [...] The law does not involve criminal charges but imposes civil liability on individuals who dox any Illinois residents. Actions can also be brought against individuals when "any element" of a doxxing offense occurs in the state. [...]

Goldenberg told Ars that the Illinois law was written to emphasize not how information was found and gathered by people seeking to dox others, but on what they did with the information and how much harm they caused. The law might need less updating as the Internet evolves if it doesn't focus on the methods used to mine personally identifiable information. "The reality is that those who are using the Internet to spread hate, to spread misinformation, to do bad are pretty nimble and technology changes on a near daily basis," Goldenberg told Ars. "The law was crafted in a way that ensures that if technology changes, and people use new technologies to share someone's personally identifiable information with the intent to do harm and that harm actually happens, this law remains relevant."

An anonymous reader quotes a report from Variety: Zoom changed its terms of service to say that it won't use any customer content -- at all -- in training generative artificial intelligence models. The update, which the videoconference company announced Friday, comes after observers raised the alarm about a recent change in Zoom's TOS that appeared to grant the company royalty-free rights in perpetuity for customer video calls and presentations for the purposes of training AI models. In its initial response on Aug. 7, Zoom said it doesn't use any customer audio, video or chat content for training AI "without consent." Now it says it will not use such content in any way related to generative AI development.

In a statement Friday appended its its earlier blog post, Zoom said, "Following feedback received regarding Zoom's recently updated terms of service, particularly related to our new generative artificial intelligence features, Zoom has updated our terms of service and the below blog post to make it clear that Zoom does not use any of your audio, video, chat, screen-sharing, attachments or other communications like customer content (such as poll results, whiteboard, and reactions) to train Zoom's or third-party artificial intelligence models." Zoom said it also updated in-product notices to reflect the change. According to Zoom's revised terms of service, the company still owns all rights to what it calls "service-generated data." That comprises telemetry data, product-usage data, diagnostic data and similar data "that Zoom collects or generates in connection with your or your End Users' use of the Services or Software," the terms of service say.

A U.S. judge revoked Sam Bankman-Fried's bail due to probable cause that he tampered with witnesses at least twice. U.S. District Judge Lewis Kaplan rejected a defense request to delay SBF's detention pending appeal of the bail revocation. Reuters reports: The decision could complicate Bankman-Fried's efforts to prepare for trial, where the 31-year-old former billionaire faces charges of having stolen billions of dollars in FTX customer funds to plug losses at his Alameda Research hedge fund. Bankman-Fried has pleaded not guilty. He was led out of the courtroom by members of the U.S. Marshals Service in handcuffs after removing his shoelaces, jacket and tie and emptying his pockets.

His parents, both law professors at Stanford University, were present in the courtroom's audience. His mother, Barbara Fried, nodded to him in tears as he left. His father, Joseph Bankman, placed his hand over his heart as he watched his son be led away. Bankman-Fried has been largely confined to his parents' Palo Alto, California, home on $250 million bond since his December 2022 arrest.

The Detroit police chief said he's setting new policies on the use of facial-recognition technology after a woman who was eight months pregnant said she was wrongly charged with robbery and carjacking in a case that was ultimately dismissed by prosecutors. From a report: The technology, which was used on images taken from gas station video, produced leads in the case but was followed by "very poor" police work, Chief James White said. "We want to ensure that nothing like this happens again," White said Wednesday. His comments came two days after the American Civil Liberties Union of Michigan announced a lawsuit on behalf of Porcha Woodruff, a 32-year-old Black woman, who was arrested in February while trying to get children ready for school. There have been two similar lawsuits against Detroit.

Woodruff was identified as a suspect in a January robbery and carjacking through facial-recognition technology. She denied any role. The Wayne County prosecutor's office said charges later were dropped because the victim did not appear in court. White said his officers will not be allowed "to use facial-recognition-derived images in a photographic lineup. Period." He said two captains must review arrest warrants when facial technology is used in a case, among other changes. The new policies will be presented to the Detroit Police Board of Commissioners.

An anonymous reader quotes a report from CNN: A group of teenage hackers managed to breach some of the world's biggest tech firms last year by exploiting systemic security weaknesses in US telecom carriers and the business supply chain, a US government review of the incidents has found, in what is a cautionary tale for America's critical infrastructure. The Department of Homeland Security-led review of the hacks, which was shared exclusively with CNN, determined US regulators should penalize telecom firms with lax security practices and Congress should consider funding programs to steer American youth away from cybercrime. The investigation of the hacks -- which hit companies like Microsoft and Samsung -- found that, in general, it was far too easy for the cybercriminals to intercept text messages that corporate employees use to log into systems. [...]

"It is highly concerning that a loose band of hackers, including a number of teenagers, was able to consistently break into the best-defended companies in the world," Homeland Security Secretary Alejandro Mayorkas told CNN in an interview, adding: "We are seeing a rise in juvenile cybercrime." After a series of high-profile cyberattacks marked his first four months in office, President Joe Biden established the DHS-led Cyber Safety Review Board in 2021 to study the root causes of major hacking incidents and inform policy on how to prevent the next big cyberattack. Staffed by senior US cybersecurity officials and executives at major technology firms like Google, the board does not have regulatory authority, but its recommendations could shape legislation in Congress and future directives from federal agencies. [...]

The board's first review, released in July 2022, concluded that it could take a decade to eradicate a vulnerability in software used by thousands of corporations and government agencies worldwide. The second review, to be released Thursday, focused on a band of young criminal hackers based in the United Kingdom and Brazil that last year launched a series of attacks on Microsoft, Uber, Samsung and identity management firm Okta, among others. The audacious hacks were often followed by extortion demands and taunts by hackers who seemed to be out for publicity as much as they were for money. The hacking group, known as Lapsus$, alarmed US officials because they were able to embarrass major tech firms with robust security programs. "If richly resourced cybersecurity programs were so easily breached by a loosely organized threat actor group, which included several juveniles, how can organizations expect their programs to perform against well-resourced cybercrime syndicates and nation-state actors?" the Cyber Safety Review Board's new report states. Lapsus$, as well as other hacking groups, conduct "SIM-swapping" attacks that can take over a victim's phone number by having it transferred to another device, thereby gaining access to 2FA security codes and personal messages. These can then be used to reveal login credentials and access financial information.

"The board wants telecom carriers to report SIM-swapping attacks to US regulatory agencies, and for those agencies to penalize carriers when they don't adequately protect customers from such attacks," reports CNN.

An anonymous reader quotes a report from the Associated Press: President Joe Biden signed an executive order Wednesday to block and regulate high-tech U.S.-based investments going toward China -- a move the administration said was targeted but it also reflected an intensifying competition between the world's two biggest powers. The order covers advanced computer chips, micro electronics, quantum information technologies and artificial intelligence. Senior administration officials said that the effort stemmed from national security goals rather than economic interests, and that the categories it covered were intentionally narrow in scope. The order seeks to blunt China's ability to use U.S. investments in its technology companies to upgrade its military while also preserving broader levels of trade that are vital for both nations' economies.

The officials previewing the order said that China has exploited U.S. investments to support the development of weapons and modernize its military. The new limits were tailored not to disrupt China's economy, but they would complement the export controls on advanced computer chips from last year that led to pushback by Chinese officials. The Treasury Department, which would monitor the investments, will announce a proposed rulemaking with definitions that would conform to the presidential order and go through a public comment process. The goals of the order would be to have investors notify the U.S. government about certain types of transactions with China as well as to place prohibitions on some investments. Officials said the order is focused on areas such as private equity, venture capital and joint partnerships in which the investments could possibly give countries of concern such as China additional knowledge and military capabilities. The Chinese Ministry of Commerce responded in a statement early Thursday that it has "serious concern" about the order and "reserves the right to take measures."

"We hope the U.S. side respects the laws of the market economy and the principle of fair competition, does not artificially obstruct global economic and trade exchanges and cooperation and does not put up obstacles for the recovery and growth of the world economy."

The Chinese Ministry of Commerce also said the executive order "seriously deviates from the market economy and fair competition principles the United States has always advocated. It affects the normal business decisions of enterprises, disrupts the international economic and trade order and seriously disrupts the security of global industrial and supply chains."

An anonymous reader quotes a report from TechCrunch: Imagine being able to sit behind a hacker and observe them take control of a computer and play around with it. That's pretty much what two security researchers did thanks to a large network of computers set up as a honeypot for hackers. The researchers deployed several Windows servers deliberately exposed on the internet, set up with Remote Desktop Protocol, or RDP, meaning that hackers could remotely control the compromised servers as if they were regular users, being able to type and click around. Thanks to these honeypots, the researchers were able to record 190 million events and 100 hours of video footage of hackers taking control of the servers and performing a series of actions on them, including reconnaissance, installing malware that mines cryptocurrencies, using Android emulators to conduct click fraud, brute-forcing passwords for other computers, hiding the hackers' identities by using the honeypot as a starting point for another attack, and even watching porn. The researchers said a hacker successfully logging into its honeypot can generate "tens of events" alone.

The "Rangers," according to the two, carefully explored the hacked computers, doing reconnaissance, sometimes changing passwords, and mostly leaving it at that. "Our hypothesis is that they are evaluating the system they compromised so that another profile of attacker can come back later," the researchers wrote in a blog post published on Wednesday to accompany their talk. The "Barbarians" use the compromised honeypot computers to try and bruteforce into other computers using known lists of hacked usernames and passwords, sometimes using tools such as Masscan, a legitimate tool that allows users to port-scan the whole internet, according to the researchers. The "Wizards" use the honeypot as a platform to connect to other computers in an attempt to hide their trails and the actual origin of their attacks. According to what Bergeron and Bilodeau wrote in their blog post, defensive teams can gather threat intelligence on these hackers, and "reach deeper into compromised infrastructure."

According to Bergeron and Bilodeau, the "Thieves" have the clear goal of monetizing their access to these honeypots. They may do that by installing crypto miners, programs to perform click fraud or generate fake traffic to websites they control, and selling access to the honeypot itself to other hackers. Finally, the "Bards" are hackers with very little or almost no skills. These hackers used the honeypots to use Google to search for malware, and even watch porn. These hackers sometimes used cell phones instead of desktop or laptop computers to connect to the honeypots. Bergeron and Bilodeau said they believe this type of hacker sometimes uses the compromised computers to download porn, something that may be banned or censored in their country of origin. In one case, a hacker "was downloading the porn and sending it to himself via Telegram. So basically circumventing a country-level ban on porn," Bilodeau told TechCrunch. "What I think [the hacker] does with this then is download it in an internet cafe, using Telegram, and then he can put it on USB keys, and he can sell it." These types of honeypots could be useful for law enforcement or cybersecurity defensive teams. "Law enforcement could lawfully intercept the RDP environments used by ransomware groups and collect intelligence in recorded sessions for use in investigations," the researchers wrote in the blog post. "Blue teams for their part can consume the [Indicators of Compromise] and roll out their own traps in order to further protect their organization, as this will give them extensive documentation of opportunistic attackers' tradecraft."

Moreover, if hackers start to suspect that the servers they compromise may be honeypots, they will have to change strategies and decide whether the risks of being caught are worth it, "leading to a slow down which will ultimately benefit everyone," according to the researchers.

An anonymous reader quotes a report from BleepingComputer: Open source project Moq (pronounced "Mock") has drawn sharp criticism for quietly including a controversial dependency in its latest release. Distributed on the NuGet software registry, Moq sees over 100,000 downloads on any given day, and has been downloaded over 476 million times over the course of its lifetime. [...] Last week, one of Moq's owners, Daniel Cazzulino (kzu), who also maintains the SponsorLink project, added SponsorLink to Moq versions 4.20.0 and above. This move sent shock waves across the open source ecosystem largely for two reasons -- while Cazzulino has every right to change his project Moq, he did not notify the user base prior to bundling the dependency, and SponsorLink DLLs contain obfuscated code, making it is hard to reverse engineer, and not quite "open source."

"It seems that starting from version 4.20, SponsorLink is included," Germany-based software developer Georg Dangl reported referring to Moq's 4.20.0 release. "This is a closed-source project, provided as a DLL with obfuscated code, which seems to at least scan local data (git config?) and sends the hashed email of the current developer to a cloud service." The scanning capability is part of the .NET analyzer tool that runs during the build process, and is hard to disable, warns Dangl. "I can understand the reasoning behind it, but this is honestly pretty scary from a privacy standpoint."

SponsorLink describes itself as a means to integrate GitHub Sponsors into your libraries so that "users can be properly linked to their sponsorship to unlock features or simply get the recognition they deserve for supporting your project." GitHub user Mike (d0pare) decompiled the DLLs, and shared a rough reconstruction of the source code. The library, according to the analyst, "spawns external git process to get your email." It then calculates a SHA-256 hash of the email addresses and sends it to SponsorLink's CDN: hxxps://cdn.devlooped[.]com/sponsorlink. "Honestly Microsoft should blacklist this package working with the NuGet providers," writes Austin-based developer Travis Taylor. "The author can't be trusted. This was an incredibly stupid move that's just created a ton of work for lots of people." Following the backlash, Cazzulino updated the SponsorLink project's README with a lengthy "Privacy Considerations" section that clarifies that no actual email addresses, just their hashes, are being collected.

An anonymous reader quotes a report from ExtremeTech: Intel has introduced a telemetry collection service by default in the latest beta driver for its Arc GPUs. You can opt out of it, but we all know most people just click "yes" to everything during a software installation. Intel's release notes for the drivers don't mention this change to how its drivers work, which is a curious omission. News of Intel adding telemetry collection to its drivers is a significant change to how its GPU drivers work. Intel has even given this new collation routine a cute name -- the Intel Computing Improvement Program. Gee, that sounds pretty wonderful. We want to improve our computing, so let's dive into the details briefly.

According to TechPowerUp, which discovered the change, Intel has created a landing page for the program that explains what is collected and what isn't. At a high level, it states, "This program uses information about your computer's performance to make product improvements that may benefit you in the future." Though that sounds innocuous, Intel provides a long list of the types of data it collects, many unrelated to your computer's performance. Those include the types of websites you visit, which Intel says are dumped into 30 categories and logged without URLs or information that identifies you, including how long and how often you visit certain types of sites. It also collects information on "how you use your computer" but offers no details. It will also identify "Other devices in your computing environment." Numerous performance-related data points are also captured, such as your CPU model, display resolution, how much memory you have, and, oddly, your laptop's average battery life. The good news is that Intel allows you to opt out of this program, which is not the case with Nvidia. According to TechPowerUp, they don't even ask for permission! As for AMD, they not only give you a choice to opt out but they also explain what data they're collecting.

DARPA, the Pentagon agency that funds moonshot technology innovations, is hosting a two-year competition for artificial intelligence experts to create new ways to bolster the world's cybersecurity. From a report: The competition launches Wednesday at the cybersecurity conference Black Hat in Las Vegas. It asks participants to create tools that can be used by anyone to help identify and fix holes in software to keep hackers from exploiting them. It will dole out a total of $18.5 million to winners in different categories and will formally conclude at the Def Con hacker conference in Las Vegas in August 2025.

In a call to reporters Tuesday previewing the competition, Arati Prabhakar, director of the White House Office of Science and Technology Policy, said it was "a clarion call for all kinds of creative people and organizations to bolster the security of critical software that American families and businesses and all of our society relies on." U.S. organizations have been battered by hackers in recent years. During the Biden administration alone, federal agencies have been repeatedly breached by hackers allegedly working for Chinese and Russian intelligence services, which often find creative ways to break into common software programs and then use that access to spy on government activity around the world.

The US Supreme Court let Apple keep its App Store payment rules in place for the time being, rejecting an Epic Games request that would have let developers start directing iPhone users to other purchasing options. From a report: Justice Elena Kagan said she wouldn't let a federal appeals court decision take effect immediately, as Epic had sought. The 9th US Circuit Court of Appeals said earlier this year that Apple violated California's Unfair Competition Law by limiting the ability of developers to communicate about alternative payment systems, including purchases through the Epic Games Store.

Kagan, who gave no explanation, is the justice assigned to handle emergency matters from the San Francisco-based 9th Circuit. Kagan's rejection of Epic means Apple will get a reprieve from the 9th Circuit ruling, though perhaps only a temporary one. The appeals court put its decision on hold to give Apple time to file a Supreme Court appeal later this year, but the ruling will kick in if the justices refuse to hear the case.

An anonymous reader quotes a report from The Verge: Gizmodo editor-in-chief Daniel Ackerman has sued Apple and other parties over the 2023 Apple TV Plus film Tetris, alleging it rips off his 2016 book The Tetris Effect. Ackerman claims Apple, Tetris rightsholder the Tetris Company, the Tetris film's producers, and screenwriter Noah Pink copied "the exact same feel, tone, approach, and scenes" from The Tetris Effect -- particularly its framing of the game's release as a "Cold War spy thriller." Initially reported by Reuters, Ackerman's lawsuit (PDF) outlines a yearslong correspondence with the Tetris Company as he wrote The Tetris Effect. He claims that the Tetris Company was aware of his work and threatened him with legal action for trying to pursue film and TV adaptations of his own book, only to draw heavily from his framing of the Tetris story. "The film liberally borrowed numerous specific sections and events of the book," claims Ackerman.

Apple and the Tetris Company did not immediately respond to requests for comment from The Verge. But Ackerman's case may be difficult given the fact that Tetris and The Tetris Effect both draw on real historical facts, which are not generally protected by copyright law. As a result, the suit relies heavily on arguing that Tetris copies the feel of The Tetris Effect. (He also argues that some potential inventions of the film -- like a guide who turns out to be a secret KGB agent -- are based on speculations in his narrative.) "Ackerman's book took a unique approach to writing about the real history of Tetris, as it not only applied the historical record, but also layered his own original research and ingenuity to create a compelling narrative non-fiction book in the style of a Cold War spy thriller," the suit says. "Mr. Ackerman's literary masterpiece, unlike other articles and writings, dispelled of the emphasis on the actual gameplay and fans, and instead concentrated on the surrounding narrative, action sequences, and adversarial relationship between the players ... This was the identical approach Defendants adopted for the Tetris Film, without notable material distinction."

Ackerman says that he reached out after the Tetris trailer's release and unsuccessfully requested Apple and the other defendants address legal issues before the film's release. His suit alleges copyright infringement and unfair competition, among other offenses.

Long-time Slashdot reader SonicSpike shares a report from NBC News: A divided Supreme Court on Tuesday allowed the Biden administration to enforce regulations aimed at clamping down on so-called ghost guns -- firearm-making kits available online that people can assemble at home. The court, which has a 6-3 conservative majority, in a brief order (PDF) put on hold a July 5 ruling by a federal judge in Texas that blocked the regulations nationwide. The vote was 5-4, with conservatives Chief Justice John Roberts and Justice Amy Coney Barrett joining the three liberal justices in the majority.

The federal Bureau of Alcohol, Tobacco, Firearms and Explosives, commonly known as ATF, issued the regulations last year to tackle what it claims has been an abrupt increase in the availability of ghost guns. The guns are difficult for law enforcement to trace, with the administration calling them a major threat to public safety. The rule clarified that ghost guns fit within the definition of 'firearm' under federal law, meaning that the government has the power to regulate them in the same way it regulates firearms manufactured and sold through the traditional process. The regulations require manufacturers and sellers of the kits to obtain licenses, mark the products with serial numbers, conduct background checks and maintain records.

The White House on Tuesday held its first-ever cybersecurity "summit" on the ransomware attacks plaguing U.S. schools, in which criminal hackers have dumped online sensitive student data, including medical records, psychiatric evaluations and even sexual assault reports. PBS reports: At least 48 districts have been hit by ransomware attacks this year -- already three more than in all of 2022, according to the cybersecurity firm Emsisoft. All but 10 had data stolen, the firm reported. Typically, Russian-speaking foreign-based gangs steal the data -- sometimes including the Social Security numbers and financial data of district staff -- before activating network-encrypting malware then threaten to dump it online unless paid in cryptocurrency. "Last school year, schools in Arizona, California, Washington, Massachusetts, West Virginia, Minnesota, New Hampshire and Michigan were all victims of major cyber attacks," the deputy national security advisor for cyber, Anne Neuberger, told the summit.

An October 2022 report from the Government Accountability Office, a federal watchdog agency, found that more than 1.2 million students were affected in 2020 alone -- with lost learning ranging from three days to three weeks. Nearly one in three U.S. districts had been breached by the end of 2021, according to a survey by the Center for Internet Security, a federally funded nonprofit. "Do not underestimate the ruthlessness of those who would do us harm," said Homeland Security Secretary Alejandro Mayorkas during the summit, noting that even reports on suicide attempts have been dumped online by criminal extortionists and urging educators to avail themselves of federal resources already available.

Among measures announced at the summit: The Cybersecurity and Infrastructure Security Agency will step up tailored security assessments for the K-12 sector while technology providers, including Amazon Web Services, Google and Cloudflare, are offering grants and other support. A pilot proposed by Federal Communications Commission Chair Jessica Rosenworcel -- yet to be voted on by the agency -- would make $200 million available over three years to strengthen cyber defense in schools and libraries.

TSMC is committing $3.8 billion to establish its first European factory in Germany, benefiting from significant state support for the $11 billion project as Europe aims to shorten supply chains. Reuters reports: The plant, which will be TSMC's third outside of traditional manufacturing bases Taiwan and China, is central to Berlin's ambition to foster the domestic semiconductor industry its car industry will need to remain globally competitive. Germany, which has been courting the world's largest contract chipmaker since 2021, will contribute up to 5 billion euros to the factory in Dresden, capital of the eastern state of Saxony, German officials said.

"Germany is now probably becoming the major location for semiconductor production in Europe," German Chancellor Olaf Scholz said, less than two months after Intel announced a 30 billion euro plan to build two chip-making plants in the country. "That is important for the resilience of production structures around the world, but it is also important for the future viability of our European continent, and it is of course particularly important for the future viability of Germany."

TSMC said it would invest up to 3.499 billion euros into a subsidiary, European Semiconductor Manufacturing Company (ESMC), of which it will own 70%. Germany's Bosch and Infineon and the Netherlands' NXP (NXPI.O) will each own 10% of the plant, which will make up to 40,000 wafers a month for cars and industrial and home products when it opens in 2017. The factory will cost around 10 billion euros in total.